From 744635bccd9e929762e3f3948b49cd566624cb78 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Mon, 10 Jun 2013 12:44:11 -0700 Subject: [PATCH 01/28] Stop tracking compile artifacts --- .../bin/Debug/DotNetOpenAuth.dll | Bin 1089536 -> 0 bytes .../bin/Debug/DotNetOpenAuth.xml | 39026 ---------------- .../bin/Debug/Newtonsoft.Json.dll | Bin 377856 -> 0 bytes .../bin/Debug/Newtonsoft.Json.xml | 7631 --- .../bin/Debug/SimpleSocialAuth.Core.dll | Bin 17920 -> 0 bytes .../bin/Debug/SimpleSocialAuth.Core.pdb | Bin 50688 -> 0 bytes ...gnTimeResolveAssemblyReferencesInput.cache | Bin 6157 -> 0 bytes ...ocialAuth.Core.csproj.FileListAbsolute.txt | 8 - ....Core.csprojResolveAssemblyReference.cache | Bin 39478 -> 0 bytes .../obj/Debug/SimpleSocialAuth.Core.dll | Bin 17920 -> 0 bytes .../obj/Debug/SimpleSocialAuth.Core.pdb | Bin 50688 -> 0 bytes ...ocialAuth.MVC3.csproj.FileListAbsolute.txt | 5 - ....MVC3.csprojResolveAssemblyReference.cache | Bin 98197 -> 0 bytes .../obj/Debug/SimpleSocialAuth.MVC3.dll | Bin 20992 -> 0 bytes .../obj/Debug/SimpleSocialAuth.MVC3.pdb | Bin 24064 -> 0 bytes .../bin/Debug/DotNetOpenAuth.dll | Bin 1089536 -> 0 bytes .../bin/Debug/DotNetOpenAuth.xml | 39026 ---------------- .../bin/Debug/HtmlTags.dll | Bin 41984 -> 0 bytes .../bin/Debug/HtmlTags.pdb | Bin 151040 -> 0 bytes .../bin/Debug/HtmlTags.xml | 195 - .../bin/Debug/Newtonsoft.Json.dll | Bin 377856 -> 0 bytes .../bin/Debug/Newtonsoft.Json.xml | 7631 --- .../bin/Debug/SimpleSocialAuth.Core.dll | Bin 17920 -> 0 bytes .../bin/Debug/SimpleSocialAuth.Core.pdb | Bin 50688 -> 0 bytes .../bin/Debug/SimpleSocialAuth.Mvc4.dll | Bin 20992 -> 0 bytes .../bin/Debug/SimpleSocialAuth.Mvc4.pdb | Bin 24064 -> 0 bytes ...ocialAuth.Mvc4.csproj.FileListAbsolute.txt | 14 - ....Mvc4.csprojResolveAssemblyReference.cache | Bin 74413 -> 0 bytes .../obj/Debug/SimpleSocialAuth.Mvc4.dll | Bin 20992 -> 0 bytes .../obj/Debug/SimpleSocialAuth.Mvc4.pdb | Bin 24064 -> 0 bytes 30 files changed, 93536 deletions(-) delete mode 100644 src/SimpleSocialAuth.Core/bin/Debug/DotNetOpenAuth.dll delete mode 100644 src/SimpleSocialAuth.Core/bin/Debug/DotNetOpenAuth.xml delete mode 100644 src/SimpleSocialAuth.Core/bin/Debug/Newtonsoft.Json.dll delete mode 100644 src/SimpleSocialAuth.Core/bin/Debug/Newtonsoft.Json.xml delete mode 100644 src/SimpleSocialAuth.Core/bin/Debug/SimpleSocialAuth.Core.dll delete mode 100644 src/SimpleSocialAuth.Core/bin/Debug/SimpleSocialAuth.Core.pdb delete mode 100644 src/SimpleSocialAuth.Core/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache delete mode 100644 src/SimpleSocialAuth.Core/obj/Debug/SimpleSocialAuth.Core.csproj.FileListAbsolute.txt delete mode 100644 src/SimpleSocialAuth.Core/obj/Debug/SimpleSocialAuth.Core.csprojResolveAssemblyReference.cache delete mode 100644 src/SimpleSocialAuth.Core/obj/Debug/SimpleSocialAuth.Core.dll delete mode 100644 src/SimpleSocialAuth.Core/obj/Debug/SimpleSocialAuth.Core.pdb delete mode 100644 src/SimpleSocialAuth.MVC3/obj/Debug/SimpleSocialAuth.MVC3.csproj.FileListAbsolute.txt delete mode 100644 src/SimpleSocialAuth.MVC3/obj/Debug/SimpleSocialAuth.MVC3.csprojResolveAssemblyReference.cache delete mode 100644 src/SimpleSocialAuth.MVC3/obj/Debug/SimpleSocialAuth.MVC3.dll delete mode 100644 src/SimpleSocialAuth.MVC3/obj/Debug/SimpleSocialAuth.MVC3.pdb delete mode 100644 src/SimpleSocialAuth.Mvc4/bin/Debug/DotNetOpenAuth.dll delete mode 100644 src/SimpleSocialAuth.Mvc4/bin/Debug/DotNetOpenAuth.xml delete mode 100644 src/SimpleSocialAuth.Mvc4/bin/Debug/HtmlTags.dll delete mode 100644 src/SimpleSocialAuth.Mvc4/bin/Debug/HtmlTags.pdb delete mode 100644 src/SimpleSocialAuth.Mvc4/bin/Debug/HtmlTags.xml delete mode 100644 src/SimpleSocialAuth.Mvc4/bin/Debug/Newtonsoft.Json.dll delete mode 100644 src/SimpleSocialAuth.Mvc4/bin/Debug/Newtonsoft.Json.xml delete mode 100644 src/SimpleSocialAuth.Mvc4/bin/Debug/SimpleSocialAuth.Core.dll delete mode 100644 src/SimpleSocialAuth.Mvc4/bin/Debug/SimpleSocialAuth.Core.pdb delete mode 100644 src/SimpleSocialAuth.Mvc4/bin/Debug/SimpleSocialAuth.Mvc4.dll delete mode 100644 src/SimpleSocialAuth.Mvc4/bin/Debug/SimpleSocialAuth.Mvc4.pdb delete mode 100644 src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.csproj.FileListAbsolute.txt delete mode 100644 src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.csprojResolveAssemblyReference.cache delete mode 100644 src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.dll delete mode 100644 src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.pdb diff --git a/src/SimpleSocialAuth.Core/bin/Debug/DotNetOpenAuth.dll b/src/SimpleSocialAuth.Core/bin/Debug/DotNetOpenAuth.dll deleted file mode 100644 index 68bce055caa360df4440936c92c50634fef8f055..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1089536 zcmd4437j59wfEoC{Y*d4JTsHz$qX||21r;En;8jVb!J!$$Rc6i!;T0j2sA!Vf{%Ine(TE#fyb3B_^{UtK|Nc&Ob@yz-eP8{5-uWa?SD!j{ z>eQ*KQ>RWXeZ(m@22l_M75+c#A1fh=#HdtnNqi3^^M)?23G z9gru=0^%tQ+Jg@q76+l%hUL zEd*hh(zNO=+E#sBP!~72UzoJ>md5<_Z3zcStM|cr-(YZYWfS1GqzYhfF%w3W1VPpZ z`v>nW$1NnTvI(>)xTFzo&x$xu8-uAv`&yB#$0OaM7pI7@z5#v)1|i;_bSgy~O!lnk z2#yB@rW^HUhpO$P_ats-4c_3+}aB0dOh- z5H>&c^@3VdLTIQnt|ka=NOd>VH7wq1@UF^^27^Vd0RrnRyjz&Ub}WV|T@Y*^_NMeD zE61|1w>RC!y-+4f9uF?x1g5K2wT%q+ETnDCLa=R>V%sR0+X24nZ8dbM$VSwg^Z~PK z>mA(G(Uv7@!pqpdJIttxQc= zvz9l3!sOx(0id|g7JaM76A@;KXp{XN6UR}^PIOLT#A&A7S zok_f2&JPGBA zTe~WWpcDE@P!dBEq|1?DE^h56Btb1IsS63r90}&)*6u5e6h>l7~0UP=U-* zs^Gz4^I6g+d-G!4z{p+>7A5;QWN?tL!?}}wroyjsuxNwcGsGjqWM5K*$$tFyrO#FB zX7hPUx{~mkI?QBzv?z$_ic7=h3q0*L2s=lh;R^v?6rb|~{@NTLt&`)Qo8v3KjDJ;* zkH*gNPss5VU&g;7$L}lQ-M|q!f$ebAw5(1 zg7=Wmt5gqyO{xd*9?kL4dRcu57H!abR$t)FZS(b7;0ZPf51DV{@zyXd=Q8|JE)&J) zW%O;!KS_U3o}NCGr#~)FulQ-{7qy;KQ6nhPIVq<@hs^05ozqc#PKSI^}7o%=4MCe8~S+pU<6FFyzo)=vRV88}we( z(^qr6qW=jtsopg%F}MYwG+G})bf|^oEOkCeBB_EZP@6=7RmJ*9#I&9EeQRr0c!S9YTan9~%lbQ_C6N$%gksmq&?R zGbo%b6f&|Wy9Y`WAd{m+W^X9oS+q&Prnbq8Jl+}#oy+{{T;_@|*U{BEKITV`-^}q9 zU&eoZj=!MP1`f{Kfa1&epUCksescPc<@6PwQz zi9X5njpFlsz%SY|14fSj{2YH$TlRcW55MyHl7j1ZG z20X#0;+>G=74Hs@s@?Y?+6xc(0i6I<^QI~Tf^9&%XgPtzKYM~HLzkya2@TC ztQ)O&b-6yY4&3xUUg%F(D15gIPbhqk3$IuB{Vx0ph2Kj!OkSxV22I>Kj7^Ijcqnr3 ziqm%!TeFe5mNNdw=_=sW^e}#Re%QKCbwnd}H9Z{A4{fZ}ydeyZ3|36IzEY~I$9)+~ zbtTv&nN4bITa{#S3kJq_2i3;|`{ShALiF z(|rb*&7t9u%Tc85+gGBPz<#R?X1Zywu&D%jy-A-*IW2|Of_x6}5^u-5IY9rWizWkF zj2!j#MwhfU2Po{KXWIUc@{E^cFW4m6(@(CP0Z*{0cz5P_r{-gVV9^G>7yaoU-R~aB z^DV|0!AeSdQ2KdpyYKHs{}gO$IS!ctPq3+YSI&SZ*i^jt&VVP_RJ>o#fG5~gyl13m zdRFWiyo0uZk=$r~oldJU^|fl454pa6o5J68;oB8{#D(9W@V8y~O$ui^<1GqjI^%5$ zf7jt`RQUTYOonm#0~fwa;mt1muL}Rfh2N?0&s_Lj3O}l_o5vPyc-MG(T?sZ-7W?OT zMcoTFweDLp;0ZPr@69=0(MANDn(t?4z!PjL-tT9?6KpEp4%O-96>Jh7dK2rTJ~*(V zJ2;oR-HE!5yl>@sqR=KI#$iS2G2qsRmw*_j#}e)gTNtkOu39xco@dHTqFzf+MV-M<(g1*NmM&Xle9B)@HQmUN*NE0o5VUK0rjTjX^$})W zlk3lVb2M*>g@1JD(6vBbUOebz_|Tv`r(pk|ZzY=T6!QF2y9zeDo5dsrSxm zGo?6-((`#4Vb&fb7Z7rdD%mT~1HY3afFtIIkTg#5}6KpEp-8o)i z=Lt5|e*5YSc!EvB!xs62$6K?gWQ#mP3#5FsA;stI1N@$vZ)Y>(E53}s>(k&XzKnnJ z)8H#U$M?3E*Cq1F(DeeUzOi^q>ypeV^Col309XINfi%HC{pc}@>8cGkn?gt^L4zo9tCfGhNijxOCf;|cnmFA8N??pbtn?V zjh*aa7669N>9?fMSZUr3LGu@{AZ~B*EQd#!E`eq}UX(K1tJjkjzs-+<>NXQ zq6s=UCD=AxZ-En&Kf!YIbSPL%dYN(#f((A;Eb#Zv0{`VK@b3D|^iP@!r@WVo17w}7 zbF4_GR+2II@|KDp9Iqs4HaI%e5JxX+Y#50IgQH5r{HUI-4Nza`G*^cf0LgI1%Qy*Z zII-p3rT{pWcj#U$Tyf!n6^nwu5xYO)CQ5tMt7Tp3d@2X)d$(^nI0ucm{+U0RGcLs z1xCi*%54chi&{*S-Un99G28ec^$&T2`uD{SndBb|lU@%uebSE5O;NBT#Br5iOJLH-^yzID?JZ<6ibQpz z?`&_SQBztqYnmv*T{V;}C?y2njSo>EQiso$HaAiq=*s(HZ#0RNqtkAFyCY|#llSL> zPA>+hy3Gh3DQGPfb8)(iMPPx_2>KY<1^s#5dC{Bu5pJHsPkJ3Z`fA8{YXq+&E#pd~ zb-iL;<4tcMoZiS!=P)KP{*{{uch%CHd2|o&2B;&wg>X-$QAwHT)stKG!!)lxLd69! zUn&!gN5}Qy!QjA)eIM=*UixYmJ|JPljZ=o+ zI6Z_P*Wb1aHlWk!WR2wYZ%VntPAZjX)*a(c?XOdKVmxP=+k^#iVv?kuJ>y20^|?w<9HM-2sjDf?8D4 zr~cHhjNS+(D&{W~rq9-SlOKTZDq-~Sr=EIhdOa+-j_%gh)81(BYrO-y@6cAOTTi$0d`qNjBzxeg1ETYNM&&j&!!n!pFBEPc)n|w1FQ|Ng&KO2vgMtr zKCJqStuu92)Ax$G?U7f;d(BB%E;NR=bAZMlLmDwY#HWwWrcy%|Uv3hv0+X^YX3-Di!8aA#cz! zc`vTln~Qi$KS)73tJk036(%1d*qwZsU-kVCYrWmB+!a^uiYr>{e&MwD^~A#~#8bR* zZ)?2qHY@9TZ(qD~`Vml;HQK8kjrgY8>9=I>asO)Tn7e&BYw0~zSDLD-#r4tMgE{-V z@(i%21T!pnb-4_u)t_))T%(il32u>ugdnnG7>8#Ze7;T~W(^R3pagnPR;Z*OQ; zy$?;-IW+ZQm8yd$4|b7cI%FsqImgSmH~1b=*O&Qg=KSTBz->7wSr1cD`Z0d%VPE*a7!^+(yp4zh0QZd9l|Gh ztnNxa#iOX%p7xolw$bkNl`~=+*h{82?+NDK@9JdR(Ct9coO4^s&X|kc^-@TOtxxki z-bCdO)E9JyY)#q;jX}k_`P!Ib23N7K258j!caYQ1@FN>84pbQomyOn#&A8jg-;J%x zTm`?`6+l{_1v42c=-ox!M5{FDJexSfS}&+YdHkLgD}pts8HUorhxkBVDbW-grTMU; zzAY}(&ynr2sCoRnvJsQ~4{fP5c17vuL90j2OF>J&K)5qY8IP(Ho69arzeq%seu>|m zpNvuzQ{4=NDE$h-uF&L@ewA=v@-==LM83`=-NetD7nxSBrVsJbQ;C|_<_vuUNYs4W zWkLSda4YqjVk}HKR@|4agEAA`W<`rr{A?FiD>Kf zMm7CDkDgki)@T=cqn-aePfi~eyrbdtU!$YP*?JAXudg$BIkLE0bx>*j09<@|=?{6j zlDFeQ=Oz6SKgj~dgo!n!+TB^T`v_6%1+}OI(GE>8&gFK;av}X#NP=2avIwMPfFCoF z@yru#x~4*a#eCZHPX*dGv=*s-ZEDPemu8K63Dp@S`$0Ku{fvlYAA%6jJeTURKa98? zi0W1e-UJHrY$;I||9D3qPh5R;)_;ONCV~Q*>^< zKVYufcXF@{VYJCsx>Y&xH$zz`6)a?G9+QXDGLw_>~asYfP<~`Fbg=? zn1@-w!LINy3pm)ghgksFz=|D$bI>&yoedi&nO6NL1#I3;MdYrmFnJElXa218SHv&N z(7u?XnHzdUXf<`i?7Ysg><97O3cp&sYW77%)>S&?2!f(2&jOKYHGHa2Sg zE-l*R3Ge}wvVh280C#@h<^@J_?T!>oR+BSAG9P=KE&(YUpB@iZAJisnd{_PHfp8Tj zzfm+}OGSI|f)7aVjK~TI)8`V;+I7rJoc`9(vN0-IK@`5pT5uwf`kSG>&(ybZs_m*= z*~)wj&+!S`MHr6hk^YVx+Am-k<4|ITMHKzvd;qoJK)v%fLq2n=e!l)HBW zwJ$UI!(Jy`v%)Y@)khY0$LW7lhV;+;gss2u>zas(ByRl`KxZ{d|A%Ka{hN>`*M<4K zC8L*+*QX>S-!@7EOuB`Hq*HkHA5ek-JFKvwu9nbHb_lZ-k!1YUYW6O8je--`@;m+-1-EWhgmIn1 z&R&ehH|V8xPdDx9M5Gk9+Cizu{VA@Gdb}WIM{_-15-bUVwB~{<3F0`x?}d`3yCpaB zXw`wZyu&fE-~h(Kn10hv5L{G>hYa7yT#7QkO|DX$BVl@C7{t8dy{+&3*k+mskz4v! z(X`x*C+lBU_n!{7|9K!3^F8jw^NXsFvFpjG9#f0*64%$zu?M=sD+H}oldTa_J+AKl zh}yX8`_2dXr739}&mb-R_y)+@*k%D}0+W~rUy;u`K2cOoWL4k_VYum;hz&g#SwX&R zJVKA7!sOfI0!yDpI&OPg-~An(t)Kze$8Yqi5ML`&Y|-prFdi%)dY*xlA_O?qn9FJxDIayYAKtqVyi(>+wM$+{-#s4;^mu z6GrJ(M0F0oj+bcdVL-ZSt~kxp#rD~h$ypDK_nQ=NCkxyvct`Sc64%lf(TbfubBRtQ zQ8rBxLRd>DER)^H#9^=rE6#>ynFh^^$P3G$-*LL(^W-B#;b$aUS542RV13P(gJXKk z0TwkM$pQFbAdLgS?M>Z_!$)gLnq0^a4QMobkCJWZ4jP+l!7IT3R#~3EQ*oV6i7X*b zQ}wpWmaUGUDfD%kKcy0{)!Uu=dAWWnFV*h`{bbGH>bz`NQkxWEBHLK&kF8!Xt9}Gu z{kgl`+I-IQw#Fhnw%gv1@6E>J{J=_Mwh0xu1Xh#N^V(9@M-^EokC-I0{?&tB{VMQ( zI5TZ)Na;He`p6JiQMw0YvokC*XeO@mY8}&@kMQK^2-E?$b+N#MnUMt9*`su1|&|_Nt zs7V*eI(+?fSo&JY|H4?`vtp|Ny%0P)D{n;~+-#zm+y@cOy4jhhXJj2qofi9CEyT&W z+BduW%IhQWC>!);B=j~Y_Lj+6I#l6T5a+|{_CEabB5ayO@B#J(UBdI1lsD6TNAg;> zZA|x#Yz5RpX+Nwx8D~pvFQ9QW_k{o144fieYbm(i-0`-~{)c=0*KU60U%^Y*d;o%r zw60YjmGdTSex?944DhuaU`L|*2E*nLbC4Z`3!A^l0fy5**n9#=awBXMJAT;bV=4%$ z&K9W$sKDTHwSf@^S}N@nWT(?(L+K(ostBjv8!wh&n6YWn(nd=`;#+F@~*u7 z!Q#Dqc`L#0(D`k-t(EkBHssrpM*3Xq0Cw=FtUx&VIUOkd@hoUOS*B6x&-+qx0$JlN z(n$bQp0oy6#(7E;U}yV!M}b4G#3ZBT0pZNqKh>9l!kHZ6Jp7Ha8h$r6uqFGTQ*rsK$AjRx_Veat~{P0)2~u)xiWdV+T=SzD=` zf5|J{)kP&rIoAQNu9`ZB$4L=8GomuGBQLd)1^iah`>?fZ>3JY$d+UZ(cYUTP`jeaB z-kAfaYVjwJ&t`h%kw&avNpJAMf{mi1TO zj*G4}y&W%D;M;Lz>~Ed%-#na%=KJ#4>84$j)pB7SIkmXV6(F(#)Mv$t)AgwGlJ>CZ(XICUrCrnYgtW;`)v|!4*4ZIlfETn zF?N77j^=_h7i?*3wiX7LWcHc_?3R-{j5HL}^+vDMNxXhOBVYGh65w(V*tOzieHK~# zU&uOlbrdabx`53uif3B_ZebtSJKJr)N41iCk_KfhjPNH2BZz9st`+CVOxgHRj~90} zmn_1h)Jrmku$ss6T1L}0pVnFYbk&yN;|@LD*UY09(J#lH;q=SEifw|E$%ldT|9?439xod3@@O%wX>Bi=nlrJhlJ3Au z_wci+R}?Veo=UAb2LAj?!j6!-R#)nTpXI|TMq7PZw)^2LR(q3oKQtd9wW~d|AdNyT zr6Fam2ot>;x%t9P_zk@El0FN3=@M8>CEo^14H9spUF!-x)#)R^q}5C0o=EPu1^a!= z>-cMe53h9V^ONhNJy1iYh4}jThmVDBJDgwdD#jYw=ogbWV)x^WO`V#BvYMnv%(ugS zwe?6PVPhJ5&uq4l97OZ)?m+oIpFk~TDXVTs)s&U1y6sz=+Ay7;APx>7e@K=0)2&(J z)uG!sW2D?>w=jJniXvgf#5_C)tJ@U@scECrbZS)XsEITh@-MtyOTej_Li)Dt3A|za}F$H@gKQZpv<3HL$hh z1}{dN(K?XkMtB+SD&nlG^;FAkr>Ev5e?O=L&R>qxn`PX52D7oz!PHz8L1=*-=^YE@ zvc`elu?Qdf66`#J>2>gHrj%RD34>FEyV}}RTI{ASt%C+EEIe&rDyDqX$Kxg2`vy3D zKqwaq`^m=7((u5c3>yq;HWJ8>U0-t*+Mv6%)Sl~PZ}Vv$vNPVfEzf8zULe^A$3ed% z-IuAs$n!0@55X2|GPaCgop>!4olT=ScXAtqTCDTc*9&S<$#$9!JqK7=!-;bp7;f*J zErWEVqLyL{X~$${03Jh6D_I~RHMN0cwPLt*I;lO_1%?itrR=#FHMyHCMw{DcPNejQ zKV5oFAZJLg^~hI~9=o#8UxnXj2BW2tJV?pv6aRv2V%rkj8BJU*gLsKF4xOPMv4(v? z%9II{bBU4G< zO3s7yyPbnCqjQfd^IVJ}C4HiyEo(mg>3o^>PA!~Gk6UDF0XIuoDO9~qs4j5Ipt_K) z!BPcP(*%9&?Kw^Dj3r)7hYirDRT0*B6Qw6hEw|5acWPN}u29QZv6J<34LsA!X1p4r zspkxAI@xAB9`UTMVVSv(q!jWrlFl?4J>T!5nq-|gJzSflk84gJyYa_#uI4c4++R{i zCrFNK#3KwQUXX5*QgwoSAQz;qN0vp&!lc))wM>|e+QLRP)2y}hY6!a#V3K|v58l45 zvs-#Nuco%CzkFhI!VV})Du0OM3EA~PFV8`YE4PU8bBn(BQ{GwIm=SCX9O-^)rxuJf zX(xP*TC)QySTS(cHt|WR&)@_OPN)54ex%c2u{<{j&CM82Fg)aH<#lk}^wgT999l9&551&uw;lynv+PCMl1+^&cqZqQ)o6c|oEtvE1`W#nK ziz;xt`nxyD7%=~Cf<~^V&*P`3(%aMC8fW(qbEeBEY(vh6$La8Q3VZxsb{I9{F+I#0 zVMEL4TtnLuPiW7P$}Ni{VFo?K7MW__ep)l`$du)!RG6D{xOHtuDl~?q{j2f;#~P6o$l|n zvqmqOS&vN`_x#H|G)!letpNyZ7&^uJcWis$FD}zswbb{OC|O3i!sJvqNms$d-sY>Q z4^!MA3b({>lmJvo+AcC=9{9exO*i`|`O>(v=LA@AU5|or_mve_Wjc0lVDly(&l07- zLR0WE4lCCuksbjJaz4t3?N$4S6gPN)<1)-1S$^7XZjAY#1+pyqiL z(Kf`?V;hmuBZ*2G%{Z5&L8;XR#r4+`@;=1K?nG;{4XwXmayHQoTOi`J!e1+z`U?d!!aku-BnJNO}3+&wXPP z$J#q*T6wPHZ0qrpo`whRGS+g=fg^%5;-~_IyF5wMuo;c(gNr8KZt_^(Vx_pg9#5k7 zY`MK!b&9;61>8*&~`ocLSb{E8&MT1=J0^{sSQn&Y($_b~tTc{twaK||@u zlX=4nU0;8yU|L(<8A-39&T^&yy}ZtBPY|0%FlpHj5W=#r4AQ7RPSKEEA8F?`L1%;X zYmnBlwqQQKDEStz%LapQ%s@OGwZ(w{gm#w2ytc@t_uVh2(>ep<>jsPWGu`{=W~3_% zsLXoHuszXd&WmO0ll?Es&>7F5vZ!0HKy&Oa-^w;kDQc*AYkX<@OH`)WPm73i> zs<22q97=pRy;u*f0PoV7>pL8!H%=B^8#L;+cg7vA7!`u{`?>vMPtsNvdUKDX-&D)S zYJXC}7RQgsy!9(_VA3qkMWIQ9v6<5u zU!+x@t+Ulk=y1xfID1%R653uEn%|ELQ9Z-@!hKQCD_QlWvW(9x*K%VFTjw~Y#M75% zsN8UdnzSTYi}HP|b*|_P1``zaQP>a7Z)*c(aus7(Lf3bJZQ(NGt1lU+9!#=*7cgJ{Bt^1Hx?nYL zkCorTk?IR@#j_INzAZ3Eis#Hks9sA*^Dm=PI}P$V;>Dp+rO#;>Q&j8xInV<9` ziL-qM`Dq^l4)%N>!oZ5f0Y*V^17(a{Tfp?z=>gGFAIdsQ3bfQy{KYC-Zs?4f?*p67 za_S^JtWPMx>=&yvSN2wW$oAp7UAVTu=Jtq|H`ls-xo(H8vm@mP`6Zf#Y2x^*a#X0I^~V}BlbZ-nn`J+9be+aBx> z)B1}>WG6Xs**RzzG*=uuZzV-XJc|@7ww;wog$GHkx+uojQY|JeXjVy=t#pJ!KH9Zx~}h8=Mucb8Qbni)p>Dle2i8R43jv zJyP;xTpS8Et)SfI;)t}nh~p-gD$X=5w_aRkpl{{q)7|pS1uAN5g* z)`6CGCF_7piPvNz195WarwqJHJGI55zFC7yExCf=53AiKunv>&)+7jC8|?fkU5Tx5 zv9_u`f0`G)RXWHQvhahlwxrhYoN&opl$SS9N#pc%MR(B!Z=WrFUt&H}<0i9D)t{NI z1$WGrCXt6Cs-(ZBY*X^{=YX1=6}lwZO4_u!T)}>V6c*d(KI-0V84HjPu=jYF1sv?X z9%catd!L6{z`@?{VHR+(4|tdb9PEQ0W&vQjLyATc+(|jZWDyLyb2MGRviGl2!oe_E zKpeguTRTrMt=$=|OT*R#;qebaIBa2w)yF@qpqpjOM%yOXH{=W#^fMo#OoAEP?E#XJ zwcBXo6A&`1mM>n)d!y25zXRV$o1Dh!D@iV=-u34%Sb2nEt9^I8 zmB{o}L==~IuiVw*`b%*ez_O0GQeC6JI~zs5_238=a2hu144O=l8FaU#Td0qpQTb z6M%d`oY5;sK;qS8)2PE6zl{!fdo$c4OgUKZt zzn^Ht^ASD5@elKGEqdakrE>44a^HeT)(dJ;+-+>qx=zx1t)xW*mH4g~086c&>1tWJ)xtD%#Aq!aSTm7P$IL3$Ow16pcbXO4~Hf`UP9Va zNUs-?pcbXuNB&t=mDN>ea29p=g>s)bcE~ICyc&vT>zZPeQo|f0aa##lt*oT)X5S(1 zt0?_B+JSY+H-cb0ApOo1wT*!l^McQl-&dX{zoI#~l3?T%aW8x%Z`RMZ&`!&SmyxWw=-EO&9(CP3jo{3vo52if z`JS`N#tv5~srqu8ms;hm}afqa89W@G4?yq3q%%*Ee)C3!bD@{^6D zuGKd;3H(?N#$s~T;Jlq@A3vke4GJ>HSRz4Hv+?jP6nkD9=O1Jr_}6Ox>duVh&cCV_ z#*nwkk3HR~W7$+UknY>+$8V-_OQ(IB?v^XFqM^iNitwHG0`Z9k7z$b(PBvxs(Y%{R zDTblc*v;xMZ&StW1M0+srLM4-x&roJeZ8O-rEeNc{{D&lhHK%EL8sArYsTNdlTX|} z{+WW!=FM=^d}q#5JSLn>(%(?rf97$mTQYV(21>Pk`~i`H)z^yEjbasNTfqgDO`9&S zBk_%ipUFVM4wZWjpF68g@8G3{#Ri1~DCXwr5xVu`s9dI6K=}q40x>aQRq(_}y50 z19c4(GpuxbKZE!5^C%s?<9j_tq_l1`z|1JST2fj->}}3pP7Cfq zW;5)mkJg?-Wnpi$#CZB~@bFm_gdD z6ErU&o6L~H<-vYz5!-MwN&Mk$Q(Ei#TJI(`Hm(#&r2Q$O?TVmQS@M>Nn^Nzw?vMzz zQk^~pokc6>T6DT5vX#+cWD@izzeHrE4M6idwrq6*ikaISilbfA=H~<4uklyXKlaa- zDdu%9)BF&fl-V#$PLgje;)4nlGrbqlbjKYj7yHNNa&@(kKEiwQ1%7N3Oon`)$&n4L z4t)Tk%`Z?3CDAAE0msRm<3;pQrV`D*UGk0F-$c^u;4@ZeS)Tr@z)RmNE`LU4W~ckKkuXDJgCHlY z)cjJR@@lI=F7qtnXGD}sCGN6jRv&Iqr1_m$!{{uo`7r;nEcP3I8*GI`B-Fg$`*614 zNOLZVD=4(n|8B)${0sEwOiT5Re_1cl_?Prpl(gW(%tw4?owiqiyo-G`g&{DVR5boY zBV}hUGqSdI($TIYYoR?Ui_GS!26Qp|n}Owae_p&~^VqscxfB`u6_;zf%W3OUVW2L( zjV@C;SsNOY3`{=}mI#0)O&HX3jeCx%Ji`5oo?1Jx0JMO8)x#`cu=Hh0Ck1$LIB`z} z|J3(r56O!KwKQMzX)NIAeBHw=;9#3P%mNPfkcU|S7&=&v8#AyVADj^;myuIg8h7}B zn#wcw4WHHmMla!mbr$zcA7=rV*S9>(0uKLQgs-!J(s}yJ%#P-pXkE?wizb!`6N5&* zE_t;JU#0LBF8oS`U!!os=jfOps!t>c8l{e;t;Mu*@p~=HVbmC)Y z!dp*1%nx(2`xR!ETDN0oY$3gp)U7AktH_F_Z&z-t)IOhEfT5cUUt4i3Ji7CxbW$Bz zXK%XuBBRXTUHLD~C)lvu49%Y-&aUCZ6nw&hD;4ZrA?Th8qW=jh`{n@_Tud-|6}C=( zny7gq5u786IFVsX!n(iAAPYZ_aDNt7;TL9MjWT^%cuMIw zTj|_=X4c1xx_B8hDzlXHPV5D%i~f@jionyfA+Lq)cxhfpfiihtYeAFuZ5Euu5vRAB zZzEzBdEW}Tj#>CX-coGAkS6QwnN58r1lG{l%%;@2-Ln8l=;-8=6qGMpjj?-XS+aXz zHE6~TU!*8y8x=Wn_EKasE#vwxx^zhbg*ui{FI+TAxHt z>jkx_fh-eIC+UejUcI`Hg!zrqnTiLzfIpP3hC z)AVy4tNzY;VSoP7eZw`|*N-1B~f;v7XIz*YLyd8k%rNq0*7iy}MGYb9@vRWqvulg8Ru`u{O2^N?6F9hs%od3OZ$U1zSogQ|# zIQ%=DaDePt6wdD7t@hiE_yvdQXTazh-kMz5lk!sQKS`09`q)|Jp4etLp*Ee2Q(kvkx$5p9Wlm}Os(}#P zo{@`!UEUPTffj%747xuY4D5w?q_>noQkG3oxBkdo)~<_j@-oukSuff{$!1xD-1#)h z#1BfH=RS2FIbhZcYEj97^c$^4{O9BeZGJ+!k35?HO^IWD7;h-~Jjo}o2SkAy!p^hs zk-Uo;SK%JBGVB%_#qU99+&*e~}#no1?uUZmQk{Z2~g>5I^CVeu>0sSx>*IuuEA+#D5B+eu>Nx!xj$0`uKPF z@%CP=m|xj`mda=cJhf9<<+JF``zdmBw>|Q5=l7n8(ae1nwZ1Fr-{Xgo9#`MgGS3Nq z1npf^ha3KlhLeqfx>Bcf;E|Has@~Ekl+-2$V-lyGlbYMMb+VB@n#Hc8t%YL}{>VZ| z&ut4G<>cXl!UQ;Txj)Lt^#HfSpA$bI-)Y{C1e*^?j6`t$q}avu+g!HE z!9;1Rf5!59_>Vg)c7N!Uym18Rs?rjJ?-7H>zWeyXyiiwXO)h%3mAz_Jklh#1Q7IG} zI_6NQWMY+G3mvXhZN16DOZiwllV+fHV#y{Aq3W=kNls8~|Lk>*S+qqoz;%xTn1aSAzGvr_0mr zX&O@>b-mB2zux9idm+IdHOk2x*-aIW-;BBRXT}z4k_r+bKJ-ZA&lz%UziKi#cy@kV z2Xxmx#QL`H5MPA)DqN(GLX*X!U+`$rfz-RyE4!^(cUZ5S`D}J2z}p)fL7qs{R z)2Pm7)WkAluFElJ*4D{W!FEW8YjMovlr8D}wj+*n-5@gy=aZvKocHbb5@lld#B^=m ziEwu^A#EVzt0P@PIg(!@9Or{iZy`#z@UyT4&V;1&pNeI>-Oap|JoO=)GzvqFohO`m zlV#h>)3lv#+2NfPf$Z+hUE8|$ZQH4Ar*RV0j~l(sS?o03=kim?oH`4xuIZ>pYc=cX z%$9 zIh4OYpQ4^iu}ZVa_10x$Tx=Eg(6Z$Dl^3=nejpXNe_!;EA#Lv(htR_$W zd0)ss&d+JBBD-HS4t67t^C+8NgkC<3{ct2dnRBJTzwFukHImQO@Dw|~JvbU#=a<__ z$&Pn771eFIE4ovIU1xRTHd(+4>iw*R7vd&Hp4NA#70W@K^Pk@ZGe_SrVZz7uZxn+^f9f$Hi8cl z$HIp9RUFFejJ}Hhvo+XD=#Q+yu7oP?ZMXa>e@+)yu+-8`%n57hH|+O2{Kjd*WUlo! z%4!RL*-BT%t#q|#D_!lST^-109$A#uw+8S9G71IQZvUh*o$t!DV^*eo{g`{Y;6D8Z z+&jj*-0ilJg6ncK2T%W&sEL zgNIqb!T#uB7I3gXd6)$p?7uzC0>JhPli$OFvz}2PJ$z?Ds_PosgkLWc!sx9ahshrt zZdh7u!e!jN9xb&o=8}2Eb9>}wY>F`X9WPo=`y+LU2~|#{n%t;Fx|v>h8{U90sTr5@ zH`BAx8q0^2qJtEQXJJdo?5@t3vMko3@k*OG9B16dQgCE5S+Nu*C1kc0WE^3dOk!dx zS!T8wCrojT1L^K^9aC?A_Hwp>ll@;j%mTn(p)=lprYPY8TdXcG-tr;yZ0%$0uRfgx zNT+c}>uLIPbyWH=8r>-#RSR_s*$J2V##wXz#pLE}Hi(^r+yW2OJ$(O<&&vW(0roc! zvj8x);c~hMy^%C^@Qc!4lVy}X$#2p@iQIsyeL?hrhKi^@Fuy447N3^|l$YU-J>}sR zaC`;qu(I*k0>H{V>HImow|N{3xOAb1Spe7pst3s+s|Ssv^+kihwP6y%T1k+}R1s1a zaelrzKNV7JxyX+*eVV45nFL(-Y|5Zq-Ai-fkhhzEc9d*TXV&}{8qI=`UtyXvDwCtX zpdTezf%*W+w~%|fSVbsp3n;QuKFBEY^00uDQN_b7;9%_@W&sC_JNU z?>xiu_)2v-tB-crT@;Y;%YDsh6=nNld~2A-zPCF&JWm#IeAYe80uI*cVHR+(E)TN+ zu>S|^=RjXSEX2F|aecnq^KJoGo;e<70SBAwVHN;Z)&obfj$Beg&sP>sHzY^-e2>oZ zrT+UoEekmM{T^lkVD*JsJFN!$6V{(sf7_}f?#7Sr=u7Q7kY!VL1G$y$da{~qeRHw8 zJ~pJ~Ti0!#C@QC9e0|#Y^r;y{$#J02@Xum6n@n$!&Gy|I?^f`5Gvm3tI5b}Drr_>2 zQ1ypQ4{YtrX#wEKV;c{%fP-!8VHR+(#U5q>2V3G{7I3ibJj?>Xs4G`y7(owb<*$ry zFGS+c2*(t(3&57#h+#753bx1!V>*5ZPtyV}pB+8S0uHv+!z=*oyga{>dVHA^`Xal0 z)5)(F+}9TJ>ua7z?PTK1WVg)Iwt&m;SsrEq2cu=UG0OrDwv&fh0N8hYgSt!&>TN}X zvL!nP%yp{u)+bT&$rS{BBci?rJuM43`a>RO0btTiDwF>BwDA}u?7IOR-kDJ8RVK|D zKS%s+l-slOJ+brOIXn6upwdQsba<7F_+3RWxf~EvJXyGv_VhCY%Jm<8_xB>gZ--WP&fsufXP9G89R|G9VhwUAebH?Cp**aVR)Trk zo?c1TW#2(I@9^KvIMFX!CRc%oljBu9V3hXpY~L0v0E57G_Am@o2X;@^9i%soz_;K z3lI9s+8uuG!g%ss;2P!Bx*Jl-YZTG!vkh|jESQ2IK$9R8sZ-(~6vq>trw~*~oGs|}BcGbv=TL^RUeqNZ25%NAD zM^+y!&&FvJSdU+NwVU{K{6O>YMu&aBwNYhV_J73shxuv!jh~b?&y0q9-%kw0>7~%J zHMS_-zknnwX*I;^%!6$l5-WO1M@1%OF*EL;?ms!;2!G~jYkiL)_((|)?e|=?iSlLxqs!{vg4c8J|(QCFYsE<=UgMwFFxixQbL09^{ zp98=J-L;*z;`B$jb3lii-oVmL8DP?KLU9Vr>B9xVW03p!|A`DV^C{Ij_v3wKhv1(>DWTkAVL!Ka?S+~X^$`@8wc%x>3f>QH7EXwhc~=UoPdpF`VA zdqLvcpa+Vr`3iTszEe#vMj!DR_e<%8-L-0u%(bf9Z50wHjmri$4u934p(bHQeCVALsKf<6q$5bPsRF;i!uLM5f!uIqQBoh zm;E14fXsE_dYpQ)_JEYWo{gf*?3B}9b*U=8bP`F)b5aBJqCNz`8(bZ&&@}~ zILcicjemtOu_@Bu@QizVEoo`2_xpCgEgG!@B^mbZzQO1_n|6`i1M=NM&d+e1aLuR~ zCk76Hsh*jKMAx)>lbxjQ<%o-#Ye8?J`RnO0Ol4~QYgU-7fj*=XWsUNi3gaEuQiq2~1{d5Rn6Z?*aOe=!d5R}!SP>7i~vO=PR~VvS<80w3;7#%gU+LWmrio`Y(&)l zk7Tl!^BX01g3DTWm-!k0qeOSgJdX+IT_PKgXn#PMyoHza$5cjVg^%lK;FQT$>rd|? z;uyyBI%v$uuwn=V9obs9lijbMPIgC@WmmEFRn|ymlO2;M>t`L}EK1%92lK*8)Y`)s zE|$tOpK53DaS&N=n3Z19$4^iNnJ%3(Q!ZFw5=3OHo3@~}EK0vlm_j%;!f43=LILVGRrFj9*h&Au#M!8$16 zhR@3~rJqE$GU&zzJ5KEY_2C0^4qR=dKPA^m%Zu8Xldbom@rT@*%A~ZsXRZj%k)6#| z4Gty+YcQ;VX{N=Tg-r^B?ovm4;p1u(d!Qit(~wfNB7W-8R0v;uwUeP4-HjPBJPARI zgGu#CG>R!P=;)fr?(DCKhfHsLktWjoZmu_MDKsp$Q|BH5R|fY@!MI3Yo>-Qyrz}lb zC-$O5ens^?R8*@SF4qfcQOVH=ulWZ!D6NWyX$;b0maq_1^WFpfK7Q5(BbEZ!XxL*s zaNK3SrHY-&tHE1|kzyYQ9#U0d-9F0B-u%PZkeTJkZs>R&`vs?hVy|peZ(H*dY!!5G zAN1V9tA+OrdiEl`YGO}H6Q)&ocK5K!_K578aozBf)Kuc#RkPRK3qGY-yyVUCdewFF z8x(H6())cweh+OkYFyImmF5ix;Z)SS*^(0< z=CWK2UXBr8_}>{XAy4M^WW*2xhdncr~TBuPxs`Pus6b5v=pHI7>V_OyRQ zW5GgXl=!bvALjYvs9PdA}5$zgiVDt0Fyr5m$mm72Mg8*+o_FD-Y4VsnXp3kPbud!*=K@{ z^-|jP;KovCFGkngS^0ewPHyuovTcIy9&!A2tYEwPvj7qp<@=A{CP5|nA;0Rwo%woO z-Um-XqS@RbNR%viCnknm`^JFBYv`6)prWt>5qj}86UCkE}!A3=fMK-0Bmm$ zvjDJF;h0iHwz)Yu27Rf!zBA)ul2f5!mOZF9U>`nEBTG7${ z9Khdwp!qafIvD(C%i`ZlviLAzSE!dwE>xUeNfFGi7pE^L=t`M=%2g({OZI(|xhRL0 z-ijEUn&=#U@iUV2s}Id2jqrYl@a)3`j{4QBGL;>*{tF(~J&j27xq2bf0|K0U!SX_; zjQ5lDW&Wvzvc9~A%nFh3HI9l)5#Ttb=%qR-n*)e&iUOsgHbmRFRzWR^mY;s%Wu=@;-0|U zcx%26iD!PQIgL4ejn0jYImvf0w#dhrzQKJ-CA;c+Zey#pYFk_Jo^mL;Zr@<+ncrxn z{X*%nI}zsh=sL}MPj6#>x{yHMewv9l<~Mf{2aA9#Ys{bD>n;_~UKj71GEvGRtUfFP zQUl=c{4RH7vu8^my*N9v8AE;vXjqqqLXR%Jf6D)X^b zqu=Vmu|_KnLuz(gNzXda&x=qu&evKLy zSW+;Ru!M3nKLO1F`xAc9T z5*B}XJ6o^PnqxD%{(Qa=)!TfVAU43@Y(Ac9feeoz11;OON}xpnooE{+OzD`>fP9 zaXl8}L+Sj|8YV$FV{Ajc9~eYWd5@BA%`EARe0Gem3SMvBc0NS?EpACD9l#N-;*R>q z)Z9#AFaQSXC7MF5JC|RgQv(iql4?Goc}yfi!M8D zZKs%nG=ir<9sj4vSN<#H`vNkVS-vZY@$&sD#WDG&At5~KU*=JDZ7n&RaA`*2C4GR> z$H{iYMr+?s7=f!$ioW1UAgnDmqP3Dx?-qSQ zv3VbixPz{4p*7u)%$&oXZpfL8tkeQqP1W5&35J`JZs+R95caovOv6^c)0Hw^M7K&FJiY}Sjl(_60>E_t-@ZKA9#)in$uW7^3txlnOQad-zJtod zvuVP~&g4{>+L_<1+w8^H{x9g|9~?R$&zCHc-9)`T`_`3e(|_wqw+wRta%Wh`zFhUF zxiuzzxys1_IU}4&U*>l89|ng7OD}QrxB?Zn~$t0Cs|SO*{}ntl6)2o>>{cui@8JH zuBTPAak*g8jmCERW(1c_rm;3q-z7$D8L7lgHiX|st8>tdN}YA4G}g~4u#bhEr8%89 zMsI0UhuN9~fBN)Bl=c(SMF^#0;PO&Av=yk`N-~E}0H?hm9wSSfwrw`t_NLF?r@ARR z@avDIS6k!F@;-BlAiu!7wgY{QCpGgGJ<4LuN40bdFSWECPSOve zv!>mb=f6{BHNx_i*~4xf1D&-OsRx&-L2j>*^ipTAl=6I7_1>#}O}i7p!n@MPZby1G z6O6X)__9NzH`&|M=m>U)hW<)bG}Xq_c7aOsCz8%D;7d&GVFV=0!iFt(u3hQIX!ip_ z%d|H7_6VY!~*e!g1iJ#WX_^HS1 zg=+W|PP{CdI7(SScfAEpOb&*D=5vk5Y8Lo6XMz7_D*TLW(lYU&ZXs4DPSlAt#vbGA z+yYkTV@C`2(a5UTEi*SqPNH$KA1k(xwI#=qy7fZL#C5Eo8oI{!V?8YkI9kVfm<1f{ zcn`Axu!FeyotxqJMeDa4zu7rK#tM#aipQ1;5(t@X~H+enQ z9-wOMFCTAh@Ftc%H7O*3B&dEnpIc;v@|{C86Do_ol{HM2 zVt*Fn`*>c@&cz+OJt}Vo?AAK?R6xmF%6C$Bhx)RNCAk%{6dxo-eg#2^$qk=F5$X(k zAz$o!BNC^3h*o6Y&Co`{?v8XGsvkF|W?PJ+wp7$UzukP$Jxud#(ZZHe+{H;+{7+KK zXL~Z5--Hb=(plW$Rx^A8@13{ru-d|gw&ec`<+_YaZ1v`5x8yYWLyoaqVaT^)IiKp= zgUc4W^##5OF>Vb(g0MbX3ziUO{@4h&(HQq4SYvnD^z991gVE0JQr*yglDickEimrs zaWF1P&tPL5V07)w0uJw;9`E0ByyRUT_U;09nTK6o!0z?1`!d)W6K9Y`ICdt#7bbgB zH8#Iv|6|4O%>0td6d97;h@(B#+QxjrxKiZ%eO@PWw7nO2el1}9j-Bmc7H}|>rYn~P z9PAtqvw(xK-_zk)z`@w)>tGfDhTc@4Ps}!}IK6o(M(TS6+*Y%AnFh`3YIYmbIn_;q z>G$hM4*K?qO#>561640KhpoL3%J})jhAnN^7{5S4zjNWmmP+d(9l?Fze+7B9Cz~*z z!ZF3U+4BA5>Ml!{-su~RnmsUMAEnj>c%rzpGyCSDa%!I+Y9oGqv={Vn%s`85eRpY> z_Da`lu})otNn0Z zFyxQaqcf_eS9j(ktnwaMF%*oToR5Vcj zn%(for#Fpahak2J{v_=Y+wV~4PtY2p1o?|{9TocpU4GivekK`?Yz?M!F5~i)Te&N& z)@%mSZF}>3^PQNgv%#>B`N_?&qcJ;?&(y{P&DmUg9c%e^Y5}OzcGq~A1%PRvx;&7- zQoBnuQ-&MV#KKSg?i)gkb?|e9>s^w%F z7>-7qUPstnAuG34afNI--nqHoh)tJW8vFN!bfoLrQ2@C~8a#l_XEBibGmCUW7XR5u&l!$Ed| z>_;Y%E!idKi7fSeji+e=qnT*zu)Lqj^G-C77%W!6;n_SB8rOOn79j56u&+N_WD~fG zO%X^ynY12hG`e#dW3TaPEnsxVHh7o?fE^G(k@pX8FgsOqiD2!JTT+$ z6lXJ+d}xOwa_bw{`Ft$k^1j}~EC5XQ%OO1Vm-`R4ImNe_e42kq4hp@DwXYqHm*~-+ z?7$;yCB?XC)gakuS=IO#b|&BLJxocb$ovM+rv>1RezlJ3T9dL7-{Fqk=y5Cnj`kh* ztk~AZ4V5P!^2%eqOn>%?9f6dRUC5a5kqYl>;beav$({~=l;FF&@X-oCPmvs2P@-c5 z7Ig$Mz)lvbCb^gHOZTpU^A0?D|jj-1$7x z<5l!bcI>?IveP<0U$u22VVg}RyVlPrl4Xsr0BEXBp7r4!$%tE22-_AvK3S;1bnx$9thxbx)#sOT>* zU(q&jUpeXDKW|!**|U-t`4ojsl#}Jm<-3%?341ah)cvKI^qLR!LEMB_2!;mT!*@TL zjYM&SQT*hCk_FJ*j9LB5Z69LtS zEjH_ew|bZb;2(W?n}=Dz!CvQK7I3iJJdcz|nbw zhgkrazT>u;=U-{Z;h6g6=$CnQEo^c5hHg!2CxPvTZf8NTwy_*;N~6vg*zpKU1vK1G z(KMT-E4-OHKxu>otv}GFJNqtRK}N6X>C{s8byRylgLkGB>7UdsJ`EYCIZDXe=Co>k z>64%>8#W8CbtXw2wv|eCpnCghI3|TNx=iUQwWdU8wc0w(r%=LGpM%-JL?Woh4Nu(R%+4$t<1cj2^oA&9kV zdJd2OkGVI2&#S2Z|8MW}p>{(UviojJ45 zoH=vm%$YOE>z(^pxsQ|Ebi$nw#U%?9tuC$O`DxovO8%g6DVMbmGz2t?aiy9o!9*DA zg`c`@MZ;Kz;p#l6P+VtNaZ3 zq&Vl)%(xsbGmbB^K`}3-$fZ}9?e~f;IXVD#7Xr-cO#M-A{o2xQ`j!$I1lt5Xy9Il3 zuE_ng`N5kr`|eS&i-P%=tvUN`o_6B>TWdrs6qi1`eY(Q@sj%Z!#;(!KQwDyVrL%o3 z-r4zhy$o;rczG6Ks-oQE-M!7csI_mQgst6*Xp+fP@^`knY`yBu$F8~8YuRlS?z=b? zY@Q_W7iOhRE+rf)K+=TerQ{^WW^mRH8=B{2JamMGmy%QPNrNXrZ0ey)v3$ z(-~b91D%^4e2Ook#~fesOUoHsoug3MFhx2TzonHWulqEQJUl9uCyjdtJ>tjxv9-tD z?t7yHcQBdx%SfV7;izVKN}=K(uqv%8+hsAm!=7y+{M%?d1WS*1xWda!!5*uEMWQ*n z7qXuk$-gP)LW(z&=VCeD!y2Xukv3Ad)Y=MmYfIhkP$>WK{yW;nb>uPwLdpw+J+jJx zUuXyFU@*LY<96Ww2K-_>a0dh4*$!M}z%R7}jY+xx%WXirETej}_Y@Vib1?cTK*O(l z{JnH{QRm|sQ1brIrj)o%=R;8~zNa~J$FBtyPC@n4^Fj^T<62!r%VIC zaT@re)4&%TF?IfjO#{Dh8u)$Fz-J#hb^d!z13z;b_$|}G|1u4H)1#&?_mFAeXG{bC z$TaYWrh#+kY0B|BX&U&=)4+c-4SdVjO`ZRN)4(UDfv=th{;g@?Gu^&-KUr}~mZ57Qn zp8L}?j@gYy6+hRbJzgQUV_JI~)A}eyG%BUBZ<56AOieg}TEl5@lkt)CEDub7OxNF6 z(~|fo05R+@N88CtV)QK+FC4nt-rV-F3(_6_B_DS|I;wIKeL8W`Z?gN(PdYt_j^h1i z-Wao2dF>%UcVoP4LIEsARaHX4VwBU5xFgu~@l-!zAXt8&>p$u9h+i5m;zPd2FQwc5 z8?x@o*xK)BAgR>8UmRa(3gs#Kqj`e1%u=E}eb7Lj(OjKMXnGf0Pu#Mqnp+BtyY91wDY zc@>b8;!%F%Gx^buQSD#Ace(17+)?}`+L!GUtHJT4S&{cy z^LVP)9OuX3l<&9Z4FcbigOhP`tPjm3HFhp=H;~*-@bzNpXV%_?xb26-`|X1HuXf{h zmlw!PE;vliBDa#eBvp!E2j*q_mwB8QY{*>Mm3p_n=;z8q`CQRB6(_ZyE6w}Wh~j)v z8owETNMQ#oN!vZejQOmeF+Y6X8FTypuVxH%1{q8kd^yz-P7t(Lr% zYIN7e&t+4cpsrp|P)rBVQx8p!tryShAr>@L!DJXu8R~b3#`0~XjM<(o>8_eq!HEa; z@MQ0?0G!;bF>vC+J&mxtk&KWG%JDUh<9a%~JFT$R-^j41tG{PvIoXn&dS;oytL|BL z-3BumUEMS7v53m3nuY2cLV}Lu@1*MMnb}RaEc3~D#u|NQISJgComOYNDGsu#T0+wN zgYj~s5CFk_!jr*OrSsbA>YGA8}c>f z2D;U)DJf<6DUfC^Ebt1qVXB*|XSpIP&%Kw&FBwKUSf?7~~94I*ckwT;& zDAEOrB&Y?&koP6yA1y?BK#?v~Btb1GraDW;KURqJLq)nskp#6Mu{BG2s*g#ei?sM4 z(_Fjsgq`Lfa5CFFn5U^Jtcrtg(4E@0}63U>zndYgX|wz5Vo2})+Ds$`u#u%^r< zQpeBrHan9Pqr*!+!C1-k!iHqTk?XiB>e3{aP}}5Eey%lZ1L3ltM6#h-PcJRIc669+ zl~L8fuPb^Xt$Cr!09&Ys2TNDCnO}1+FEkyUMezifAw#Cg**MU`bPq6B%nSyIWj%{V zEA@mI5D&Z$?umb0-Y2L*^Y*+N`5Vj>f(=^wGiOfIymuw;MQMhXQR@(TwRGN*(>;RX7qMG$vfmu-pMcb*x$vc zzjYHNaXQL2* zMA0m1B{{1QcjMq0;=V_5J>tzgmBHG8pLTp45qPf*+OyF z@({pFPpH@^U3$VnY5y3!n}nX$#qBG>& z`38Jl);}VFu7{+mORZhIU3W-NS6G~)Po>sPb@(V9Q{6|rnZC232NU{RH&T;EC7*j!EV$`BwESiT>kX!SW{25m z{Itfx^{$)u5pVx0+sI@VnAEh4gIOx^*xSTc><_%lSz*D~wpM)0~*Qv9w3_ffgK|KHYiegIEklU+zIMGs^v0ZU(3iS3h- z%u4N`M!9zIdSMv#S@g0+uqA9^XW!P}spKcHDSzDF&I`zv3)ktGh(-7pW8wy&x6t`h zbhBv#x!3B&<~c16BY`JKb6>2GqYzQwiOI)>SUJ0r$$&%I^~^;? zq3MdH`W)dKQ&gFvwk~RXdjTojn%)Rf9q)NtpDQ~J0oM%DzS`|y*TLU->}?LIc;gt? zF1{2mqeo7AtC&@1gxjlv+(m+-DoB-Q7tl2e*7S_;1~QL)fC>zDwmw1kEo>e`34QS= z&E3S^@7?F)9`J4vsyW_$Bk;N2eJk#H-hC(T4ZQma+#7oLbGSG1?zzq2)WMqfES9J4 zJ^RViFwdHv3Dwe9w#IWJH&eM`Z9==tyLa;G;7_|I(eKUp6Wx!-_<{f<4)8?*?i65i2l$czUlw3M08>A#x)Jm$J5ua)8`_ZGlUpLo+L z+Jwnhl;2(aQ2JNp{+e@tUGBS``yRRPb?$G-y)8u$|310D>EPdz``ga_9l5{j-1p1< zJ?H+u+&^&c2ju>tb3Z8ekDU7qk^O+>= zzbLzn*Y0gLS}BO#1>CINAM11P89=$WCX2ALW~0k~B;jr4dVMa|&ze5{Cbv=x6X=jc z;$p|RU={Gb{%ncz`@?c@6cM-_@*mYlbF2@o7~@GQVfBhq^@^j8Y*hOX>a0@pWxuJw zCFMo>GV8W(|5Rm;NP=HVxiL7jHZCoBmSI8`|{*kX6k4_Vhcz*41qugzJIQ@&=yOG8}3po5~bZ$w>e&dsHW}~3J`#f|Gb;0qjX4U z(82m4tv{(`&OY%-d8bMZr(4}=Q{=Oe?0B; zuHbCi_Qzr$ZJtfc((vmDELorQEq@K}!DY@z4;^G(#M=93ddl6fl2{DtCP2Rl^Sq#P z&{v#2x`ZMQidbhp{cfjS8Sl=x>Hd<|u0Ky#r`Hmg)=7sPQ`PA&S)H^@QYQh{r8Ygp zbG30eG%FCV_utdi<-|f=4#(|#10Fi#@((!wqvUJ;jhtVVG5_Ft4xqX?zL4>#Fs6 zRmIh{ey^Ljy5Mc-f`DPPo|!!GWI*^ICor{>1SUBuKCl8Yiw`t zIKB40y`9w>?OH!b{Jvf?!2Kwtk@rb&bN*>5ea{ZImuH}CUwmW+;;g&%cXiSm+d9eN ztkak0zFv+W1+!98-S_t#a{6lY%cYw&T{_Ms{O$U-bo035^L5(OO*(&m)I6VxdTQy3 ziHPtdViJFwA@H=V`BZ*RRI+oE^gv0GY(wb*X@X0$BK#t&Z0Q!Hh{iueJu7yoRdDv13@t7ZJ+T@Z zOKK6smbwb0Cnatk9)cRf-n87NT`05c``}v~tPSTSEa0N&TF^EWjO0qY zP=Wh$A6J0x?3shH+r=3_W$PX#yYb`Jhsb!Kg^ZyIx#sS;H&Ki7u8go2$>Xa<9=&XG z_Lh)k#Jp483o5O=4!#Ln3;pC8*;A{@rDzWfJin=hOx~5tni|1x$YS#sx}I-RJM>}mnE-+xxE-40i~wodSB+YKpe?H^4$ek{*Pr#Xr`q~i#qDJ>#HWyhW1T?j z%Ei}%(y$JXvr@QjKp?42Zf*)WmrzcYxrs(-fb=gLm;*rvxBt$r44;vKK!8tx2_fgN zTK*T6#y%-;$Jot$a{k2DwrcQaqEG}jgIZtn%0Q1Hv8s&fHy!Y+vdnusTVEntSFJSm zFcDf`!DGkfV~^mijS9GO1sK5L5t~(86nbr;V&_^1hsJ)K$J<%)P=IjB7OtsOiO^b~ z9vpj=Sly8+Es{?}SfeeBQ?@nHUD9Q-=+@w>88@n}iM}j&AK7$Pto?2Z!0r{_rT`qkfaxD<6nUVT&(@2KJg#;O$!x2!hHP{_0T=nTlB@Y z#F!ju9N?c$;c^tE+Z%6&PtK97_#F@#MCn?rlHi`P1w=;~Zqk%B~1<=*e z93!AG_Wg8~XhX^;ZGxNI?)kl$0wKW4%x_5D#_Nc8QyQ+0PL-wkAIgselN#kF_FC3>rUDb##yuCt(kPCcs|6)OmwfogpJV><-2fU z5HAppabHGrh- z-v-B|>f;25@z2RQ;o-hIx>@%KMd#vy;gj_c=n+JD-A+I}Vc_uG#IDcD!-|DJFEFRlIhoud8s`S$;; zz5U}XAK7sKS)vZA zo#_t_q~8vp-+Jr4jj*)=%^ed>bXj#)2bU)s0yE7sj{HpXtVU|-C9Fg~J;SbWYVtmkc2-9o!ZWySPn8S#B8ezVZbJ0HGQ(8!7aO!kdDY;)VoNOl3YWB;(epz1wMZ9^6R0(wH_*h-Z1|stwxpiUja{w0 zp;{#wSJ{Vsobr!e_kJigK&wr%1wW0U?X49{adY}%1r_T*Kqy!5C&PQh>0Cb~hzrHns18|=> zO@1ajajCI^tC>|Ekp@g#hTG7VMQvr2?V`J%qq56!Bxz2fjIxEGqWRIjN)EwhAXG`*(@j}FCyLW=98h@0(FTC zDC3qp>~q=sb*?O@)5MmjIA=?V`oyHt=rk2dOUFqBbM0|5V_+WKYu(*XVXmB7uor1g zoo1XQfGV$@;Va7f`#KjpqMTeP6i~hgh8Rs_fv=~p>qQ!4%|T}iw5jqOsS=*Mw_+p1 zbFPoXRbnHo(mCMLrwz^94$s)f+kEc~HeTv*dT#4g6t)Ul*J*cuVCCqyY&3jj(q5WB zWiR=vy4QQ!&@S1II(i+jTCjrDZ&LmyjjRvNQEtv`K&ia2|Dg3kyK7T%w`^P^elkTP zTpKFEl4Y(9SXQ@!>>-=9|7^e)X}D-xXnM~Wlk4tlJ#0)K*?+~HIVP{1U)PmwwjQ_Y0ZD&Q>UC{)! zpx*IE3lVlvggq2NPz#FRqFf#;MA}u6_EaQ6EvR=KIa1d2-4tOjMG(}2;t6u`G;wKw z4oz@2^C08Z&d(ULk}=LBTER-jPh(Pe2tGUL?`__wSf*8&adhDsDMyEWX`QfOTF-JA z!#)<)@GOh5FUws{9*1vSXbJ?2N+y4Z`>81b=ukxQ9Or&Q?s?Ar3%NIxI~-MhBjOjr zQDv9xP5Yc_D+@~Y!9T{KY?-+F#4+i{zKW}yJV`zy+tG?~&3P9dp7|x*$xBH#g1mri zl`7d6|FF(zy#HnR@4tj)-}VnH*hvJv4Fq04hCrd9?~2+_W&avdW%<`e<*c3g8-6YS z;jNWlZB&3!Nu_$-_5rEXquQrQDuvemPa#%gs?^YRia-7{oGC%tlg5}-YeG;9>di!3 zkENNQxt?cosAcj*A(OqbOavX*Pj9xv*;|3C2@2tPCOU~=fYgEU62H@^bPRoPWgN{2kVB2X>c_=q|6&nv2EPK{E5Bn(R-Ccw+!V3oM1k*F?pB zs9!<2p-q}D-b#^)i!!j*WA+D}C^R3MVctnh{t_D^d_*i^}cv1337o_D*N4J zOSg{FE+H!KLG%azpfHqE@_C%^xx#oOvKdAJ21#1HP+1lP|F9mBiDBp2+@9Nr$`yNS zcLe#7w=;b%BkhES9L$sw@zYLd$ZHU>HnDmMZgq7|d39AA>bgH6w%Iu>uEC8Sg1&eQ zV)rHoFpT!tt3#ADAbBP5$JB2a#(4vU&dE)8xnfbKNsGjES6R9>tTWLnj{!_h(FNYq zyY-%6YxZEgr`Iq&qs!?VTEC@Qk0P-3Y~wL$dm+U?nW8dzm@lZ7mgCR#D~=aa?tOj1 zX3)1R?{~H3UH-q4_miIJyow$fwyEbTAC8KSnUa^(^_|x@%#L5+Jr4*IOID$-p{~Q# z7x!voAbWE6^Szq-wq8xfY_40&l93i#qeS0D=a@) zXdO%twyl~IMe&@~adhION6ortOqPd#0Dj*v%G2v$e5 z`uz|DGp^GZ zx_0$8ugaFPaq)v8?DSETWQq_D;=1*;oydD(BRQJDO8v2o$OmjX2yDtucc>EmpDBhE zq@yXWE(`{D3pRQP?>^zEX#VKU{FIW{k?G>#BV~J_+=pnz;AKOFc!&-wJS4cdy}<{ZaCID#kMbISEK`sp!E);OVfA@_5WdB=k-Pc&(?WiGC_iKU1Rd8;e75p?t2j5>Wb0gey_ToSJidLC z{UNOsEyl)mxuc^sSV;ktEg8oteDyCow9Fs%%-GZS zygB7EOZJjDQ#O7TEJ^c+3NVfo>&AMo=U|G84-isy#0TImg-{#y?5Q-`o)%9R4bM0H zoNlr6adS`)*4JO8FmnLY-gFkKzJxHHvhk06CGFVp*k>G{{DHmF%jWY^S+M{gYtg-hdw3UFuKR{#^yiisF} z`U(^yr~+g~j`gJXhV1iwU zca+PFh4%I|9y6j@;S%B)V|yBfgtCdS^8Ipjb$3~vyRo#mtr~YRNGp$YI1_H}M%|q~ zGu?Ia1`bLMx@Uq@F{!a)e%O;vMIRaEjKhzgp{nz5Vn){`GnQ-*Nf6#G1M-z3?&KHr zO35zN$?ObsYyknNo3d$sp-8wp54p%(_CH@E53l?2GO{f4uv4IPsh}DcA4qGO`}C(% z(S$)Ry}w*mviGyNTzQ0vzu{aCqh}jK*HTb4aKtb=6YMtMO{1~wJrfUa4$(RAI&SM3 z?=PRRg{CmUOuB%UHQW`IxoNJ+c?Q&8Bw`2R%Sz5SsATieMj7xz0}5}W!SyoeMFvIN zC~y+DN`4VN<->FPr`^HZi1>}E`<|EO$*W|~qH(ctw%S`UHQ&zGk$Adl)r5<85f(;I z)@S~`9ddH%?@^~#NdzNm zJpctx-U#(WWM-e%!$LlDmRk4IvCiEnuVkgs0CZ84N?)}#S7A+3R+5%28J=Es1qfq; zA5uofJLNi=8Lm7FA&9{%UMKdFL{UgDN%TszW&)$r>(QF0t5mI-Oxn-a@2)Lbv{~Z# z@-SE$?BH!-YA(Q;1&p>D0L33< zp@qS;1%PWDc7!DHZs(9Tx;!O}yQ@-z*p(SOBaBXsf9cPy6>U2FVf=C;xl4G)>N`sA zz{c%Z25z2t<5Q*hP}0PwGyFmbJAxEBMq$pGJAx+9*DPPg&uNV247*2esq9)3R4{^; z3=Y^jQi-&2|+C=-WUW(UJNYcR(LhOgqjW=Y}pO>=DGSeJkr_z3aV9@?XD>Q4w4&J z`eNl*Q%1TjIYK%1=&qZqgTZEdxIMGq3eB!@RJVDtz14d9{5tPsfN-Tmxgn3&J*gfyxsxQ*LPrhcPLcHWDh>%NO zN}iTm>8Zy*ard3LlctgLoPc&w5X_hG-fpnQuP0(DSwlQF-C=wT-m={*F2lARr(6uy zccQm#KkXFv=O9M~i!aJ#AHPa@GjmWd{2Hv0%kHea2pm$=?TTmb z12DL9NAaHsZ2g5F%64?e=_-@8TZCT-+kNbdC^0#e8hCQ*`?{fff?5E;lMT%_J6cXT zp6q{SO4LiqO6W#%IzP@ymgJVa34m+A1IM>8nO$3lH3gm1r#^$o-X6lPgt1P(8OZ#O z6~V*`v0y&hDuAYfRq(SHS8;zQ)sQy!Yvw-2Z<=D16oqvn;Ptl+jth2u#OCAdwch~A z@t@ZwtsQ5QgKtOt>AVS>s0`NzyR@B*Sv(D8DH+G@n&aHbTk>l7eL`n&I60uWmG^1> zhHDs~L_RCUL-Hu2aUshf*Q?wUtL~w3$4NxSe)*RNDrV{~ePKYoAj3J1AJ`zc9Y5MD z-6gxDh=n*!PtK#E%t7oy$l*Rp&HUO-rfF2a8PVFrHx0RixnGxJb8vSeDq*k3p@Ps!6{`QJ9le~$Oh;{Zroff9Y${HbbiE+LEh z>yK4|F6yfrZQ&f6HBSF#&km}9W^C{3QA*Bp8I5>` zEZ6eL%6*3m&+~kz0Vb9EE&=m6S6ZAxx$hRBt=y|DO0itaBP;hkEtVIpsn2ZS(IYAmPc0Z`(1dR=XC~{RPF}^%;T)KIE8Yr7oe@&8!Sq(T+3q~ zTM5yG4)8Jl1as0BgI>Z;F{9qsPq+HVCRe!Hcfk2g$v46R|Z%q$@Z1 zPXYfg{^quxvsxja)sgYyRq6aLHGiks2hUb--AL`no=fMu9La}VcWJ(x|E5X)4^Q%c zWE#I@9w*W#75cZY^-*FWn`nKEZ}M?|7I7ov6S=3q^~u~bxU6+^=Id*H3U{Nzd*!#_ zV1M9}Yll$p@ATB8)2N3o#Je$iWzcnGP_1i>O16r|w-TM;;P8@N?sLm#{28DwXaVMW zZ}V}aYpG38gSumskzLdbq_t%<_Fas0P0(*=e!YECzoL>bsb5`;V!xuQFh#$%$5X$e#xPx7 zEpoA6+1gEq0~VyZ-Z81Js76extBX;rD+ldU)U`dH>dN{1bal1J|J%B5vJQ1!xQ=z@ zIi7!6*Ztyuig0Rg(97l1{}I8-b;a^ShLrS-b%dGj@w~13g2Um#Hdi_69{IM#P$qy& zas~ceD3hhKp|991)_3A7->@FQ2O;ah_=pT8ies1Lbg zKNs(ANfpX~<2nUp1?tJ}x;@ZT^@R*q&4~AAth(o! zy8`v1{uSQe{1(wCjcj!y1$B(?#_;J>k7qd-352%y`i_clEqu` zYu5`G^B!%yP(CZ08w?^Oz?KQNjeb7w2nTs`)Z}C(=Aa*RMya&|eZ=m*6J4S@kKV)f z*H4VUU(~j!t)+40c)qx8b!Y3Lx{LogfjXh!Slm-R zk_}2W@_lEe<5aSnn(NIdxn59C^)lMFQC#Nf`p(BR54z&rI+6Mp)i z@?hq^!EATFQe~)vUU)|?7<%G%OefN-Hc{$+B2`?(TNBi@)_SBvCq+R|C6_Q~qz4)kWl z#2Gw%N&K!Txr#YtfYR+E|dHLk=z-ObG%;bu=X8>=Ox zQH1gdJ(b5Q)|7oIB18MP}VU+34f?mVEiJLM$M$t=b_xEqynvZs1` z;pn}1`wtq^Cp6Ds{k6ughcTz$b=S`LOp16^Jf3*KFsKHveSO-_3eu?{;5b0{ZSQlL zk9||wE$nnvE5+Z!o9sb>PG1jAnQsGWeTN?;3vXkvyR4w9D+mFQE2lqLvP)V{N3bd7 zysFq{mvK4Si<}$9nx?jUt3eMYmPp2Uxb&}?D*fK;l0FI`q5;R||7oAMSCG8YzTEaD zX&r09tATUkKdFr5es$pY_-UAN63(2ykB5`+eW*IVAK*h7AKGqqCN@Ov$k~}F7HZ?i zdKCt9f{jN4MYgfr{bjEFeL@|#)yITMerprl7mm+_1g46dFQvHF4+)Aj4C8UQhCN_@snn_uQL3RG8EK;;&Z@!LdD>SMyGwxR zGM`@uX5@5=Vlk9MS;<3`wa5jRl85mWd&p6GH!kyoO?FMo>Ie>_J;$o7cr&KF$<=J# zwRLmK(jFmiV_(w3ehi>tL)6>ex^$|$au)=P_f5+!n~n<--G8H8HSqcKpS^9Gf8Fda za+WaVIIUM0rWzMrhEn=ZT3Ym7WZyaQYn}pPx|ift?y)K`B0vLgEc!dVFHt#b&_@ID*M>@#d_E zk~roiz414z97b-W9QxypNL??T_9|Y3Po7f#Hv))~pHhm)L3ozutFL6elH0BrL7 zEy4$A_x<-nSWN9PIi1g5%^k;L zzG@oy-P6GTJ`H@^w@#h^;nTq1IT=28yf>}4IsVl+L2`pLr|##hhaJx~H$dejKyPQt zF-f*X`%ld6&p;Dr$*?ihLxR$2@c-yOBoPr#LmeeVN#_EP&h(z1p?Hqg-vIhGZ=)^J zBdZTT0JM}WBS9%ak1dM(81VSzFqnn2>-Yo)#JD!IlocO~*LEi0($!>O;VymhH0g&I zwgXGaEV53XQr7G7)6-GKX2xE?Y6+*4QGB6D$VI9tI!^A|M(a&fbYTz2DJ0;?|BSYJ z+q%&P{Uxml%|K#&8yn3G%N>rTGCFwrehr#z$(VzRN}i~*^?PxjD_lmSg}27`#yh3{ zP(d9dS$Eqp43H+`f#ez``_m>zOI{*wB5Gm-{M0DfPheQ}dU7_dXk{;HIJ-A?x%p2B z`jY2Q@;*=TPWw}hwEksF%zGHoNjvs@MankYZ)UQE<(03am16_oZn{(%?F66ar1)$O z@&`6Ig_#4G!|^!aLRNq#;R`hWB01praTL;eit9Ys0!coo`F#=eWb98&t1v!Yv;#DR z-mn@+ot06+<6W5E?8ih6k|&wU>}bD5y&+h?l8<3p`6RiUO@d1m&=KFxH1Cd9(jUA! zhq8~>IFx;!vQdkYKdYcU$QCXwK7a~1F|*Wu`k)*NUX3!32DwlxLSSmpp5(EHC_&xD zX}$IE`V{JusGEQhE-~I+$$iLZ-56q;<~JEn=o&Mb}ie7@q52ARJ)t_lz6(l|qKGKQp$KQT+}-M~g$}?(dDqG&)Z) zw4K(0)#Pd1T%FON*7}p@2zGG|C2GbJc|EirOreK1s+r*~<(e~jlmQ<(gCeu7=C9LU zts~d-72&0mye5bMv^8P`RTp8JN3p)i)d2&W8UXc=*KW z$DS9w_)fQ<581Qr`0};KOnTdksMyCDGu|2eBkj=b7i7U@Zom9ZpYqs0^ywHwTFgyj zx8}`bJ%0=7IC@LxyV$kjn&uEcl?}fO6K>Pp?kcVH#C?D)%C@0Nr_I-)jEx~l-wN}{ z&F+-d%;@6g+q$-jcie##pQ3IVJ%88KEEHoacw=vX70(3^``8;3vNAbX0 z5_Ib{dAa0uOJ1^tqg|ew(&+qrexAsu=;#J19W@7KI6B%9ydL*$dB6T&sNdGdN=s0*C*2u9z>WBT6`FvOoxKQc#DWeDi%Zm>T?OR%* zS}un1Gbm$;L9MxF5>NbJEx3;0FTP;?Y5ZRp#aBYvhGU9~n%kX2+x~~?ocv8c#`EZf&oR&`H4M=jmEsgk{;9BLmy5U9^*HEM{ z9Mupd4~aO}35(ChWk*HvS-1*Yj!OJj`h>mAU--oDpwsM>Kr4h6Mja0fSIMDPa&`+v z(?^8{tg@GJR8vi!BcV&4@RCt90^{io{r+q_*6DI`IZ!^A@VWSU&@s7&MY`1b9sX5r z09X->(~CUyX5(V$ReX;ypOa6PhPR=NVjBnXI~K@u`yydJ!Y^p>V%_9p`w`@{2XQvE zXUe%S^W1fr3!9Jub750H`CO=TVGw$@P?>A*V-D(qZiwQ$6@Yq(Kez|@H(oGY`XLZ)rOEV8I?LJuJjD2A>qJ5KwXnP1N&Gd!m81BSlFw2farbq* zMWkD2qFT^1|0;lwye*N#;m!1GJMtKTgfseDD)@b5eb#!%W4&M#hW^LYul0ARkS;0L zD==o!s6K@)Q5CQ2d)pHEaBV=GnXWnX+V~-9_&UPD@F!;^aGty3d-`D1CB+gA6Z*gtaZhel`sJfE> zGfPe<^W1pM&@9oGYZdg(Z@ECXKC{kP%kP!y{=4>G?wnC}%J!kpex^PPX47Y03L{11 zBFCBy_+L~{Qt(J;qAD6Hnm~TR`GlB2K09E|PXui5;4<{rx~w?ve%lNx>`ccRw9w_f zcJs&MLigUJ?)|m8S5OOzFQaB`7)^7-kFL%B33F7vYwMt<+HnNMtJsmM3)F@$3 z77gpL(7eqnX@;|0psh%snFHlf<^EbcpR8~V(1SOFyg27{ckr8>M-JT`g)N4seciz; zj!w@EHw^wxuRWuFj?~ZKW;YG>-M!zW?smPh_68vuRiYH0kHr+-%N2Ap3OZ8=GpgTw z0(2I7-G>SJyJ|W5(}|b}D`NKMg|7dwy52Bb&~g13X7lvS_%BLaNdLWl-a?^co&4~y z<(jCh>~e%Z_=1#Lj%v+JZUt|LrC;GIqqcd$C7>ukkIwvE$Tzj^WKszIPv=#C&vOJ&s<_jCxrh{*}7vR zH3gcdUI;;!aye?B1a}S{q&!QuGN!lreaP}Wq|;0mmN;s%HE2VHn6qXV3`&WLN}i=p zI?Y~lZz>^$>9hS~x4l98SK8al*?C^Ex2dAG@oo54GdjgqW2Z6#((jr^1;k8o8PW>; zFAC%a#7;`$L2soZ7&Z_)Gh_>ltFcZ7Dz;pTi&Z0ZAug+R_U>{NfCxloKaW(b%t^h< z>-U}hJIZTRM%25kG=CK0Uju54o?Ff0#1V%~4WF!%Fgfb(9BBJ68KB#tpZtdpHzwq7v=N?qGiY zqLi%rr%cDUA)Vc@V8NDc`{WeZ1$P^>bLdm#)BfJk_*TSEXnnnJC)Lo*KE#K#FGhv; zjZOmtozWNnkkL5emgmhtB4Zy{QsO*=^qC~P2T~avN&ck%^-&!#IhD%$XOVWB@>wLK zpzV)ZxEFKtJF+%+UmV>1k5q27FnDIx41eEggMeG{0c%%x$#vadXkgu4_vCG`r3C6l zurU4@17!v}YWCJSG*{GQxRVGqx8R9Q>>C`p7IQWBJcFdLm!2@d+I}eA=?&ayZ5kZ8 z_!G<}txna8H+HUp8s69}V^~pr%a3I==sK3UfVaQg*UIcaIQ}y|W$Y&McZ<+xAdt~b zEgL{zBE+?CaK10Gl9gCdiIqZ$1256|Q&LvgsWk8gSA2h3kTu?bl{8)!bQSTV+xwc=4AUO4kj#7DMd1gn90@#xHGg(<`!(Z32 zkkInzi{IIv1$|iw&ZDk#G;dP2Ca-VU`Uu61ZA-6V0K`mllv{PCa@~E@S&O<#{z<_b*}xJW1yP6!5l^gMKDUbvY%PC(%uak z9Q5oEbSBAidWK-(ySZs3H7Yb{f20g-pns?jKW|2eNmzCxxOclJ{S} ze+)-8%%x-}nvr~x4zF8x>1pvJ8RMc3FboR$1YC-6?d;(d>!A0IOsgK=4|*Lziz!1G zGfHNT@AWDqk{FlGDgvC-OYp$|YXA~7ha=Y@?QPv7pY!t`)3VWy?_D~b# zgj(*D?JDeTplaThgZ3k-Er-M|{B|}^x|mgVW7?XUb*S1a;EC>BdP@!rw9QtIN3Gt@ z=0h$X6Yfg?9MTwUTdYr61~wpK7*vQ~tp@ie_rOC^AvJ3Ly~N+)Hh#SSa-!~VBYwN- zp4>bx{@TPS#=Yr!%nj<~CB*ITgD%y}FvbhfJqh zb$6zOcpUW4?5h>Ct+i$A-y2|SXBg2f;_C43uwd^GrhN6>;6B>Jc|>{=-P_FRpEHf& z4tfjbDs%ehg6id!M=(bl(TLUre{k-IWpn8zbgl$H9nL_6BV<1CvNX_(i8{lTTcUT> z6|O{1#ao@u5Mx?1pJ?DxpJUaG;dR(El(p8o!5WLv%aGTp2V0NURRGz`9?n5!Pqb0% zZ>)sc2z5v0)=GlRKu2|$HJDS{sC7XK>aMg-OWnQLdmmmzjFQv%k6M>0(<-@CEqynZ zDOz7iqjLno@E9U?SBs5}CxFL4q9@F_W~q6S+VM;48Es1_^V?}A_S|pD*(Irz`dd5! z?dnRT%*Y58==sx*38_csbI+*6#12-AJ2E-^HGZb1!;+2;8 zViLDk_JXvsBfG9u*~`>q_wb#)K=+o>pNC1ngWx`y(r83_(E2B z`*rAA%&PUEW%SKLw}i`a+0>U{nD%sYn67WC3)>yNiLi|$+3niVkHX*Z33Ip> z(THe7X(hUXm{uySW1kMS{{VReT=un3-o1wGMC<5u<3TGrg8wAxfo{Xl&D- zKgD{!>U!SpfU>@)=jOL$4D;7SWf=`E?r=f%5N_}rOt`TZ!%pWMo!m$L z-O+4w{$)U2!uTF7AGr$Nbf?@Y@0q{-wqEc%N;~WYYvTZ8%D9bMlh!)%P{WdE>F?n~ zh(Kc$!y40BvG!RYQv6>4?}};C?m-q@7d z>g)2p*oMs8$2;DH%Jw#|qb!G6YfG3*`I$~Va*a4$hdkKXsJH&X>V}!C-;j&bORwhE z_?($5^+vLWXkNYOaWn5%b++}y=W2fhn`^sr*Ydkmo2_lbHy>=bgS<*CR+^(UL!0gn zheXz$$v45Fp2*!Lgd>WN&KIE{z>}1kmE$X!PrNqa=94+7Z+%1QG&nt#Q}X`(zdE1RRZrzw>hs1Is1Bu-KcqLncS$|n z;QXDzS?fGGzK_9qKBWqhPoAqOedC_~OGF9&366+<$wr%`&oH&c`xqBo4pKNl#VGgT z%6ixY4ad5BW2qGXh#E9Z{#;P((LPDKq5F`Z{uS<(+>_;3HZeKeOK-DSh$@9Wj;k2$ z&`N|$lP4v#ZV%QSXis&9>YBO)#i()T?q!-|ye>LVZ=t5V9C zYOM&X@egT^GsaV`#P{RzM;CXlEy{BFcMUO>(a^O662#oSeb*zqU~X{e%5)!C4qi+VoB|Z_Cm(NwF%QrYoEc+M69Ulx(C_6GVR|{{aIl?Hm^mCwRaty`3G>sv z&A+K)c#qU0`-*#%+iobpjGC3*Y0>fgJ)<>ZtUlrB9XjDJRz)`UiBX1$#d zBWG)`xLoZbVyX2czd2&0^mF;%DW2DZms2o1AMOtSj7b1Svq$9au*)Dyl#R2-mBLkn zDA6xN;-dbGC{glrC%>Nby14c!fm_Q=R_BJ6HVD1#2rQzV+=4bxs#yGGiv!A z=UT9Wvh;82;dRVxDSn2uVOh6q=6TCh<5Z*`{|309>)_OWp84&!17izZ{QY&vxDY=b zO5w(e6c5Zn9f9qf!ps3och7d_%if*7exkjvpQd_IqTlwu{ycM0zbn6&o-HNa9; zv_9aiDp)ijs0FoZc*kCeH|+0g?FsYSobis})ZX}iXqL)TkiM_dS9LRoD;M#hgPFs@ z4oqR@047`euj9*c9CYp}IbEg*Gj8YTL*-DC!@34*52k|@cX z@q61Sq1GAkloG#jV9q+D?2WKN5tXGEA+QiLat6uhqB2bybV*7VJ8}Ozbn(T(0r8ELa7m+;|GB z$x4uOWUbn-dt$Y#R=0$Ua46n?Da0Y2HV^L+%~26 z#n$sZ)74g%2I}5EVSmOfNt^|nwOop87PJJ$5E>iOILi!=R(6Uk>To%S~VR5$(W;r#Fx=VXZ!8ETtxTM*jv3-AnrMgQ#yx zeFvyXtA{0XLQo5u*dJG}2(qOVLC^-7P&4OT@(D6tc>nI)4~u6rauZtdQa;+JcGy*wQuCWM4|#^6uKJ2cOMtj|YEY|6eR!%#b!VM;Et#h^U1&8`k%C%K zs~7Lsp?IfRClsVNGB+TtBd~M~>&9V%Yuzvh<+29a+NXDc)OY&FyFer>CF@g&v-{-% zeE^KxiV;aIv4^Ep-*ip+7VR&se0ts16xA$B^xM9ssOb28wx(px7;TLLcU@dlzGHY% zTvPHUr@Xcx*_xtElYSbKt|=+cxvso+zNYAoiDVkzR~`JC5{|0t<39-ZTs@tAaO4qL zocND~dcN0=CLG`Ey1kkVP&v;W{c>&Qh(U5ZQBSaNDCLPd&Ay2nJ2%e@z2GLSbwY8T zZ>Wy8dH#Da(V>d*YX0t*G2x4^9zUG+q^P(VY22g{)Pg1s5lVprZVtfIuRRAwL?5S` z1Mhox+Z>of_W2w*x=`?zRxlkiA?Ub%+#EOx*EDlLLCpUM$r0~C6#C!R{U{t&1UFLY ze$9>5qlLKBj@9PW=sy~(s@ZvBQDUwGYj zp8wibF%AslZTN7csEgTS4Uo}%FU~*$4{WEQao8s1V=*zwV;V()s==P`%~bvlkh}m1sx;W61UTk zML-H8YK&!MgIQQtg$*8WkX1_NFm^Jfg{?VIld)6ebk=xmeMB=uZ)$EEtYYu;JJlnV z`ERS{!(1V_*oiD99lJy)vu_|p)IX+#(WpF5Z$u~J&Ha@|dxJ)*Zmp)Yt6Nw6?i$h@ zM5C%2`p(*V!%oBP*#0`zfEJ_c583Xpm7(n|8DG4#O}zTV7?L*Lnl+rECI6yA6rhnhsQ(}v zte!@iVX~3(YS0)HdT3)vAJ~S@_<1v7(SAiG%B@hKyUf-@Tk!q()5yUUWwIZ^zs;Za z@*JdQJip+3;MZON>gzUfz$A-2j4zy0cZ$GkO#_#kzm8V6yGA1&lrkjEsL+O2M>vBTapAHDxtOi_fEU)2jrq8H zN|ai#cY^YFiH9w9)vjz$SasT_&ClY<&(?H`I^m?o81rmWU1^)5PORt7-|h{T{@D$u z&Z76r

v)CjA99PW$UcpagCurk`u$X2_6afHs#x;q2(*h zW9zu#?^p+k5Y?QRqrK#T6 z(U@^P*;5_bmHe1MMi^>X0;YjSUmb~WX)m6kK3+wY+ z-Mz2&_xxz`BAPfdLsFEPwVEzQFk zu!H$iR{AG+gFmfDQozu#>z~e%B=_pg$8vYP#j%_c&E16PZ9bXJhP6kx9jo($$@C0~ zj@Kdt(YS2e7Nhn}AZ@VE>Fa5Y&Pu5+z|hZmIyc zuy>NM!{h+1ecbZSyT_@(bgg=vmX>J_R}Z9Su5RYAdZ6->)#Ei;Jp>)s&qPZ}f;)=! zki?|JZrzlcy;sv;=Yxu_Ua$BU^}2c-4kIh?kgPmGEokD+>sX$#e653gdHaO}t(dVL z8zs5tY#0mq;A`BwfNZm{Qz=lgIZ^A5?g#N=JXoA6cktv0^IBKwrMgq?ve%8Vm$!rn zOFiA^iQWCPDb%}Imu(#Gbq3q6a8pCPs#GF2qCEHNIGk&goWf7Nbto0)*2iIL`4Rji zTabChYQ?>ZrFfDp1yQ~xW0)6QNnZLFwzeWFm?KRrhUAz^|7j$urtp4cpE%vANL}CTC0zj z5uwn>Shn=CzN!0|`K>}q$%{xw9dr-paQbKwf9{F!a7N)w3dv9c#{VOz$ zo#hZ`{m4lpwq_!gOb~&^B4PwW0WZ^YoVsLs+S4zk%>GM|p6T9Ja~0|A8d@}=+Gpd@ z6P!uht%%!x*rkUKM5%9zW30~@iEcl}8sC=1F+n=S1Ho=? zbOo=@?vbw-+(8*^TJt?du1wIn9ZJIf?K*fNe=-a+NPVUJ(^+jkw+&UgSEIKvV0T6H zwQNV6YKJZwq0O%2%GS|DTE(tmE?vGTatY1tMNA)?qTmtgxXoLvIR^_P*$tA$^&dQ@~@U1<-G zIuH~;z6}tYf;D}dNX;-Y5tfxQx_cZ6;UDV3p5%2fdD(#}x5(9&#*n1osn$xVYTE`o z%=9$o7gNxf*s}CILsziqMXv5wkG}(qPx-;qDb~q~1ht?EE!4&jiomSJ4<4_I_AU;d zj}E<=IM5;O`{K7KKDCDqU8Rgghs@z%?-opJy6%gm0jD{(GU>TcOd-=a_8MX@;d4iL8e{CtH={U!p?Z`Ue@0sZwVCB0N*hHS1pu zEwrUFJ-=-Pd-1#!Sr~s0*A>8GG5+JUwt2=i`B9XPAMbyTqGBcu^x(zx$p__c4dGhM zMrr+5!-1rCMY;m5nn#ltRU0OT87eO13wQ*u+TJ2Vr)qNom1dS@g(us9G>cMQjM4X` z{caBOPi3t0wjQ+mkH@I)lj!>yv?M-{n5=3=e1PJhy!#~hvU&XT~4-$Nsv z;un=!U62$N^rqvBXe&$Bdx>jx@oU+&>L9IU<{&-m+xt?OIUMZ$Da;%Wc3lcHhl70} zg_*;_R;Ms?IN0?m%p4AOLkcs8gMBcCnZvTrGgzX`H`u?fXUouVl{z7{CH2wgaGWGM8xIaYB zEbrjh#-{(ujbLccKaBSDT4=_CzKf_A2iz`;lFXUh3W5&Lh7k_qYx3~S>B9d&VPSl2 z9-cW}`1dXRiab1Xy6{^p{2h6C=5*n2xA1r8;hEEgH!Yl|rS;F8F8lxse@`BsIbHZN z3x9teo;h9kYzwFRISJKoyjndhvz|6)vc1{EUhh5lX<2vk99F2hZF-}@n!SCAkUosF zTCJ{d5SjJC>dHVEXDwb`nG?oY|F5ph4dbk}t1I)uIIH{W$_9l&SzXz%Fa)bB5SOeK z91m!(o!0lla8&crE}z7E!tu2ZhkmSb(AF(9P4~9Jo%`)_ALHEgN#qQdmE$Yrmgs}{SIND? zxv!RcTjzeS+_7`NPj2`o#lKE&9auQQ(yM4nCBb+z1iN{HA>3Y6mXXCrr z(GawXK{$&)Mbkg+*B|E#mUJ^94SE2sMVMDw(EuJbH6ph8aVVIAH8>tDTui|lCl3}< zreF=32Maq>utv{=g{CQ31L?t{94T01>cJuyDOkhn!NTAatdTZwWJ;kRv*fNMF3+GIG8yc46Jl8b2!+?1QQ=1)|WnFofs1=-EPeXoNl*Z z0-8(TPnB#3BgyC3N0mJ6bzd)w95tZUo(U4u!QCaZpFjQ)BA1for1P7;QAmI{neYUs zh^673NWg()j0xAeDV&CWXQwLJKEh$_uGFGr7#p6cAivY=RAmbQ+G2Ilc+n@HQf0OF zn}fK(Zb@P0aIjCOFmpKAttreL4)&Q8W)5JIDXieDe~4umU^}d}g^ov7%I7Otpq7uQdG>XZ zw;5E5w{`3R??MS<%FpGR(r4KgI+QdYaCl%5O2#_6x3x>jt|W}VMgb1I{*W-bl$;FD zKDacg*rbnAt!o_vy0FNr0K|8ZG~M4i{Yvo-aKRbh@J(VkzM(((6&YMF{8_n%R?BF= zLNmVM^LU~}zwr&^FnkBmT|;?=F@qB1dn`(<-z@H>234m=i4BxN&oHQliTmqW4o4gG zi}+!AqePC24`lPdrcb|arCx4vK5Z%W>uO}QH~x}A_3NN+RsXs{^=nYA>KbzlE-O8z zd{k}eUVq*gR@LlgI2w0tB*E|L5P~7st&0V2M|4V_~ikjq+zVy z^8nG%F!s%iccWxK^aEM@bvV8|0T<7JTQiZjPb)$jT0=cRB-V|E2Z*>j6!id+)i753 z9iT7%7ItVn-ftLaDD)4JwT8pzy{0!w*duUV`YHb9l!?K076z`*q9jLRtK=* zFu<1`z(&FVcLT6`fU3MbZ*zDgR9&Fg502ladFbi>14MOnUr-C0&^cT4Tqa#>54vhX zRF8b_Dy##R+9)~JNWt8`oor!nWA6AMc4?v~?w$LOFxCUvdCtvb?ap)hn@?u$iF;f* zj&5`WN0Rpm#F)s{|!Y^LRLYg`+Z-PKO$a*-~+*_okK#}=6rJs zH8V@6uDp_!$0|5wc?;`i_ARokY$Y`PIZP^$pYy9fhlFT-hFc9Quiv{l$qHI~QNLAA z-j?rQyMk*8V{r4cqD_@2j0vhTY10d4TXOB0{S=Q@$;|UAtd@kyY?h;>2^&eI|kz3(&0>Gcg(*qIX^b0X@1FOj7x%?HHv>l<5Q7<^?~N5{uYGs zj|p3p&X?Cv^qu56{us4Rr|EBr;ijpe7Bul7t~uGHx`tMyldAN=)IHEVIdf0A{&F)%g(vb9%`1#;&&s5qAb4D8}}nC?`?jQM!6}HDURK6QVKH0 z-zD>kV;y}5lvbW()?a$k~YwWrDY6TWlh3XR@r1xkQUiDp)3RQw19-ffPlzS7TILC ziXs96BC;tih%3q_AW{SsL_{`G1hxLZzjJ5iPTB;07hgaBeA;L3Id?mEKlj{o&*hOn zg_lob=LeSP6sWBd9nX+WUZ+fC*H3l`_VnP!5`2TPB*^(wF%wkB!6$=*Uk+ycf#DVg zrv{5AXLhTbgN?V!&I;UJn;%fO^;PUPX=!Lv&alJy6BG(t^{axce*m(g>!}s>#cUov z7&lytpPz<5pVf3Y{3{wh>!bgm%=HhF#E7uwHT>&>f1qQIJ>)N}c||Ccu37T~OL=zB zo*Ddre()3D4>Tl-{UBG}^`!iFyN0zqJm;U)V0%JbbDug^CFW6ky&k*|)stLCiL3De zIODxQPfXF@7>(wVTmQ>Y+7!Q%mW~DiT=80&kpXzlZiH) zTgL5EuTs)%`5k|{@kUXXpKe0eYg(^|KlHr@?%&P}qk~zcoi+!naJKL~O- z!#|jhyA8)t#~}c^VtpvzS-^+!UHiAW+U!TP72Fx}p5`GrycQkNvH5(`b1F!x(PTep zvO~UH8Ofe5ap8wwD71Y^ZGSkaj0kI9(amc6ZT0g#3Ycm!rP32?C3r)a_K@PNHapPX zn{hii_zhp!pYg}-a)UHyn>|m!1I(*YwD#n16@gh}&0zU)+Yqe>VGBM^#n#HhuQ$Nc zYyhI1Tu7uC`3g1KOu=kd>C{lVnoFn_eGj{+J=$@^ThmckHP+`7e@o4%sLo2MdoswD z`g=h(q@gs^Rv~HkwT!_^GV?|64o}rk5L|zcHXBl|Y_bGpQbmdD=IX8p^id zwB(!ybz*Jfc?#JuUV)lq<@~qM_IIPrwv@aEe>GI0!|$qBX6GjkKTFTzG?`9j)6{$% zW-gk=^GMuD{mZo4QMlrx`AHXCH&dLBmzXy(Tk(0CeHxpWND^h8VwAd)5&yqp5Q4j(P@DTeAQTi;X<|~;U!FP!K@TmIxUs#Z=4xb8CCa$>+KbT=d8kM-WhPl;S<%KP$r0gF867!2m} zGl<*Q)au8k6>YPHG$9;=XU}EX#l+zQ#p+2+F?;~7_+WmhqkJKRX zn!*6{^BtAAhk3>Lv_klL7q$C21*t|~W_GKUvneGXx2vZ%5wGUmlEO?qK{Iti79+x% zS3Cr#+gmHK$4*weReSBdL(h-e>Q}E5qc>P}g&#M_V?iJB2@3X_cm znixsLwU+{OkMlUD8>FVxwyb}(@WF%q4`%7~W_OLLTh_90?nYfOvW7&nDHvFQc zI6WLO2l0QG#Wx4>!M&8>%mGgKA~xkqwymMvphRH-f?#o+RKGpx`3j4KNmfEP|2VEZ zjHZxvwu#qXN(d_Ohi}3c)c8YhTJ9*gZ1f8V3y(H&EpI=ARwoD$9 zTWn37$>YX}E+AJkYaZ4=iPPyxhV>)m=C(h%l}GQfZg83Rs{@wWcbBH*iUjJ{kYoF< zV(#AAYd$8!(^(&M6=}ZL(`@;h&Gj%E%=0fi{bqYf$;oe_YpM_Ed|htI$%Vh2`WGI# zmtnsM#;KNv*XjH|LcD9~n<3i`Q_c0ffs^9B+!CSb1 zdqs%wqm|jwjHMpHYE0(sePIBe=63KwRLRizIb^PmB@-W&4 zrHN7tJl??%ZzpMaG0PF+*shgyPuJ1ZM(RHH`L8fV$NvM$WL zJJK+vC?a-z0{&>Uk(D-?Ckkq;q8j!l;VP!R5WRH$N2 zs)%a1QxPvMqP92GRYlY}hSK?Jp4QWb()nkO+TbpwbxnqX=AGy(19QePo8#Ezv~8aa zet1KsE4xatJrzB@*tUKP7uHH9@hit?Qu}?9)|O+Kd~4kwleh6k*hkbJb>)fmTR}Bv zQQ*0=D0kvC(a{s6psR4x3FuzPZf&qCZi-e>D(rF-g;ZS(qvT`t*)B9L?ks?MLNWl4xu`8hzlJ;HRcc( zIfTmX5Yj#%4OO5+T zTza%fEM8Wz+M@rRtl6N+On42yOp|7!I%rA_lnHBI(S1s779Q#b1BG;=Z_4Le%77R7h;2Jwykpq4wl^*_wrC{2JVm=4zyc*&|IOhO|?#6sejtq@7}=NVSq#D(bcA#d+20H+?%j$M~qzM%|)gM|LUC(zx z?2I&iJj<5_%C&1lusc!Kr(Nr-!RW{`-)6{Cc`kBuJ`Fa}B2rx)zxog@5Ph4v8~#I~ z{?}CfFNTjB5!Sq-?+{39pz_d~xCUVa>r8%2z8jJsD#n`qv>fwtjzX{{od$trGwI_D zJvoHCK81v-(Y@dmy^f-CmcHIeLi8HIG5c}*S9LGiebg0guaUU2UqEVhxwmY~M{|iw z@DS1xS~si4!<4w6%{INa3CgN^2(f0?&}`rA9t7-~xMWp=q=u2*6{}Gky)MC23DLxt z4~v!2ZhO!Tf;~U!_EO^IR2iEW%i-7TQW&4A#rJK57uL1+DD4Q#!M}`&Bd%-Hvf0y` zQ%tAz?yNq-;a3Wcw^rVG!kSmK4b^578(hzkBpMFCT8OcB9z$63@-ez#G#*l#pG-JPt|S@uG+?)Kt#ov3tCTkrdNHK&zlwQ?_W$U`_T#So3@lz9)rMw>mf2N&UtpB~_1H3t)Bp3V11ZOC!L< z7G#AUXU94 z6D^mjGW=Oi*I*6Nt|X5o@}2de{`Szf6z$Gu)ci5{7b4l1F$ei)w&Qq`r?rcd#Sapt zbB?Cn^0Wie_i7nyZ)fq$fiJjsGMqWU>FpQrf6egbaA8HP#_U`At`|mhg>rN@6{NnY zpH;EXZl1u}Pw&Q;SBc(bKYbz$NqYj%Ij)2p*?_W$Po<5r)o0m#wD^_TS<5g-h$H+ z=pyAP;fJ?Aq-kRhdNOyO${gGbTMCh86$ncW_#!%emF=SwCZg9*ytIfZFEH4cmC+o~ z2F>LRXAW>lSpPWPf2e|o`gddWaZ>7Z9oWT@SMOP2#8QPytaTpWbm!1??nKDOb~Q`i z94>xShBJr5)iRtp9IiRTnFCzg>~^a^S`i*_u4R8Rzh(^!B|<&y6b-W0L_@fc`W0S! z5+5B#3hmJGDGGNy!`)d<=iZI;Fk^5E=Z(R+Ik?H}S$%}ObKd85-*$z(q7zBg-XL@- z)@LxvSRSHpG1qg6MiTC5kQ|EbqkfH?HaLRxr)c{#goqqFvF~GgW1DlHzU5Q&%NnB6 z5mt0{ql0(??xToj0{v;5jUh{P!{p?3vuS25S)!)CTFDFrr;mu+SUi^oZ8lBAB38|u zD~v5WNA}w3+d`v~KGu@8qdA}z+{6rL4sdOp?_SK8*T-nv5#pv@i`Uy5%m7*#ePT4$ zmI_41@5WHd+jj%2@8Wo-94lnyFo!GK zEajJ?9@x}6Bw5-W& z7hMQ|do{Vwk-Kw9>3Xrhwap`A5x})KB9x-V{5H6G3{K}-pltX_UfNt!+qj-as1pAeUuJbc$zY_7wVQvuN6%= z_cvBC-K@PLq=(U+H0)4^oajiY^tMVB)>qi(hUh9hXaJiu?{sb$_iWf%caV{^=n}e4 zbcYK-Y0B{_v_f8YZVu`UBoihnzpfQ{nsI1z4HNHAn(sp9)p)0Tjd3#n8MY>sxgQ_w za=+tiUP;%<XzFzvM@!T7mE?PV(*73lWsLGH*iLV@&uC(QCSNmGq5A5cJtg=S zU)F2CCKToacvzk;b86_rYr*F<_gzHrQenT+;({!{N!J0?q9g2H4U+tZaB2C6WL^IQ ztZ#H7-9e}4A2#sZ3Vd4dpF?s;%keja~ zxw(Yn(Yfl~ZmsAJI0^|qMS5YRNjUBi_vczyPN&G%e-MGv0B6uk(g1R%0k-r3=KB=n zbUb-~j}I`}2aq#*fP9Tx=!i}jk7Hu$cN~-Y-QqHQlBmrX0+j`s<6E?CZ?F5(xq5^B ziUUAvO3BphkS98OXe{+(+e6c^q(doP_^$ToK{5lD{pYPHi2k(1JqFq>XNCE6Qwixy z@d^0#cj0WXhsDFv0@xlV;zt$dA(x)gcRZ_RY1_A~s+=V&GzZb!I8(TU@1@p8*C6yG^sIIJ%e!*%o)CXrO6i@tY=531jutPWMVULJ{pH;xqZd zEfy%&h77lMezCTXxQ*NSDDF}@K8)g&?DmnL7+iff26Lg0p5y5&@V}P1aRi9>)fr7u zvdA8&ikIJDsn=vVxqO;~9`ey2OWJ2i3Fb}Pp6KV!trA7Q;K$|^+oxP7C^?v7kT>}z@DldQCr8lpyi87ni1WV0rDB7YW` zsRpqQ8CDPtV9Dmj(0pod>uB6KefzC9d^Wdpa7dwZ5*_io6#Od^79CxgcJ~;Y;VOW|QHH4!RnXH^SP_<<$|+XdjB`PpKp?c|<;N zaJA?)>o6mPkKT~86uqoZNAwCG*BjOT^y&AgPs861$>Dqq-z&W4dUKFJVb{#U%25cr zR)&|OfER6JzRxL-EL=D8D{jjLU#4DDSq@RC~yKaUEO$<^cOc_!$gUn!^P$>v*zgxiA1l1uh{8_mp|9!bCOzHwWYnqgRQ7t`2IS*dF9k!Yy)CLb$iT;Iquj*^G7L)rxk>Yi3vW zZeQoi%E$7V&ELCQz9vgHlkwywncBX|ouIFp&ccya(U;IacM~fMvOc(GFO~Fxo z?}e5E?>+I`Sp%lY8#}fJMvh3{W_I*vf)$mPFBB=?1tV;2hQZ@Lu(6QzNagM;h>;cvX3FG zcp+>s)t{ktaJwF#t&gzT_D4mZ2yN|&7exMx`C9re-*hmgV;b9}ZtR+aT)Jm>1uyYs z&*#Qi=Vm%dFOIP=E~zUo)Zp1kb>GG$HpYdCa8PBBKSeEcYgGuBNNdJ3{_3|?qHB~R?-EiD)$4&F8Qf;Li64v?kUXpi? zg{m56E1nrP`b+U;kdw`2tnXGkp9bgpc8QQdz%GLGYxMz>Bs-@SGx~uRj34sTs|Vx< zDGZ|`>m&1tiwMB)7eAe6-(IV~m(>r|{-K>%)6&${s>RgrC*iUwmap_z(LQ8oeN`GtXd2-*Ti(Gbcvd}D zuDyAjifEn%jL)af^}-uDyx2k2T?Q*D2cNuw+UD}KZds3%na)8gq_=?nCHBMQ8Qb&y zak1VCwEI-j6OvLio%r=DNOwp%gf7IDswks8JEQCgxKAAXWSn%PPEtv=_P(oTa$?;E zmGx#y*uN1(g%&DKK-wh$XPHqTlu3rA6bIBaM+ZtWc7vG9Y+BwZ&~;%4^{hl0QLS za?*EcBx4bD8re=k!-l%H5JMZ%3r6)>#N)FoU9}C<>%z~cb|_(CEc$}IW9LT!#t<6PtAN` z)C~a`n(kv-XNC~<%UC_k*6G#Oaq}ZOKIyCIenI3pF4kAL$zD=RYlyOMoR!@iWH68i zT$_L8n1e8Fye0E(zR!#^o_w49Ol{In{4m;*;K=L|GO4iQv4SWN&mmYkgwtG%59o{y9d!P+7zEYvl-|O+fYcm{Vk>)atH4k$f!i zbn+i;$^#6Luk}ZBfTx`{$#CWXm(lx_>&CQ6)%0BP%5pY6#bP}<356=IWL4zsDtw3; zuAUmkb4B*GU5af3PMXC!dNR$kd-kOKUDK5RA13JNaj-7gF>s?D#GbS~kg+FWypC$e zDk^3?Wwp~T`VHY|B&wPCbc(2*k*H0!%9B~1u}!Ppgjv?4t_-euOV*RJ2_hRe$DN$> z6`N-DYz}Bi*D{l`sg1I+|Lgzh*dNt}+}JO6p)tq4n&+R4eZ4PrGjzU~(Kl_g7;to( zSk=3lUeBt&gBDdyvq%P=(N3!4xAHm;V+C4xOg;%mdnmwD-^BAXzSifSzC2(_TO4Z21QZE z@K9G-zs}YJ$)$BpgdhQ4c54L|_Ze{?xVGS9@U1Q3$--7E(U0LPYvs!Nzs%;NEG|3X zQE{;g@h`_kazWf}M&~=?@)eeRVS~obm+kVXxR&ofiQ7Fpv^#@{Qd)<%B!hvq)PuId zHM176>!>+w4QzA}Eis}%JW~w!5}l0q)8?PP5z!G$UDr%dVp}n5Yj3nTw79N2bffcn zI*A~+$@qeK%J>MZb#~4j(I=YEHrS;S9mrNI`9)hcip(qi45KCW|ET;A{eI@Z{3!D= zlA8z?FDC9nG~2>4`ohk8Wn-!md<>%WmyW6bOB%!Yvk;k%o~)l1X;b~Z`Jb#mOojjd zUVnf7PuAZm|NqwC9bx=AdS~(@4W{dGInHt!n~JbnPRDS)NfFxJ@}Vn=qmTGl4b1(PpSHnLJh)5w_A>x+@rzle=k*e(sjo4qF4m$ zYm#JqBhh?V$@+qtpWpkn=~CE8VQ(U=V~oXnO4hi#!t+;n!|W&`#ON__VTg)}ZzfKC z^{jr;nfS6YT&FIz{t?apy|<;Zzd{;^5xxFZR3Cvl8BC_ zGD3GqGQ2BEWeO&zgSQiu5n;{C&QMHLI`n>U;h=u)>^<3sEV@NPZD2cPU+}tb=iE!| zxD$l$1B>V6fI1iTp*fvhKxNi%C#93JdEDBkCHMrf5t<gd=cEa=NFqg?mHpK#V78_3`R6S;Wx~ z(W#c5WTEJsCmPe~YGyE^(k>PE8Xs}VmG}-klEY}SY4O+8WV$LC@kv&DL{G<2*7kmRQj+IzipnX%Z*%DJjAvisMi7+$I6#0tL+GjOO56BDYvtI=@L4 zA1R_`S3(0JJB_U$Wkq35$S`pa-qcYgkce@z z#?HcZwSc<&U|4#vRw}!;x}Cr_N4knE$Er>gQba&DM@o32zqEOE9PL6E%pi5n&FZrn z%pvTQW!lDa%i88@4(^s~n`jf+97*$F(s1^p8EZEAM5nlNw$1JhzRI+QfDYUG>RDlw z;8lE0y%ej5g;5>+Ca%s?dbNU<%vK{)b{k_v1^vTpY1#`Z#EsYrKTECYRQ@OfA{_%;!vtf z5s9~mI-N0#t}%)jn@Xf?Fgn~8n=Bu9UE=E5v9w<`@RBrRTK$BT@Z;nR590PqlXO?E z-T0aA*)1j)g?nh_?$L<^i%!71BRY%jLX3})NP|-tiFW{1j^D>`#DtKUXs_qX4!Q!) zJ2STz?@m~=r%{e~#aTatpOz(>rzbW=TLYvz$B%MEby9n8)%I^X1#Ue$X!`?2$@HFQ zsvOx??i^|`U3+ab7WYo9YdeN!o~kpxla@5oRC)uW6nv6-U=7mg3FzRtS=W0>EHmqR zf9~!|ew@3fCXeOrY01;MyF2+!?p`T*Id`v|yqUYFCx6S`Gn$f9s##_;FhKXC9B5A3 zJl2bjfa&o2zrYDO$FeACh13k&*9#|#0)&r|1 zpZCCO$&DUZJ-N*TGm|?#Fe~|n2i8dL_dt~V&;##D9`ZnM^0)`qOrG|@TFI|Guy*pI z2i8em@xZ#tn;w{*yyJoQCc%&MHeD|%dtm*f#RD58Q#`O?(&d4TlIb4UI9c5TeMzqe z`jgon7)Unqz$VG29@sS5$^)Av+k0U1WET%?k?i4tImzB0*fKf516w7Bd0^}0C=YCt zBp%o{Ine{#CBq(gUvioUwolITzz)gz9@sIt!~;7eS9)OQWU&X{pIq;OU6PwUuxoO= z2X;&D_Q3ARH$Cuy$yLn)K@*xi#ne5|%qmqL>aCCCG2aZXO@j#p`@Bjyh9yl%; z@j#NC;emQ`jt3Sb7kXe}a+wE?PpSInXo05|}*Y;Zp=Z>)}%czu@7I3x3(drwM+;!;--zfAR1cf|q(& zJXq53ldK!{oGG~G;ZF*l?BTNncX(LBi)1AapCfox4~xf7A`dSTypD&@6TE?k&lf!4 z;R^)M@$iL$xAX9)1n=zOiv)kb!@9SZ%=Pdkg7@?ArGgLf@MVJMd-&6WkM;27f{*v` z6@pLpu%tW5sUE&c@R=UITJRzdUnBS;4__Xt?%}TqUfsiY3hwpr zU4mzO_-?@)dH5c|n|kk`3L4?iP#l81jOxZT6g3ZCZS=LGk7 z_*a5wdHC0Y*Yfah1h41e=LPq9_yxh6d-%74xAE|cf_L=r?*#AW;gw|Mv+!FPE0uY&LO@ZSV~+rxhs{Cy8E75ozq|3mO&IXoh1 zRxdaw1F8hu;?`d-hrRZ^Y>%6tY(GWx(IV&QlkC?~hCN5y_OtovQyN*i=%DPD$q>zf zAGqB!oH@X?arQdE_dV>5hd+RCCayl06rC**Va+RKjn}d7Kr<1Nl^(`A)qcn?PLiBf zWg-1PD1F^?)SSO2Y1TK@odayR?T+dsHrzg-&!B*8L;pq6aV0Ac$~VLRD96`%?S}*K zaA+62(Zbx7&+rGy2~A6mQOfnZC5dE~k-Tjp$qN@9Vb63#r|JOx9`N-;)UCpf3u@&VAKQF7nGvSbY3d_q z>bNq*ge9wL4V#b^`R1bZv>)234E?YgXf4@N?RXFMT`Sk`T0Y@R#P{g*C52`1qTI zA5q^=$J}SgG@B1yXTY#DV5HH4e z^ljkY9o_4G_3r?jRPUz5Ck4~e?~Y*)GVGw|TEcfmijMKkFU#c~nae#HBnGd~B z>J?K+V(1`>6ZVV{BlX%o_d3|TzUjSo$h{7cS9Cc!luW3%g?d6m$EIaI_4`FySZbUS zpqqI!VZw5yy`dwzP6W9=*<^2n5jgNP?U<*&98EjrUdz$6bM953$t>=3ehg@93&5l8vzn ztH_+T#y~vGcC>FPeu3ik?+!?H--SDRil2cwLX@JP%e?{a#`frO1zbn&V!%!zN?k7M zy^8;Y!da_+SFJj!!LGlT;va#Z%(ai9{nQg0hW6(}vOiPsT}UMylt-sesU}ln-^Y9C z06h98Doha*4hqkOMuM#Uyn{NTM+H668#Y=jjRV&nm0%6r+pA9xDr*Agv&LIU>Iy$@Bj_DTv&m4---tmC48$+6Pz3^c94+ zR4wGb;Ip+~>BgkHJL#@4VNi)UHem-yu0NoL1Fe)C`p6<$pRO%VInDo!gQ-dn?G)C!M6_t0F)OBZc)bF5@ckgZF z4!RtZ8m6Wg*RK*x%Wx)}U3r?({_MFdbQ6XS2dDNsYqWnu!J8qVn7zCuIVz3Ppd!aV zpdJ>Sh8CZt6_y4SIE|rx(P(c?@2UPgDta-Cj+$9w3N6L*vo7WGvlm~Dr3jcLOLF7q zmQCCB`=&tqfW4Hy@k3$#P}NBX_mXF_gfw@wxVo8$p&dI9TXRkm5tMS@=Wt}`wda_8 z=T_C~LB=Pz@Va+l30G?NICg8pjM-bLb#U}=HUme~j9T;^DqTMF+_Z2H;Ka_BzAY?V z^h4^Xe{I~BD=S-;tNFOee0##2WaX`__netOb#G5P)E38JJH1*6*_4g@YM_0^zRT5b ziNonbtQ~Mo-JfH(Ny>MoRc7a0*Be5E3XM(J&Uw^XpQv^1Q7u)b&bwen*FmL97vIST z9Zjl&Gz2JbWE7RsRS3BpnRHm-`)AGb747<|X?e68ud^h2L--q(FTz;MNo-K7; zaCP72W8$YDRO%$%zMe6C$sccJ-bJ7=dWM>&1G~OZ4wThFW7Wkt<;@7Hbu_0JE7Ykg zrLy|oyjrDmZgaU~-QO*jkBB>TxqLcpP@ySPy1ML!mZPg`=lUO6E__!W{%Eo*&FDFV zuNy~Qj^JYXriV79dk+gcHnka`GMBzO*ZQjS5ieE$nrh^3ZVGFKvD4X7{Z`>h1ytxz zXvORXQz~96434BsM?m9P;nJvxk`W{5Dl~;7Fu9>ot|1JDCGbL^X#t22U zyRu1q)cSgyO`l}#c37!n^C~e2^&y1{ONW}{P}-II%MOYE0PcAN==|(P#yQUS@%CCK z^*n4x8diE^pCOGS)dsFGb~CY9){I!2g%%w#-}Q}STwU+*7=`|^3hibm{N22i`X8D5 zce;4acW(U_svd=Rbt@F8G&#BiI$VIV^NIGQ1m#%0S>4&{$$g+k^3j8oWJI9h)c#Gub$D=dzBTMVxE9Wsv43-= zpS8*6tWIVjD@jYa>mavZD>cPy(1cALRaXK$A|z(DO8-_w>ST%_iG$i2oHv8%JS{jg zcWP}oV2>4N^i<@1$XMR{@6jh_ZP|D|;6@JEqiS`O^DgWq9-z*m@2P_mLVE(WGkPTG z8HtsvmAemaE|VEHXjL2y>B@42NE-+bD@4^5qM8-Lc~hp*g{Y>5Sl&A=#Ihbe5I`aF z>BQPOE5i@+GBgI;6Y!%}26YLSOg2|NdvVRuX`a#3Vt4Hzv!&8`NOQGgYmL5gW&gEa zu4bXT51QM84g^J)zQStw50P%E`;c0RN_nKYv!ZrtaapkDR`=%y2>-J6rDSp(RC$;e z+)y}IUEQXgcS+@dJV7O8<(w6kI-`eNA#rzPZqfBV=sG>6i{fgSY`GCQCdC>1i@@fF z{x;w&)wCTd2ke3Rk;Yc}*$j2q{(E@ZS0~Pys>gH!3xQYch2O|}Ho}VsA!)5YX8X6s z;Bvy8RfwZO)@hv{JsQ`grqZQW-rx5p^JNL#e`1rV2u+hXBWnSq7Tb`7qqDW~;=$pyqdq0HKa60_0`$i9@_TDX3X}I z+X~4C{Uf&mSbupS4c{?tc#H();Vp{2DWoNYcbt0lzL0Y_^lGk8-4@Wpp}|@gwKff|9kb5#?8R$6=G^XT*eHI^_xm0qUP}4t>9!wr zW2D0|)Y;0m-i!IXpmFkP3lAftI!Wi8%Ci?AXk1XmWxDZi-8h*Q!t_4v>ieBisuovT z$hL7pzbd12ot*B4`LJ}IrhcnIdLp)}w0@_}%jBT8JRogLxerR+($f+t2pO^IvN>4x zw550}d1rOFE&f-#a;}9l96myG!Nsn%T<6Vk-+ppnvdQ~ zV%NHKyNcG(|xkVnoGd>Hv|ju z|Gd$V4&`))>zcbqHnzLA{Gh0Ft=l2Df`aq$*fi)&c0U)d^_*+d@|&?r^VWGqRVtvW$J$YR}rbwyVcuYb@S zt^4&S=4jim{|Iw*?$>{SIf%6vjv0E*WJMfhMAH{ruKjLb*U8Mx{JiLhO|_$x?=jW+ z?|qUN$>TpkRR2`4jwA&0c|DlsX1TZ01s`Gs*+$H-bIwDm^Ab_}`q}QO{<-=f`RME5 ztlnl36poTDsj=dp(VS)b-3A*}#tQn{bZtm{^)TW$1dP1kHr1txxsZb&vYB$9(cRp4 zH{WuPHo*=xrMd45hWdVvTEST~Eca;3=|Z(M_nl&))*@wxYHIE~#!#H%1iZ1suB5qd zAH$rVVODPL+tDy@W|)?^`(d;Y+NQ}ZN{1>w$q1d|o@7s`{O4q@dTyWDurMJ>K3IaZ8W;5-g-{e-+>`64h zNy&bXXZ((7J zqy{u6cC^(xc*t9GVrx^yt=MYl&bFHI9jye9zD;u26XloK&GhEx*5>MZKW%lI>Zm!h zua_mF@)jSaJJJ)g@;BOE0h!0YR(@C7h7K5^`68&nMk}09Q@kycx$GZ}BHil6NatmV zpFv)~Bi*q~tumKXAf4ya9hoBCwJxMLf}=9a>s^r3?dP9~!41#>-{GiEW;ri7`g=Gck7l@xcTb{w=er9pG`h<{25-DGep};#{}kFSJWFCZ z-k5x%M(#UJ-bJ()&c51#Nn)RUp~WiDCPk5D7@-Fp|?j56%SAk%@w;btW_CQjO@r%)mEQCAqvN) zd0DQZER2ZOdfm!W8akMmg$I*-OO*%Zm6gmlSN&)s7O{ST%45c+@{rL~Dn@o{nZDp2 zRtAM#j$l{!qq%H6BQdgM;`f^u5ZSI8Llx}uwV?UWZeccs-NSKwApO+CNIKgTZ+w;%+8P@MWT`y`$eE)8fiW8E-% zn6B4X%fUwgb$S9x&3*fWuEdYx=IL*Z&*^(lY-)(Fhwja`#t--Bac{9P?n#YdQ*<5^ z(e8~l6-{c~&CHWbg4fr`b;s@q-FHi8ss?)~Ew#k^X}hvrv9qR%d#qhkp?HSTHVR>O zLtaol?g4jSOY8M11Y+?Ys}9C&$FZr+T-(;x`m|88ifQ&} zM(tw}rHmh=R;GWL1*~WWE+31Unc;8z-0AyWIH(EB>ZCOKy%`p4t(#(r-cos7z(ZAe z(OUF|_-EwFLp%7pF|=ZEH`6R^WviBP{??ikJx-Vr^`rU|7P>y4_|28!g`hG8lNJh6 ze^LR3HLv(Ef>nl(FNB(?P>DhbYhLjo3S}qx@!@jDKgYjpd9+lAPbkEml;<=Z*1Rl_s-6B@9@Rn~yyyMVLhQ+T9>SWJ<+l z9!-Tj#IFu>UpKF`wP(fcCTVAMSiat9o0zWt={(;Y3=xNQ(a!;X(#v&sym>URkN_xC`YBi!NZJy6qJX^1=cqMoz%vi@6u*ZeL2rpCBSpLl!y=1M$nUYQ(R zL|kSGKYvX+BU?oB>C-Qfa2b19)2>Kj@eR~s|8^u$#JXmWss!lQ1Qy0C6p~19t z0@gA`ZAYm(r8K3%8oK{TBUj`%+10^h%_k|ZjN4H~2Z83~GCqW_>kYj>=f3f|?esa5 zH}c3hUW;L~c+1^Bgbh=SLJKT6v{T!vA6Zr8)3?egP zKsd!aBOmSG|3%heWhZ_n`DA;9?%AsbFB6^)==;tX{kw5qoE7?20_ysHB7{O*X+caEAqJAh0*v#hmw?tXe;*)q0 z`02u1)f^s3)1>bkcG!x$IVjxo|3tP{nS)eVzfKqK)VvSf*OvEy(vbYJE+kuLG6x#{ zmM*JtM%**A^vvOKYJchStxwo^CFaF6>?gCZ<{)gEp4q)r7}-bqAYb}6eBc=bA6OGG zOpP+7D3v{QuXPS7%o6ddsa+-)B-R_7VYHs||B%_ERXE0&@zHI;N~yi39qB?UP`r>p z(T2Esp`kOl82%D-A%2|vWgx4Pb|zLuDa9BJWe^YSOy;F{9chx@+d(MAWVL=tr%Gni z!M5UV>afR!(6uPrQEhwk5-c$V(V4_d?5W;1x;(S*(-^ubtxM9XAxSbx>kJW_Z2FMOBq-0*@gf~qm9)a3!&x}>|C=f-+xq}seh9N4nO zKB=uKY;7u)qs_>ot(FR!mQHJ}H7_A}P(fs+Z)>yq$(9>H4c~4mP-47o_-b#L{YfTE zy9Y<|Uz^TV2`;;Qi*VB^-MF8&*?xe_+4V^G+8P~x3IWE%>F|yfwZg%~$IoN%lY>uj#jGrEv(W;GSk=Flxg7n}+ zWcP*14+ZNW`~n)%HT1@bTlqT$v&FRP76m@ zm7l3dk{=@u&iGT*sardYmVs$X=3^x6tO6N}ND7ViSj#Mz!MV=_$2P``h}qtzgL32|&6c6`lGSPH2EXL4hbinI>&*n$%!+ zNn4xRYLgoK*N3u6jcv^xZ7qG84qBUATRzJQF$;!2BA_8lWv`unT(WF$z6Pq)axxO@juzwSZgb{zbwsdD21I>2qHd;&l znyFkusN9tS$|mx0OO}~hO;@kADX{JFy4kO4=G{^8o#DQ6|K^rVJ{3FdG&d2qRLk)P zH4SU!NM~WkIE|7qrF2gXW^V52Zkyd2Fhd2qD4(nkuK3GrbmimHFN3Z**CYs5(rM0y zcvB|K!eXa~lj2vX1g?#g<2_ccp$Pwbau0e%!w2md!Ry{V?-d53dHdtm-jo zx2$T-@!=cmds$E||J-#^H?EeV%b+8^j5bAjgtx7gI(J5&BHl$4@8$RblwvfJ%kh;! zjix}-SS_rR>D8GOvm+sk`><}-%H2tG59+HSeu*V8{yjf6GqPQdIRdIJ_z8`T1l$c) zt{-t=aVI?~WoMsS!ZwO!m?>}q>PPAgRVM({`sU`|mSFa#PQ`dQ-}elk!w`?Qq+sFj z*>Y};Q*YUwD+Wh$33HGJxJ4Px91eG0hBJr5ouA>%0j_QK z=fIBmL@!asXt#W1B2Y+9I6gSG%PgI+;Y{wOZ3&!e>{gC8|YV&=Jez)h^ z3IDP8TqV=N+>fxPay_EFoK_E|>bkN#A_{s=A-(jr$nN=Rw_1ZtwFjG}Had&m1Wesu zARo1dIfx7H!VG5)aBc9K=kPs%yz_Ba;4l_$CAJ~6JUF}Lzj(T2#%Ov*k{huP3Vk51)Fop#59 z;W!p;`JCXz52exMR-a|qN|rzipGRIZjqROPinT+I&Notyv|o|c(GZovbIQGJZz#v= zbz}Di7BrWHGB64CM2r`zU${>3eqx4A%!=FKsKgQ{Ta84!3ibu2*lI(QFQ^S6S?Mk# z9yg-Z$7st>Wo>B=aMCZ_mG4pia(!jA7mBaxRhY9ZFBhYhMmXA4H z-k;8J<^Xs6=yzb>z<-bj7~K=Fl=CpCNM9}We(otewe96udggF>T#@0-;c!=GICFs0 zxy<|c>MtM9{vE0OsMwF0Ot3O^HED65;wpU_hpyq1@vF2wG|7LwJ-YnT&=yv)#|v9X z+1@%(hHk~DUdTr<`XJ3gLKzkm`a4}dBa-j?|ZX%B7X+Hm>Fi*=y>Y~-Q2M}9Lx#-3T;~w zFdS5wOVKoCHZ{(q)^`a(T?;nE7)fWMHu-N$W#M+r?-Q#gE~xT~fyBVl z4pk#KdSEa9Kt<{_aLM~frm6oeC}}b&tDVL7dtrU^bI6%aH{QB&$u!H;O75lnE}n_1 z2UaE>SNb=Im-?KU#(o;l#*WQ=+AI9JkoGt5Eu0;QRd?~5Oy+Ci?r3g4vQ1yr1z3#! zstbh6X)?Ih85JK`dfqlyHaV#^M4E6k{M_md`h1Du?hSKMQTru{>^fH@l`pB z{VIo&>}v1IQS4V!4UyG9lf?|(Q&V4{ox?g(iQ3Tha;COjqf4m(E(#7^CuBo(zQD$4 zkv^T#*?dON4L1OJ*!d=?u=j6Agf%aF3Aa6YPJP5A zM+gwveh%MWh<0-xO<40vqiy?q7Htf%hik8usj6r@e)6^Tp>+@kFx#?KX*U+U^Pzc6 zK1Gasx~p^Oi{w{|u?meYgl5`GygKfdDPc5|Z>9khoyA}*u%mb*&&*8IpN*%J1E9^5 z#zdXR_|`%7^%R%JiZ6q(bi;bSm1@+6HCx==n_q7SC)M41L6U7>cvZHCZ3#XOwTzPD zTXX)M=X@9zCP(oEP3S(2}z@mu({GX$VR|$(Wy;9H)IWO-?V^)sZi9-1V z#(pbJ!v!e-^GViD>xI!d8rTxMX|Cv=-5X#>IAGvsV`(qY#j%7XTqo4~u4rQ1t?4-^ zKX2w_`WbimG0>P=rZsEGyhY7!pgTT-ma*g6asln0G#pqLT99BUVA0nu2*mI~snKCs zQ+7s&C!@WrcUvd347M}M;)nR@*NPgh5X39t;WTECKPr1WcH&qg=#_xYg|z5^l1DtL|a%hnHxkH#B*`HT2aPOY0}2?;{P#!`VKdr8i%nhM}YMX&gF6 zAJ*w(?b|q%=$o!dvLnuOqQSMKQ$NL0DGi-WfLtl>F3RY7dU;SD%d-jfj}cF{UIy_- zb#er--bBe;DuY7B9k^%OmHb)5w-ze@OR9VY91+&MbnmFX3$53Ny724zmir`_5HTs57iNi-+WPCq(^EB7}$Q<3G#MWaew8G(~R-s526ChU-+#3yn83I zX=%r&S=-Xg8;pF{iIz~oY0{>W7>m6%uNX7mWxL52!bd&@4gHeGxo8KynDV-&0q1Z} zWjF(+iv1XojN5Ll`i@5$ZjHJ$c;7SbNGc3Ao-lKt393it!Hw)(3YGx5+V#{7XF{Li zGhmx2#|^ziwWJ)+AI*7|YVb5B6^RpbhABP+Oon)kfcCgI=fE(o8S^xDQVWULf&l0| z(zTbrai1&qARg7S3F6xOB$6!0tHB+{9~C|v6kia3%(=BR#HZj+DS89{lki(NcNz1e5z71zAL_nrk!Y~i>M=Atd>WW@_782$Rwi&d#PIg zIoJB7;wzzc|BVSU3|5}-p6y(nOD=OXBz=WC=kV4Tzvjxe>dB4#Ux)v@@!xDNq`dMB zt9B!CA@#x`uR>v@K)j->U&lBU0&1&Tvr4P~UKd?(cD%wYwSyAU-f+1|M!z1L7OF|&g@dQ0&sYV)t^ zM>hUx&QY*4Yo6()GzF5q>u=e3F=i?_>M%Zho%)waW5ft~AQylX-n~jUI74?qYB-D< zNzIN|GQL4}M)dy!;h;jq4^sz5d`B-giU^(hOHV*;dIxRln260b1sugsEMPMi#&<(c z7y9)_(*(&^>3ZXys<|BZBuDF_Q-b&`GMrVmcL=@6EI$`rcOc_COMyfQcR@>mweoyt zyJL&8bwPKW6#kyk;XNz1O!#TTYe}6k$i8hlk0buqiLYb6t8~nl*1z5hI}pG7vU-`e z+4}*D^^&)We{S}n7c^nOE7VHy31Z=s-Ci1hhfyFeuZuZ5Wp&|b`<Z)nm~1o&OkZ z6NAmE4E^Pm;AQRktCr8uW4KE=#3y>nxrgO`nxCwnI(ckUphGJC<>?i>ditE^vo4K0 zm4?zQromqGZVg(U6PSavz}=JK%;9kNW;k;=+}AUlIUMdA8O|Kwbe3~FU;T|qr)CfG z{|*t6mC*m42%|qz1bfQYy<%;WCTd1O9Nvzahwdk$<7_$ZarXDa2sM@3LwjT!%sDHN zmSb8UqHD!x6L3^st@x)&$7uW%X9d-DHtuWF?7dOt*ee`wl8Eg1E=bb+K-~#8`K5NQ z-=(jOIVKD7Oc055@g>@(W*m_bYP;uUHqFcInC)HNd^os1(O~*0-y5B;AKNb9Qv4kV z_S1sRosu=}2+jH{k|!QMj9!Mi-v1I|>9k>K>)nMDNaqL8W#T5*L94j?p=0>FR9VL3 zzfL|*SRt%=Ma(E`#_O{5Hk;*+O3VyaYY|7FG^$n@+a#tN_-B^iz|%VJOmovY{5Q@M^^d3g_>lNC3j9+Ijuj~s+syfmHXS=kz#c!JD#pe6~S)wma=Gw-sa<` zj?I5B&asf?^UB>A7(GLsPOKV-$RGYJKNBp{?=$!f3aELaHr3{l2Q*h`?lp%C_agBY zAUucT(%ji?Hk2Nx9vlsqL4$Gq1wvRhy%1n~qM?4{gaDfWxOkIa9z}b6IRr-wAjb*G zI500H$b%-P3RqrqX|WYqUw$P<)&b`I z2eY;`2We#dQufXGF4p6**Mxi~&&uogv|o)5@8|O6!aLsQH-r~o_L(twpBL~mX6!%2 zm(jV6w#8%6#`^akqHS!Q_xaj4F5)L@rANhYYc`&QOXE`gkrP24sC9_$+3N&%AZuZj zM9)e+D4n&^TQpk|EZORnjHwOl?~vNiPw6sYSN*SYKP0!k0yy-DIsYc?qjE-*i9Pf) za~iL-?B@0?QF=2!Lyr+?S>N;V=#2kPa`94rGClWy;6~3~`Bq|fqVJ~XK4_FKEpGrJ zPN9AR5thy995U*NLwxL%jBGah4Vm?? z<>AMGyEc_pjhkJrr8@0ukPF`x|BL|0(;Qg86~V#K6p_ z`TmJ^3^+hp+JpvGRV>~HvHf`!q#P%6-kgNrdw2X4coS zMi{goAGEZUbva5axvnE)l2h?u#X~%u z8*k;tr|4t|%A{Xb$L|IDCv`j)QPCPXP5*M;Z5mA3#nY6%%dU1GhKL4F)4#FZOW1S3 z;2Yy`i|%sa7fHqZrwu7*l zk_#$~Nh#f8uHE#2w#{axIfsc?9O&Hc0Q71eX?R>2RaHkxAb3^IpN*C6wKATBscnPe{XK zFdOUC$?RxX>T9zKqJ$|-)lQG1V{qmt|J4{xlyYjvqY~ENV6dRz6y@3|SUW%gLTxX7 z6loICU3PX*q^T z+w0t`F%<-iCxUVN>5`eF>LsoEMAa}GU7fbI;bs9*nC{s#f@|nIYmMDDx{FA&m1F2( zj&`hYGK0(tvVaD+AF9|5Sm$H7zQ zh@mp!Ar?W^x^W9>P3+SG%bDCnfVPGTH_IpCioea6S?~&Fx7VQ;6YPf}!rW7Z`$ zA|~&|ug#D8zMQvYwKMuLwAYf~L2_F)y@Bbk zimXSLu6U*m;w}koLX7Bp`q2u576F%DYEIz%Ac(eV+0)WmwF?d9=vl(FRg=;mIZUo5 zH!h$j3l*(TrDHRTe1g_mCf~d?m_H#q>s>L}lD6xk?b1E}xct$Nt|L*xj&#|_ z-J`V~WOEJtES^Kr4+wHbvjjy1}4$yIdLOR{XK+r4ZarzC{+s+oe9mV zmX=MmH`>BBO7SY)3qDH@13GYX8Ne$1oDPu5j5oyB>4gYuUQW}au{``#A>2lJIAP7p zg`-atG(yTwBc!obF#JQ-Zr$G{*zd+{f7l#ke4p-FZA=*U`RxD2n7CbqQx3HaM!Yt; zhwZkBa67S4m$0&P&S}AY#NL{8^5fR_&YaAnavoyWnd&Yck4OCkern|r1-0o*zcmj2J#UYlPCO3&igEBi z7zh9Naqyk*jGgcP~Zj47zh9Laqy3h zgI{gJ*!dnj4*t?{@IN01|JFG84a2eXjmN>?Iu8Efaqw-WvD5D#2mkSL@VAbGe_|Z` z8VzIT`>}EGUmgel;5hgRjbo?ZKMsCy9Q;qm!M{EZe&zDm`5rnB{+e;{PmF_Ktul7{ z?;i(W9|zxc#MtBXOXGxJp*nWH@i_P|kAt7kGE~H$<5u|fTHj&drUcOx0E~>a@o6y=zSX!L_r#`iz5*X_x1Oey!b-d%NJA~{ zkVlNVO3jR)a6@xRA8DmW7T+`mb<~jsxpWYF?F-x%Az0dRd%i_z@8v3M$~Vpkc09uK zjUPSD?e8uL>t}I9KJ-UO&kit$-Vji#pDB;mjeTGrRte@o$DYfSv!_tbioNoPNh`=P zc~+%m2^$;LgHiaz7!)Q)Q={&|1RWXVGQ;&Zcl1fuOQ*i`$d`M-xzb`YIH}B->}2>? zB69fG_WK+C7Lv{Onhn9Wg#WP8$<&ND$SC0hsw$<+HCO6Rl z`F)}SInLZGCInpqT^h~gJ|Vroo6^KN(95K+^P}IV-#_T9d%~ZAwvUic{S#7HIg5Iy z`a0_GV`nrZqRPqd$b0B_a<&h>WSCW&!6+p#N|?_p?xSSO$%p0tsyR=P^EEj~G*)~r z&6UnhpG(E(QgOLdl1sB(z$h0!%7u?|srXzfNuEn(L}Sr%X{ja~p2W@PQyEp&`G!k6JxN{RvbyRx~ztb1~4VOmBR8%SLQhPh>aVo}56@ z+?18AF42{AZnT=N)@PVGpjKa*45Mp-ZC1%`d;W^_6OG@o(oZjx`YCbQ^bbP%<5M2~ z8^mW5=4Z*uO_;)(SA%mgPUeUX|7d#(kJzJQa? zMSQx1s{?c32QJKT<^U&o*G#@As(&=3_T6RNn>g zS-(m<(T7gSgpZ|o4dg#*DxHMO5P4EHGt$k|F?d3;Tf>@yNFaYx{nYK3~zNBf6E3#iLvbr}dzcmCqcc1Fo9k%;9iN8O|IISIcnb0M|Xc$LzeFOd0Dp zk{hzqoA|^tAT2YN)PuXFY^KPo@hSl08%s)SGFEG)brY+(aNnk6RW95&%l&2NzFlq= z8~iPDtI+;TcuFvHW5fLPnPzlnROg_ll4*O)D2t)|F% z?QHChMbByfL3-fF)H?N5>7Ak%SS^~vl98?r{tWdUe+K98ow)d={31)P!JN$nF8(J+ z$M^b;F28q;KZpGFSIYJj!}(m2DIv^ zGYaqKnQEYYc-`nl?D0}8h?D2M75 z^BZ=_R3_8mVhm`ml~V78`S44`St zIw)2u-V#R28R@UsOA9U0k0~75`IgY*xT6NfI<;x(=q%11V|*9-3Zc$Hw{Jp0sgTMp z8_w=I6iCFt8O6-nWvgWA3T$Fo0%{|wX!TX`NBZiIIo}q7l*3xd+3Js;fG!q?=iTSm zeA0Gie(6v$(ibxaX@Kj@aOQBht_)`mhnt$=%;9j;GMqUat~?$Z+OxIMiiaIm`j>!cw@j{9DRu$7Oc-1>(g~2-Vwg7(E5jj;}b_!&!=7 z<2UL+X`UnG&xg??@|Sv6=0Dc;LLD~C#@Htbr@wsMjN(aJcb3A5HtgVL60LNvVAgO8> zVv>waX-)f>XJTg|(-&kYf^+NB1?F{isN+25fUE-6C~DX+e-I;;{Z zU}a6DlB)J|euW+QXqh%t!}OmhulP9BXzZFM>R0BT&)zs0m^|TFm-E2t1gjSOI?uhC z;f#{RjCHSSidSP1iMWkklexSqlaM1!{U_OxM54!-{$?#lxvQ(37g!^!TRF12rOqSa zHD1l}|JZx)_&SQK|NnYdx>vfAjAaSQ1uRqSEHcG(Ni@?-=)L#QVPUT+K}aZ&&|(OX zLY^d$03ndxNJ2;j5|ZahBb_8Tg;Yo{q{sZ;pEEPNdnLJ$r~Ll;>SgbpJ$q*6%$auP z%$YN!32d_fvw(vQhWH8;@smHon8EADmjDfmlupXq*c7TK1hr4JCbg#4`brs zHm$Mg`XxnP?4{$CQw;>Fi_*EYL~{~r{xXhBujAeASNrwR%PU*FKghdrWjo5vGR4jz zd>mbEb%ma0qa|mxda2nWDfuzANPD&KNh=M)=1rXsYmmk}NaKG?R*aK#DE4xli`DrP z<(*4Ulh=Gb_#?XjdRSv{zC0gcFMTwZ;^Xu=Ch(-4R7^44-!Zfc5#sdEfc;S(1>2mp z(5h;e8b4<=Fz-nAf(ap()QDWd$+P0_LQ>xQ@W%S0kco=1Jx*k5lS@YNU8KQ)D@f9lMmoGt4wO4S~nCR(a2i#uHBi_ByWIkgR79p| zoPtwX7I36GnjWWZ*`UvL(`67Ux_dZd@3}iy*_GG=$&1v9YBrA4Nc=Ap zMABdac=!=Y5F1E$Wf_Q(nc@norv;0r%|PpEo!#oNdaAP-XaFVq(E>`TJ}3Oz?3znM zR&q2f!P;iGIhc)14%Uv73`@5@o8xJQ)-k)INEa#%*g3n?#YG{(^~WByYj#%w?bpq$ zj@p^CXBKc_TN&1yy-R)o{N@vfW?I`V;-Q%?nV~`q{5Y#@6 zZ&CU_SKpWDyP)$Xy~rJ)GF_UsZXpX-}HKptc-72N_U>pJp$2sLQwlOzE$b_ ze0|?s`3h>ElAn_AI4i+?;@m(;TL?)|`!v3F>HCKIzNNkkYM&Cuxq^7nuJghlfp&z< zFvcFks|~l_*ZVZA^s-smS9|WN{j<4OC!0fDO2euw28`RW&~`lbpHe;!8?k$1;n7ER55I{e5TUUJCKeqD*_efHJL10pg|tB)$J5 z^cUwXS}Pkc{yYi&jsIYuq>eix?mXejOqe)tm;KjXnChtT!=ZsE;OFX$4jZo|134bL zhX~wLLrKQBDYc>n09+Rl)IN=GTlzkr?^~&r32L8`pR1{ES3+7SBv#k;2|?{s@(Uqt zUqaeQNLvd@Q2UfT0}|elR%o+m8$M}!YDrkNyLz8f+4)E(b4a%|2;ZI(-`?o?_Cbn; z8>a_fAo~<8u&-DzP1B-p_UyZt2(^~6xAKFLJVhDbu~fEAR5lxE1hr4&Y!l{vc~gBi zE(&U&92bX6NQ;EDtr#TexE={Y+mi8-64GKJZ6_o_?NjnA$HiO3#qGt#UzfPZoM*c2 zfy&M&1lcXB%%P283o5@@uQN_YV{fNuG{kr6$Llqm50W2&H_adsjqg;V>qVl=hCD&- z)A-J%?}@%2sUcBN`;@#LGK-rSF4zo`R0+F@2s@ zn^(|aOq-`0-*+n|yd=+9&~bY#D}CQQ&sflLJtk$Wv3Wt1zJ!@$@Bq#U@*AaR^K4wt z@e|oOrdR44GFD>;s#NpeHc`4GK^KYl1uhSuwNFtx zti+V3?HM&j6jeTlvrmkwTyK%NsxyI3&EaQDxhiRO$^6y%>-iGC~=$kjbk5P(U zuLb6f?;GANFmHUn@NNOMPwg-0FK2S0tB&n%*M-`i+qpw17PK9o*yuoikbad`8~3MQ zcRxRHKi_jdEA`_}KnJykAD1?$97d|Fu!{9rakeI2{$i;i;uJs9)ik3EkDtoo+11sFC^a}AK zFRHsH%K>vH`RutXy3B6Jfc1++^0N8rnS}4N%CYQJLM+RwCB4ZPpu#jBaf+C|gjLD( zWe$x=C4hbx7?2GJ2+1EBXu1qU)UP@G2J;{j@%q|wcABr%Q+Cnjcl&C zcG~Hqpy;>-D%IpBc#yo3hs%G zKWk6tL1S`u!MLZ$H6)sIc9>>Ig=_;ZXQC8C8wtrF@TN4PBs;@1zdv?XbBgxKMU7pp z{6Y!L;?Yx+uh9KSG*Fjk+eEWLMRTC8=o({C7Z~;lG3<{#M&_2FpBD5_JXSkAOv!xs zMT$SU8#a+-6o{lKyEcq1`Rw$W`B!4}KSCgf- zi5hRG4wD0UXuRv;&QC4z{!wn@cPbvhC75flfv@9BC;k@`M3?lo*{2Q+!Lfr$HcE~o zt@KHaoj>H!*i&-CA;lNe*jx#yFMH_=i}w(RLAe|U2e07^{#MIz4llm2j<1ff9tfCU z(>wA%@0Y+}wiu4$B{>nz*zgty*5IY%mB(NdPT)r${CQXOv%Jzib z4GA2UidI*n%5?B{B!RX{WmOB!t~dLE7)KX|aj_8pY30shDCbUMC6FA$vB<1@eG2}Z3O;qIi(q^r4X0(!De#DY$r-AGxIcM` zejPb2qUWj)H*8k8Dus+N@4?6k0W-%9VZig#^1F58#)I6VPQWp+k&0WCPW9p;wC z-?ns^^xM*%cnImGCS+mnYtoi)Rp)H*a*7BfAxkuDiUHqJ(=Dfh);+15RW zV^u}zh*IayBejZJ|FJsscL;^s?T@RTe?EB`890Loa|^C(oy|t?O0%J-II?pK^%c&H zSG%T_1ERPuIf0Zzb^H0&oik@kVLI7CaZa2rj_mI1#L0CDSN7%OSGo_KUiH}nQnhxQ zZItvm*XdTm>MiH?AGgg!R9=NW&8^C9w%UF! zbbUT2AUAUPO%969Q)1ojyRO=fT1Qm#yTdNqm1mNRccATd)XKL3KGl-$OQE`kHUNuz z$_dLvH%ie%xN`;loh!Be^{zCYvM$+fu6^6n1L4(EeK=KM)T*@c%MZ>KRO9aa>>iaZ zQrG9A%C(g({l476oFYC7=10lVJd;y-3<`FP!H&&g@}+zjX`v77W*g^BeYhoWIQ~?> zENNP7Cp=CU((Y_c<2VpRDG_g0nF&Y_r=OfSGPnSUp-`#k#*VjEH^-?tU5q`Y7 za|g&Mk73nO;RIXRLoW#W{i!2X<4&)f?BFBn_j+? z)FwlF>8-Wzwt=g6()!ba^=0P~Y|kdhIX#ewokJ3H4&}T@`gtfd8K^z0&dC!-gsns+`jgX@MN#@QL2WL5a}Nr-!p-(`ZA~M!rYM8s5V znTnXfr5)Yx9J+;;VtX829wkmYBt74R>PdZjm`g<^{~pHs@Cs-odOQ}^8D**xJCjb0S|ilcvSXg`8%fxl2@gpQbeZ+c1EyQB zhD>>MnWn`H1FXFm^few<@N&9*lNob<&G4xCE$p@E{ET#gc(;+R``r+uJ0Lzq^`h&3 zL_aNKkLf4acR2eH7I?YLHJ?h|lKAdMOx=$uDcf$utoECj?ZOkssaj5>4L3eTJ`>05 z_0;_Jgyyd&Hh(=yuZofVfg%nZnjAtEj4MvoHh;#&3qJ-C4yK6NLSO+&QL}BDk(5$j z`Y2>r8a}9~{SK-~F4#YDGGV8i+lN$)<=I_?l8?|9R*HT8(%%p0vs8E4mo^BW#d~-s zF$s_5Z}>-LpiUj!QZi)yxo~abm1uAQX}Ufx+d?%hrt7lpK^Yy3c={KXt1XNeFC(Uz zi!}~~H&?a{FC;SdDR9`>oJbUN-Ssfm!|revMjsjRqFS;%&zNW$Ulxm;i-0m=X+FFI z__m^D>f9r1H5z8UY^|1_&3e-lXyN*}7-^DAHMy2_>(%vUB-ap_LUn0Aou2C0QQcRj zS~SnIJj@S*GSeF36#dFhP65YRTZfz~xYi~XplmARzWi=a86Bw%sye5ZRAF-Cz1BC< z2l=rXW?uRcjTcT)X3z~cr1~}Qn0-XPM}IUo{zwa9&|a(tWYz{x1>X#&1$g7a!0XP+ zb>zIGcx{7jJvPbL8|S%uKiZXIH)!yRM3ULOJLG^CsJ~Pk)@)mKE_F2=l*;5Trm*7K zc~r_P0;@)*5eTi~Ew)|yklS|M6D3O8nb{XSGID$(=5dDT@V2GW$uEk7?r3(U&o@_F zgTAB82U%cjs+JU}pAhx#1tZUJHz-L_1|#P&Fpw*60uE ze5$T-K1utsDcxI11I3VRUc}p0UgPL6%sgB^c|Y03pYcdOeRn29l+)df$E+nr zW8c=eJgTQj@z##|2FEqb;@bN&U^NaWv*gdrJ8rq2r?m@dEmK;b^=Un6Y3W&Nltp5X zPnQ^Js9ns5wxbB|VZ3`0oHr%HCiI4|o;VB#g2~Ha&8&*+S(4f#8w6&tJheffzEUh% zjHuC9w+Xqha3CKWKj&07+r84UidWq?HVXRQ$}`xy6tb|(Fc<7VDWBZ{nOyM`qHwgoqtzPwdCBaXhH zT;5_{YUw*XN-rh}>NdHWTDR?#*!Fp>TxRuXq#7e4b2BxI3HR_QUrD>R6?BR6!Fdyu zu#EqomT_rtv9pX01E<=dNwgh9a|l*jlItmi$)=b!6U?jM+YS`+llEoQoZXoZ-zZa6vAc35c&wPaOZ%!+a5a5~M{<30vf0OI=ygZuum=5V zw%G!jzS>jW+(LP8?D7S#GbJp_swtyeRgI=9L)>bLr549YlI64_>vMjb{#i+G+Fgk{ zg++23oJmfGj_h(l|7yJq@#QAqR!HLaU{8CX3e4XNO2!E>3{xw_|2TOKKVxUogI=63y=peAz?F6tDMU_`eo*Gv%!ytHJFF?wv=#U^Z8;zZa&AYt{+LWJ5-`? zQpGhl$y*8`ZkQ%-hNfz&r;ThBH_X|B<#RUuN$*CJ^i3$D%6+(CY2Jay&(K)GA)NZK zmL5^|07ldPIzgBZpmhM-eDnF|4o&t?>chIz={j1kW>s6OMRqozzhRYw++NWvtNLj( z`RioS6vp%(68Ad%Fr<_+bjIiguqodLE=HZ40@cmQ^X-Jdq9+c|Z?jjK1_z@)Z0~M2 z?J;$AR;WJ z^fM~d!#uj$-7U~pYHe0oDAlncn1%~Q@e;^tPgw}m)6;lZ0i};{MQlr-ri@Z&feI%2 zfzZD=r=k38m~+9#8`ZxYw;FFyc;k3rmG%r2C+L&YG7k!Ukyc#y5~r#C%C7G;;v#8= zHt|2XuMsErmvf|QXK5~&ssl%~E$XeA=KIPisL#z``l8CO=-Mn0{#R)3OCBIgr?LE- z)u(nGy!!t}YB^5X(5Wv^DUJtopEeDrj z1d;tKHizr!t(K@ZG1@)3Zw`^uxAAQl$&4H{jkzMENW)wwX`RpIaoff-F81G;MBRZE zlvfCz_4G|7v2rUSql=SZ2b`qpPq~<1B4*fAIgt{rn8OY5sV*iBTK9;4(3ZfHu$%LB zMvNB+6P}xf@_+-B;%-dpU8i{Un??SUDNximw{$!go~FhJaltauk$QI(sS$@P$kX z32$B5NQ7(6qH@1Nd57_@=tr@s5+b*CR_KaPA%@!q9w9Vo%ePs3Jn3Vz7CA~k1uxt} zQQVHk&u8FDKMl}LMd0RGuTY{y(B|OY*)VE67|j#u<7Y&0}1p4}(b3oi#6{?G(4 zcdOAQ3Oz{l^da&bKAqQb5$G?kuy8bcMtUZck1&S0uhDn|oa|K;HcCE2?Cefe%nwz@ zudw{aZ0{vRC|`0>i_@=bVg6~beJ#_LY%bcqvgZ|aB>sLAVTQ{-lEyGc-$I27`lJzy z3fI4J@}WGrRo;=cC7{Ob5*Wx6K!9+!PLID7;-mD7&E!Zv-3w&>c``(&OJy^Kj0{U< z9gTp9ex7fP8z;2n0ZRJ2cr3qwG5qw|Yu<~taV`0%9nIshMUo}pD zN~QP!wJ=PhE%WGZUe~ESQz&X3UO?PxxfHFFsc!ljr%3$O^embj4v5RFO3{z_4{I-H zPvy1b`>LX@R3)x#S1M%n|8cdVxx9{FK`TnmCeQR7JuYO7bPP1ShlRJR@Gb{0{XC7$ z-3?Q|siN0zsi^j*J=ClrIz6E&R;Sd48++$7cK?cWSrd1UYs?89UrioUXgMLXteRly(=x7s$@Sz9(U|5oKBulbVf3C$kxJjc!uNq*kD!95lMtQ( zVd3-7KYz8yQ5Q3u4qpsm!nwz!skC8TT`Qu576X5=dP>YOe{ ztNO5u^mhQ**qk=NNS7z{kb;fkKUSuf zD^9Jir)}sYNa?P1x7}NX$vy4m;^Jsttm|%XE+&@OR!n{;7t>jKaNjwCWBn<1NsraO zYIp6HbGLb;i&gDAFMT(ypIh%&wu=iKMhAD*yzY*{%I>dWEC#rO|LSx1@xLr@Ue5a- z{QoHb#X{I-@}^Y7xA6aa{73w-Kcz#{uv54j(pJjw2JcFL1;6F=VL?S!u%F_;i0dW& z`Aavc{D$|t)&DffC)-fB%dh1VtT*41U@=MR8rt@B4}^7ztttK^Wu_6X z8c9AyX4AGhr5|K}s~|V^_f(TBMUv!zQv0e6^@Gp3U29)dWBN_n7eCg_*mhSl`=M)Q zwQ@7-?P+g332IN>4K_uC>*(w09Fic}UGMJb?zAR1_AI*;Mc&=*rpE8Cud05BG#Xc^ zq2d)U`5R)T>6c6WAn(9G^zsm+LP?uDR8Pxbe7t=xw9o|%q) zm%_g8nQp|HBlvm_{*2)36(dpKV0Rbt*6#0e?eS<(#k@28FF)2!CI4$sdoTY(J5sy5 zivRoa|1th6p8f>?4gX2D!b+^EJ*xYEk^gT8F7nHNYLEIaayNF#*k{4M>f!1K+F$+v zUznSjx8F%9a=tWZnga{(tj$lW>>z5 z@$q%E)sgKS;N>}BD+jnG2dF$mc|#6Z1YpqE+HNg1gzXTFhu=X94)8k_rU0gAXsNuI z=ntu{Nm}-Eoe9n3CN%$A-N|NL3R`vN%VK>=u6{)AU-G4I1a7}x^T&>Ry7}X-@o^Fl zmL{JCzi}lEX+lu@l#KGa7xSB8fAu^bO2P?_^XOn6*s&XlqO;fvTk=%So>b zxds%iJ+A@MRbzm@mO!n&ul<&DWz@-7-C~;%O;>D8)eSDKoPCFD?po_#K!yk*WqtG> zDhX@*C6(mmB806eX`=gf7I9I>&`$bkJP$RU)vi9Ya~go!yIWq})7sYEI3H=}f-78eCndfgySNa)y1Tl5AI22#ud=K56hJH~;tjsLSTgua(m(=_cIu zIofJB4Z_Ho(CF{f5wPDB@5!V3u3Kj~Ch#af9V^Ax&g63P%RWu^j`_9||cJcd#GkM&95Nk-t4Na z0w`+fj}v?sRih1(hJMDG;#(T;5R1N@Hv_i@?5v!iqVSjNN{S}Lxh~K{20zJr1n#g5 zz6mwjn{B>X=qc2=KDcPfm-4Kvp6hdD8#6i)+MNZ+7ud@J%mNN}O@LXz!LAK33pm(2 z0?Yyq_Rava05I8_&ExlbsvqWKi-8Ns@;6jF`9HYc(B{)y#=S=;SCvz z)T-49rP8>L&d$!c!s+!IkR~1=IIc%udINxow-fZ|9!%lGK3I$S9seQekH3qr<@;A| zg{MzYuhZPWB2>fo^U%EUcPnZ5IAMXK6H=^Z-y#M3Qry2{@L7Y?!?#%t{Ib=+Z(j}k zGpm7rcQx?pl1cQOjQI-fDjFBZ((h81omI#qsE)WzWxv|Jaf=U9~7(!|U5%>$RG;pK?L>k|KF&2TSr|Hu&Y!$F&?ruCU#r69;VF%v2G$aWr`?*$!FL8`l(jz!rY3*Ou-9 zEp6N-s%f*gbf+kDruO#sKGgADc5jlODN(o6>EFmW$x8GYB_&(N4zt+EHrq0|#AjOs zx7PhNr#9RLxS8{02N7bYgatu8*hRJ2nug>n(TX3TRB(f9TneA&jn>NF4b(rlUd17< z>Qhu_n&{=8xT20n-|ueRWaLI;ujIEnYES&7@Y1+hk6Us@lzLVo|Q zG+qUge9YX+Z-nLCZHmc}rFw(y9_PEEXKAmUz5b`#=LZ?3hFMuvETs7snVt)}oe8X# zZM}n4XZq-dgx8SFrGI7A;bKwMT`her5F)-#>6dUegj0(;4X4eg>(hA_wkA7b#FO7R zYM1son`_&PdO{gk$G1Bo&E^`(_X(vr1)O}2s^uC<)mGzV!dJR6@np9*um=U|?Mv@~ zya|U=xUR!{YF+V&KU>0z&M+3|P4)!U*bnnOJyhk%lCdluR z=m5qIX0Z5ULL2|Mo+T;4jo-1|ozX(v#*bP0%W}O{XS&^BeypM^=p8v#NA)oXQiY^8 z{s|JN+J7SL!Rsk<@=sbxZ+5ndN_9 zWS-s|>+?0~Rd8})PEv_j5ml2p`Yeg&VP=SOdFFFY=w4`_3GLS387^#|NQQ`#`)7Uv z9N$@c)j?~?cNy`SSuje;o~O3cpUON%Sex=uA{tWQ6Xp1^Wq;D#HOI9+Um_w9B zo$1esXZi`B&M$a>3Ww0H%^q9X<+WzEt$vM8(aC)lAWdMO3or`++b2rqQlRuO_$G}f zreEM0OtRzW1HJ`Z8lM&Hn!G|kRcbb4`WDz|WA<&tp?bRW^lWu3j?gTG{+DN<81E&pz$d? zfp>SO5thKN-C`r(r}CdowF$O^dv~`>12_O@u7)7dEg1k+Htp-1o^XB2<JE~AnQ%v3tu^Mrxz1+0;O4SzOadxf)hc7drm{Ux*%ljr z+&Dhd=2o~7y{lrZ-t=WP0(1#C?{|k$w4&dQ z<^AqRW<=lb;uMA35;~f+O}$-1YE3Z3e06*TMrhjQ!Y-U#I7c?g;iOrT`3m;r^6swt z2YI(%d64856=gncb!F~9HVj@GyEMM)jDBrv%4@2zQt8%_6U)W5dW&=JP%e?FaNU9> zJB|!|VVu^uqe+9r`+lr%GG7dgm*L!qZ&Hf zTr;g%n@x`Z)Yg(7rJt^9tv&q!l_njM>a%eyV7!^I9U}K6ev}F23iZ^pbZ+Hwu(zOG zc_S?M6E(tEm%UZf$JI|_>#c6u&AaIEP9j%ExL!zfX3+-d7}5acIKj2Yq+w=@Sg3uB zaL3T%>AtelsIQBxWiF1>K8<6z*xrQ3JK{wC7CRLf#n=%;B84U$)b5NyuFrLuKiX}J z`Vtw__PL_C2v5qPH~ZmGXp&P`SQuYwz-rW>38~ugri&LX4)tX+bF?6<_03P_L#M9o zu9of6{dy&wS8N_*HX}wc#vmP+#?Kja-C~UCS-Q~5i)g*3di)aPrJsef$^L}g@PMW& zPW6FXzO?>o8XLc)Ix3BgovtF?$mych+ET2es&V6Aq@lIn^Zd5A=^}VF#H#vL(9!zAal_c{IsrNgKh2;a$KCE$naPo_-jD`gc;(vJ1}=oUjyw zVKo&_FusS6)hqLryPG>|Zem?s-mXtrMxP@il&s$qo2&);Gc&qx9?=qJ{+0$cSUDgz z3jjYkrsS#hMYE1>U-BFOPb7k}j_yy4Qcqkxt&UEphVR?_yz&2%s6o0D7C1WD1`4u` zw?X$MK%t{E_{pn*KfD@vwC$vHq`T7oGl!YG8^5siNjz3#y-*$1v(WtIFLO2$u(TZdETdESJhNzpKogrYk!lyDBviA77)*kmDGbZ%o(%OT$UiQOB5&2;8 z&n=C%=C$0{$;x%?;t18$jvd)iQajM=&JyKT%CuYGPdD8vtZ_PRKjBdFWPWzWew#JI zs1b!zaHiw8qgi%n*dKVZG0#x!fZVdftmsFwQYhtagDN!9epo==BJO{IS`2%1yHK}{ z6^OGFg4(Bk>2J^wciPI*Ma@@fuJ36N;S6#+61x4VIw@fWqv4JCiAU!1#AD1Yq{|7H zHUF%7og*?I2S~xYq_C5)^GrBew9}uPI6QMtSh-Z2s zkEw0{Xw}^pDM-2PKS5qkylmRGFI2BI@wKaf7W(zO@N~98+_;0z|UL_ z{PmOJ(wAI9IrZmN2l!x9hi@_8FUbLfTZd^il~(6$=JN!1($t0ZCEUk^zEwsM)r4lt z6&oqm!qtT4q`OoO=clE0C+P?HvZKBns4p#JU$auWx@5iab-hYgZ2{1MeIvju;9%bj zFbg=?w*t%p4)*N;vw(v=8DJIwHXer9kk)6Mpo+arADOIuENz9e{BNOgN+WVNzqza}y_W>d zIp558R$u1hf_RS?Y@f0LE%_ z}?!XlCC9fsJ>o`n@bX)6VBzKpKtr0A{gkDV<%U zbi9V<_wub{NZU)b^w;#k<=ex&PA;HoT&UdM$7g?k$PZTb3hUBMLEwA|ErIhT2NLBe zuE+z;^+%gCH?Ax>NM>Uyi|fCaKnMNzUnVg`V;f3h2z~tVC^?I~#!&<1Gu?Rr8Xq9l z2|?{s(n2?ssf(1|8gI@g{jA{8ZRO1Lwg)6c>RLgqhx#R87dQb8U^c1SsVXR`Z@kfNUXY( zvasID8T!g~d0*+P+zHw>O?7cGMTt{AQ#ujCx^2Jc1lvWt=2bF6#5ffwzwhHkfEZavYM?h(Mv56tlTPR80oWZ~7>z$>=Zhb^cP_ZYOxg`n=kfKTHX?<;Nx_Vdir4~$`0YxshYz5A9qFLsDAUIU>w?$!{JH)$GB&IQPKcy{Mk}GnxelKKv4TM z{>#$$YxVsj6n#Qa`;_30Y>A(@yDBdy<=3p9kG)*sI{->Gd)?AXiIa;uf>`6_sJ+Rk zq`9jx?99?|r@hs-fiulTL)$_o5L{$VAEnJ`n!j|QB7bSGS37-(ieqVV8nxz5X4qZK zX*cER7*Y>syqnESXWW)vLvG9z3ys*(JO);~{=~+ca~QGE_tdv|WaUgtV^!aSxxu!- zrD~qPoGN=~9?N=75AH=Zc2!Me^0Q>#ZxEq2Bt_hC<+B^I6E|5$jlA>l5yf78i|?8* zt?pKv;&i*UJ5N~icHAwgx{yC7i}pOKY*^XB@4p9dAnl{%lhF8hK*nI@WMJdGHm)^T{vpiicher2)2ouz9*WR9%w&Z3CJFJ1$VOZ3R8vnY_7B*) zZ$}EHn+lK7PDLAoz|s9%Dla%Bjs+ORz#5^J~a^$IDFJ@+CCJpC((Bt)E zdx6%hAM+}#!a+-Z;&e?av$%ZpWBm7Y<#aoi@vY`F3#Aon*j6*eNIyWI?dxb6ZXxH| zoKrhw49li!wR7bKKv4GSB(t4=R)q~qpGSop3p?xxw4LTyCSYs&Y4J#{-PzrqxVO%n z%gtdmVJfwTH^0FGp>DL$QbJCWRaVVw>#3Qj+pSGacb@si%FH_|7i>(kYW52=tMV42 zd{p&l{bEEZ$b*+U$s~n^x9TZ>i}wkA19Jd$n{s2*cV1um2b%a|_iA2k5ON<^tJeV= z&QigM{%wCn`jpcKc-Ox)%2m?~`I@btCoF;_`MWi!(T``R z6RM~|?cHL|$aL}$BP6_#?u3D$@-dZnbiLL}OPwu^I9U%?F8?P}aA$Otpl!9JjYeIs z*0%kDwKwWC#QpfBxZN)x?k6nntZDNVbWQnwa#GxKzH5v7DT|BLGEI2}T~ofFo)ov7 z@7m%%VsR0WrpZ^(HRb#0q`2jL*B19Ni`&zj@8%r1pne4<-}cqj?`I~(wS3nS_i^r? zC)p7Rs%U9QqBj{}JM$7Tv-5E|8^+)dBByN1_*ZvVu^*aAmLC|WF$K8vV! zDF22U*gh*7)3?&JvjI9vdLJRXgP?)UzSP?Jr)v5(zOfc8K!&~iU$l1XQ@8j}+lPew zmSo=wN;Bg=JqAxM;lu{FWCw5Z@coOpRmfXxy7J`&@t7jr#XAA&ujI4o1a)w?`JFxh zi6;F-$z#wzV#`v4#!>o4c$dzG9cC+={EVI6#)aJAu-GP>xTLO^WPAHd03K{1(VevW?Ks34nINC$KzPq4ZQ|#it6>mkGaGxG|y$UBb zxU1I?_nVXA_OG~CarMaK3MV#rbKGYp#qC>hgyQOv#}!U&@aDMBO^G|TEefaH7LWH8 z*|D$h5X%lrF838F?d zsWXTq9X#lq$0z48!=;yU?4&pOPc_=l(3aia_7c+ly!veNu%dO^*yD7u$@$H$*YM{0 zpi!s!?)$lZtJuM3zX8&!&R-E{lL&hk0XJ}ql54!^XjA5NE92qp(>_EvNuEqSyGsE!qxHBs_NY&AElfQt9#S&k^L|o*V>?#K1}0V zaWp+HU8ruLRak`dFEW`1Xv;hJ^ae?9F)*Fm(NgPc;^U~BtDR9zH2!(ANdJ?Ek1KuK z7`P0(=%9_oadrTir=KKS6rQ%J`-H|cvy-kSJHi+ns}8v{sf8?|Z7Zu=i9N%A5!uH@>+#igAJyw)Y+Xs~GeDHQ12pF( zChY~Q->w_Xc_e-DNo4xd)zo?V0MRk@)mE<>mZY2>{trob=6VznjCWqM*G;cc6|k~j z(qVI4w)FwD|8KC!yfU}fl~2N4z6@>bhLZxh`QB>L?Bao0E$Nk{To%kS1}x{2<;%3^ zc%Yw6*DpY6HmWS2(OTPmn3eqpkn}5HwVDcgM6-LGy&Y)w2#;3vh^mY7gwo1>tWSSa zEWL-m!gvtQr2GP2Wt+ShTjZ~TfEFPdUPhvk4O?@UNfQt)KZ;R>t;+Pz;t4kh2HU}? z=#)u>^pSo|nJ9jLN7ZdT2;#&O9c@d$&TDoE*`?o5=r%%b0p39*{5^9M*Uz;#BexWuh-(?3YY6hp4}%oXAxDUZ&bwGF3db zt%+9Z-?C{w5WL?^-*)0@YptHW7lK{o8SAs(sz7p76%5wg*fGEI71I7aX?uBRe_p2@ zdyBT>nn-9?&naOV>$K-d9%9~OuVAwS;odI^@OKkPuT%Kx#P=g#{zzHNLc)_ov38bzhY<6o zDus^!UEY#5+K%n~rthZR=f3X`_tn1nGOP9p)iBdCI_!jPGo3GSI+f>?*XVA1E$LMJ zx>?XQt-1d^DQ+pqPR{q~k*_I*6R!}cc}@9+ z&*NQ9ZD9>O6Hd9@A>SLO~lbsn+d}mPtzJqI?3T^JgA>B2!SK*Y~tL!aOyb@{N zWsh-&Lb4q`k^KM0xaQ}*t$A&p_ts&ZA7?)#x8$b?UlD5_E$)+;48l@5$i~5b_?jqr z8XUJ;^My~p$3#P9^zR}uA1`d2eoEgGQ_b`&-J)_h%e;SRUPzt<+q@K&=EEm$rlZ+f zFZ;6?^*YUG+~n9`;>}JzG#LM}9m-}QGpDzOH?b|wE(Rfc4Ud$QbO>k<=>3WOePChs zlwKs`Mag%Sy=pO@m;Ee&&C__5tqxXA0l$!pPI?WV-OP3ct>U zf2Hv2T^JdYOTJzBcM8ABh5w-NT`v45h2P@B$SA&Emx@8F*Xc%yPz%MbZAn8%ZkgKgou z{z7&qg(!W|XdX@%ssGPW4^rqjyO1TwcWub+SaFIEz8H$zd*TC&bI^!RVS)PDhuOlYS#58!9LMG2R{?#kLr5o@C~j zPEzw9{aYh8V`-<|4OMF2@i_@vC2l1)w)7u+PWop`9F1BobMjZK)VcoE_VaQYjmMMf z%<;In&aCtN#dthk?ig|USIg1G`I`{JTIFp`d@Fb?c;FRf6Avg`)pSx_YWHy>b*w9e z8O?ACTs-mxOaD$TRd*`HN?J|-p?uW`wWsk$0~Cj7?pgfL5}RM{k)!2^HR5kL4QEkK=9L0t~ih{44c zFMEO_H(GcZ)0i09$e2AP{%9n`z~gCt9N0*#rL7ZbxMPGyY#bQt(xak4Y3*< zGf}Q{tf)~F8LBSVYMiP*`zypaZB!fI-KT8!;ZUf)=HEBgyV`}1x~jSx3~sa&Bdr(F zb`_eMf@8WvwjF`A1FS%}HQKck-e$b8LOXU8>fT+#hPA4? zi+I&dv~;%RA#lG9$u5bIw?&_tx4_1&sL`Xm&$PVt>`QwsL4}j`l|f(ro{A#_v$OB# zEE#oCGz8`45~!TEW?ybpu)twgWcPY4+IoU1whq*32_hDXk`B5Q8 zvJsi38}o1{T#ezrQN&4@|1=+JFY%pF(oY%ux_+Ja64$=>6ersHjFOG>Qtx7=wt?tb zIO{&;N9^MC<7`VLuV?4OAGWiRh5OTTHib3Lls&Y1<&~tZzZY5#B!{)^>EXrH%CTu) z4sG{3vZ6%Lb)_?`cjv0jjB3S%{#=_^*w$~&-g}bQ9_@Ssx{Gx+x*qp}1ac zGETA?IY;TvJO@ca>l+sMmHA5BZR#%~lGmM-jYhmi+S!PdtH*4PjN7*OFINvr5VJA~ zIuJK?6&2&wN61&nVxv^_%(4A;NDAw%$Ezq z&;E4E*5I8#382<+ivFWHXzE5g8jK}ggR!sEVC=7-mNERuv{YNi4rQv5%Xec39Hb96+ae2lgj+WCYdN!k{GQ?z7Z5j*ZB1yl*jm z`Qq`j=!U^vz=6tYOVXGS)IKG%$t_w{JxHHeht#!;wj}B0!6uarNTq$`Hrr34D;B&g zHUi@oTfsRaCT5(d{o|ktwKj_x30}k&Q83LnGwqz2$`+?D(+2K`^gthh zI^W8lf}EOb$1Sl4JDKk{rd4AHIz)?B>pf$95Lj0;CP> zoB*?cgPj{-762w&oM?>L?Y}!Gu zZuv%$EjHI;^ zpS)V-%=K04xKE@=Ub&*N;lp09b#F+^S(3Yr?;LpFtF=d|yII5DtUkpn1a|wBA)U`n zmrf3JcHrf7^r^h}6w=A}S-gE6)+FyAK?Mi>NL$j|;&Zqv$J4t41IdYXy zl5_bs%+N>hC7~6LoR+_rtiFd|ENIDSay!P(VGcA+0Xi=o_c5vU?N&0B+a7$EOS*%G zT{j2Mt2|5+!`2T(=a??AX;*O+fmf&P@Hpy@qrI|Gr zh<2pPTPZz&$m#IroMPUg;_RoY!68zKv)>YQ=jZTTz_q+e z^~IjNHp_;-sQczA#p%-&rZ-Cku{m+792hqq0|&#oOMUX+5@`5dy%$Q1TpC2qGQ<2k22pGO0q6bO8Rr&k5I0s)Q= zb!SM8lILX-XsVGQGBCC~n;!I9taaW7)iE_Sxbr-_P(>`e%$n(5K218$BaoX&W<#ZoM>l!w$MR3k_K7D4bG{0+ z(ANtm=<7qgeUA@Gmg6~lh68-s!kHZJv^B(&e^mOD{W-B?MCNI33>>!oRHucJ!YDb9 zUS-GjEwm@)n^P=&hoq$+~IPf>;%}MF?uebx5<32rdn1J21;CFBJ@#IdRuDzNT(E-wXfU?Y3&d-QDJSMy-c@@uU zsyQv0!!*l%8R@;etdxGUlL=T@ZRuMD0#Y$}mxs3(aDT62QrYytO3x+~TPOdIJhRgC zYg(4p*qRd#fWB$wp}3KfJPI9+_gvE~yT2MHk-IW5P4X$(Vte!~GKzGL-#4GU{BWLI zvwxUm)7?nLPe@LdYN^O5_t0`0qpCbxMCEhh`adX=b)&WUp~J!Em89CCQxD6El-*id zw#AbF^cRh)at26i7oThMBFl$9S7|u5pkXh@ zUkTZ}X3`H0wQSFm;i!W?z$a(H9wj$ULOaaR3|dCJYZBV|hGx(b+U$6COY$C2+bw5S zOmcx>;i7T=gTj`aRy$N{NVV*0l5J0l6n*3owe(tcCtraSpUa)$XmQ##N|QHAt3Y*i z-@UE(6hc9Q_)up>rKsvxJ*~CuW6GtqDVMy9nG?2J_EjsrK?`EgxdQflb-AmBJ&`wR zKYv|!if?PRbRoGrJO8{LZBV%uYFK4eQ$7~C1Y8T7fW_E>Zn>v%ZJ#F(M=<{nW$ztWT zR+L;vg5f~L11c=FH{F2>hdKUcjnv(w(z~kqexf!Ggt!So?UN=(1oH8>l+ZqqqX}xC z3~l`G64D2Sbdb^#)IMn~yM!|{_mt2c%+nIoKDo5+Eg^jl?wp~~!E~v1`svsP&Hqm4enD=zfylERjHh3x( zs>6p-at8#CoBC%qPT(mKco_E%a7Wcx9;?-G^ZaAse zTjWHjYExNDx`5!YHcqlLPoHsdN7X8{<|>n^!QF$~zr`Pe? zGjsM#O7amZ(#7dn&ql89^>X>4r7})4MV1Nkvqp)g`8muk z#jv)nyM|LWq^zB^RcRY+Ey<^$I^QDA=eYxq3G-Zw?PVi2O*{StF_A;?YIAO%(l&|g z5l>3quW5R0?qnT3ZJMF1N5RUbA-r({obRX&)U!+ZWE*R>fs@=uU1wj{(2a1dt^HoS zNpkmJcgv->DWL1vQJ1hh#)TKlC|uU1w!ist!lrB=I*8Ap-!612*3MsoUQKQP>=QYj z^k9A2YsuT~hnfpG%)fL9)N1-3yuf{j6iroq@2&(!UWskMPw*)Jbqc_>6~LHmJz2IfxsUC`($rt>W`3G-eNrjXez@By9={L4DG2VLqX9O4 zP3a~CwNJ_I;Mr_n&ZoVig_{1R%cr3I*@E_L@nv2xh_dJYL>rQffCA2bvi`q#NMM*N zPi%g))}Bv^M^C&tjJ2_w@gAp81?|tSncz1-WEix*PZ-b1km-rqrAIGp=tJFP#QMHwY`b8#0~qo`&|xqwINa7&&`4N zod8n?xsp2HU)HC1g}_dy8}!-dgmmnT#yakKD^l#zQN4wTtEz*=7=A8@kC8 znOw~CX04WfN9lZoK3#eSiAdO1q=!)-C0XFVIXi(s_Ao7wEN0BZD6-M+tO1guuGLKK2lvs zT4CNkIA6EQ1#t3RN~Aj)-^FlXdomUvTVU@FFbe>iY$tXZ_kx4tl%b8QNoq{*4r+DZ zRzaCzfB8N^>8eMIZH`?Nye(9->J_T>TwpQBvTPG6%`g<3jHY{}enM`+Gnv}i8}bZF zlMJ)-RitUtw@=~eY4CFONMU>xCEq85IF)&8p7&+3Yx0h6QvqAh6v)s3e=x#CcQVO$ zDEdpr(r;6Y(m3pWhYHF#+_t)L7$tsFTpNeiF)sTK#C>wwd<9)ozUa-G;+FGWTU?ZB z#Qn~+`3kzGe9^Hr#VzN%wzw$Xi2L1X^A&VW`J#_&id)Wib#ZU<`>Sj7WqF(L15T5+ zI=7X{Y}RrAr*135m=MbGTKps0ydAbHwE>mSy=(PZIjI2uw>~RxQ9qZ=v4%NWIORDx z%;(z|<*rdx_`94sp9^QYxKn*)PL1n)WeVQBXD$C9%`{K-nIW9A4~amt{C})1u5hM{ z`~Q4|Oy%?c^AS?`! z9SHg>xioCjUs-A_w3CAo&a-zgO1KTCC^?PkJggv-3-t9H`PXT5S0*<{$!|W?&{#~+fg?DPUZiB)bYFc&knmT0mo;31R^={! zKdJdXPR@|L=9W7pU#xB>lN(bGY(YJwsz~NK6oVG!q03^ra)|5Ygmvl&;S&_5Y@{Yu)d(>t`=J!R~L z6gD!`IQq=?B&I)EWs>HaoO<>_N|R$wRh87{g{&KNIQxK#)?)Q}b1*RbXpy&*Hgl7m zDGo8q>3)7q>7pRa=8xuOa?<3wrTbrNN*Dj5*~^M_owT^NbhoQ~2R?kUoNnoyPwrgi zudp#Vm-)NG-nq;_752_$Rw?YA%V1NLJC}(R_ReKm6!y+#stSAOGHnWb=Q4G|ZuM-& z39A>rqC}|0vUP}FQt{4Z%ARCgd(#=w3qklYWsQ8j+THacNuZJn0~B z;W5QIXx03Ia!v9~B08;d$@gci(;45?Qn{_?{t1os&i-bv%7W9KZNSmaUm#XHZ`X;; zzVv>6Kn%9VUlWa^&oVtsT~`UZCV3y-LQ~wbyuZ4*=+_<)1&7Bjz>IN;M$0GBs*8TU z%MGsPy2O(znB39h)1s}Sp&0E*cYNuq&~{u z+m8nuRk&`m@-3quzb-8!zb9G068Sw1+h*uX4z&3!H#OgZTS^@ISJZI$`IZKuK{hGZ; zakOLpFE#f__*khnz^4DJKuLZ^9lP1^6TH%y#ENR+Rnty)cED8m2RBdSoe}#pn~`T* znxFI>3wdaK#TW0MbX?k8YelA7KT=!izqwsaf_u&1ssJ|4MztG{XW2g5kA-I`$5<`y z!uQ5m5`fS}ElKww#V}Qx6;iI-c4i=0)iLkndM4RDXqx${wNuwe%@VYVQ_L?qM3?t^ zHoyH`c+SmRc|JajB%&mNlwr+8QL==fvjjJ&b5HJFdduX8_9G)U=bTnsB#1VOZhplX zNz}wtSIYZj=R2<4OAs;Z@NH=Yo3hF?jwW*rlk7}HPg!&E&4j^>X2RWX&r^|PwG%OH zBR=?ceeoFZzRB=r+XLObIF0Fn{J9n2-10z<+YDS79<)@mo5=^WITO2Na^Q>+e~45u z)t0PqJpLDAxh<+tlc9cOr}|sRi*rm~nr2kNR?J3@ZNZHPdLuWcd>MAe1B+-IoJ1zH zNw(fN-NJ#JJj}Vgx++@}|M$uZPZsd6aUSt#cIw}g9jLMS#mK;Aq$yn{)T#U;ok|+a zT;17*WLD3%;@OcM#Iv(hf!wuJZHv?MNx#ckFP#gyEfmppTt#Fi*0oO zqnD9>rtNaNDOpiV?rPnf68QN-{QCZ1`?tNxkCtolS*-KgRwCMLX*xX#HiqfcMi8YD zdtIaRIS)&3*+Z9cSF92mVTHl{5IDKW{_2a|reyJHgP? zvYs1N{a9P6tcrTG`$dmc%5+P4qfj}=mXi}elmjxyEczm=%dJM-vNE)#9~5+&9&xT& zEjd@mAD}Ie=Ra;kq$oE8#hKC&$R+Uk_eGi-0v2bj6S;5bb>*|tSQDQ^UOgo3^*b)F zEt>Pvc9i~nwFrG`vJ6$Pj*=Njn@w0|6)gMCP_xvdhVSuqgR!-ck5HOSiA=C{4sHll!?6 zh^RXM9y}Ob0A%PPy?EI z2#N=~%!%{Gp z0Vyi7x?S~JhB~F2t?H%eR}Gs3b-UgaZE(~58T6^ENS{99?z?JN-Fms+G-=i8?z=js z@(@bz4&fGkrQ{Dr*7Z%x)Spwut|Ye9NioC2m#JF|9dyHtiw9hb)!B+7LEn9H59-d? zngbV8P-Fydy~m@>nTjIQ%QDK`sVFiCFQd%E8xFj2_TaVoQF1tMVRh`R!D|~t$sRym zv(S{Dy_Gw69WZ+z!R$dEsV;l8FWC(@l1ct*_rSOTd?Y~yf(lFPGLG;8|aFX!f3oUFf&TdQ8BcDyr(v>UX+|ydYy%_ zN$C~EO<^2f8_@1V>1$7v?8ED{7VkB!*3F1ZdJVKQ_@%=6{lNNe0bKLP|9r*Y0;{~1 zAZgf`bukGKFB6yF#<#9=TJ8p#J8oj=(WubwEt9pnb`38qrBkd7oNXE0)!LS}@BB%0 zTieGBr@W^1z8M5%O}kpZ4s2=BZ;H6Krd`LlJr)-acIAA%Zw5ihw|{kOY4#tLK4W!N3lB zTO)ACoJaBM*y6n+<}zDqUJ>1qXhSeuuaD}le1bgLPNWU0F%3(~8VseR%_i6bq68Y& zbXHAe=SDGg#Io^Q0BiwVPmxo06;Lo=4w<$2>1+5}LnZfm*x9%OSbB|z{D&Yf73AeW z+;Mb&0KKsr-^N6OBgC#Xa-Uk4Tq&O2Rf2t zbFrIkH(fE~;(4Zdlz+Of@Wz?>Qp~8gFCC?L_tfTOf3&Z2BUkUzb^BxWP0CGI^tm^) zUE{R5sKKo-Y((9U<3lsIvwx#_cNK|G2x^~_jfJ#X3F%EjVrfvH5Y#>;o2V&i6T#JB zl)j3v`69NuLr20+UFC*1hI77~S30S;jn(hUhh$=ZNXF5Zj;j`jF14n4HDT^rPY?8KaKEiK}JD?9!9Cx^-d`2Un_)iX@^z=Rb+NnL=#c*Y{h03t3 z4;nx8!-is#3bJI{B4@Gjm$*=yUyS8_uAnYdvxzV<-bOo6i&o(AhBVoys ztF_aY0d^M_M=j~=sCu^^*_gLG>`h~Bdu5ok*|R}BQSjqd?z3Cy;)anP=(3T=@ zeH>Wgc!Yd>G?Cb6b^aZNgWOH~cL0)4~b*>7aYP6bze~@;R|y z*_8D4=X#`b3D9&OlOp+q#M7{5zdoe32Hmo7n%C@W-eZEF20vlGMY+ZagQCf8#OCnMUnD_@Ui_aK|| z4|3{Ry123>{dj9@FSd@+c|DuTh8Gjl-6WK~opR+n+m-^3IhSi9C7|0R)VI$i9iZ5fIr#Qc>~|)>(srs z?<^7D%j5UY?=#7{UAOAgsZ*y;ojO&wZrvSu1w!+>L=u1NDF)gWZ9uR()whgNX=AqN zWhec!p&s-wXp%8rT18?Ab4CH|$H; zh8%bXyONkc4-&4JlojTGo(Nlz$ZxPDm60-T{qqTqZ>-Qvc|4-@Sm?<%e{q-VuBvO^ z;qb$6PA!hn^e-UG!YH9a(eJSY%t;@4@$$Fi#q;q%UW$;sEGCo}4nZWZw<>i`l!V>0 zT}&dqAB&m#)UHwZ5_LtW*$?KK9 zf7KO4?Bsgi1Ys#+vbp)NfuD2wWkuq-m8wmE7*9^();aTr*h~!nF z>EB3}io7Zm{hKVIzr1cH9(moOqD)?jki0A=l-JCdysnK)MA$tOV-k5Vo+=tWlVYi# zCa+m0ubpD@x)lr0x@=}E4Wig?=SS^kE5FU1uKryFoxJY0B$bgeZvAf%>@P2tn6k|^FEsrkl2?VMe-BwI z@~TkuziA2m<#jLd$m>28W%5#lM5si=cLn2X9F)6$H4-j>iUyIi4ySJyT<;pC+&UO-xAvgx%8`lgK^sRMF^}7EAp!dGUM${hA(=*OQP) zlvGU0uKrU5oxHwpNh%{{-1qjce;C5q8fWF^RktPZf=xJ!7e#Ca*(GUVFvl^(-V3B^8sh ztN&wyPF_E;B$bgeZvCGU>@P1?PqWSGOBc_NhCzUKN`DOJu3Yt3uI#*%JE8YZLLv>sKnu z;IZye|hoPDBJw_>Dj+U@~Y7EUnfgNUKNV|Z!Dp|yxt%ldA+HkOkRqR zyeuY^*P@ubo{39D*gbP%63Jc?(=XBJ**BK@Y4YMJ7y30fCacl?7c`*qsil>TJ&-_^Gns};8=-Drp+F!bE zZl1C;VvjM|?(bxKfad0Zf`DT@W$gR!5#grof3_r*pRyYH?<-0B2=afiBo)rF3S9la zazX5_tc<-Ub*yCm`lcg(8p*s;mj5^KD>AQ?@pcCRpmZUOL#;yM`!T!42COOVqJoolUjuo2zCuFI}u|m=J(n<(*x3X4LMLhCK z@Z;pA2+7N0LU}ET$?JubJ!;$KR@*%bFoqQmNcq^rMKqG1qlg{7=Wzd;OW0Wr+C4dt`lA=~`5 zRntdCb*$v`hm*r~m1rGvG7f=Z0ks$ zm9QhmMklLz0oAay&dvHb>)b0vZ`u}w8kKBRhu8mjA(gRLwVEzur{muRI9A5WY#xJko(U%TjZQ$(+?FVCnK$gSR744o&1#J}1b84SF z?6*-KMfb`Rme=<;POIF97LT1pOVPb(#q+H1lZPEI%A@FBd3dVf>PZFT`A_eYpU2+H zujpR+`|=&WLsc;Rx|D4J^hOWo1lT#KsU2h+_7^?0DfY%o4uq$7m%Bqen#3Cwkqi8Q zYI}!zbuXNVl;KR{puuaUud~F(c-H#+-{0LQz4v{t@KUezzV}Uqw|k}czL)OsTAp`` zcpT<^JYo^OG4^pjCzC3B|7?xb77(?M(LU4_C{RU#Vfz$gNu?Jvj zi*Vy0JLWH)TgY?pkJ*Ye@s(WV072DrH1CyO4CXp3+if=ui#V~<3yKI1Jqi>0md)e7 z9EH}~tNCfaiSVFg#vd7DWbh_BEoY0dcLwGrzG#mZ)07u*>Nd)FFMGMc?$r+tvUl%E z%=C6X**>pJpRcxei`g)Y{{PSAqz7(+oSdX3D&*224lAO18R-#YpN6!y*7N8~i8$?l zDXUQ?D>e)vkI{jww&XX)OdoN*uvu|&GN^d;?A(8QuVkjTTep)}9ewLqFHyK2RY}_B zUG>%Z*6H+ar=GE~V;EVwk{NfrmOPh6;c2LqF z-fzz%@BK^?F1&vbmRzJCXQ=$bT*&jRwYp}Qm;bCVA}b*p(@;V=0{H`6=Fu##^E}); z(|FHsMU#5#dFoj`wl2Spp32)r=W&W2@?Z>^fC z^7#X)dA-%jb>-{G<|WeAHN}HT8RRPLj{$#hV?%YzOj2vJ)i<6=BbWdh(79~Q@QmMV zBsVpI(2(*n*;M%ph$iDNlxRIWzC-8O<`&w^;um$8G5co5KazB(pxdeFnn+(^kgi)2 zl`WF6L`ykEgW4oZvz-AM|8Pgav@3^pS;pZwl(vP}OB141hE!+Mhm419DTjBKm%Yqu zk}H)!3m*B0XA~P~C-v%cB-i{l)Ch7qe3nfOpRxKiCiB}W;C!Ekol_o-?wu?A;dP1n z^c?Ey$&cC|*aM&lI|)S1(K3rmVS`k%MLQ4*w^?wuf=^perl9bi1t%&va-(oL&crLU zT2Rh&V_^;9{6q;hAVI9Regl%?%h9kmDC49!xOSTO@bdGu)A>qr#W&#gJjH9^a`Ch) zV-PRtv;7VKbXte9xYzc$+qpvEP6)V9n3!Lxmtk|&T$;@96qSaWmd*!rs3VFT2;a)r-u3}@j?8uTIdP!eg`7^55 zg_iCgk6jy(uZvv%OZ(?{a$`fF=wH@19Y1+3%|Qv{*(+5&q$XdoTc!u%g?120wS%&% z9qMe48X3%JofcphUZSD>v1q)@$M-B1vArUULbC8t6yZn(K3|=;uZZbSR^dZCQ2e0#)zt`my1EBP9JJKc=NtMy=`X$4jU`1&I0VoZ_Dvq5+lkRRlUaY z<@~g05a&DZUs6;_F?lADb=~NAqWncg<_tYIKFl}PuyPA6yUXIT=MSP9yWZp0^O(yk z_xMr81vK9}O?@@Lx46o@UyNwp@4f>a&NtYIu6L?G9a|4pW}_A4`?R5Ca-3z-Za-mYc^K# ziulWt{&?>@6_Kdcs~J_R%GauXC0*SKX%@7d?es0zmTaN!)t2la3ET2|f|a(^UDTFq zVOMR*=8@{MF7dW3kZ5gr9~HdH>aNVOw!Dx8HDk-?xxl#5cGO&3-mJoM7T7skT|o#2XU%b+8;Y@EWy+8d(09 z+V_q-qP7she(lSSKl;6^<7V1d1#GT;jb^2NjlEd=szqG;24WKDu6=JIWczNy_Em&y z->`4*mE;RKcMzTPC#WZf@r#o_3v)E#*GW6h{pdS4-;2)4&3*}Q10Cgrb{k{M6V=(n zmBUHg*f@-wzLhBL#O<^#)dodg%C9T$BHTntSpKex5JIB38&|VClNI=VRMvqzgkR}n zt?g6{*YLv6q9}%kdsNZt@;CVj3Z<_pQfs@49e?OhFWK`mJe!Xjb@jhV*HwQyc7S;N zPV_%vKL2&JU2?Uuw8|Gu-mD-tO~i+J_A^8COIHjrDlMPG__1us!lms0t`6NtS**-Z z#=9qN(@M3zprsC?wZ-rx0^32tX7JZZ@~22R+A&h?H*qNRs66|b$ROGwt^JbzSCLDi z^q{aDL9N$@^eF0nQbMc;gryUe^K7O{6?ZqeyRoXyzTHQaI126-VQj~K+xWWVxmHev z0-LqM?+Fg|J!<(uy~T|9#L=^94g$N$%efj<_ykCNBTKtes*y4;zoExryO925kp9#_=?5lC-zOgJ7%Q!Movtvx za=!PJiaiRA5C?;WMu;+Xm*mWN)Ag{-Y3Kr5UaCj?%x~zO;kb7T^{g1#M2Tg$y1<8- zPOviW>5g$v1AJp~4{kK>?a6O>FD~(MZ*T4y_Xc~v0rytuCrZl9(Oc8C8j>10U5ijH z-{QiUXLL)VQ8=oI^?O6Ffh8=$pFwPSCKtv);W?itQBssYONq0Um?-JT-$xO16w&0c z^(d1>Mfv+Gajp^*CH<7=DLm2;84{-p)nyAZn9uWQB0pbvu0)GEgLN08qET{xZWtxQ zG4iFCqA^k>#Ky>KPb2u(V)9^&lvfw}K;{QIS=FbToPQ*bPtYRC1wN8EdN~M-6*rzT z=p;CGre;r9eu7n?iSu0;yDVOMI#{vMSWp>bP571OFRS&(lO8sU1Rc0cCiBml?yL)% z!$~SgHz~XHQ0Mlu?KRbA5tIIIQsbx(9BTW3s_kv@6-ob}wE9Bv7Uq?{z7W&bFdmw} zAbLQWMhp&T^^lPo#MKssDFT!ymFR38C$WMTo5$1|M>Fm^j$g*C1$I93= zP#NbZ{ZTBl*nCUC;y=(CuZf6Q$Q8Dn9*9?I1;C^-=|l-bRX2ql9(`PK{@m-LYdM2Z$wlEtXC}gU({bDu6Tm=m1lVdkTvu7^TVCh3;-Yhnqov1Jz*Z~tkZ#zK03i~CSld4O1RY?t&TEB|Y z=hFP3&#-?XsYZ}uuznZt4yD2snM*B(XpDR*~< zY6Oto;{qE+e#t>T0^Wl60JJKDM56R}C(kVJW`>oIDu7&QLbmRl?Q5KHuxHfg0>ThDJS!x)?-`_Bdskz)&3k6#eSZU8UIuma9I*1 zi`P~vh=^gIhE0{(K*YVSt$#-(t`hz!B>6|mL$V})3x+LD?lBtvJ6I;d%HzLHcu)|} zi^_F_TQn)H^_k<;HB@If9aF9)KQwurUxQJqb&CKm+nc|&ttmrSKYrPfT+M{jeXvh1 zAg9~@4mRweXoEYyH9rS!4T_iN&nNm=lHs^htBXAWajC7rs+1Tl|4sECWuneCq&I0< zGL-xX!tP|)qi}fx34dNBU2DidPHX%4lTSFO8C7W{yI4!)-;+VhrpM2OeHorTXb??m zSMWQS-|+840$%|xCtiB@8PHLC``ez30#Vc-KD$`$WnVStd@QDyx#<~VQlq9rFIv$O zYgkwJ46D(r86DYcqgV08Oo1!itgK$oKBM}DS;f2`Qg?W~< z>gtA7r5f``V8C+u3ospHwz%+UI_{v<)_j9$i~MyAaOsSZbkBG7csH;qZteN|M*nY= zS;w=<^JRUGgj#+2q7KL9MI8$r$#kaCe}p1kbOr>w%~&;}@5P5Ua)tB1+)+uk-;Gsk zbY^^RyeIpaK>!2U&#&2bwCa8s=3n^*%8xvq$R3}P^cTW&qQurS2DC+lE91Mhfm>HT zKj}BYLhd;1F`izcGz5HqEK%+`m3$oeyKI7sEV}0IY+S3hqW={w_M#0$i!E@yXtDDx zq7}~lencBo6fRL>OIc{wd1x53>$;2Pe%WEpuCq;}y3F3KUN)P?l+7OLF=_XnwZ5Uu zu{BS9nSeQ-*YXh;?6%QPltd{17g;`bV#rSF$N!P+ojF@uDK=-=Eq5piHQ;02$C>%clmtF zLZcud7jEob?_oim^=LJqp)&Y#suiN=!J99{p3Tw}D!R<(L^-r-&|E{!rU@eGS}bTQ zGuX4uU=Kr28bNXfdnk7=^B|KPGa08s8@w&5B8b^wmC?%v>$$?uV|un3A6MlK=;LB1 zjb_CTn?hE)MOnSV*Qh_6%P-)ic#$k*s&ML69JTcTZR1}-MCy#m zMk%y|>F9f!u`^;H1KXVu>z+rO@y%QjMuyAI`BBs-QJvqCAI4=y8|O1=`Nr9N3y?tl znB==S3lKM&^;aHOdoRLka9->#+{V8N6Mew=>6^n9>Hder+TksU{79IHjyg#CC-YrB z`{ZIiftCiR9@uI5;iuf)SXl3Ex04%=_00tyhH>7eLD!mn{ z#$Lc#$Q0%Ge#S8_Fr2^=49Gnq!7;HuVq#e}QdwmJ;NL|$ccbW#{A%kJ8H zSC^yT+W3JLYiBuXr)RlC`Dv zLmK^(Xfe*2G0Bx#36$+sl0Cnz;EW1zMme0OfpD4voF<1evNulf%mMvYDUnT(aPV^! z*Yi3pB3V`XwlPo5CXp37xxKF#BK%H1mB=IE1g`EEYSHF`B zg@v@3!?7|5${@Nv@$#!?z>EH($35r!VdsiI!MIp`ogsv$O>T9!IzNT>;DnN?{PgPU z%!OUQwg7aI1(RYIX90_IKFGSHKUs82%#y49vtZU{zoE)Sd>@+hcL&e^nPD(9u6Aod zVZ9o6II3F^1xikDKHM1yXg*Li6WrMp+{#b}Jky74lDw+QUzxJ)3 zWHyyQl(d%JC^44_1gdYI8=VZ2%%%gJBp*IMOt>0HlP(`Wzl7GrKdFDXxqixfi143~ zZ?ZA}9ErBwn(qK8+^W2d`3DIiTd|xdsS$!k-A9Wnc&v)bKLXMgRW7MNR*=zQCHm2# z1JY}g`MqJd9|@OOZHa7Kd5nUJcXO%Za~{e-=MUE{Zh*|6RhR1g0#fvWoDpuheIzL| zVsuQeWg9MGwW{;qhL+n#ivqeE&4Y`(GM!nM392W#wQ9V~3?K)M0wJR0Fvx_S$T;>! z%+U1H(aE?1^x+@zd`%!JQ?re^<8m`tv^6G`mv8rs7<9U!rz5O4mqDOL5+gN*1M}9HWn_gP#RIM>>VyJZ; zAvMZmu+y0zM%RAt(E5E9mi3pMB1d2&N)rP;iI16R>{mhCx7zEC*gC~ zI*)I$cpvqtdwzdWiR)u;F$|o{N2X1Koy7C|L1U1U%-~+MoMalRaaUVaC771YwLn}nLes(q{^op3tj^EVZ&b#& zX|kFuvM@Up6JFC2C%igNiA0%PinW#&ts?u;w8YwL^9|CpXmFZUf__q{=d(+urJ5zM zKbIzIT!C>-In~ToXKNO|y0I(SwRmAeuefZg^O|gGO!G335#-p08mF;Szw3Tu%*|xh z;$>5fE2e)3)r%7rk+joycB9EA+NyF;Gc(U&*lg{aE!r$=q}naeDSO>Drg=$>YHkq> zA0L!&ouwitrR5fO9o^ZGiE0|d%+`=Ko9S2CjSaQ20$#mX9ewQnaKC6lAcJ`F#%wKK zq4>$CMixnHB)I*R=?32R;+3SHx4 z7_YW*#-nM`ph#Ey4iIkq za^{Y`;ikHyq`I=ZXfFNPNs2w@k>bXqvNh;!jr6ug26Ajebs(Sb_1D||)QI$l=`8XE zdTV4w;r2*a=IZQ$4Jrwj%oPX>B^HWn62krL}2kZM>!%8!|CbggRRzoptq( zrEbh-oXXZnWlb{LaUF=}k}OJ$%EEN(8KzvdXl;xGsaduTm6ht&B2=!S%GRR8k;V=} zV+SuluLs36wl>gMFwxk$Y+X?7?G#%}ssB5T&7iS^8fSe?8XM?n+Pi>e*bW_aK4nl7 z*`LVXHud!kLLGI!t@FCnXoH%O$QgrMG_$MCEgPJvJ#NAW3WO-3JDjDN{yoKpMC&sq zXVh5+#0g|!1I?dlk-r&OgA^hUEmP{%Y;A5yHgo(n+1fEBDKOV*9Gt%9I*@nLlfj=YdDpebRZlgg7cFKwuy|~JZnr~*x`zDBpPzHtz5sqIaKbJWtWZmeF+ zLp1CaUIjv{?sDBKtmDS6#SSwY=-bAwg=lm}b~}@6sBM`Kr&;EH|3*GC2DH)=V44K(QVAsgby%icVROyi0fnzcGwEn4mh$-24d)UUT}C&9WAJYb?v z_2{&YlOW4adt-}b5C#W~?sG3)rbRQxz#q;nGVjS{&duh{l~B?y%7&K-KV|-_Vce#o zgf+aodBG8hq-%i2jpoLi-%PuQYZl?Jo{bNt84sad8yNv)GMy&O{0wC}8uc!Q*^yip zrUJs^)h{jXx;We&#SL=!fu(GyuFS%*dzP8Lx1u4P#?E!s>asAKrUkPpj9r>WOiLfq z*txNF+3Kmk$fg@t*vpDimDafuLT08!uM8rh@xB&OvnGsEC|hQx>~=OY@nv%8aj8(5 z`PW#g36)iK$jE$#WUg^pr@qTGTw7PLb$4gKQr?ST9*ul*u9CJ~5ls82w?q=w+xgqr z0y?}5bq(xsrNa}2a=*GUn_|FB+d@Qaz^n-d%+P~z@}7DhpA|8=PCrb{*5qdF%5Ov~ zx9A#ZstZ7PTAfe={HZU6q3N31M>(zuJS0bT>RWCVr7}0F_Fe$JU47i@RTs3sdV4xU zr7)!O2C8ueQklqbRa2)LoRDm_)k&^0ul(Y~;l;5IGZyhkJEne{WdH@H?@3Z^ZiaSt zRmkKPEl4r8FJz#y?cxFQ)J@he62Yv(^$SO*k?DV^fi6bl_k^Fhu@zKnCmuT@{RbedaI-XP)P9>RKUc>d+It=}y`o<~GIXR^? zj7DRw7Qfc_rmF@2{&eG%UW?PHvAwWoLZg?RXQg??IaT z0(ii~&^qLZ8QUT$mlLIOOOKX^hf}te>2Aiy-4&;dxfyyVkrh*kgOP5b)?fllurL_4 zFeuF+oxz|atRN!_X=@`6*+pt*Vpg;UlUgH>-|hLq<{dZT_d%-!sL|?jB3ok)lSU{j zprMxaZRbN(r9;AXbb*Gzs>C=5#tj$K1W#QJgInfdnzFUo`i+`TDv(kLi24p=TyDq??Q9sHZE%vxX5lA0T(i&y*ci64VT69dd1r&>oedhVU21lOn{YO0 z!UYgp$jZcnV%BR)F9JfVP zpgg&SDfdJL|Jk7qPPVRu1dcY>rwb-RfF`hfiuielc+AgAgV zb+C4nZe0{qK>NvDQMJbP#)cY)SNp1~z_MNySb`ftn+#EVJO4s5cEQCnMnaWr&K7(;pjFo)8HF+}XG6m(vWfr| zsih)yRHWWjq&BDsvs$Z&DnvzU;jWG)3;JrU`l<|a(etnv7=avYDyh#$jJE z-MkfUX9iVsnR``jpViEBgK?vphe)3H6Y1!|dYYr=J;eQlBV@uoE3l=*)I}Yd@&}7e zIODH2vb+sP=9f?XW348sS~RY0IUl~LKP{&nAXK={?%-V_9+b^AWos8NBskdSbVFLE zx{B0yrM0TU%r-mN$)HZ5Y#kz~lL+dvL&(KyuH|)0Cqpt*zl&8`;r2y_=&rS`MYFY; zeY&W&<8Ek6GliwHa=y3FPj(AdCx&7Nw$SRtP!=m}9-Xb3`eJsdn+FPO=rutFaXvA` zEgPU>wSs3kIPfg@0qbl;hr#kNv8-EpnHA@LSm(k8hMXPNIa3~cHq(F*8-&#mP62WY z7r5DLHXa3*W+x3ee{VW<4cJX*vsTB@J73}+6=?n&Mg{ZVa2{jxT|0OqFtJm99_U5V z`wz0ciC!e?lJ)69wz!xYlup_5MO_95Nq%c?%G>PDwCA?+HZ$X0r*GUiI9;3n4u;*_ zffiotWfqmgxN7_l)_$sMkIx;4b8EG?L{N^K@Rw+bu$H?Ia1-{C&&%&35wORc^iOVB z8k_h-Y=MlpIZ6@l`;p-t=`=^u7#mm_=1v+5(zzMpw03+Zl|C8;9F$5Q%ZE6$x|7Py z&@4BZSv0;jojN+Rc;Vo5>e%}9#HY2n#@T|j=i^BHS+t!1W@r(i;w!b`D>+^UcD>w_ zROfotJCs50XK-!YNvqApJhobsVzMEXXhYNTsCkZS@+B@5=LF7G2?O@MkYspGMa7x*W<@nGB?g$c@Ct=HTzI9zC%JH!!ksR>N@3rH3ksjCFjcpHLH$=lnEkjD zy={`7_lfLANd>c)OIsiWf6_oh=h5$TK+D@)*q3YkmBdTo;?vlZ#GYN45z{uFkv7Jdp1 zte-GB;YDwRinL=Oe+${lMcp?R|BB+2yA@896y?9Ch_#ByStVK$)Q&_&`F~d8YC>*L z>t0tzrPzxF!^^y35tLHlu$9;6L_xxx#t9lYeo++?B~kOcRS~yB&^Kwdm~~`zoo26^ z8m-oyq2(BP+!!%Z?@KUWRGmv!Emy$%Fy5l=U+^Kcgo!>;k|H>EiW^kWGTk>>#d)i2 zqN?u15D0*$*>%(Y$Si@6En9z48U7(qZ`|v>O4TY&CPV6Y-0#cmWaWUGRLfIQ+?iJq zcdlz7qx3fkc%7IS>7@TTEAs&XPGV)TndSr$-Ka28y_fz0P zKH<&qYUa3b$VX*wqjlJd=_$+dxP8m6D@*@_eaqGrK5H8jPYAoZ3FqTRzAZW0ot#mz zpI=V;-$b_(r4l4uZ~mEjYY&&wZxMZd2R2AmYn~Aw3GFGLPI{v7wt{C^@I3|3v|!EE1kbYI(_ivdmCv@|XvLmm!Ep+H&VsE9 zZm{4%3Z8Glb_Fl6U`fFq3vN{KLJQuh;6)aEW_OCX*n*EL_6rt#R>4aw_>O{?S}=PJ z!OJW-PQfo)aEgK(EqIiIU$S6X!OJbUQNb$|bbC6T@3Xu2JuLSBlZo4Giq9uS$Zwz% zIh7zr`ru+rGl-E|xENCqVx%1|#`J_3DT#|Qbs^^5C`O?KG14A~V|ql)c~Oi)!ufm@ zqmW{xXfBtj95K>27h{@7jMUD>m;w?b?Q=1vhr~z;U5u$CG15gBV_Hd!RMN$mauOrW zbTOu*#7IG1jHxOy(o+{>8cU4S)y0_N5+kj3F{Z!7NO@h1sWCCqVHacCOpH|7#h6kP zBaL=33I#rW>^*z+ad-SDY5z#l{CMOZitHjXpW;Oao7;r;s$u6* z-aOY8aS?7*sim8YG9GI{?nEPplS)aISXYSMSLkO#`tmIgfi9#&)A$+^SUsE{dD_#sDzT)=Yx3RG)8_z^2df#^B^kpQpTq>Vp zMA^zHiC$sKjL_dpSVX>2uYeq`!Tv7NaX^IJGFurFB}Ms1DDgj(m?-JTZ$~aZ{&`*b zZpAjaEdQj|U?|EzUWs=o(dAgG9C~+Rnr4aSHRjoeOzl)L^PpOOp!_lPQ%KLx;^N*{ z;mM7|<`crdl7Ab=73tyzYEu5X3gz@Dk@c+vV|lp{zRVa{zSAKXo|PWZQDY}cmg<;L zI|qbJh1A65o0WT{RX8_j(@e4KsvlI`T(-ZN%XS4#6iCow@37d*iESLT$rdy7U*zWH z%=owua}R=_ ziWT!?q~*?!u@uvvz>hIia(;}?Bys6dmLT2q#-&&KXuRKl1Kj`Xet!=%IVH;|S9e|>s$oAjK3|eAeKWoRM`u~7oNAcT+DI(_{g(fMPs=Za zq~ACHI!@bC&U#)zvbP|U=Bej-=xp!RhUL7NtbAPDXAWIgc-^@A7MV-$%1>MpM&@7T z&Es5tDfi>Of0^%3o6je^cnmTa+{Z3HOnHG_{5HXgUDRD<7w$r>Ct$tiOn8?ETgz5FUaTN+e3UwsLkSbyLs^%#V<+*<3pwJCxY6 z3U0CYQf;N+ccx=ePG|Vf5V;&D%JQ)Y8F@*dWP12EGUs$euPR;sK9STwZJ*x)%88Pi zp2NB9>O>$MGxEa{ACLF~lcUVAqzlyM&3Zp1m2IjoDoFpz)sO zhLwtZ-1yDd+^}Ki?Ytz4&DNBH_$lJxvJ7^^L+lI|VQMA~m=wwS*g z?g)PlM<9QX3v-%9UH*O-ejNLde~@r;{Su-_`J+G_l(8FoCx7AKR$4-9Ljxi{g0>#o4GrL#-pHY^&WM^voHGNYPayTJ>fkXls5@p0R?y2 z!zkrhU^IyiOjaTz^)%g3bDlz5jIy&D(W3|qND_361SE)g?jHfF(4YD6yd7rub?gY@=Xw>qM|6Cnt`Qa`b4RS zFe-Q+QR6Lz{HL$h9G!mQ=ITjKw8dAY%%+I`-dCq`W466Ib%s>c zc)Kswq0SUbu0u7SL8~T%?&(%CAIbs$e> zD=EVNn=0Cge75JPI7M_3p73&zeSKFoBg2Qv{t}6aJm0>qE59O2s!piKS|8k1_tGX`o zJ+DQJ(8H?oTXDl)63IK`ucSSR+nTtEuW!=h)L~U0H$K4e2DX05Dy#7PkKiV*AdNxQ zqUP$uANrs0Mtb9Bcp_=McIjLu{%%ONZlfqic$KxBDaOeblv4SBvKCPP8{+*1|>d$-WYOS3a-y%6plbDU8EvgbxKM^O%VO9QJv@~7OZrMHHSj&}v ztKv(##uZbX{0qhW87%Z_c&C>myyLnYu@7P|MDwXZ$k> z4^9{Aud7xx)K@pmqzvW&{&+VnLCS*3`a8txi(EP3sPw_5$ z%C&vM+pp@-uT+U_wAQm<(ofhTV>O38y7Sq+f#O2FiPCBYz>md+_&TR71!{QmWIR3{ zix1DIIT(GcOe_<67!sZ@y@6n5ZAN#|+RXXfXl>>Ke)ZI?*ZI;Ha*y9Q-doB%`4H=~ z%FG%J_qL~DI|40yi&^V0MtA)yIBN+#L8-I8?_Wg72q)J6DoXM@T7EmvT z;!LUh7leL^67)Q!&R+pyD^n6Lv3^sOJxIH>f_9m3zsN<8^~kHM%Zu--WtJ}~dbl3% z>0D|RkY7ma=^>vY?8mqc@;cf^rb7ElkXz=9Am7~}>^m$`b2DXLdHAv;7)!RGh%Dr5 zCHySX!;`wi`j=z%v0Np^yIOoj7$zD$Q>kmY9C`EU5vA)SoWfjn<&}i2lG8q~(LKs#+Djt+9Eyd z=X)ngyIyHI(+WG1$kZc{n`M?ezqljF<1i~O|a6> zbVona@k?n<{2Pg^bq+B<=y2<2${btkyaFN`Hd-#@LSHl5j#~a` z^tiBw1`Y0y=iXl|-MCW|G0w5lf~Rt{%u?<|Nm2egSjBGk5LcDA7Dl3EKgMA3Bz28Z zif*!um1C2wU`N1g?cIs|$8aC*?f8%zx3@#%r?wM5@PPAQXj4&)+BE!D&B9oHH?zK` z5;nKKW;83hVEn~&L9OGyWfF)?b$8z~X;%G8x&{w16m&Z>!nR)Ar>(aIBWUZ-5UjMd z?xMC%@hDVny&aKdUE*#1iEHcO-e<8RM_JvKnYNa&w3B5F2{-b~T94Ns{j-LO>7O*l>7S)IDLMVi zlawgw8t9*bz4h<-KKi#K7=iwcCs@%x-9`F0G|;~ZM3!}l>tBXM#`GHR1Z2`?byw!t zn65>Xmi?TNjc%f3lqQ1KqIEf%RN?XtTxfman1v6JmFC}s^&DGYRyaNJN8$cq+CZ72 zHV|WBTt$XPCniJH+I>eu&rX;1kqJkMgfiKQU_~ani)4}uWU>p9WnJi>yD7Y@!WvK9 zJUYLHT!!?YD~H4n!9$vRuQcp`pvc?#KDf+sVE`c)bAYccBnfnj<`MM(j{ z>mWEF?fjd1sI$8<f772YkJo3k4Pawiyu2>gc>|`f%d1{}UjAIaKq48 zq;K?}js*-~0>gofzb6eawq2UBSmsp&JclKD$ zn>iVIQZQ<5->)n3tC_I=G%V_GAw5nIv*#*0vL*5-b^!0BSf7pUtq?gzgXpwyu@bZC zmA#+XBcoffM^=}ZJ(9(7`y?v03{1FHSo6(_z3S{^ul6K&V8izySg}{Si|kc1?8%2< zt+2YR3*i|G@2zmmUX271dsXML^5At@-9;$oJ6=q}YQWw|!e&`H9NY<(>q)Z+(UTP4 zau|qoGex#eZ*CHQl+g{%`G@6yRHRfV%tJZOCTVXqB zTa$@v+i8jXZS-cI4$U@v_RlJi^m%hwjU)fD173@L+J0Y(Q24V7$8=&l2%r<&d#t*6-6k&;5YvhG=n8yy&TIJt7j(kP zcO~)(BXAQX6~JdexaRkxR^F zC0+a3VMY2CJFEtGm~lgEIr|z~i~QkOjv60Z5<8qrv(WfT4`MC2NT1A?wRR@MnP)9N z$nT&&qK^f{eda9sB8b^o(eKv>*T!^eGks8nZLSX*%}O6MZex8=y~Opw zN0r6zReOn5PE4ZyfgHW2hJn3ACuLUlW7aG z-p)<9jxE1fL%;rPzhYhE-mbMRi*|F?m3HCc{|A@7wZ!d?EVYfEF3IKd?*PG`+j1WD z*9rHqxx&^h^jzjnA}Y@i(_RmRN|NbVZEED*R>z{<#7MhRk2B_sm5CrnPj4({Ct_?B zwAFQ;h~t2arQao_yScQep)tf-6g9mFo*w4LJA0hqiD1vff#76kWNgB9lO-J0 zi@0?XDnF%f^DzzErXai+&SHnNNI2ge2#592zj7Qt@1KEUCw-6i_Dd9IyvlC>(}{8o zrg1gt?Fa4k$ZK@8FQareC~n6Eua%z_-83aiXGS+86Qwhvn^B3(jhqyz6U4e3jI? z=vyAABnrvvc_l&ICv07{EZ#$rm`ud?dA<4md{jSVa$aWo4$Orw;#Uw z9O?g%Z`yC=0koe=2$@y;Nrm;7C^V>A8sSiPC5Cdz{sb?Lq42$$3Eni1g-iSU{?He1*yhB?CV%&P zOD;I$%M7vFpG0m(R}n-7V90Zw~2(zyGK7r@nJi{U=A?_m|ZD@BFdl zqz@Nwxc26+U%OrQwEf4tIX{2GA%A%DurtGQ!{7g(mj9ch_I%7c?Sbo;K2meVi}QBh z^6=-r+|juAS3lbB+2hV`KW5vPZ@lA6TP}J3h~{$-edwC!cSx`L(w91y51Mk|e&4>L z`n~RznICLh92fE({{Elx|Nq+O|FzHmpY$J`I*-Y-Eih}usRuMA)^tu!D6}VQD?qz_ zuQ75&u0qwwY;3S|Ez`^oP2hIjI02cro0X@vR z8n_X-6}SVq2e=n_1b7s90(cU54tNE49e4xy9q=yj9`GShg-@3TblTuhfNgi)NMJND z7T67#3bX=y0<7kEhX6+b#{g}>azLjVu>R(ifYX63|L#+aEXt;8W?| zBH%cn9q0f~0@eUL0rPmE<*`@NyAZex*a%z?+zi|f+ygueJOMllyZ~$hUI*R+-Ua>& z`~#>;q8C5|uobWaup=-9m_5|hvhXad%qk!XpPT*vq2&@4v04@eD2d)Qh1MUFs z0UiXN1fB+d0=xjc0=xmd2mBTI5cmj4Gji7gLxGV1+k(BZz&Kzcus1Lp&{LE7z(D}- zL3zgjO937*d#3|u0(>^jy9~G*xDmJwxEpvFcocXNcm{YDcpi8ScpLZ#_ykDSzza|h z@D71D0^ob>-e_PPumi9Ya0qZDa1786tO3phE(R_GHUd`ytl)aL0=ENq0QUfo0N)3m z2A&0e0z41A1iS^j4}1uunR5&VvOo^tnWncbup_V&uqU7+apnT^fdhcUfWv{KfOcRl za5``{z#HY>)xhd?nBO5a7F#UTqq^0mcC1fT_S7 zV1M8s;1J+&;7FhiV3(&?1l9r<0BkYvcwFr9XxY0LcnEkL_&)Fq@GS5g@DlJE@HX%c z@BvW6KDwd62!O{h9?x1l9zuCMV(?ho_gLZbSfcWnGxC3|?cm#MHcp7*K*aW-={0?{*_$%-apr)2K0k#6R1;zq90y_ayfZ4!&-~iwt z;Ba6Oa2#+Fa5At4I2YIeTntZ_$%-M@Db2Zhx~zUfL(xA zU{7E^a3s(MECrSWKCl`n0jC3J0_Or30G9!m16Kmq0=EIT1NQ1>_0Nw)L z0p0`N2a*gbSzrV(8rT-t0hkEv4a@}&0geQY0onl{V70~LNCodg;4*-PX^#bW?|$Gx z;Bnw-;8|c3@EY(t;IF`kKza~;6UYKQLGX40b^&GrM*+tHZ9peb1l9m&0~>%#fQ`V_ zz&*gdz=Oa;z>~o1z#G8ZzM0B{g+7_bO93Rn)D1e^|R1g-~e1a1ZH0PX?q1s(!^0z3!& z68IhPF7P4n5s+lQJQNrMYy*r1b_801J%PP}Lx2vT2&@H4z`4MAz$L(Cz}3Kwz|Fv& zz}>(@z@q?P&eT_sy!U|j0ltRf@%0U_9^lIb-Z)?)pf&M1z+7Mva2&7{=m30x(>J}d zfeV4Ffa`&qfm?ywfyaR-08SzE`0TXz7Vs{>cS5}nfx*0$z*{IDZ-?kD3U3EsM_?C# zZ&i8h^7Q5ce0s<`4q$~`E6*OQbY22xj~2Xfz(imwz}w#59AG|h5O5@L46q#N06KvZa3*jbZ~<@$a2aqla4m2r z@DT7g@I3HK;1%F);2q$7;2*#zz-Tt3Zv*TE>;_B+<^Tr(i-3~=A2=CU4O|FZ30wdKq3E&yv1>gf9&GWcgU?|W4i~vRgqk*x&Zh+nf*%O!p90VK= zbO4=z53B|*11<-y1#ScG1nvbM1|A2V1)c+b3A_Zn2D|~h4ZH(<0Q>`}#rYo!YzvG7 zb^~St#{f$K@8y3?tN(m!;SWPbUh(B8ZurqIL$;cF^7;!mp8U`$+ZLNncysFy7Ec4{Tojx5i4?5#H@KDFh#T+=CU{OH#G zhtGTDl{=fxy6B^^Bi}o4&g*BLF!|1r^WV64$`8-_^1SKipYoZ#j+tLK_Vk*EKWY5) zho5=k?A!PBW-uAq&f5lFyuF*cHvaJRH}CuKm^Ws=_WRbUtv|kfw|8$^d-esNy}0X! z5tlwW=TEPHVfG!}zq#-mzrT3H+arejX~BQ~`o*Un{^oN#-FnISA8z&h8;3shhxL<3 zY~7UJ;i$hac=IbidZm5A-@koM=eSmX@}0Ae+4#eAuU_z<#ho8|?|`rUO%XTUG1y83vDYWG#|Wr z$;ytU`?s%M;GfjqwdazlQ`@F2owEBbt-DQb-?^oA+x~^E?&|L7Y!6F6ti2nLK3c>+ zc;-I(pE}?NXEat{+H>)@p1=5%!%x1pY3XmSANKm6zjn*s2j8{oh7a#PV^z~Vmv0z% z-!DdG|MT`2k9gwHZF`>h>{I`Ia=~9S-ydAO_W5r;^48BkdSTNqKECbUUliAk{N=9y zwdj}2HdMVh`z{&x3Cjsl3s7AOa&Pwbg|tsq z4lo{y;4CM!06tZrNz}XL-y?J&StXI8vA>kiwPc>K4}k)8I)&e55#0kRvzybvPqk9S zl~VO}^L_UT1fs|ziCz-bPPDsOOj*UX!|Gr39HGOI(JKD=6y->1`oCA4l<4=aV{bV~ zgiB5K9fTz6M<6kI4#B0+T}EVq#hfnVq0JCFsBy^2zJxnyJ{9v{WZZQQ=#p%K_7>w# z3T>ctcsC0R=772!D1xYn283J58b z^uET~0^(E^scN_Pb;wNUPv&qCRC_V5MpTw1R@09i!@b+EH*1auC)@Ubz%uV9df1k( z@tyMbZJJj>*jWhTx{VH|{@~P0&0Fwh!qPG?6uLS{yEl}6JYg;Y=}3W0J{9W*X(d^g z6Aq;rmbot(w*U7!)H+aCs701h2^Ho#QoI#h2Udym=?7}3_Q*oaM+qwVq$AE|bi<>x zYh|AnZN&7}NnT>S>>3`at?+dGlf#Ue!dR&Xg~ra3aJy%YG?0kKfMdpA_bkE@yM zU0U9lq3ow1KsEm|%+6{Psw{@HX%dKZc}}kis{ve>$zq|m?@gp{$p4@7^2P zDV_{f+zK2?X<}=6WX^^&OiUO!tJ*}2_14uB$guCg8ICYvuO{0pLNXk?dy~zGI6LIT zEpl$SxE)fH1|}s&r628mO8+BScJ7^J0f?O-N^a_CtIXEzOBvmP`teq*H^H^X97E7h zcNobk!)ZWoOK>R}_Bn*y?FN1OxCEoILXuQ1H{Xiigiv1S>Qrsk;2H!qnw?~VQ4K@O z_A$sDv`|4FNVA<1^dB`AGt|#h=E}I-m+ep`Dt6Tk2GUzKkQ=JSO%KFo^(EFXOsDfyB(A9h6czc%?-undU@|`>&Z6xus{OpAL?_iu9CP~ z+6}tB`+L!Qg^as@dPeE&%09;8eX?$?tj=kYLiDX~BR*gAVHCfdM2))6BueNNtk*)-3zXcTG zQ?zQhwvVwcGD2!Ra88LBI1D`X|ABgome`tmlT-V|hr*(H&v|j&-p8q{X!14h5fl=cJ=n+e*cq<&Z+8a z7LYuM)ZL*g?7kvI@RsT;cC^F`1Glx~Qo!MxInE>oH% zzU}`N?TS3L%DCk~s9}Fu2ZCvXlwCGdom^hBbWB69rdkzxT6Hvj<^M{D2Xc($bcc3M zWcc{Iw}+VM--+Geu1;R@oi!LOhZEPYPNe+pnfY0T`x6MY@CeE*&`%eFI&0vv`l33O z>8+8WST2IhJdu$_a0Wy*>EHDZ0_R|Q^kMiTn=^P%LaccpL4|&aNH?&iS+(cP!t&Lf z?OomDip`~+%acmGl$%!-{8jCR?zPPw#pXi$$*VgG?aP{%tnSu*d*><={6cfr>Xj=e zRh?CJcvst!mF>;lesi(CYgu#K%9YKX?Zsl-^7iIsZQX6nOWK#VtuD4V7yZumX8(ld zj_#0VvAL6Fo{ovD+6vvx2Oo6Uf(cg0`~zI}BRjfJoYm3QR#>|abS51J^_j&3l*2Nt zX)89L(6+MJKB?-&dEMQsX8T>;?WcB6n!UPEpgQ8!SZr=yaAJF*owADEFw@-D)jadC zgC`w0XMyq2PHab)s>~7<6scMFiR6_8+PYbkvYM@4y0pE0*`z98tf-_y+tTjC+6x_R zD?8S;7n+y)t5+^-?((gKj;@Ywm$0mv{Gl|u*REuZ9mQft*Yf7J=A+_d zk7;h}?k;p7@Akc`&Z&wg{SQlw+MxTy_U1UfnPEYb4s3(XRc%Y#do{i)RBZ2_RCUnI zE~HfKZtDVrMhxrHtX610byfS)?)GJ_`3mhz+dED{VODpA3C%3`S(MAROLsn+@`;w@|PHgL1wz9o2scO3DEJH!XKqzWd z`Ox;I9jiK|2az(H0t8Luly^o&cU|RZwr*4zl3}Bns>Qq(xIy`^rQfcS1AcH!LQvg?kC=Vo;w|93dP0SQ%8bpJp zAGkoe*?#KMc9WKgUsYO4a(7|131JQW2AwMS#H;s8!$W4ePizBO{c#x@IH~H!sy+n6 zUJ{cB+y)dQnHrfj9dz}ewT;bolSNR}1lfqTplSN?5$TdqvJMxklq0Me5HBkx@Rv(2lTZRxs2_;fLG>u!+jOCkDHD%v6 zno`9!w=G+Sr0MC+C;{E0n|?lyY~!3fPH9`Yx}At!%Ht+g?K-o&d1ZSWlJ>i-gUrRe zAOKml<`Y)7Etjox_GcBXiC#{sy3)xW!YBI6OhWKhL}sQVXl~r9H8;;(2?Jf2q*K~g zuAR^d`3zHAi=q6*4FYe&lqM~&tww)r$8EUhsO>vqyubQHw zIxsGsq8BRZiL@r|5oSP4;Xu*lV}2)9?IL5$qZOxzs#Ov7Y(A-dZS#qkf_NvRPxbC(yQ-7T43zRy`y+lq*ol|4729{8 z40E#Fld5LK`Jg9K=%;fc83d+!Qq}QhFe`1P4yy-EjE$YE)bdDcg6#X!6Qv(qH6yf}w$Q&@rw69v(Mjz_# zZlg-hky=hMXwl9tN6_K=DO`}V(piHpeS$Bm6>k-Ft0Jns%nfsGSQ)3By$pmKljP~G z?kZy4iYIimFLV8jQ4{e-bR$Di5p$$`MQju#obUsw#rh5Ob}3iQ+YG(FRKk91eL_v# zkJ53X)X&14aDuZiVU~)FLYs(xN@79IO(Wi7+#~-EwR(8nA4Se@WRog^y zxDDNHjK%1%JfhIXX*}yaAk217HBLA#D|WzNvO=Q(G(%ycw_*1zb}VO{GJ8+|mwm(M zSy~zKLL1yqC6qDN@I`4I(+cMaHup`PAon70EN2H=W)7x}NE#Rm$iVdeFbLadKfkD; zF?WP4cQ9O{t{+cfQg0AJ= zCkCE~!@@zG-PWb&;1&0@(2mHu)NkFSW>STyLqC#1G3K84#a|pbNetMXJ}tgWKh45S zyV0&YP{xY>IOo07NBQYVv@m{*aOp(2|Kg>y?bMFW)txar*0tJ31B@O%t@#CE_rXDJ zNB;spS2}`$RMVQRpH#J_2(}dpm=0^Lz%93KhbAetm;FQ0gkmOC49$-!8~7uUWuuC6 zjpQWIB($`Q7HXibCy&vFB!(|}pva%`K2+PN_Xci>3{Gqg<4jKA?;RACA1Z|C$0=wC zgBR0;Fe{^&@gU0M7#GJ?xR^8`!Co$|2HlA3Z4R%@u0j?}`9qI*Qq_)(BkI)h3sh@5 z;>y)(6mxs~2y}9Q%uwe9|8M2`|EPQKK&s#OfBYPKMj0h4+4E3JDiuQZUdbLIGcy$# zk&rYLNhBo7Duos$yKP5Bv{0JbeXslZJWmJpdXL}l^T+4Y`+Z)AbDsCQ?(4qhYP?lx})Y%}h1=cLu-XQ1A$c_fp0(K#A7z7BY+zMX@Bb68C98Tym z7axC@$z{NExW54pf`b?sj(cRVZm_MvB1EghxDW)93vJ+OQ$z#990*sJLSBKBi@Kx0 zx>IIFb*nLFY--1t1EOa(c>+N^V{Qj^9aIzE869jm8xXnx+ZN^wzADTN*aF{{DU%Sg zp5kdk8+=Z`aMxfPBS|-NuI!607g-$W9vNxmL$EjTf(vwJo@TvxsLmOoL zH^ci)_#OS3)Mj`l5nhYoGXeN40zO*~zi)yxvZ6Y~I8me*Wjjz*-5Y-PqXzEOA<&0% z0eIvQkAR}_Oi(V+4RU0EYl^ZU)8qC;oG=JF3W4Y$8qN$}D6NGC4#xgS!73tD9fF1a z14$^*OPdkO$hg8MD3FSW6;ZS@1O{`%>TpHSxF}qUqWb93U&Cl4h__%e}oT>0x)ecpD4=x{+Vq;PoSVHJ}{b0Fv%P?QtwZI4uLTs5wor(fj+Lh&NDYe-a9h_Gv4F+FuRJ;8|fA8{F;<5$NH55i917@Vo}UJr9aIWLrn0;~*lZ1Ar-rolGMv4&`n zf0YcYfez=>h>kCkb}$gIOveTeyCP{Na2=vQf(YTz3q(5D2OuT^8ViN*5KAC@06Iw1 zXQ~P?81g1C3^BhP3#LQZ8G<&!2=j=fH$mpYnKO8d&JE=nCf)97#^Mglw8w`*TF(oQaw88ZknmrEgz@i*H6fx4)1q4V zmoPkTh+u{R@hCEr-JL;`LJKUQL^v#%>9KR_eokL17%W%<1k6S}|AECksNpz7N3?Bt zoDS3Xo?x%Sj3*N+C|-lYfq0%JY-$Pu`AUdt?v`K+W1&HJVdDUIKV3~(d=8W09vT5K z2RazpWEi_axD9eRfk0=>pr+9RJ%To3N`wz6O!N*@KemtH8fVdpNa>%r#nt@tqaN;l^BM+PnaNP_o zA@piwY=PP!Cl{=|aOwai;5GZZ`um_c;(=Xo05Kbp@G*&C9}!YP#wC85f`a^AQI=pb zDo*ugDP&c3Ft%rOKn?r)Baa?iAr`4440f9LMImdbQ|V3(IuOqwD;RO}6v|-<5pXzX zurh^gi6~)at}bt`qrPNvDl@|iXf3#@OHIB|!~3p~@&jUHab7HTgnQ$ZE0q5O7M~GV z66hb*;!Aup6dmMxG)}pJA@PnDb5eJ^dh#xg=tJxapB>2-{g__awm4(C%i~P?hgrv; zJUw=T<-y2_qLcO~m6>ew3Or*@w=WPnD;LI5YTtRKtXGZcf<<6dRn>LR>y|2%x{T#z zH{Nbrcyp;+=&iEW9Sv95lUts3sJE(ftZ$=V$ayE`#I1W4E!iC+$GEzjG`RbFgPEUh zes<~kvL^jk*EI zs?CD(66pH}JOj7RlhE~^PVoB&=mP<^pTX}e(B}^L{UMAq2y;WgjVgG}fuE5DZVYYb zz^f1XIt=gj0Py<=b6yYMGs0)v;e8v-I}Uy>htIdeJWjzJ;$aQ%U=IG!uMfPVlEbS| zW>W?2QQ6!=csByojLLe_;h6*Q^D9_a3jF>WeqIJ^;(&4x33UJiAQRjNv+a;+7zp~F zu$c%LD$Eo)1=BI*y3o)B3_WBXAOjIMNpV9085Q!-$Ze(>gj=)7il2_AA`k@#On~g0 znHUSy0=G)cVW!g|PNp!B!QTg(>L92?*ED$dR9F*^FY^VP47VGfLWkP_zC&a;27yKP zuew4t>OeWIHp*LvD}{vzbb}^%w>5{t??w#cNhf?aBo@KxoXFY#cO$ z+o!S&jgky-Xe`#l3=qH&xnDTX<2+>mb8*Gyht2`vTxh_j$WcZ#z*m7>HpIyIp`*HR z(D9Z(JDz!%5J8Z`fVxD>N3%qo`C%kNKyD9s0udRx;JBYg^ns>E6ak$5`#Ok639lH@ z9sfB920()vVFRKg7zpbp_JY>21W3HK|9%}b;t*@l27(5{wgqFg@)(T?{I@w!7419% zJ^jfjcszkt(_#d(LOX*(28eeM)D%BybRhXO(cJ#CjtN=xXGez65mdXN{iJamEn+eK zToF8swgi>vL#+pL_lTXsV+(&1oJ7e8>W&srXn`*DG+_xiO5PpnY*2T|BSx%&cz-G+ zcsg~^!ijEi)cMnh%JLbd-(w|khnpGE(F#T z-5;Qciil9)ftV<+Os10<9VZ)XWC+7Rqg6ye!~$zd@Gc%7LK+h-!VKQgs1SjH-vTl8 zY#`|jG`ITO=AwrX6QEes^gTmvKI#TVF8&pB^g!28=z+#Y0tKOJQGo$cZvWl+`_BZ_ zQZOwH@Fk;?iU4emL_xyel@vZ1v{IxK@J%CjHi(oD9bzRPZtxX4N{AF%@Dl=l2U4R9 zxH87&nIW|!JZ{7fri(V3587tLnrPW5o`Uulb%izoeUHb5XzB_NU-)9*1z;j_)t_Dc zQ=>nJm<~!Wgs$dKpB0i`o-iB4ahzb=@lO95KVxhE{K5w24+j#yFhV94up)GTq&oT; zEsl`o1THe@ujUsL6+tise=0|YlcJ%^wfF*qz-U2V2U8gbJ&b6F?-imYDgyj7q9y~j z<VV>Q%R3wRIdt*Kz$>1Sc)xhEjE zL8MIRWFhKg>iH&=GU_B4yEOtE2lav~?Yv+-53n-Ot|3u?#&?5r>W_UB4Es2p5fCjI zz@HF9<4m8}pCodD2X)YcNW9H7yb=BW)jpcTOq^jR$Vf&#WJ70iQ^UJ6r-~0m+n@#D zDv3>PU;%4JadjlRw!un?3KSK1&k6=L=CA*TqC26><*HH3fZ0GmXvQ zAv7z*IDgA#$b%CnG+n2MV`JiK2gZR1md<>DCj96Q$L2r$}{Kj_r~bcsT6?Av`KpA zunE&^l%`J|sVP^OByQfIg&eL(6td{WW`kxoN*Qsx-PdSGgmrjk+RB@#!T)TZvF z&+xDqAz)~x6gt7k9wLOe4QUBn>7k4^03CHakAxp1BrQ;O?4P;Z7@GdIPK1!K#PLRq zip+bo$2*{r3mOlPgAlebVyvl*hO0(=Q-~vhY)pJ^f3l!E^oYa;A-&PfB@X}TFlghp zz>B7nr*H7z-FfPZGlpV1@z$^u^WC2r_T-DsX|@eOihHFXGBH~?W`Y0cytHCRE4k!x`0hU zQVNeip#vCzMZIQvG|0h6nNMGAUPzkZGewRt?rY;JVdfbtfFYLtC+Rf{m;#=LM64za z(Ks30^uv23Vsbd&;gXZ^XxvEND0uhJj}xXL>Ny=A1z-&%6I_D)eV{@^*wRcFB{xw1 z0fUyK$T^lC!r&(qvIv%Zf+vVng0rxRiLR!wE|J@SB8Fu0loSSJ767P?B^eOX4uitr zSvo9EA4EmqQ9nm8Bj|h@ssv_$We^Ei$z%lu2#bT>m< z=`Ya3gRfD7KaM!M%6-yx$wP5^CUQE zDzID67(v)kIu7GEynu<;6-H+q(n`&c5oJ0EqK!daQMM9C`5ngCFaSz*5Y!(_s1jdJ z*=%>n{-V96ZZeL}2jZjj8V-0=pTWKWS|KfGNyB&3YHn~C7gm%4-3NJlK~@&wmSOkFChEfGSOOEW zlO6zurB-%PNrF&Tc;?o_-49iLL07OmyygbJpe`5Xr4eUAVjdva>j8`Cf-uiSiW~L^ zHh5|R7+5&W6JhZ2bZOA!h7;*dEJ19CmIu{leo#l?>f;PhayLf+rlRyW^;0|z3I!36 zD5j<>aYk|h5HQY2SV;-O&=DVje8P%MwxQnFl~R+J zo*|I0mWL_1VF-Kbs6Y@5dyVRlPzn|ms8GKmWFeGO{2LNsXBM#(f<1Tz1_8KF7tSk< z8?h;1D}fV@7f$-2f((#yP%R{l$(U(pHxOe&m<})!pyb`B^z{#?eQFCdI6?=Y+&Cm_ zk&+-7`41@pSPd*!9fB1auE%~e!_l}>AQLxW(gUYR5D2~?R5ySlYJu{&^!5szNivMl zsZd;DR9i_Qd!SX&5cX6$ctMTHRO(UDDKK?mP1p}FcX=ImA0ODbDbgC9#VN-y0K4}K zAxUwlwK7%TBBnJrHxLeoO`%F6^B^Bhz>6T@H&(fd_6y+(fNLq_h-o{9Gz&V)Xq)h= z$A6$ZUOpo%jL``}qG`Jh8$G2xa5_N|1T~Q2_<=L`X907OIUg}{oyCL)>R z8SaK7Q_b<@zLuX`fIk2&0Fkd9=g5?DAe1fcM1L~tai2!(9@r=UP$$iUy#*=LFJ}(Lgc|pCKIdDH3jq+?y%m+(Cz9pch=UQLE=BMIA2Z@KcWF zLxoL1r7jwhION0u0q*|87QuHOP3BM2iYVkkk{xjzRB8pli9_|y*r9iK2Ezxd!~jDN zsVJ%S2yEgSjMa(AfwsYfj;lNTzBEFb>_cS(yr7h-+6g=l=s+q|1$YVIQ9ekPLZuq; zD)b06K&GX>d$_z6R(YrmKw|_v_D8i;AReWBynsJJrL2N}0ckExcBPJn7eCExN(}1^ zFBhX5JS$}kWTb$*i*`0F4Fh|WQ-o>2WadDcCl92@NrdI#JL6?KmhnnD&u z4RCBWPI@>xh_=q?L(nU5z@a|C2>WCT=mjx15CFqgBh@mAH=5jIs`x_EBnVg<6O4#t z@Bxi8LB;ul5<$Q+s-T!s4e18Mqp4s9Ev%N44NMtoPoVX&lL&`rv;Qji3bvb*jSx7% zSkoVX@4@a+M)Sm~Z@@qT88&%lX(ls>O3Vm^DPbjxQ0@*;BGit?n79=;^JEaJ9+rqE z4H^pDcM5qUYE4vYpxU%a(FEcUv9J%+vd&Z?lZG&=!$q|l(>1QM2SBJOWL`sR%{pd} z;T4e-@_I0>r)i>Ke)Pa1!f3I2hI*VKnNSTf+H$-R;&JMTm_fM{v%5gr zQmtI-`J!qXAUx=G;A-NAfdv@DdhRIuR;QSke@{`KV0GP=cF-Hnoz2^ia|(Gn%QGUl*OAvosYZlnl-}H zzegX31VPPOa7X|$dXRrkA^Us+J0lZh_p+fKU~`3PMeb(Dr<-GW3a2?aH4_`th^5ulTS)mm;nx# zoWy|QOoSdWAwmkkx|91&J&Zv>X$-hZJ@bUy16C*?LXp3K2NJ;5f?GYHPt0PJMd6NYu$fyn?^-1J=pm7o6RyT;?O*8Z6qfGPsU}yeh2|m0w*~b zBG~Q{yMkEW7m&r6;-|XXW>_(z1zZ|1jr*v21}iIr`4Pq|#$AX@F>i!IjwK@k!3W6R zqb-LvQEbiBfEjE$VkBZV1nw0+#wzVG+5zep3`wvkX>=oi*uZzRezB$C8j3MYR7#QamtYN4Ju-1AteOReB{@d^y~gy;y>ih(URq+abn?F5-A z!r|~w-q29q4MYxB?T7{JupTFm5iaay&^#yUjCk*_m4}#YhZ{@4lLp%wP78LlW|la@ zQ$R|p{DS$+D37F&L;q2|mVu2Y7?ff>Y969-%`>IS3O0kXERouL}%Q*|MlBw;^d zn@^k;u)V0bb?A9gHsC$MPSMmUg=}i(j%tX}VgBoMCS$5#4TH9$#n6zc4mRCXD+3Fz zQOIj7|F$kXFoRY`$PkzbHtT6Z1UUacY>uggB@{(M&k^eck83UdGg_20x@pJV0-0a9 z&8d&XKM)E=fgQwQ?F8LW$vaX`x|r0W#z@e^;Gu;=5e632phj(B?bE`&Q~)|MK&Hkf zqoy80uxJ7uL2-lxI3m?cJ25Z>I(b;=8q=}Viw=bSPy`4S7tnMg^=Lw%07V?A(htOd zmoLPuu$yyyQKc>QBm*_n5NF#^mMg9lo(e8U<`p{D=&<1%F=<3m=>dlw)hI#@D>C~D zF*9j_f%T3E0&GCtNF?SdWPbE8Obi9)krty?EH=~sAHc5zlo0zz#jgkJ1V?F1d@1Q> zJU;T9Ge#19cLH9o;DxS#i<0A9B6IsptRvmVl;n$s$3r$UXV<{+WP%qx}=&{7jHFPd-+(EZT_ z06+pB1&A2}iXiMD!Zsmji655JMS=jKG0?cv!C%_YY}r32M5iYHr+0o38j{737>3Z3 zzaNCBeIV6|R|8T*)l{KOUZ_p2Ed*VJ1*fNZ(-g8EraPv2*vO1PePjFwHY+t0fw*T< zhfN(9f{-X+3SsW`leKY}4>m(j;C><&9)%IG+ahQgG;{!{m5P+I{|lM~pv~AnswVj) z@+*GT664MWxBE=jPxT6Ti@HmP*wLdcCb0tJAqKnxuQYgx!)qQKFku8lLs@!4?Bl!a zi)HN*5EK1_3)>0A7!9yNAR+$-IWUJt%37ErnGWbf$b{*)Z{p2q*tJ|}Dniu9&_xB{e49AWj4TQ!<=f;}~oWUvJ zjWmiWVpzO%608_1%dEn#GI0)ZgR2NZDubYh`<$p(lTF?&Lkk9)O|6}zdN4%z5HrJZ zYYlnS!LI7D{6oNRK%Y_4P<{pGzs@Qs0}QU zwMsk;bOjX#R^fV3HQre23C$r0&o*Fc4Gm5N*AN{j^PraEf4#y0Y(DmndS*B6f4`^y z)IiE%&#VI%IX*OyADr%ttWUNz7M%!1&!IossSEG-;S~r!r^7o3yvM@X)kG*dgbX5h z9ii4{{uL17I|3eupqV&hLyy)X@V1s zr-e}&{A5TT*=GnzF)hjo!AfLU!QW3J!*x5<9%!K_LJJ~cK+}nn`jFPR7MXZ(=z{$H zz~+JsDK%4wxt1uYK^z-EWuVJ!XPoRAlOp^-6zc@c0MfzO)Mh+}4G*{uuw+*$D1?QD zLHZ9bEXOpnhkvL7mOFA*SgNSFQbBRK0@w_`3J{wQ@baPrxWRS7C`wGdG4sfOzXYl? z3Q})!p8r24gDsJ|rl}JX2hw74anj_T^i>HD0eQ2gM7jtrP{wHn;X!IB6f0K;n!^sE zt$+zrv*mfmjkB};TI6$~l+7qY)VPrw0S}~#sa;9;l z1rKT9X0{*nj4BIV;J^4^QNHX~0LI z93*aUc)(4w!H{95e!m31hwQ!);R!=$t^i-d?k@*H0T3Vr@Iu%cKoU_QTEOc;)LaA2 z)jyRnZ#HU|g;h+lwrqDw)*{=$_5HBOA}4U(-?$N*9U1mSSA z5Q~I@RKkgcJx?J^>%x_~5SlEL6h_w{V(V0=|k`dYkW>Q!|1 zS13;=Y302J>)~@BZeC|fmuh48DS90xv%fRk+kUGqucgVWG6nTV@&|Yp&&rEtO#Se_ zyCtR2f%N^yqwVx=H^KsHKEHkhbSCL)8EKYiIK{NU@&6y(%sH@`bI1?+BY#Y8W;ZJX zgE-gSlsrGUT0#%s%yWkfbu65DS~mn7;2^HrJZ+OzVPatd)|wvk(lwq18Yb0_nI**7I!mf z%BwX{U&Z=lEkEbbAjgC91J`0D#ZH(EvH9&4?&hx3i#)yRD5E{I^iwCUv3Cm&o2!la zs4d=QY!wVE%eKZ1 zo>sIuA96%?(<=d?+%PA#)t{7ZCpUDw?voqQXANXLdQ9iAr*+uu@7FsQ?J*T!(D!mt z_f&3P{Xfgie-TZHnYA*(g@2K~I2La_B-i6Jc*o6SaZgWM)($z5^_!Dx zhAbxfcHDit^M!Nj`H3XsMSGY(*_Ix);K_2D&$K?}EY}Y6(uH!WyRv@!55>kl?;RW+ zV`aM~^3$Q-^j_^dYn#W%Hg{**HYIg?WaU&_U0(h6zG_tek-ZPB%Pea@H5d1}>>ZZh zQu~Cl>}-+yM;rUG4=;N%55MVeU0J=Avzub|K|EbRVdc56UkbCUAOAkHSESC2^Ot-8 zxs@fslUu#MDYTdS0xAAxwfVO1_1sZq0SXaSLc4VC`hHl;s6Ttb#8&of^0qI7%aS-1 zl~!=6y)rxSMNC4MS2u9alCXng-@<-;-Y%oObo(KHN9zjn?kC>loJws?6TOp_1%mND zem>k^#+KD`w*FY6eMyxZ^^9Y7qvV-;Rh#NA`u@1ME8b~$=i@hD8BBQ>i+G;9ziRPl z@E6lkE+eO75?h5tMG{!t@7~;cypFY|UvVt1^Vpq%#rv|d>R224wjMUS9;Pm3Epu2e z|2NOhuOHvt$o#_oW&g9=3@U4$PGui-C*c2}F#J3FaLLO3UN;vs9~nwckY;oJ@%#5W zdhw{e(Hd$MRFU$}}$({vL2)plj|<+20YvSGjmx7ptFtbZX@Ks$J`bd*uoO zo^k6^n$`-9eIDzYkY7}Ke!*Ps9l>t8j|V+81yi?5slLDcB22L4+^32(dJ)^R`7v1_8o|L|0yZ#+B>DhBc*M& zt2zBwefjj>`+J7|i|eZ2L+lMx?LA*-@49~a@wM<5rA>}srN1n@$!U{a<2qkb*5m7; z%L==mYzs{r80cu^pmQAFA2Gc1YNCm-lE{m=+Mb06-a1^#zSUA6vd=m>V&Gf*f`>Xw zNn3RI>FMcz!*65td9xeHclVLx;*Z{08Mwk`>Yk24P3~XzG!ULK!K{^A)r-~O7lB|c zn_zSQ&B0-SLm;WU`GfJN>kGH7fg|S@zO~t1l|-7gAMMz--ckG3Al^oS-F^rAo$fW&I%UB3+p?7UE}k zhlK)aQ|i(;lD+Kf7YGgyRP5gg&5y`bLWQ7eZ}4rk56p$+Vx@N?S03I z7ixOp%#S0Kx2@z~pupUys4Cqr#a_2nVpTyT*Y(2mRjZ{*CsZ<2lV^iOj=%XL z?^0i%+QA#Dzcf{5{UncO)9YsaG!8d@+4xQKXYTedp}}08iw`H_Iq9#`hoyE(OP!?dJ*>WyUHzcouD-ws*wtGAT8) z{nm)x(8AlH3w5^pH-;oTM)GrSH7Q@q{j)aOg>>?%=BK<}!M+c&r9O?H9PeR%c>QR_ zhtXGD&hP35n@Mes;%>5xSbUv~}B(pTdDy1nRcp~AK4t>Hsh8X4pI>Is`teV5NH_FqZ772aY zzHeU&uVA8SRL46V2Ic5v-poV6D*M!rSFiLv(y$~!)pH)ptluY+VzX2^eyn6ZCi!Wf z8Uwo(t7Bxa-|JI~R^i-2ewzE@*NSwBIyaKVJNLFz?Ad>Ck4Z9%cYN!ee>1^FYYBVV zqXwn-43<8H26;EVWD-7VG-}zzl7<)Ous#jnuI!zzyT^QuniFH{cEfLFg1h+1yPcg{ zl@-g5Tvv9>U6fpR?JbP@DWtGNIsMlh8=iJv)#mX8?yS6C>3mAs-ZR1ya_<5P!s7?- ze+V#fjnfWSR3$&vr0=9VY)^@)_2Y3}+3}!BvCK^-a?z^e${A7>2N|47C<;melC$2P zzJ6QmR_fBgK%bq-_d}jP=R9SQJe=FIP-ypVFD9#1O!pL1GXw88Q|5A#_8N>u*)a%K zvsBrMsq*|RGZL|4da+MCmb1LQ;B>dC2PfnE+gSsw^bf2kMS=1o<1f92vQPJ|vx*lw zY%ee*Qq-r?8uB0aLIZ8mU8}paDiCyvL$pYRJlezZO^)DHd;7xn6CNo z@jXEka%#Z?f~6^S6T2ejT^#Eb*=9AgzUy(za<8$gCN2Ti3)`PQJF_wUa!udi{qr}Q zy*C|=spzWw%Dv~I$$o8Nwx#CZ0u9H`*|~0co3BwPw}0FCSoSElyI7;9Lo8pyky*Jn zy$UHlJ2sb{a=H*y>OiNs)>B}fd|co`9oym?1_#MH8+Bg^XZDgWcBxsY@ww$S)mQo5 z*4ZeqcdSa4)ZSd{z?gb8X{oI4(6MJ3dzy6~pK_>h7Af_5&gm4ful5|*k%2p3Ep0Y= ziX9v7PI8~O%auht`%zzzQ_I;rt+WF|vZsQ69XxnnASIn8Tt-pxGUz#Qe3;?9>=Nx&#|4c(#wA8}{8-kRe5juBXwsQlJ#(8Y7mqdR+*5qe zAaEj6DTmQxn?kdembc+huF6@7(0o5nzIk5hvTdy%dSjZBA)VL4uRT+%HWA(|V8wGT zE%U3>%_6xKrtXqUR;xa{VD4~d{HnhX-;l^!??u;AMjtV3%6|1$Aak~NV;krFCwd=~ zgY%wBCZ7yndGk!;^V&_1s@2@XKXTmt)-p@z$9*=D*778r`69cXRhKp~TKaDU~a94Bhn= z&!Tt*QkaEa3~;<$&b?`Y72`QR)-mo3X$R{;0qKUE?VfJiE=w?H^?RQEdZR)mvZjca zqgd-e+=8P???;*E2Y0kPZFO%X7dMStEq_?u>K!l^EPhPR$Z<*KGp7uJpO+m3Ms*#F zZjUlIXlB!Qc}C`G$6w0HxU;L8oc&{9@g+~ow;cO7y>UEq<7ctum)E09g?-nqP^z~SmdT&--#^$+M z;hfr5)m6c#J1;OlO5nKu?R0q64(I%Uz;bt|`{ML2FPT?;KUwv1nYUuamV!?*%|jg4 zM?!;mS{;8}rPDtz7#AA<$l=gMH?>7wGM8Vf-kzVFyxu$fg4-B}@umk>j*{cI*2%0H z&^M&Fy0mRicIN}d2lu5^a@*QgU6_@8*eUpTfrUp^_{weO@pw@CMdrG1o^K!AD@DHC z!`0@kbm8)%Yac!=nHS-AsM2oPr;XLtBfuys-v_=osqa=Uu zHqmv0N|B~P(f!*#ee5#eALQVScBppTbvC}E&sR6bv#d8gt6S@6g`wVwJL3x!4m%IN zRICY9IdEjZl!GMK?PVdK={b!Wj&f9~h%QeFQg~D!DC_{HAN|yiR-) zdcUlyg>8#v<(7wu?ead7@hddS0KR1=Eh86aejSh4c{{0AXG22Hhw-d)W(Fxn9L36y z@_0K0PT0FHSGwP%6Y|bTd9Jt92Z<`*ox8)9 z&uV_D&2aqGfutY&PFf-H9s;(m0$%3JlC}*+(5o2E2~3GP^jvsB@OQ<7f(iQ{45dmQ ziAY+^=bkr5>&2}dweMv2Ugo~h)T}k9^_Gx8k0EI+`jgU{GB#00L9^}y_h%basn)f( zXhp_e6Ip#z-eX+_?{bY={T`(&vdO%|A{Sd-U@aHNHnPvrYJ6+K(RAng*Bw?u+`}$a z2jnZ>hRx0z;2%538+@|ZyIV;$j9Y#}TfRt1we_m4tJ_enem{KHHLrV2z`?|0+i7yL zzHadSl^H=^LyVhyPYl3fGE2NpR~0=Id|=KpoFbO@R=@!`^ZEHl@+G5B5cNlr>nAuA zpvV2re9mH0ixcgiJYq^qYMS*kE+jsTUyWBs?kH2XN9m4aF`dxN&+bFd3Nk|H7|i`p zm=m~ErsMcT)TZKPXW_5Hd|k6}#qDML4y3Ja9qT^eR5?1<>&PGY$R)`4qO0)p$+$Z_%_?#;oswwch0_E z2}$L?v+8LsqQ z^qZ0WB=0o}!)(XL@v*)s922Vx`$l^%@4tG-=sbs>hg9lmFDu_;@6(pOJZiYA!llLZ z$N7{&4#{+-zEr8?Jn?(H@t!=SADvF|PENN2m2-WZ+$I!*TQ1qW9&uHB(DrgdL-=%` z)PisAA8#psJ?$vDVB?awtWDx()~%H+-5bMjC@Lw()cp0fGQ z+B_cC2a`*>?(Q;5J3(ri*G4CC&)|^xoE^Mnl}=B&;{C#k}lURFMHbw>6NCd zzVqz;I=lS+ms`6cTH?DKw8vXJBd*%DDMc69F_#(VoY{A$q3h|XwvU{xJ-nL_T9o~q z6}#)wl*&HQ2)FS=~L{9x^2 zQ|lJ`*fNiui;~~|mN>LGSSA0Igt#4P@KL(f;@GeHt3DeEJzl38>3MwEadXxyWzvb8 zvblv3gTj#k<#f6WT`IHkCXPOSwqUUN(+%0#$H&CBZ(+$^I+x|>B7q$pA6M**+$20} z){R=Hst#%Q#b9bLaT(f)k zo?o%~zs@6Xp^z2|!W-Sb1GRmH;`l^+j6^y;J;2r zbRYjchyiXei4AjjclY==!Y>RS>W1oYlW)@s#zYjM|4$rXasciC`=s91yQ#(-ceh?w zL&B>_s)}cqn#t^%ODukNRqtoljC1Z}s|zz3pRE}%awGp~ZXs{5_5Dum% zuXl@m&+4S_x2q>oA7&MwuY2L$s%ThsK4_iGteeT|dCNMATX>>ljwZyvTVr`|XLLi| zoGm3uwpVAJey*`XdYN9svBlh4dqrdi)-;a$F>w}o&A&KdeNVMFM%w<-+_hIOaom2! z_~TrKoU=SzpZzR#`G#5_!I~1;+og(P(O>4uB+{`ObAOxTX2jXaaAnOa`WUBY0dE`? zTbGKlZkYGwo=-T}`2~z6W6j_BLq7Jt;}zR&a&O*omEH&CwrOUG!}ivk-}-}Fr0;%k zObx0x6NOb?cC(xJraIW1iQyhsB&yY2~|uRf1cs?@wgA?0ze-s>@L)JW+}x zPeW5Z=W+j@Yu^sf+Ho@|*6Z9{1?KxvB58{Qq8s(OL{|!ZyT*3vwd%q%@>X3d-d<;% zM@kfKNvXP5h@lsWnEf%~zlJnAVH1yFJDhttRO3I~QDIdgq@llGs4HacB^9M1j_kn% zt^BH|XZP-Bm1#ESq$;!Z}inBrh~?TqO0#tU0^c zoWxCCq7VA0@XIG1mf9=gzP5ga^g$(|J39(wB9bioC$`>+u&@rZ{?x~wR#W59FZQ=bJ32ik^A83f^_t|BE3qAoncu`8l;8`x{#8 zeAq>kS8>g%5ZyNx7pmUC7ULE1Z1`(KXkq!j;l>S@e0Sd;JM~KWO6WZ8&V9Rg6)DQB zmhdyGZ5!g~tJ%r!XJ5@3w(hFziM1!lqxmHy+4Cj}ZY2(E1q&Rz$(zD_yn2t5!!g{$iZRbCJcS z{;=zfmBaJKyI9tF)ENH&t-ayvhYKTp*_;Q4g9IM_dY-u_ef)uHgY9oMgJ0IJgSR*? zj10Y4`gQH-s>NK7VaTYl~m&>c`g}<%BgR4F2 zpB{gI!Sib4pojCbkDE>pjP4C8Q@Nggc@MK7>GD10vZY=7Hx;!HKl;$of2?)Inh>r# zS-)6H9R1Soy^`kI5xz^~MO5OkT8+mayifU5Xs5h=`2CcGPW?o~-IgajcT;vh>;7pf z_DjdD%cIs(eKA=rqdU3Tle^T{;phU*yUU-*-o01iuF`aC#KLLzUGBQfghK-KoPk$Z z;~Szo*Ghe7-Ku(-i{2$SR!`NBZr%$QNrxRPUO3r3RdM23kuF;px`I^c{ltjV#N+WU zE=txqYlD@hl3u?SX62n@l`#%&-7TSZ+QE^dU7lS~_paqSS>_{TiUQpa%vY50rb7&&WjZ_2Uy!jAr$j&5Rmb9?pMjzdk-$`6%v!2sYp3@aYJn3fV zTKB8WM?^4cFh@pi!+d9%W{j9;<+tzINQ-IfIwF_{~TwzCVTdb~Vz zVsWSLE~W^h-(;tl5X)U8gPaGFJ2eafdtP_T*?F&9obo;9z^>5a3-A2y7e6!pLh^Vm zpMVMZR20t=M5sNMQ)PMNK%86H8!cWUI_O!G8?6AJHc zu`QfaoBWNDV=fCzYBODQ#m&)N`tXzhax{a$?b~9eH-=iIt(c`8@}tkOnrASJ=dg>! zM+gk(Sf)!(j{Rh8X4 zlKiTmZ=g1Tx0U|oZe@~{3bR#!Cc}7NZSv)f23bjwE^(fccHw+Z!a+lpCtTtp4ob4H zJen(8Ykt;5-fmWIrv$yPm)Gp)n?05VY>hj9IhND)<9gAur4Av&N87a~N_kDRn3Cr7 z428~BbPC+*MxI6HC>Hc$R+3m|Vs?qu!YSZuElH*}Z)ZUHVUDd|+n$J z`n$~LP`JpWFFfa?dft7vQJZDuz^LsY-XpfCoQ^Gl&qVDkN#m^IxQvvrl^Ux{+yQIp zA4VZR>kS#_HP-fx`h3{m;99+UB4wB|;N0T!uJ8Ji6Q*?!4{3gS`}ww@cvMmPuv3D8 zAICiN?1vKRqU`CSw>jk+isv;4$z5S%8<(k%$*?!DzZx)LS<$0b&lY3N_sooSaPz7J zzHX*fwN)Lqa~L>JL@ZNWRvX5(*GiwE^W+bWmE$|udNtEb_tMMrFH^=8ExqEQh*cFy{*ekr^Qg%^ zky-k+EuE(O&g}@uI$TsQ{^>zI+lEW61)WRwTv%+cmHhGWnTwX|zVg9dR=tz4>n)I2 zb3RX}=N8*O>y7erZxjo4tX#IQ`H=NjcPrs5MXdMwL~a$XPVlvhnQMO|OWtWg%kYHG z1*?qf-50F1lw{i2a_SZ&i>zC5KUbtzjiF>vXXr-%yfv)s<1#YO^B?>1$_m-9J#6j# zAb&k~cb2uf^cA-C*>7y;T+tge$qA4VuAcj3^Xb###c9oNcM9=Fr(K&}ZMiaMDM@sx zc&GLWI_(3u7qvMZe71aUTSKwX99QY`7}LZY^|MZlF|}-^GRs*;TZ`pfv=%#PMQNL} z92nu}pDX77X5hQ}Gybv)xujr$ghB>~Rbdx39V|~g%C8A~DjKi3d16V$_*E8qrPsMj zVqT~)MAxlhX={IJB^g`WCQg4t6!m$f&%oM2i=AJhY&b*Uywbyi8ilrJ>09=;bAD_w zyEHD7z(KLDQ#mAIqG`JI9sN%Si4}@-DmoS%^p1$BJ*&n&k8{-ytl#6pO5O7qtokbJ z8;bSV=p^Tt@icQXu%{XfYX6d5DmyOcceqOXz-fj+r+h}o_pv+sYPOz|H_>X?sVX7a z_>IBk{wE7YyLu5PiHhZ(UYUa{7tEqNPp9tmd=W!Ic-pCLYVV4c#?&5`Jyw6P<34>I zQ`zDk0ewzulf#dzyN>QFkCv-SJMEEos<84#-m6cKtZwo=nXfOef32iZSCRBh$b_Be zR#0j*yFoT{&6m_`bAQS8o%Im7^ZLU_-4cneq95_kEm_{&`_S#8dwVcy@m=nOHnzdX z&sWBZV+Ik)#PXEz|;Z=b@7PcARGL&_@Q=@o!pK8C?ty;B* zTlUuK+1Gu_>}2O3+5Wv^yX%fYMQ{M$&Kbcl+t2)x1u`EqdW~8lT&@AJ54<*>U;02Faepc>aRmISNS6ySEgl|V3FUiW@ zA@1ri7t5TzbGQ5w-dpTa`+j4qh4tF@I}>cDBua$8oL2FAEgXF|+9fBjxiR({-NXLY z4`nKud1hlZW9#eq&Pu1BEfJ2I+n6iY86{bCr8TmH&)|I6k*Dv=y{g_lmNRhJc<()_ z%Wu){b2~OTH7XT5Z+oVe-oeMjH^vsTNw}N$h0INtuVP(vWwy2jaT)U>C!QP%7}zK6 z8Ys{F=xQ;~_`6~r#m|+M<1ZKa>zvy-uY*rkvDT}(Qe*AnU}z}WrQut9nCs1(s~_%O z66}=utXHz;cY|1;%1V02ACC*#4LMF7bBT*Ibdisc(0$L+-D}1e@p^4xXEBA2;gVY8 zuUDNBCeh*dMXahr3kFvG`qtQG9uRLD5$XPXV}iR#1*MRC>kyO7rL-E`;of6~;dY0g z9@(;0Li_BY9dY>|S1R-y^fxOOu}k#uUGQCUm7;&n!JNg$Xw4~+@E+!N(UHOS>&CTh zWBFz>U4gA3uh+fVz0uLsLEJu;_w~n;#}@T2&drrkRwet!8Kagr)udNnO)uKzPO-i6 z6t}>?fuZODDruF;jmuU5?iQi(a zsW0x0c>Ged*y-5|E8Ew{>F*!re9Q8_wj`}=YgbWJB3q2^TCV3qwyvFw^SWF&TBu*r z?s3}dZn?(f%7nrO=YaI;4>DxK*DD>0{qAP_a=d(*Yh&8Y_pxaUbCCgDQ%g;J&OWp))vbk!*5f2g#H zT=0B0cPE1ZZ>@5qpJmOvI`smXSh7LKkfpEXjS#Po{YGgLvyu`rzVggprfoIfTEL)0 zOF1Yi&eYJlOiHCvuZrX#ZDb;rq9xw7gasVLap|b#RpYA_ySkkzzH-&> zr<+`QQ|*$9cAE~RMa+h;I+PU84BxFSSCjlw9h28*)KJ19lM~!l>#>Se!eRB#hVSRS z;_`M}`FZE(y40Nt6**h`FP;p(?|MSF{PW3^_txY!x@a}>Y1X|@?>))CQF%~ExFIp* zSo`{yfxFHMN_q^mA9%NU<@vt+jwr3;mxKID!UugqcaB}G3%2LGTgLKAuYa~|jcjAA zl@d2|X7d&}_GJuv?E7o|s>2s8%!p$5f9zcx== z)yj;rZMVL`c=Rm0@cf9m7j3o$o;$y)JHLQMy6|xov)Q_>k8-uN3J-)P41czMoDoy} z*5KyN>(`k=e-6|F zFW(}3dDr-0>6^Mu>#i+K-1<4yI_;C{#GHqkhIREpCr>R89j@A)$Ky1|ab09cMZmCa z`>F#khCJF*6zcpPudrJ0H)i}8yw^G;=CpVx|Ju*Ja~=5gFWEBOP2B#1E$~20X@-n# zb*F{fA@VF4lVfcW+lGut*39;GMo9|`hI&KiuHrB5f5Rh1nQbswdF9P^fi!Q!D=op4 z>z{5OZG;SDbyUu=DAx0~Hi74O8I&#So|DqTs0t?e+E#Jk>RRc-h5kCZg; zb651PaGiO0r?ENvaZJX$d!8k;oNjcv+;Z?fpVvFrS8_o6bE3hqM3x11>u=@kOA$sc z!4)hI_FHplnTr^|3iY}t5i$;gev#w=@v*wf9e;&_*JR@r#ue?D+u-R5#c+2NK-HHK8f zD{Snmg7U|EFFzz(@G%_|1(v9XE6Z73J@;gQ1l0r1L+--alE7-p+EsAth zSn>J$CG>^$6Gu}F<-JWT7Z?=DcKfLdj91vSwTrg)H89t7^G0{sKY7sE4x-MLfO zzfAXtz~$wM>Q6KFYNZQ0zJFmU%y97h(Y;9@TG=c@=njpt(Ph}R$|_gqshHlZxHtP~ zhp4{bqVoFSOEO*0U0ZoXUs<{Bd|#}q^1+dZj+DVudSmJ8&4Oz7m619A>Xz1u&Luhe zNft%M{9^96%0)KM62A0`?Q_MA2Oifd_(K=kY;dzp4^MloeaA?S(Yh?gNhX)A#gMx_ zK6s%J`;|>!?%lrHN@sp4@rLThc9uKEwQa=)@5)F8TX<9IEYt%^whKOdos)elQ2*ks z7L!=#9-R(ZIZpq10naRVXC}0KYdvgjX`f;oWmK}fq?K;=HU}W%@^NLG3ZrFOFP}Rp zJ80Rpe!J)Li6?!?`{n#MB@q=rhC*`=dEc&%%_`pg$lfAD{nlCa7r#C-ey2A$qF0r! zGW(g65~n_w%X6C?9k z=e6ceuB4Fmd#&Vn%U9n%=b%orc>58j_Oqf1`rO@xEE1oXEgfT6+s>ISUUKQ()&=n@ zM;wFvWp1BIDalbPrQ2=2#GEVfDck4y28A*S;$1FUtJcK3pFAadUE^$eU4F6F2JSt= zWevsY<=1pbJQk88H+n5*{RmHsm1Rls6BhT=oNx2G+sky=(&?Gy@)hQ-bOt78*ByDQ zSg<$U$=Bkct&Ygfiv&QWL*E{iJVFV)-9Tz-TnJuj%U zW;Bb$pJrD~=D1`L*#B|)R8tHHFb{=?kVvCYrfjx2AJO%UB|uaWysW-(`B$`!pJ=JK_hST@Z5ZFrEavHZyD zbOSo=jGHo-Hs~E;%y}oL&-t-tqx|~7bNmea=Pb;|x&uguPD*Pu-(-_3tBPJF>8xjY zYJN@3y;-GtGH+*5JQTgULS7!dXX>{hrY>ruq>x33;Pav0`r7h2U$>FW^ZSiordAHd z%5}5Gk0u@oF8mbin$|k+Uh#zRrSd ztr#@XuJ!*od(Wt*x+qMT-kS&rQUno!gbo3b4x&iWP!fV5MVf>XihxM(NUgI+$aTiT7Q!$GyyN5(BzalLwzS~7(xgl0|ung1sPeMDl1;A=aqExX5 z#ShjU?(ew2I@Sl7uh{%#CrUNjw6B3ji!z#rzp76A$a*FA!KjC|oIF^Qyo4MuE(fvn zybil3xN;gD!`iE_wlyAwylq~u{f+!W^> z;wSTvl&v}YQcKZ8VwBxa-R_F39@N`UntK3!G*~m1s30q_Oq&EHRJK9+h2xu}Ku~vm z@iZ4OsK~C=Qis{*srlIF9Fo2{X&cC>A^s&kHt7$cl zNy!&aeNRhC&aym5wSUj7H3-V+r5IE+fkzEDzoComt{6|styqIa{3jOeoWpTIP|-^> zHCFzI=3|Vh+t{U;a34tF5{y`PCB(tYz41f|1uU-Ws9f0nHz9q}%-vYFL#40%Gh%}G+X6wJ@IWpvG72jS`>SNad5 zdXdyTv5zBV!mQiaotJwUlA@o6gP$yCH!OneZ=fM2-$I1AR9EMGvPngF4ha zSC4cg+$u8eH4N#cn?mdtoD7|^3U{kr{H&F=Ih(zafxwVl_dT2&7*5;*{feJUR| zRQM;z&e4MAk*du}zhn)YNKX9m?ygy2AVq0*MvKbla~>ZKx5nFoaX0PHSv8n}yJwE* zdIV3*kgxSf!yoMMlH_@fFUc)~r03kAqQWh_bwUn&?;OP;#y7O-2jhpe_BYd6b z8JluVh7aplE-59Mz^9av{1lVma--7xJEFDj!l5v}ZNaJiB+ph+)`pkwINwb+4;zWz z`08h`kER=MOWdov4pD5RJaSUK%l7Vme?@&ce-w2iu2L;gHCPLfwKqft z5ovsr1@KS+kWs!FA_9}Q9_(9`|K*2%8LqF*&M_OHHlkw3SR5?osG^y8RY`B`hw+Rw zrnAMd+}3qz7Zd&Fz22Xrisx^wJZRTpGbfiR%QI6|{Ohy;;f>;X&?W6jmU|o{FhSs7 z$bwF5Qh!Y&Up{d4K4j`0QT`(`PG{D{nKMB0Qmz~jS{M91y{bIObLTNVTBlI#xm=gq zVm~S+)%d5>d)CuKz*4)59F)z}9L+Yl;?H`7VQ z*SN>EJ4%r{_@G^Qf^N}u?otNednu*>^e!blbCd3*1DTJKcN_mS4~O054G6y3C8U7z zEvECs+X;XShhpzQiJ088xiAp=>F%6bPjkl8(M~gUKp>+lLt930q%S4FNnPDI(r0qz z>ehIyMG|^!k_}_tEG2H9gJ!#FD^jx*H(wEgro3lmf1jw&=1qXP6lLz-(kpWPIdH?Y zs`)Vd5$YVEa0Iw`=4qTzJGuspzXnlWk=bqNiz@k%Z0h7-m0P}o3 z7R>88e?}gx(2lAPZHCSC>8FX!YgatsGIk_>DrZD5!Kp?Y0RK)?35fILlx^NsIstW) zEACI#olUpVZ<+B1C&p>a2rL7-IvB+(S9M5@X{FsZ8T;sbKJe7{n4m2MD1-fdAjCiO z9+kN#6bMTME!j}?h45vFcqJU?>XBpff-M<}#qXW+vvb{r^DIRO_Le`IBN|gdp1f`D z`O?*rc;6t_+07OAa&}-{-RHmih*w(FFQi$(sPssy^vFY++lLkQ!(l(!j2y=0+fkDt zLXldsuonODzsS3VckczgQ3k;F;PC)fDQdQgMB!An{$OZiPjp9-r+&X%4|dp`_OAC? zG0TBVF)6yRyTWn>lBrYboNjFOh7^2z@V;JMt}LqcSa1a2`EL#wNA(MtW)Pcr$3>Z+A8W(}L)*FDCV2&h7}G(P$Et5_ z?RDo1Ym~9%eRFb8ol-r53&DN7BN#6FQma(d_-x4!enrZezeI(60Up4J{kT!S{9C8E z*Ky*#!yVd{#mS| zqt_S06heK^6K!rxo@_)O;J<-3d1c}Ld3!)(M_ zMh^`@(2{z7(XEtz#(n!{RhfNOIoiB;R)ay}x<|@ezx=J<7rwD9vjZZ5pRK{h0^554 za^6Sm`%5Jj_R+>2QNDH*&&=3irymL){*jP)RCdO!>S$7BOX@Gz5f$9R$8OS4`}2m# zX|hq{)ioaj&n4>{h~LLCK2BstaANQ#)`Vv?;5wkUUlg;3sxyt@C*-|9Q@o64N@!9H zUUbd+Wpo!q7IgI`kf_RBzM1E`mEljVqvPoW)%Wqxu7YZsfb&18?=<~o`|Y6{p4s-S z0O&Z;#JR}ur5^((I5&7yX?gmba^h?08+I!rYOR_3Zkq`%lj@qp;7IHb>fIqIYcriC zrF78tv*%W!-{NE{C0da^^O_b?{XahK$L{RaHziM>#SZs4((q1;J8`zEShKV8tYNo> z@P4yOBd3AH6hwJal#veiPdte?n6K zKdTjD6MA2;sIf%cl$JK)a_D+GzEF`3@}^;UJHt8U!ZP`G%!)sLe7OKTB~cFfNP90R zj@oMF>33%7nKxX-()=3ux*m_>LR&2=UEAxTZ|_bf0zHfQSDAs9K8SI} zZ+>uX$U=I(t<0ylB2B_rPO^msrK+jCev1rQHRJziaCyG(TQ}xZGKs>zl=Jdx>MOtD z%JZF3yW91fw(&N`nUkSK=|k=|4gWgrBjTcm^YKpI;=DtHX*|Ph^=Tt}8`mK=U4B*v z{X#n>{cVgSr^>>})G2=XPY;rL*PsLPV|io%_t)}k9}w8M{wgXrcIEg_Yl9lHY{qu` zdmXQ}gl`--HSSFQ?A#VKj+^d{FrZo3r%ubhzwATdFckksz`j?~XhX(hD=^klfi0r* zbzd2s1=Xq+O|-P0;RDGw52`LVrcwCn(ox&90^xYzzgxm1jvjNWme8b!QT!qH%Vv+o zLOxv4DLM)NrGo`1KefCukmz!w5nLmC_F^chU*~<|QD=H~`2(x_9F6OXEvS#dX2w6; zSz<<&OKL+-Yy+%|J`I`r-J)XjDEE#JZtnDfJ|2+npHbqB$=QJg$VOaUc#*|x3<$E6q4psp?SaEvf_34HC-R? zw^A)UPkuL?UKdqs%l&MDV`9WGX4?Jaa4t<{x#aT;(A{W80_RXgC;sb~SgcUUeM*%9 zh3KV!irF4{i8R=y_j__^O8)IVUegP~W}+Bhe_dqKR?*s7%0{>2o!e1mjN~|_B0@!wyYSZ<^1H2yG{lWfG6CkO|%tEbC#>?EU zP7>N8bBJP+1#1%7aQAXz;CwH<1YtpGH)8_&K0kP{kC%#H|7?9m3cIL z_s|Qah+E(mR7lq8SkZEm7b(4wzU+5W@eVm61_yqx{!m`6I8#%g7TWnYmf3uOW$*D6 z%#t3IQKrR;eUj9kA(n#<`Q7$EvxM;g$>^3)e zdn6kV4RZK!QhHob?bPI^aP@F7XDCO~+lOJbtgkJ6ev?POi(K_5tG*SXC@IY2hvy?X9BU*7 z7rT?s0MQh2Zo-^*k{4!4UI~86dW({9p!$BjPV%Zr0c^>NIiKK$gwap5h1oLiZvMWZ#+dH#AB%(y(z>z%;Fh%8T*%P8O?je#morvfpIJYdZ#_G7T?qBS{Ho80f)x<;1~`y6u$7;% zmpNFKeY0Tfx!|>IYBe`@sjIlIFfEDN4Gz5HlztkF+Y8O~2@2=_%RmT7AH;Q~1ga!- zrBF-KIrTA!oHQ<|$Q{kEQPAyO%v{%B20qRhyqGzxFTX`+_vuPbIp)yvJuX0k_F1+s zM5R|qyIs(c99jrjSZ9W|f>lm`E4|3xXg%|AT|6~)-MKpXrKPu`>U74awKb0;Nn|_r zDWOuWyg&ba+f>KEsN|jNG-JRjRDw>QOE$j^)0J}NDYOM6lHs=!aPDhrI_MR3m1ThM zkkPFHQfDL<$1L-kqZH;-DNGGl7MA{;d}{e<{1Oo1M_kh7NDQTf4*WJBo6WAFeOQ)W z9nojN2)s+=(<%e%3|tHoY<|Plvl-#>%)`h>pRd=8~O;q8D#zhz+ z-Y$myOqmt_i?Zdx z*u7ux%|zFAO;H6>V(o!Cr*m$N5YV?-ix5c^OG$|%N=h^h6t!9igS?@kqtnu`y8TWXVZc2$HL?lv>% zf~V-0X&K0UGz`v!1HEcycPewI1ALOB&^(0(T|mWBYKYh=3%>XtrfdmG zxZ-;PoE!Un*-GQPOH(&wPvv#JN>ON+=P-b1P`>&fG&%)3?hx5HxYdKmf-as@Yq{p7dG})smcBO zl4adHA=#A{e>|hQ&BucTiY36F+2StZVtwCN76hCAbyq&xh!uRyVXK09EK0X+00uK| zTHc}XeQnE2#E{Tqo3V2Aw1~2gSh{MXHFymgR`8g_Fj4LINl?^_V=ZxDu?^b1=S->M z`W!mHSCTOy6z_-m7?y}iK>anHd|Mcz6}|b^p2ik@R4*EIRwEBHH8oT=G;&SLK1#R) z%beO@Ke&FqLHW+~&W6;VF#|9#u$h5nc1c@o$t=3FIjX2nJ&4)-Q%FUhbwnLQ!G^mq ztJYtelhiF)Jk7x=v<7$W)R@?N`f0D^{SSn#xCXyJa7Sv}zmXN$2>EO_e8}9_vv&GQ zK_&Lg#K7Uy^_ikP>$tT$ZKyd-bOCtC9-@N2-+NEvTlckJgj7E~E!|$+xmcnyR$9k^ z&FGEPzu!mcTTJj@jK8Z$+N)>`U0D5r5k(w4Id+R_8vX^3PZAJnjjUZK%8`h%(62O7 zD?W3Era&MHBSGM^OvDoNNjE?4a6;A^O=%dWs-k7v>jK-Hi$ydz>>a;jLUea*X+XzI z{qHHxpiFC~ zMEsp*fOgv$#CEsfL>EX=zhhe=vkSK0*DBLnU(%NEaB(KmVdhXv}b$th`wRNfFLw|!{k^0n@Yhy)USg1!&a z)-9m~R>smEl&Hdc2b-$g9^O9VxjHU^g&=HcK?*0LEjE#4-;_cTw!e{FxprkmS$w0h zf0aZ=XQU^6=hu@$DUjuBaia&hN^UwRRznR6U&9+^$o$^wpG5v-`tu4so|U&!AUuhVXLf=tO!?v|_tDj&OY0 z6U*-=l(G};ijDV52D5-;mTU3#!)pVJ!;_spHV6GzaPQXdwXGYSjDSOmGeKk)amsaqt1 ze9Rwc&#Ar&#wupU;Vk9+PzEaw0=d=ZuoSr|uJ%08RJSS@Y>IYTFV8bPt%dfsic!Yw zUaj~K8{(hrI_ey2AxH|T!HV3f&%GmKy9Xr_Fo**~g>V(s(QPg`k2@Y9G`a~L1s#_@SIo9eaJsaa?50fF~;27_WbTrnXUBN z8ku?|KH3){HA+WBZ2tPT22O;C9Y+N^M1noo@Nk$qE&@SLcu^o{8WYa$Igxn$#`` zk1C#mJ;D&0xpu$V;5$ja@!sL*&@}iMBuV+ftuZL<_6j}v0m~+Z-AM^X==nZp)z!GD zYnS~=bHS!un&Z)PdzN0TOHSE@;4B3OEr;~`WK>K1XM(!C;YDppqd8s{c5G@I2v&9k zxKv?w3p438|998yV3)vlN)IbVKGZ_=;F)0JyVyA!N& zU3zN_8Zpxw5cIz%%At-5Q{mcf{_C@vk35zE@vK`okty=TEk_eSpcq2K&^0E!b*gxK z&IUn2DHLqWEpKn*nyB*G@5sFRW_NCqGKH(o5*)thVD$iKBc z@~gzxvhLg*DNt)`l+)iO18yBBaXwu5^vo-W3r?Yf}tPYUUDZm#`9Ob;?m ze^#(tZI; z(DX@>d6mD=CS z3_-an%jvARIp@KgTO=rUBnK8m7LisWop>LsG|C{dmhmDhG3_U*Q^vqC&cZDCo48qc zYE|-l&qeR)`G=09_JORgK!!zW zC^q)!4b`KDGkdJ-zM#%{_vtd<=tRxL+Jc|k*$`G5bCc_g*~Lyz&F87{qY(KgR%&L* zNutDYr&lj@Zl?)kAXQOxKv3Hs)o$52MH$*c^J+V*Z-G+E#AWwxIz%!8R_^*O?&`Ju z<4*rem9I~%?LrHbA4R_`ij6=z%FJTXqar0iiap@gIjmw61^z~E%?&1i9#vGql8E12 z`@G*xM7>KG){2N9X(RE54zj|%&Y(S9rk+H-ci^&Y92Mx%*a3k2x%~wh+WeaFUTfk= zFM~vW$>`-&wwY7%N13;y2KPghfN$wRzJ91z*f6zRJOA95PWgm~7=SVs4D>vUf6Ag8 z$AckyKv4FFeQo{w@x%9pR`yCp<0XVgW6z+KsoGc);F>m0W6Nr+sMGx7dunC3`H42J z>}p-J`tq8YyM_#<&BInu8n2Ga%5PS8E{D>gVLORw!Sr<6p+xwaiT2b6@~&t(x5h+7 z{_4c_G6{DB8On)=O)JK*Jt9pqbT(z5udtPd1{CUim!nq-f<6OBPewfA|7%_(KVH?^ z(>CW=mSGYxqVi+dmCFi}PNG8x+8h}c5`I!rkETP@eiKB%Zw)w2z3q7cr7PlJ z=_0I*9;L_weS+jTEU8{L8~b^H%_65`08x6keP&3=sPdd2oj3K-dwaV~S-prdFU!uI z=(}_6j(!g(AOF((Y$m5jLEgA|qN`pC_J~D5J{56u{?!u17e79I@SKJ4CogmiWxuZq zQKtg1s?IGm4h-9%sI=TQp7N*uJIBW&Ir_P)60B^GxpDo|W#7O1(^*2A?k-h}vogb< z4v2-+U^H#RZ8LL;(YdP_fyN)$IQ|{0kMXY4JKcBvfmJkh>!rev7oU+qLxt|tD6c`( zktW$m6m(!)STfV=68Q(CeXX?%8ZWKm)YIDMfgZRJvl~pME@lZ)OOEv znvGcqG14q*2(GUzvd?snD9LgfCF{6XDmgh-DM)vRur3eE-DB0 zl?#G;u4*=9qp7Jd(iB^ZLS6oJt`Qgz%14g)J0%dUMu_|_UJ#04q#k0r6fX%hz{(qC{&xo6;0jhq$20>I>D-9LM zIxCSu3QNt}+2000Af~amcrHs!E#Yfn6IC>DhD1M9_E~tz-hPv`-m|Ne=3@LjHZl!$ z3N@%NjBky0fe_`(CrI{YnD8csTh~5m2pTWESt)TH=_<@60m}A>0oC7S*5vzZ)>@$UPhGwMeTYHk^gO}Mj#kmUra>3C zs;{*JvMa*UOmY_QhOI00%>!G=C1%YlOmu4}vKSi=DK&I&@vC}Xm2f`S`-%WD?Ge0v zO+5>H@t{-!p@ep^ml;mMV)J`uPh-{Uh*UdQLzj|YOb)L{`LDVS4jYB#gRvb|8+t_< z{5pSANha^YpDro@e#hGMYZVndR(onKV+EobOE|tR2TRMT=G#+yJn`TqAe^HT%r7@x zMUlHQX**UB8jvGJowN3ecC&$CMhq?JnW(PhVuP{F+vTt>)s|#-cqg5gm^W@M&HSP8 zC|WM+L!q{dasm}tX5(K;#M3y)TZWYn1BrCSPPb15!qQk%98gOsbK`&2KF(`e!~9Wj z9_R<832~}*!7#j;1lic0JiNegw{Jt3FhwR$tr2qV{EuXyfigq`m)7!0HeLNVF}qD2 zx8rh}wRhKR?1?R3+(V+`!1*O8_)HzgwO-THcz_k9{Ywv`6xj#CdD!Uh`t+79kXvXY zCs#~YOv6ZcB}eHNdjEWmiqzc8yG0w)=>zMT+5VYpH?5n`q|bDoCr_|a-9>Lws1Yyb zCs?enTBm8JHi`E>7H!4-yuA$}JY>a?#H3A8gchl;j$76JF*Zi6WbqC z$~vl~av007Ql9oc`^TK|VF6%v*_|hqu0FU}SedGk-+fxzZm7wwQemRK##rET%87Cb44IXdTm2CsA=*b>r4l=H?nIHo_#$J*b*^HPEn6Y+PJF+1L?&b zsj}XKkB1KDi1znjg+#RIK#_n_zJC}3W&tK7dI+Sa8NI@4CV zOCSmrVyHl-{y>OlhkE`Ckk>{y(52GmRS}1E);+J)fXlywboFk3@9T&7p&FB-AR0KY z|NIF!;;YIiT>UQwYM~o;jkk?Ly&t+`RKot#zVLgJC1dG-Dc>0uBjBs>Ej+_MR zl#b{)GQbwMYQI|Sy@e;1&}n&0#Clk>9nOPse^2EH%r5jg{>zo|$S+k$G9>8kXfZpsbtPpyXAoq{rs-u%k|IAK-_*a5`Xv}jXGr-nCzsK6<~OkMz;vEF6sr-y(=J38mNli&-dGP^M%8+_P3id z!h!b5QG~JHsE5fh{R1UT@X9jGcRd}$=T-#sRC1;vp?eyjChW&4E72hv`Kvkp)=5dm z;1j}}J6A-&60?4oBKmw3mI#(!G!34+|JD12w+#bO2RTXLH+-;r;f)lvetwy_Tmoap z^{@^SzL38@=FzL^qZPoWR+Q!Z2pf_G_PFzmE7o0K|LqtHTf6u^c@!c%gf8|tLaoEY zYu4@cG1z0aF;Oo(GvEv$V)lwJFSZ5&Nsmk<*gw^LuMSF|9X=Y`JPlms*{>9eUrdas zdjg9DgfA7Iw&VvaFq9asYCZP0{o2;O`XmQW>`(LU}GVMjwT zV~bVVV$pruAhfqxxE=Myf>q+ubr&M!qh5)Y1>hyJCK_RT{q?_&pS^{BpZmBVKa~DH z=3ltchz2gn!9g{XNFt_{hG6f#+Dz+H)ZW8ZHY>L$sqXo{TT|7*6*WSHSC+e!6&qE{ z9jXx^Bc7z6tGsUqJh}`l>;@nND-FT-+<|}Ej9^S{MlbTWOZRB{I7H&( z(DkjCMThh;LmiJ|{qdL+<3>G8-QU8Vf!zh5b!387lNoO3qs`6wMqUuvsl zT2=2K1}r`2!P<0i81~XiAUw_Ui-YqmItQ+8xg7NcfpNN-lbGqLWG?FfyZi=B`^TnQ zGi3Id#5eBChjk^2^HW#-|DZ1CgvX7MVrZy8Z| zYxvre3-_gGg;R#yG2{8ZLq?yUL_$q{R3=ut`O@Tnx|iu%EXBbKTt~CQi64HY5Tepr`ZAmZXV*9e%anv9!P4)mBBr zEsV=G7mtZzExZp8>C!?<{%62r5Vq~U#lj+cVQGAC-DsRXmW_H+r*D~__3Sd?dsOZv zUrF8#4eff1{22t6{*$gTtMkVmc4m@&pJQ;6gV!}g#q(p?PS^2J8=S06v5__G9Qp+P z)krUtEPLa1&BLX(bPYYQ+C0foE=@1n&;778=Y4K$Tc)B2`Am%;5cS}@{#eyr*0F>G z6T&&HG9Tw8gqj4AH^*z>4i1Vdx!%lz;av6ZXV6$n5MAS#kc&p#i0XUf(x){DFdy z`)L|uT`9PoJT-7}HN6%i$kCq0XR+yZN-H56o$h_6sxZ^lUv-ceLY!--`aYsH8VOks z5(GWOzhDFb8zF!Fehbq80sqDCjo5IB6!0PV;y=ng7+3Y?%XOg>VWm{>Wp4S+9*FUc znsrn~8^98iPKU2Ypyr8oF24!UFdLMxb&3}1_aq$QX>G@ug^_8%Q|JN>fxOsSk1&3C z-AlNL8=B}33}H=l2L+WSm6%48Rh2y*1S}i*a(lkKdGCAd_ zpi2z-#nXR}jS1>7;*Syvw+%}J4G>Jkw4JbKp?1W+)VTj>@eCK>0!ju9F&KB=TLw$7 z`2=u;+Brrsf~vpOHXBnsX!M3{wTiN;*wVh9(=&j~fWlCN!Lt6Ao1rGc^q} za)<6?o))vk(t%8M)V|9+z(*^h6|+r^k@DYKwP`_1yoSa-Y7Dr)%x>j2Yz8!)GLZ*! z;w+O;vi#an*z4R?T^icq^ceK1uv1 z$K!J-U3RCR*#J{PSehrECUN!qbCJi>as;455VdT0BJ+Qj{C(_aJ=0G_h#^1aJck%B zEmV$7HeP>#g@!>etZIbMVD7UpQ9? z-{Te->klNszdeJt2=Hxk=v{+7auAxB)&R%F(#%Fy8DC-=sfI{ezc>;$-q~$}J?M-g zv`G)E;~owE8-N1{3tzSpcn{;If>42$q+^)Tt{|3M@X8emP8#4rGL`n261w!we=0Dk zcE&)g^VHB5ul?QhTb?|DGp?>20*80hP9zfYir+?Vp$TBBKjlRmn}NWHFX1yYOHY5a z;zNa_sEBhI8;zB%jp{Dc&>y8AOqm#U7J+|P72o$%h)WkHtaV8;YQ)F@n)U;p?Ndy$ zE{oIi_{C8qN!cO@h-=047TQ%i{{qI9W8!yTh@Rv0sk+tJs_CttBvu_I(h`3&Vb@+! ztF6&FM!T|4NnwO+*1@lkoRxniTv^FS$_NIuRvbNkpwO+kXO^o+%U0eeanV$M0rXJd zev#w>#uc6~6Dj4JsKqZiDuU;=&TOW{F@V;{*;Y-}G7uf*@$nIiPm?ZE5Gx|AKGs&6 z^Za-K156|vq50)tB9y>C@!oShwbHyEwrrMLqyaV|G&}2J%nB@6S-x~yc0|%b$pj8C za0;j>w;OPbQ z{IJlxo<`83UP=aYU+4(ISz~$h?B-HI!guvmNt1$MdewUi>4ocHSgbb{BS@ODkHDZ@ z?lCF{&7L?%yskoo=qbp)BjT{^d3Ji-;%||gZhM#ak`1zUQQ8vOb!UDH<+1AP^Tq>d z9T9PGZ5pUN0>#SBg2<=65Hj8aCkp*ajLF(e@~%!3vktlP$;B3D@}=#GqZ6)67v3sO zelPH!+~S;GUep|v1`2Kap4gi0v(@}#9G(5Ns`936JwRn!`TVdw09s#_In(_3`qFoA zN)8{~f$FWe`I$cThQ#r>t@mJ-p9Jr3Nwi-YPK2!tRP{8;HZ-rEO)29BU_|W{P>u<(lkU38uJ8K8EWFwBD1YpJ-UXif z4BHo9kao((?G6wAbnbew^fOVDJOP{cK+$9_y>9E|Tk$!xnG4=Q2}Bhp4H_(jus&(l zZq-amOq2YkG+0Fg+8T1^#6P5i9$4HQ%&+t4HrHvZD-R~DC6fL;nLKED+syc7V5wnS z7$ams^5+n)Kuv*~o6`b1a9(`(H}_6wfCc}f>^{I6TA@Tl7vJ+drGdpmJgfg_J~dynF-0YvTwG6S4lgt!F%8U{MSl z{9#^O<`;MDpI{*rPim7FIG9A)$Cu*t0eHIk&os~cbepOzIsZiSTYZOS0f}SFm;jyw zzi(at^yG?G<|(lUv)=?TSk_YM6*BZe^BZ=BPjE{=aNHbTx= z9Q{rrEr*09HYem(a5jVINL~E3o-H|Lse4V8o`xI9Z>x6S4$Ecai(#?k{#CDaE~@9q zaFiVT2we}LTTC!L4S3X}F&CMbW=+WS4A6*cwCG1XJ%yGY=pI(Q%kIusXZhmOD@|`R z?jAkef^3$hi_JOH;+o|#?k`?k$tj`YK@fhJ}(Bp$KqoSM)HF7g%IfK`;HVL8jczGax`=E$yylB|(jwe5q4Isiu zp!JaV3Jfv1jgaxgG{gU0P5}M(8jxs1z9{{b_z?|Y?+j`tI>5pja`)V9zohvM#sgkVgYrb{X5H#`|o^~+J|lz^t@UKCNRk~ zZNXn>tD>jmdN~G(%DT;~YzZ|cx<}ECtlsNN=?L=9;I}-nJosorX5f7CS^CBT#qZ|t z^Udp~e9jz|*wj}JoKUg!=pm70Q5qMr2(a;pT+wwRlWzQiSlFmO9ZcQpHM88D=-*1T ztP`=t*s^_QBczq112Fh5sZ_RkblEhVK&Pa(%}b4Xc1rz{A6+rs|1xs<-UErc`A8t4 zRO!8T2nimVSEW_9VF~srZYI0dRu=xPZ!r_D7uR{FWyI*>z5 zP`!#}2-ZO^ctS{@bUri|K~DWYDrcm^(n8ZUej1V~zVr~XbSD3VeLZi;m)6q%(;aM} zT#M+CBmi-Vr)e4xaJRr6ibivvPNfKCMzCusHr4VUDz5)e9YUqJ^oRT2@_@?u{Di*c za~Vez+MC9b1K?N^G)_}Bjvz%a;O0#wQ3yhjps`tz{Fse*i+FPtjSItAkF+CaP`=_4 zly#AUf5X(x*EEPRZGZDk35X0DvfrqiA|jBwu0f3DSU0Vk+f~AkHYatPSu@CEpL+a_I){4C`ey6X zM8kJ}dw=d>R0?jGAc8)#^|ZL`sS13X5V2@4ToAsXHV3Xp5Ew7kf*A@{_@~1Xp;5&r zxpq7p@QBCixauMmK(5_v)l}g8_kyA81GkhWDT_HJGuOY9yq2ChM^0;Kt2&v{-xEjJ zDUV;93x9tSSYjFwqb8DLgAsK2dlj4m#?qlev(J5&+=d=}SRDJd@_Hdx#qNS`f~EU& zVty_XNKP#IR`kx`Mq*@eBWrkCm)IzsKQ-uZffhtr;ltZF7DWi|ECuXr2FZr3!z~}P z(xYEEoW3>w)o@__{^Z&2;$WI-Xa#6zFXk!lC>;x&ff{sip1p<39Sj0vsgJgDS8x3* z+3}fIV}Z89&s%bnryyqQ+0)uBOyT6&7jXkTi7S&sYvvUin^RLCa5$f^lo{peFF&B%WM2NGRusVVGLH^A&Ml2g-5N{+6vqmO5_fHo?HhB9=99 zF079UvDjC7mg0?_>^l5kEI3T+bfR?gp z_F%6w22n2e;lzF?q1NIlpX}%WfW;Hm~d~gnBffsKNvOaxnAxzHkgmXx4!k2I1O=mZ`tKHamAZEH!Fd=o2r{u`#oOM z8fswT(rIO{^h3i5r~)=ctmno6rTYEm`=!Q{(5L-;^#ChQ2ioW5>FTsFrS$U}o^Z(E zJ$;kKgO0#sAhzRZt??@Rdcs)2{?;^Hhy8%WoW!hZCLjjlHk6}g{VxI&)lMxh+-~+s zgByl}p7}MkzL^PP)k+q>8BY$_HNDxNZXIFHUGHkI({`m67Rsr($?~u6(j@d&bTUdt zj!lw)TfeK1%PLJ0j~&Wat{h={q}`>E?}94o7C98Jab^CSMW3eNp*k7#Ocv^94`pAJ zFMt|+?>N<2aT3Q;#6>Vz<UMKPe4lUa`u3rCayb-$*QwNc9hTJ0#9&F7);&LDCqCTaYQQQ zJT?m2Fv{dS_-EzWf9w7ntM&Uj)ic$zKlsZHV={+q)}Bqymw|`8=xj)RRrS{9455AG zsYhpb|BCCH`;X$UJkr-qM5IJLiB$~CP9KE+&mJ5H!gSsLOUK%M!ZqywqX#FuK%AQJ z=Ks%xWHQ?S*>m&580W}p%%XDApP72X?C`xnG9~ElE&T+tAKSxTlbXr-w8E!?)y~E{ z;mq21T*zjlkhD6FnR%znJpPFGJG4ew;Pka@U^TicdDv0m-3*Z-ER^P<1TJHk6) zHv?a@rbtm8p!oi3t9`$F(!5+!!`G7T(V7sC>*r)yhq7{xMoQfVm-5NbxoLZ;XQqqU zx6Yr{o|IOVKRVeB*FmXVc2c!37loc&pZPM>nx@k{V+v!coF0S|nD7d^+*zr+Cu-~@ zcj!_gbDonqfMsv5_KkcxG*VB}%75J*&z0vwcX)E6IG~~+BfA;Gq%I@~aS(RZUYcVh zArIOg=3B}ccsr0w_SKD?8hNR{Vc*Wf=1O~CiQjHCL)mE*>fKnfJ_fkNgoVI&HrmjN?_A6 zG%}j}ARtIVyg(v+Kfe9TEhcvZBhsgxdXcm?=Q9E9cUk8dJsus+Ucc7-E_^>ka_7l| zt)+;HXP+w;P}vW?5}D6e6Qdq{C5g8Zrv6k!jeD)X_Itzc|Ksev<_N@2lV6ec#XX$Me_I zKl(zOE4j{f#{0a_`}lwkSY$mfZFneb^Z zzNh*IgO7xBW>KYK^ZVn7RqedY%smRSXeG#4T($!)h02)((JNoL`r-Dpg;SHuR{yZ@ zX;R^!y;!x6bD(xKKj_m*@*Do#eQ%!zitvnd@8kQvPrm3o78DN)Vouunn6}$%@jAV@ zqnuQiQ8Vi)W*(eQ+s}~KvM`>K*HdPr3^FED4&!FA^S{#4JINfPxHgA=Jz2dbN0ca5 zww^>cI0Dj>j4g*Ars?BGYRaZeznI>te8Qqc2Hy0@KX?|n+mbZQ?y%Y~-zzzgZMadH z$;uSt`NzL%=&@1^r3PKT)u5AiG%6f7cEnEn@Ugd>z4@$?wPn!Dg~J2+Pa-|$sTt;} zeo3tS@4WBbh6as(U1$BMu^JRztfX_QJ_PmlJiYc+b<4u;XszR9_*XIi(mQUk*sgQY zp{3xf2gFLf^dF60PC%0)Nk!zEfT+yAW?7vQjPm#Pj$^`TslF z2;KevN;br9z)|0NqgSD{b93;zGC$KI*^e-{3@{w@5GIjDzm=_?&lz?o;zek(gVG1{U2EoIO!B`Cl~hw6)>{ zBFy<>WNw5ou!b_RB*BQ2TWoS#ZQf-0&NZxvtv#P9JUiU-#mHpKtG+n(QR_QDn``#p zy`pk5ywE%8omPIgyB@H;8#p`S-@sV|{P|KAmXlbKlZa@fJ3MT?qG}FqxIrPz0UJ5? zzP-B@xVpHw=<@6aZ*akZhk79Q$LI;MDX#ZHT5F>hs_z{r`a3&iOECe>r|aO8+9$Cn zt*=)v*G8L|v>G?uvTR=UGa=_{1IzV;`#L*2HO;6GsNFA14!V{msl6m7{%RLB`Ke7& z4e!PrlJc4a&g5>@2BrPAP)Y0+ zK0(<=OY7^HqnMajsR#Y96fFZ3*}2ggf@x7-Y^t%fQ=AwLA9u5$ke{ilzWHO+ME~Fg z5i9EiVSM|qncrcj$-?*dAIkmg>HT{y2k;j^`m&5FmC+YMs=jVNjyQ3xxzoqx#lWq* zl$_l@|Dnf5YGNsLrqp&}^FgD2fN0%=_+O2FJUcbd6AuKvWlk{?TTfmE(%*vI5bh$?@k^T)~7CrvKHgImJ*gR33(R*z3Jg8aUqZ8VNcG zKQI?onQmo zjAYY)bHP{f{Afiq&6`cmI$$k@(eg?z<3uIVX6xBDGDT-F<$`+DGnf2^o#%di6mp_O zW4B2vEHyve=8ER)A4@uyiF)7GTRe4&o26+VZogbKRyZ1oE4WiaePl>j92jPiFKfBe zR6cpe5&iXrb?C&eSpfwSD(;B~u<_jb@FB%ChV3FEEs(Ns3*UosiYQ$eq1%^)yVbyF z^1DA1BeL)1S*O0>?H5I#%+PMN9&4Buf?(s|O%XzSq3hXz`)rTTRl9s{*HbcJ;T!aYxhH;dMZEO{|p5L}DvOGO+- zVmL^qE1h@A2klDY{qV3qPt$>20$4lY|+SJJuQHJ}m?nu5?j17HHsMfYh!ssx_ zztj2nXnMNI<#4mq&ynhw>$9Z*-@|fa^SMx?)+gJiLn&(OsE8j0gf6$BZ!MAJq=6(^ z+jn@;_xj*?3rxbZH?ZL2IGch*+WA5V>1)MsyeJ966EWV)vde7o%3{keq1}jQ;FBC3|R^9_d~7ATbYq(RqCc?WS0|d zLrGX*8Q%$w+;u$(Jo5<;f)W+k2)!hu4;BSAwOh1eo-!vLnHFT5(PK*JRNl}d^O%t) zt?0Q}Poy>>^0&{j9Ff}iCTQCI_!a+gON5@Og~fKJ$%eD+Lw!#9;B|+o{)+<+@Ed zq=7V%RFdZ$`$_?aq8~jb9p7U6$^q94qfYb*J&3*68j8VhplB}?SMvQGx6-%OtAdfv!=>Qu*s^pf5chW z^s)DJfse+BWOuNYZl%8&U)bl3O|k&DK;81R_R>0K&=TP;d_2f@XF8xmk>gnexJVVY z-oU~aaO6r;Wi-!94xG~yC-k)*#1<=Tv$kA&ci(cJ2)Rr;+^sZQp9HvFIO6QZr{9Wl zV=ep;I+c5Wao~Yu(Ewh(^*n73-~{lBvD{ZA`aP00)9#p@+qQTPKj@d=^B!}STL$$n z+S1eC*k1n5HmMnFV3Fm0SbU~jcQ$+{f2N&}?oaa*<)+Tc16l_52pekBU>K=iG$&4T z5ScLQkfeAva@kU{7uwo)i#4|Y(Vqqk(R)f!w7*0j-?lRN3dGSc2yNyk-ob!G3&LW3 z23iowA@=w4Li5|=sS!6YT=M4|&@9h+`tt#4QFJX-85SP`mMc&hTp?_b#zH!kju?kr z8Km}$>bG)@I0+gTCX~l3wPt_jjP*5){@h7mbg61C8kGw&++oYwD5~iny*kD|B{SzS z{Oy4xvLFy`p@-%}CO-0&@e{G$o``UH&K@w@5aE#?lAE#;NgN&pz>s@il^H^Lx#*-> zLk=Ug6i_-H^veXD=(`%>>?#IIUL-VtJ!SC*9DQNY;5YLG^%ktX4u+;vLGFZ{o6CXZ z&FF6Pw;S8NdU{+7T_&v$YyN(!e=#Dzv-=R^J-q7^_jB~>X@uHe1>7dX=M>wm>c1q+ za$u^gP-2%R~d?dZ+ z_K*fe(v`vvE$=O`$XboA2ht3K_<+`D2Br02Lqia~zoF)iW3SSq`>`h3N3Tn?_4`;^ zOIy&q3Qtag*`Y@3t`H1!5eU*ma=cu53@V64?qPsAjp4Hh?-Z5S*QXlo+fZ9# zob7xr^VrfD>4B1_v97fx!m15y01Lkk&T9K zk|rwQ@0G_ab$o4A}bxjCW@69R`DcvIwOb1wblC3SzZv=lt?vZ~ zr|KMSNQz9o?d{r3`=B-7m-Qk(1mPck>jwvL?_lf5bs{bep&@Xw(6oFg`4VB*1OFQH z4uOBl*ot2b^yLRfQpU-^Ax3ghEE~=DWj&Fn2CQgG8ADGJeG)u*svGO_|Mpn7nHz5n zIM)a^3OlpD%GMUSIa{;_Q&mBuuln3x&?@c(N~V|8X>Ot>gKQ7zlwv^`w*z|~d>1;e zp%2Y8!78v_7+Z1R*7IIr2ZzoD+6ASD|=+i}&ub{IsVfC?Z1ch1J!XN73)oK^XAl0Xx8$Z~kcc=M|r_ z)$hu^HE}1=ACdfiy~)atM4x4v_NTtO>FdMe?p$?g_o--`4}_1$4S#zTrg48v4&CN3 zF-L(H6uK)|41MP}SFg#oolh`IG(!pmM0P^t*a|BW#aKGbVLf9cz7E0sLhKZa9*wj;MF7(ChG?`c(gBr0-V7abK!YTSCUB z@e%oQ_spZed_F$$M%+6I*}@{~Ys#7@gPTc|(leB3#i4G%inl z?=)F3^s3N7bgU~WNME~%2t?j9$nmRs(#l;86P9?@90~*Lx!w?(DzbFJW7gK^#|1QfKwDU5sqVY>eWVlx+DDlIOV2e0YqCGM>&@64P&x%s-@yl_szn3|=V4vl_80jK=qBg3@{ zE0TiNx3uuH;5-g=IJ=8^4?GJkhKeFeJau0v>BGh|Uypgf1 zDeu+2f$SHPeCc^l`Tiaku)SccRTHK5g&Zeh=@{0-Ck=El%z#f00_#N0pI zAN82Mkin22vx(c`56*w(l;ik+-e`lI*7XgJ*Y17VE#7Xbt+{7;^fX~}YsY^A#dC8Z z=+%{u!t`GY8K83hiyGRy^5WO@;`|11p3`2e`61r0 z$5FF47xY@AJOx5C+>}*U_K;hM)nt?`V6;?r|GoHb_=Zn$-hIdq_1A6~n)yHIEz&${ zYLlU*N}oyg=#DS3pSNi7_fCEbU7m=s%*0xF=HRu=$_i3xrezC}X zCx3?qJ@R-BOfh2Wt>p_a5=$cUkG8tSI6!1z4&ptHT<>bjVy887xU5;<+Za-6xd}py zHzp*V27Sj%i^$CJkwc}`_>CzbV-RE$*A%@x62gjUsZoIMB1sYyvqmz%j|!_K(}V2A z_B!*Gch~wl$Ly{xUc4kqN3ep?zY9q=Z`Sp$D(+;%gs&w?d|`XHw7kgSODx}M#6cNc z3kTY1lu6sh%~yA`Q9vd@^&|d$Mt!D@J0uv7ZICaG6_T&fqinVEggy@S879ozb+3(BAhCb9%z+ zyG#y$Z@>xJPIjug$>=6iHCSVVkj1M z2V#Wu@mgr*cVpTAl6Y_)bJP7Ct0!^rTcyuOW7^7~_ax>;S-@1K7YAylinz4VNA>HR zTxUzVvlCE6GrNia>4wG0zP>& z*_C?LrPp>$5i)5se5+_FR$>BOLAgLM-PcjYs*E?JpcfP`eLrV&tmuU}3)5Ps=b);16FNS)R`ZM=8c9P?~Z?Y#K0`=(IESExmT_ZSn&bKe+0RvC#;g}o;r4(Gx6 zzFw{y;!|W{dEpKfG;6BoF)wZET-s03QIARQjmpW0i$z2CS%Q0+oZ4$wqygBKO`WD^jXmZaP0Dj_HT4)L_Z-Yg`_5V=c70A~IV*f!NJvXKwZg^R?HXsT>D{rW|9pz>3oFaa+P1dvZ z6N5XYIvZ%^8KbY}aqOeZa#&F-PcUG{md>Z6MD*<8*-XTAJ7*^!($7f~uR}S}rX91l zz3g&lfMf*rL(Xw8EpHNi?YB7>u5$r9?78mkvK%J*V)Mxo|0?~|7DwZJxPdYUNWc@F_cIrn zf*_q#w=-APG0L(w)OS02XhV|l;4O_l>u%b7AN{@S7X7WTk4Ku!pp_cejpaA5AC$hQ zK~s4lmD{QkfWF_F)j*W!-raoDf)-F_0e*@#)(uFl^&xsf3uQnYS3W%_(&XPri`V*& z&ig|tV>*k2%sOwo(a(H4+x&D)PYzF8Ae>Tvd9Y?}ZS!$~k8$G*NaeCFSrpvkGc|8{ zKNOm12!cnDb0?%d51H@?XF7#5ftZ=LuUUNiUcp~0;yIQ|!p##63WhK(lfi8brt9C5 zd>j>H0g)L%Qg4oDYMUA~RORbcy;y_^?>*;-ns;C#;^NrCj4(#=ts47a&!-S3(_2Ao z_yIEzZ-z4~HJV{P@58O{M;ctjfCHU9ExGg92Vyj}6y7awVF3vKeTKg(;0I{X$v`Zh z<_Z3d|Bi+mhLFK0-*&RNy3K#PQCfRrH>mtXJpyi6bn{qPx*jR!lJq=0M6V4d?C8VE zm9@NrSytQuUL}c{ahwc^G^m=EWt}ylfg27a3RYcUi9CkuHXl-+sJ{lF;g`Kq;&=By zAXpy_i!p*$vUZ$oSc;F83kBU^o-S@yV%oqGgvHx-sQ=9P*jEjUG@I97K+x&xR5Ab< zcL;_}bdD!!h>>@U5_-wtwNOrTlaVgb9R|xDR+#{l#}DE%C#gv zs-`2tI>PeqK>efdT|ZR6t^gox&QkJ1;b$Lo zj+_Zjdt&AL!7-USJ!oZxaM7)NVdeh&jT&GmnL^P0zBbaN%QX=dGV)O0;<@hIe?MkfPR-nkULq_7j}mr{5hs%UB| z_%8|4NWQ3De=~FZr_Q+im@%vUZI}dDWV|r2S8cLOwsZ|L+CVye4*+>MdmuUM zzsC03|M!M_Lt~aSUij{UcV}JR<~1K?OQLmc?~`Cuy0KHQ--}) zQjGiK*Hlg^OnMY>;*mv)koyC?R?p)B^wqmW9zayF^Dmsgq%7m+g3R~DZtP*TXVaf; z`d-Glnq|~*2-SV0;In08Fjo5K4*gc{x`mc7aF5#b!x~XQ`&rq607^>Fwky75YXLXt z_5jZZKrK;|Syp7{cx}z24tFT%r}vZw+)xhxMo=iKk2YBYVit~Af*an5BMMuc67tc( z{`8vlIUbv--i;uYz8QDZXzuS*#G`R20HF{1v#wtdC%h)qZ8BE^~7w zOn4@P6v$>OFMk^BRYOv$`SiO3_v*G>2;S`+ehybz67m({3eLj)*f9{t*o`*YtTbJgc7GI;hE(Eou0=l#Xi%Y=EvuzX!mlbsa|-8pZ)Oi zlJHvo#yig@W>)XxBVV!yXz;KVfU}I~d-Q7_YXZ*Vr$tGq6(}H0GJ_lPv4O~5_2yL{ zXHoFQQEDD;)<|EBf1(n|!JL;lh`n#`2aeK82P_;GQ^rZ<#x)5FMcU z?e^|mu;d2q=s3+4KW#aqwFq?gkR=Y2@v;5|6V|3eOR+vy7bAbYR+%C+kxGUB9dkJJ z;X_}*h-Nia>*`{r2JzrbwW79@$F}X2^&?1Xqj0&u#>*)~K5)+}fkae>FaC|R zzo))A@Dfaar>t($^Vszfjfz(aazK_RQN=%Dk|YZ#sW{85*X>{X~+{bUOP zP-)%fuX`d#E%`f@(&#)WlJ8fINl%M#GE6ugL9JYD?#grD!t*OlX$Dz#oTPTek*xa^ z6WlOtk8C`nz#7zgM<60BuTQSoWJ= ze+!F#?=gMm{qsNoH;2w7Cb<93jx!iV@ijqQ?)yUsb=dwx<0>t zR!UoB3c~Jvp9bBgDCZ}2e`>A?kM8e8&$a~G{+*nJ8#tyA(;y6QPIvLOiAgv{9t0>HA|_QPHeB`$tL08`?zaY{RVscM-3;Es`9 zfB#tGcc^x3;AilU^kyG!0~OgVQL%Yew~((9FRSpe zrx-`bkBAAD`Hbe~GHa9Tls>gzogt5xPLE5Xe1nkEaq=cOLIVGz z8&VMG%0qYtOjz1n!*`;KNXSrZTaODQ@Vb*Re0FYUH7C9Yz`^E}M|4-CS(b&jB$TuH z2)DJknO668Hwm=XSHr+nBafelaH`>AI&YL?FT_f97~HR#fW&wQ%DE*R zV|==t84nW%lfl`aB|J!wKiOuxrXe<<<9GDJaRkKKDIlPLvbA`&yYc->kxuP=uyDR@ z%fz(Aw7?uzw{ldXyz>oiSXYlC=RQ2T1MBDRrbhp!QHl-M42j|reug|POH@T+w<FQGVo@)WjrFT=9YLX){7hA|2X?B zX3zi1RkUFWJI5pEIwBe^qB&(M!1j>Ro~E!@`IWSNR2bx zP$;*-=r!UlTb!QkzyRJkIxP-X$)C=N%^<1j z6kL`Lx2Yzw&njHHmhyPAJV|JnS_L4j0v@7hw`M;VEdS3JSoa5c!Vl0PXUDg?(Rto7 z&+1(p=dxrZVx_=TD$m@cz5IC>lq|ez&0 z#<$~yMZla4+)%0odkEKG4AriK2`^kzA|V=|vwRf31=*KY%X+}lJ`c+L2IYJdben$0 zPhp_@ZiV}w;e)TJc-1a#Z@u%c1psFeg)kQja_Xea!S!SH$l$zTnD0M)i=1G|0fy2K zuX#nJr6O1}`<7;@p#Fc_VEFJjvWDA6l4$m%yYDOjFoDaj=T_HTtK^b-BnTFwTaOP$m5}eOt)PldI2xEYcl2SY<$Nn`ZaAZ0N3<#@!z4z0#*BZ(9$`8=0y8-X`#cW`Fs;-q#R> z@JI>}Mjy;5!}4Tg7RAiv`eZ)mtt1MAdon4V>D;M!+xn_)X0$qXoG>@ltCc2`@C%}r!-JK5Y>FyTK$8vE~fUe5M3S8rag4L~Is zd)^^ythx{FA%p)_#Hkj2_DwZZ+PSnA17<(bh^*44pa}~H>*~N=H;F2gvBulDd4}lu zWB|8IgbD_=N_vc&i(5JfK=~i$f`|*_9L7NGUQ--$zsTSj1Q3ZqmSN?Me;p5JzXUt| z(f65&PdTphJXgCuz#=%y>M#gyKSK##lagfGX&0SZ+RPVflVw#f2)MXsCJc6gtJ*Q?tW1)zTD@;;u3tlY zlFL>x&y>UwOLD&lK*CUTSKrQ?);bHXj6g)&1%~d$eMq|l2>y4cVe4BU-tTBlz$h4GhjffNmi*#TUj6E3U4uG?VECFI5F zSdD8hDd!qE-UF<7BvUJ+rBR{MC|9<&Qg})BMyyxGBDojKU!&3gdfDYu zajwR&fZ7_ve<;GyM=1AhvJ)#U`VQ-ZeQ6K=Lc2b4K19_{j%z)S@tCVx9SBIzNZ%ye zAJVWJrz^W>T)ZH-p&wdAtjupg*v zQcQ8BB8SJ2#0kaQz@%OcbA&w-y#QJjab^&62Ol~D+s)Tsn(>8Q`Q~^%UP>$=6DM%^UsQPs(>)u~Kaj##R4DTTMqO>^Id-&Gg?t68B6c5WQ zc%kX*&hi-MH3cxN<4xhe7##F$xk_sjNSb_(jWHbQIqE4R8*OgE{T;9+jL5wTaWh~B z1jNUi`ZwBIIs=_jt_j)z;_;%lnQ)7ck{|i9KP^(-h$5|s{nI3 z<4i|pMxK5vg(HQxgWnr&$ctrp9_*`GTDuL(#QxZ}z~l^BGBA6UPHDVk05#y^!X}(q zY0%$TAGZju87jFg{#Pfc?5sO;_OH{Z+}nHY2~sW?gdg{RnUP`bFRfkfBz6LE-bJhbsbk1%ikmc?`r|ni{ zN?-CR$}RI^3?W8--4&JG?xhY?Ck3!HKDCwvxUAJO~FULXE?#0`Wz(YD#0`#%AYfsCluL-G+S}mM5%$0*nF_*#@wL7m}gX zKppx~0cVHhj~iS*U80n+XZjhY84Iv-3JN!m zO~Fdizp|a4%EFoi1Ye(BP`dgF=gF0F@?4CL!E_bWAg{K^lGB{+`)Ndh`;yBaR`Dw!-x2Hew& z%}6nfmiZ7HnNtxy6_yvBgA*2 zdJX-h%lR<~u6Qxy&^xd0t$F*%hL}!yLqq{rkr1a@EwEXnYB`p28PL=DtFjH5l61(;w(#3!*SPG10kswdVOe1UBEZwkF&Mt zLB=tog4F0X1`=7(JBpBQW1#ioHo=EK^*qtOfkh0v5fl?);Mj5J6kxLLKf*tNz4?~D z+Z03v(3Hp!?bn!A+%_+bE49&r-Xs82SCt51Y9DVb1mkMTa7me9Ir9W$+li&cFo zOc+21Y#>1C1Q2YFr(6&6K2xWw{|0g7)>;|lnR;`oKyKW^Sl)#&{ZH-7wrW!f+x|ig z_BLj8l5p%_w0x?ODdND`-ytAn9B7e^0yxfSGI-1o^(RU>YQNI z&I>73CB_Phpp*-*#%fD{VO#SeZ?}~1eOn+de~%rs;`Ora!F|($m~w5PHv=wVRTpXL zMLlSS`Om5V41xpW_fwiy({PRI&kDFd9>^FZ0vKO%9e8oW|9Kxk5PR0?N-4@w%ki?m zr$o0+0$;^FS3VZdf`BwJTEMSI&^QHUzP6F(<9)pQ2teUUZWY?{=6!xBd*bY|7VAHM zwv&Fsgzx?WM7SQuq9Y(=K>&oQuHSp|k-?|e6|T?M6y@pT?3R)Mj)Dg-_HCQFemhw% z3#cRHpe!!nt$GJ)yPHRWlP-(G@-)ih!pX7>>H*%5jGSAj>Sg#t&1nk0tTVlwT-7^l zAZEZ|X#E#BN_5`!2eytAeQPR$23Y_!|B=`qd{FRDXBBaX=%r+S!7@Y15e>C2v;;uS zcN$ucYpfCf@zR`rcC8LZ!{c7hqyFKb*k|8XS2}jk|uq4sC6psN!f|hVt9*Ok0S>xxlETH#KFP3)ZQ{Bj)exfoe zqVfnx0@SD#v>PQ71u+67UzAKpmKl^)<J4>&Or}TvHLHHdX%}EP!Sm)>8GOxB)tf%43@{qj?~|mo#ZX|)3my`9vKx}5bY(1ACG9(?CCFkDK${rXi)zJCcH|h zs&PyHH=B8$)$1^v6Yuq0mHRyvx+hnl+gP_&2aw@F>)lkR;zj&m-(>y50XnTyAYSu3 zS(XG?m(NAbImLw_TM?2-&&^AV)}1GOozd_EK|D}60TA45+D>D6TDV8F4hoXJZJ;bd zpidis0_GO{fkeZKoYZj8;C_eU63xBa(?X;L|s9*6;VP*~$M6`~4A=tY|PX*1dsj%omp z-L=a;SdNjig)n(-57+Dfj>-*p#LP4WR{hEr;!gCl$8~@>=ucmkwxRWbxLF|}dT^7n zUT0Rtn)QG|KuK$S5|aRw>%*FPzl3>0bL8y*UFsE67Jy3MYndNi%47KYi_l?tQ$kbB zWN^yelVY6$h-fmvaPhM0mE*~h%3T4KNw>!o8NJqP1V5*OeC)Ve3K?7g{AyYP9JlM2 zD;+0y-G*NGUo}j66&9x~B{VdT^jDeIW;5Pbx9io+k^^q-p{ec77Cv?0u9pZ)d<2!z z*Ml#=X=F+L1HzLYjMQ@akW`a$Ta|rqoEQaMUzl45&(Y236adXy`!xtcS2WLJ|wx!n@+4;|{bdFn7jujxzb%1iISx#76`)@{C6Ve;B zwZ8&86lMYmkfLXbCvu+;h%5bj9$w6c2Zax0%_;{)hHt+;pt}!D=9UN-J8|g(=YJO1 zpDgsf`nxySx>BK6YLiZh{(Vhl>hX#rrmy{%kXU?9v4c@7z;-I1Q=7~y2Os^>4th~o zI8mUoGoN}nwjEI`s)43L8NO{tyX_rUIXcu^H*Y;Qw|zAuGEX%TN7vs15CEmzKn06< z;pyxsA%}ZeXSBg{ikMkRjuhj=rJ+GBa?EJklM%mLG0$#&#)>=7Y3dxD4JeW~si{0U zI4M7FQ3-bDsy++co=cmuZ2q%e>|S#q8SG(e$C|LQ;p}~ueParLZTLvZ%?y|&(7VsI zKhTX2y1WuYsYOncy^@UftphhJXeC;Q58m`M;XU`|9N~iYnd_(yCGI@z9f2yN%>YWq zC;Ms=oSCEp)|#R~a{WU5%2sH{KBJ{Pu3P7HJUXH^Bx$idkLLF5` zd~af+jjw!OJ(51j-I4KVl{+p`zO7a66ZJJF%?lb?MANCqYE*7z&LL*Tv3I=h*rGsd zE)!*w2c}hx)gTe4Ss|OU!_W>7Mv~gZjB6*D^0$PViPkdu2}O zcVL<5%#y<%k}A8uKJ$R@xsLho`%J9c%Ll)~awruBYuQGC<5Yxlf)#*$2T2fLYX`_G zoOIVs^7J+#-rYbmRn_RR@d$iSI$|Ni|K|~rS4M~R$}gwC*IX^OW`AA;gIlZ^Zb&c?}~t@!d=hq zYAU0udRGX%HqgH>ZOzy0gl;jMyy7lSoZ|&wMUZjzrOXmHy%m{Y0Yz}9-&a?dujJ@T zY;EjxF9-8wM%GtE+-JQLWnGVUiOu|@48Q-~PF?2X-zl5GLDU4Uw_03x#B<8VGPPi- z@|Gy+8`5zxCP)kKfCrm_zn>KbcD5_mqWL(*aJsaXcINqp$ArzXxfFLyoE$G+EM89o zSN;s06Qy?!RaSvz`6UVWVc$2wiXiwdkaDz-U3l%?M|(9(mtUtn_NA=c$&43iJURn_@pyXg8EBrinRO1-2Dn-OhS63F~{}r`$xIg-Z%<<=MEaMd4Qa^%Nsz z)NY&RS(Wr@dg6S(+im9)`3ehuJWDv#9JH@thM^%Fq-OUM?ZEP;n6X|%Q+Xnzd9%+$ zwWKgy-oZ(sT3}#h4S5bCcW0p`ZIHR6^kKl(s-{fTbB*;^rqap>6o4QXhG zks5H;PpgaRraXE)Ix0MP@0yI*)E5J8#TaGY4f^eGP-U5YVJR|BFa>w7Cz5{QpQv~1 zUm-_k^kAiN%<}}y=sm^axr+>fz-pyxSf*400$&~zXKCkcI2v4STM@v6$5}KjRUV=` z_s_Ow-L$t9t_KxLhZ^`#>~aq8yrI1r9;nT_b2qQ*GDqbV)lB#AWYN}2#s!bv76c%D z>AlUnN_hQ$rSEyjde}dy_pM$pWb^17V5koj;}g7Ok?AMaf{Jxv1wCD5RUQ$=UG28VM?$8*@!a=6Jl4()Rca# zv0MG>Q`6=J7p4T$TZAH~y*)M4hHugQ42O~80$>#TY@7#@4e&b2GwBQjtEp_`0IcYG z0m+yr(jOfqmiei;>Qx$?oSge(;m2DoW_Ncv?lQzcr&;1^y3qu6E>s+!&w&sdpAg;NM(!^RubR z&G^`m=zF`5c~$ey^wEEHRFVrNuNSUm9q4E^=H$|s;P_RG)GMd4L}{FTsy_-Mt0eAj zf53fI=Tr9+tAlArO;%vrFYUxV`*kZi-Xx7Q6A?#=Se1 zI1W7(&-J1v=PO{1l8a8!EzGSr*Ntb|>gnr`z?%pSrLGVjS^(=`Ub_%o3b?%|5|D9A zg_-$RclXWy0-TQD>+Zc159IG?{vzzS(hdF!k{wE!ph&R~P)=$zm9mBT>tPwyKMHpH z7geM5_R)ymA#tC2y+ivm3!GGs%l+ZCZ-Mz20yA!E#~laj1I9u+CN-g9d4T?xZ5sD( zzHxdV7ITjb-U@UnAplXWOgjaDy-q&g%imhSwkk)eJx}1#+tzP;7mW|NVq;NjI%`Vr zxQ8ZjtSO>@Bq)JFCB$e2Zpeb?_JE}NLqE`>znKNq!i2lwhE>n#jiZ{j)(#1TZ&f1#uqdFsHr)r%IVIfiAx3o;P=B+Z-*wj-{Wk#13d<7_ zAG_t*>mN*ck=r)(B>a22l2U+*S*3r~3s|2C%K}f+g0+0f&7Wqbyg^>;w8n4Xi3tS}=jClxQBF2}>gLMH(JJ42oLYOja znt!+5L{&#ieLuz@ae7S!-uG-CsBR9Pr0<_q>=sE3D&=ccz05 zjH4b|@#|D-YVGV^%sdDpuAEGEv3aDp``W#@H2EfLdi;$&C@8HP%LxIcbz*rF5fl_N zDsaQ(u)N>@s7K&&YwK412|QV9CVnyJg)l5nd;XL(@vK93jr)FJj&ZkELHOD6?ZcNt z427xg!N<*kgS|DzpWQ$Ijq5E}XpS%49Do~s=2HNMDD2Oc0hRuqaU?kz{H3BC1w5_9 zXG`9D=8z(2Wnu`4%&}Fw921ggz0@7p5>R&2uR7Xjn{oWvq|tII-sCxR!1_jM(E8I7 z0cbKHY<|E!=T)u2ic*(|XwfdbRFnR_B@cZ|bgT5tubGdL)}m(uXMXaW{Mqw`|8?X! z?QK5G$_)YL4?wbM)AyZQp4heWjd7vLu5&S7yW8?*Ow!`fV~CMKp`IB2`Q3lLv==1x z8gBd{8Jw5`E}L&;@*PMW7%CrM zfIrCG0_%!@KcB6W-Ed505oyJ}p}8qQ*vQ{$C4F}p=C5`& zWUX=zHuWe?yhy~?WB#oZYWS8UlTbK^7Mo}UjQxlWDYL4GeLkNQme)f8U-8@~fH>k2 z>0oqn6|kPrj?NQik(q}HbNVBvzWMB9FQ#0>zH)d?P(_)l622Ij{?-Zt7iiM?8n z&AwRW`FWOBcGcNV;h*jA%ag8h)p0Px%=Y~6P=9&g+EIb(mqQ`e^h&j7re?1nc~|;} zJVbv;>yFB)rlyC;YP)9Wowc?k_H^WQckpzp+%ucEXhU3|%7OH#e_X4=?r;xao*!FF zeq7^uBuE28Oxycy^V{AB;Smh%%KJ0+-6ve^rq4Oq--7$Q(uQcS=YysuOmd#Olt1h= zGY?Dnl3LqX#!p!5;a)R(Ge9}|>bUv5U#;PIXrlRipQ{`=#8861aE_(sBGS!rEk|UQ zjoSKY?$7cJxwMwIX^_bYE3s0+GzQm*D0-&+pH&?0=Teh7>P>f5z~RK`;OX6n@_gxGwMex$gV_{GXSy?fZ%Id7pFMCq{f%1>7t^ zYNSLWDS!MU(`r+L#jjmiNE77rSS31sU@B(g&dp1aJii9pVg>`JZG*mA@UBW%CU8eq zCfIMhC%aKK-g~eM+&{qCO!vMK4{G>#niJ!>uB`1v{oDtgo)jHZ(ZBM&RiOT_`F+1>lzOhR9eZyAc86r!P>%Uz;+#AtvS*r7mH@JCarL44}xL>uu zqvKqvGVtpoY|AH|p5D<5Tz3CFX6^`~ef-j^x}Vk8gr8TvIok2p=CgibviX-$vr1<- z^ZJ+fB6w}rZkbqCD{9W+@4?^!v5YPf9=Y@>YVMcfXAqzN-o5GZ%eQ`y-m)mrijLa% zK4=o1{jsUIK08AK+!TR)RG{$+NiakhzG6XY=X>CIuztG_HD^KG zG`Twqh<;c$^dhsSaiGV9cP(l2j)7eL0dT8~DTY1zHm9xiKW~-6MD|a&$^b!tHQa<- zWyqvz7yuXltNZfQ9NrqE*9zssb&j#HZqE<qqq?9VwFj{jbM%?J zlB}$r5dNa#l2U3qW@8gojfAVk%JJM>WD43Ls`EAJ>ru%YK@EE$;otYSKfkXW_-Pn_ zO$)g({b{>lqp$Y{oai)fU-Xv$@1eEf2bvY+2h~9e_8z`ZtFYxhQQyd->J4$1d!`rLlq&BxYy4 z&M~&GvLHu%`P1`t<6D&GcWCxwmr_W6#7t!92W%CKkga^lnP)OBl=x}N8T+|Lv3YP* zY|MJ4t$G<1_8IujPvjscO>-{AnGdHlZlg24TH*A$9?G_rj})bBz7ORd+i4WP{AIb1p8vS0;VW~<_6(OYQ#p;B)J8pxb5i&*Q|#?B?E$~rvxc( z#+z$3InEai>QMAI%1DjKK8fxeY^T!8GcV~N|MAg{f#+Z_QzkW~W1NNs_o?rWGg_j| zV%|x=Ghb)5M^t`Y;l;wj#)oN&Xb)KMTsp(4OK#Oy4cOeBGdiBNf9+xJdY&L<+`Cpm zDIGJ(2{HMmoQFY3COf;=ofG~J-`UNU=ZblIGVg4oRi7k%pF-m`b}r-VVoUWrvVNZi za#t|KKWxLj>x8bl^hnEgCNxZimq z8wQ2Cn*%)d`$1cs6Q3P~V&NQ~2p*<|S~`rmlnzcP4(A4=pUL%*a6(Pk|l6>t1@ zX6WAXXVu%16>k8;pHi~OqkB9>+R8k91b=rl1zRWU%4nL_Zg zNI^h12kcpZiXxa^4*ZoNN>!T@!rYzW!fbH~`rfxwC}e@73+Zfx9U4KMlbS|3nCM14 zT+ip}+uMztDYL{fc7KILN#%a-fB)&!$5R8h`WDyNI33ze#w(lqEuLBBis_r*vK01f zOJ}y#Vs2l&7OJ(rKw-GZ#-kMfd7jN&)K!@>?&d3P?>K$gx}>}c_aQmEIx27)$a+Wu zv@{AH!K{x5veRgh@HYP-_KTy~U3(Xt6HPw5CjaHfP}}^sghe>@QmDF$%cb{RHfM)# zy!s7~wp26nQ3#L-s^q;}Ivp1M)mz$R19*-Do z|Cwxxr>wyy?J}pb)rB`Q-hmPqwC{|*&F6k8#AQ~Xo>HUT>r{zkJP$UI?RWRv@^)1G z5Dp8gq!|w2fZ1`#kA^(|EQHQ?n!8J{e=X54gS|^?Ia|sHy&|Dap(0;7b*IytQjliQ ze}>{FH`(3g9j*(j2nqW7&C{E7KQ6Nft<_QlgV!osJQb%Mc7=vM1eJZIe3l|Z&?O{&+1`eP4amG&_t z4$);d6h?Y;-z}k3KaSO$AnEjRuB6+KHYK%8%(+0V<5RMw2ag>4VSCGPO_tn#y)I zZ2|9V)jf^?3^?jkVAJw&TME&&4e0JUHhz=xE?FK5zui@LV>?_}!O0vimimVM>Uc^bLHN9yP&<_GimTH*>W-F-%r%JTM8F5?JL=PM1v&^BO@6aQly^qz7&U<7h6KZOz>i zr=AE;xM=Ntoh$jGx->?zm805Oy8Q`r2UmG1B2SLqUa*?4a5z;{$xt9f_ie6h+Rfkh z^R-A}~JArSsX-*g$MQ&xjeLJS@dLacxD;ldDeM@)OHJGjX)4dnbX&<>R zw?8`-|2uWhIPJ^LX(nN9l!SRYW0SY@lY`7cP~0c?Rka+RzH!F1uwQw(lsTvPF5J>< z=TrmK^)gN*43kJo_anrq$|j8+pDE-9C3f{P?kJS<-Q}gXQ==1 zoR$`h!C`oh4qNGG_*lkMnki$qj_bm0np!1Wci}gp=LUvfV{1P@m=+y)yCF&QAg+Z^ zq_@&weo%8|B-3#zrI6)rf{Apaa!6+|V+4!MBY(=}?5$>_jc&W=-{{MKZ4L16-D-bM zF_TShS#{p%$JHy}P|qybG}%ar%)j{1&Xz!DQ)H|0 zV_cE_nJo3dQeCPZQg34>kyEexSJ%VP`p~ln0Wb>jkGO5FF&lBVJV6i1Y1)J8T_d30 z@C%W$?|0K{{aJ5LQvPGTISZ^gL#Q_!fwG(b$9hBY;IQ6I*$iM=&v6~}-^lZAxLEQ= zRe+U`{h@{coGvLq2 zYxTv?S3d9O=E*e8e1G4&wjQ(sd#mH{5{WIX`5rzqGqX{nte|*Ne0yslvY&Q?S8;f9 z1_?TtyYm9LU&f96m)eE{g$eI|EWRj-`;FV|Zuu_Y99dNV1!SRXA_JdJ%R+fGY zBYXMvfUj2HjUPALqiL+2t~u5)a%^5OId8ZeJDpkxuN>!%WxT|g7>{98>;D=EW~GSg zFN?s1VxCL>Ufx_L-6TutxbDPoD{AXS1D(@+o#Sm;B`r`+(PM{1FIVmt5!_J&&H`Ve zDdS^bWYMO*N?oBG{>JyMmdzS`gPw?eJc*NnhwwIXL3(M@5?xL-#V4Y@luf}XWhy?jmq79FGL>q;nN1yTb$iVI|P@^ z$+rcfOM!6Rr9in4;gi(@MY~!8H}6zGV=q~2%}R)y^#NBxLP-q$8T|_b*eP=1T|ZFW zixIQCi<~7FS1$fe`UE}kVUjfFS5o^sgQQAU@4)v_^y82CxJDlXS?uI<;)LLw&uaD zF+__i=n9z?wAu7cp{2VQygsrEa>>Tot7tP}|6`zY!k2m50UFd3syf+{QRz7@8QoL0 za@ygy0#15Pk?EPfxj&>4tr&6n0Y94^J;$7U%Cln4zyOul@$8o|cJUGCaJd2bNlz`S zRM7Wvt+&OcK(=fo@Cb}J*TI78w#ksL-osn&d6{=OwYr12kphvc4UdUm)A>;PUC|>G zbGz$vV^w%q>2tyd(5b#*UG~DMG9{Kr0mg5b%ZC=PCR4Y#f2?3N@xong@!oKpu{j|RqGTSJr`X!+7^p+MtT#d*56TAEbj z@U_tFnl$pUM}w?U_en~5xk6EPirF@omQrW#tV>J*-X|m z^g;X2d2rbUC5rMarv6B zWu`K2w~3^;i8RnJf0O2lz$(OWK4zUp6<)Hx^o?7_)Kk8^-I`szO;@;vC+E^dPMnT_ zR-N+s?$e27oeTBY29n6mJpf6MZr3z3y+Ct8TXk4Ci9EDxmZs6C8TrQcod=o(x-C$* zAi{02Q}$%=KIF}C__tP@?kE@yg+^HY2W4zmODCOq08C=q^z0X9y7C}_%l!u?akewp zvrcQ~2ZwxTTT^g|B@w3KribCoxUW0iX%<+zzL`SC+3hFNAKK(Ng5YNQP4kJRa%L}_ z%+E1us@m$=iLk}%lAbWL#=VK#2uf%P&=4SD25tiL<<2f-ZTNcK!O)Bry5)N@&aUt?TIE+m$Ie^Q_lb z&YlY_Zcd1x^wwZ_O54CaI!T&C(uebupL!#9Tj*87qf*IZjdZb*c)oqvW45jbK87sy|<*V`h7l+JM&YSK`hzwpW|eaZlCL$g>}lN+Ap4-P){hU z(B>Q8SRsD{Esz2wWc%Q16RfcMT78wccNy_+f!0I{J8L@4>sP9$|Un~Y~rQ1rHI35)NW1W<-Ou)cE~O4<)lIT zseuX_t@~tdd@MPsWRXafFoeIHH2w6Axs4YQoIHa~0_?z? zY?RO5R<;{2E+nKl+mO6ZbvBnhJ^3du7=9{Qh%xP?F^q^+Wio(?RJURJ{kF7w0Wxqs z&<)$@EBk5`x!fBRx>WaaBcxx3&Eqro&!1E;6$(}dxO+FeJ(5PZ%hvf!S@Py-cZENXP+Q*`Ik<62z~QrSd~ zjn?$1ytkGWuB_Q?c-ju!Ah^|mJFOz0(}rbqCGMZ{<*TRIAUC*`v?M$DeNzjmEkvs+^KoyiyCYyIC3)Yt^bPl$hPi(@b2PgqP% zy>0VAxm1{L&oL&%Qp=J8%{bQH`SW3r&-Z?VFYg$H<5M>^d3xH(TLi6t$$gN@QrUNZ zl}42ZzN}I>noCT}C0N~aV3x|)+(8p@{&Kvg)d$Q;yU~lf&uH!Q1j9S8&E1F;e)XA4 zNILO;1{M2-wb@a(m(P2FU2)YEa^xXjy?ubYcwaECXwK-jJ_B;nX|`gPDB##)XWpiT z-Zq6f<)p;CkX2%^?Ru&#pQE_OSf!qZRnP7Y6=0=F3wL0?^x$f}kmTS53I9rq)SKoE zkeceWtW#l^HTv;sgc^U*POGwibS-AhzwDgIiPSerFZ^@VrfS!-bBTl)Vxqf^EP;khxbM$MBE%b z-*q-?`H>U-iDHLwI&0kgJiB^a_*O#n6d46WJ#p7rL92V6xtTo5xTWtgB*D~HYVDzc zg+|ZJrB8S~XJT)?JmnM`RsLAt8tar4v^B=X>K6FOmd?Imrr!CHN!gcdJOmX`4)JAO?h}`! zGP>s1zN+vS5v9XqCA3rHInkF_@)cg57%nmhm<(6XU+vc1 z&WYhl!KA4rOLS!!KlQqLX}iRkrRTlxO>eKO!OHx-w|R88ZOCzV*T$*7myWc&YQCQH zTp--|M=5DqV=dZ11y00Ii?}||Iaiyj64Lt7-abRwbmpPxjQ^vPiQ8_o`@DKY2^lDQ zTE$F18U+E`$M^2DkU*R+cg%Cqq){yf%ySJsPT-Dva?u@;;uR`EK}8{ddZ;JaZK5K+ z=6!_;4)`;bvP`{3wi>z1n7{?8d~)CZXrmH*cKM3p(Af;D`useo%DyI*kRhAXS|8n;nv$CI zSf*Z+#{rnYN9z>@A1APlo9LxmkDr5F?dl&li-qIXUsDiSeI`!p<+_$#Go?#SOoDZ_ zT0}m`MhJiAY8UrUxk;8`dF|sfUy$i_oob2hYX8eDwQ~MX?`^!Q^eDR2-XHroa8~cZ zZ0k@h=EftyK+6jAy+C&5=#S6l)H7)q=j})1JP{{3tI(B!|0Cv+SXT(rr6Mi8Hc^ z+&v|EUay;bXUarsL(3iWD=Q;Z$3e;omnn;Y%u{MKr0Rrr$p4oUVEolM{bJWhZ}DW$H}*xt#6W=AKN> z;Lh)FzBAE!)phYUhb}~8U4*bwd2cIyKurQ>xC-vbk&Q^T8md@WiUlF z*R*^xC|+Posx%-&bMo?ZqjhtHc!J^*((q^ zBgrKf1~Yr?IIN!AXtaF0d+D97!(xUcH&m_V8YcAafp=;8`ZPnH3xnOy{rOi$4>y{y znL4~hW|QkErHqgIYoGdETOR9Nzl?EgoqgIBpAUSvahxkPdG+o1v(!o6<+tB*V9ro_ zbat-2KOh!Vs9Ec{Y8j=kTV2Ik68M1eF8#BsHe*~U>dS1pqmY8m4BOI+>ORg&T#<=# zzvZ_MUNK+zS-u-migi{JeCMexd$UDUBQpofB`ThMr;1ev^fl*g1bM&(gD)a=D-FnM z@jLhr3gG`@N~DXZcKfrt;-~q??#cvMBS+}23`M$#{+Hbqb^Bp=wPrVo<+9{BSX%S> zFx{Oq@kF{sBt%y{_EUbMUQzJ{io5q2-Y9|2onUwYGTpz>^esN+0;%fR3&O3OlvK4$ zly&#dP0G$nf{QP-!*teUCBuBXR$s5@waK~n=k4_ShK4jIpUf68SnBP~>+2nOxe?KX zWD1)IofFpDSr6JV-s!kq-2(ZURQI{!X31_u^yScjUtCQGiP5OX&74aOmYw&yjCdp6 zPIW56$q%reW!Ry)o}Dt>_iqM7ORu?l8Mqk9Vi)7SO(7j`<=vE(CX!*RY8xDW{m7(@ zLrIe|&Xnu57~3B6r`7KzV_bJSIh@}#u52-@3&tlYU3*V57yUkYfoDPKxp-&NJ)^x9 zS>@5euU=eOC_2h4lH8iNy>P{QJ=l3b+$XA@XyahT)c5zys<7PElSoFXSmCCf66++E z`Y$6l9@)g9JJl?x#A-@jzZSoldj zE`Zd3ER2$pkuif?^sL?EI&#A=FD`$Jl#Qh#>#3Wbw%_6EGD0b|CWmS&n=xx%SZ%H` zI{%d_Z12jl6E?J~j3wZ$sQ-4>qM~cYr%=fIyXvfa5;sVlD7pF!+qJcZxSwh=GjZnr z8Y89OEFGgBM@8MCa=$$xdo{h2$DF}(CtMm{8->yN6*`zi$^Fr_Xec2Um69xI5uHJ7 zd8Si$>I!A`*uAlYJk7Ifg4FU2J2qdv&4k2uMgvl=nvU^Ctxqa^ zomr>!?{W=&j^M7Rp>)>LH0o5llTb6SR9k^_)BgDyxG@Ix@SHBSYC%E{N#^#JRPmKy zrT&(8MJ!ZKE;gom=0rpv--X_WJFQ67+~S$sWm;>(%zjeZUMTbuqPEaAeqbIQAL}nV zqy1v7J@d|&!8~j?1?#%OZt>ER!ptkH#x1jVySTZvGj?)6ZeuXih2-b<(OHcH$7 z96S;Z2+~-FtHsWHCzPu@NSu=VOL-p@`%tPEZx)SsHj?(rJar_}x940+swU5doat0V z<#JGXvT7TF8bbV7t`A__4AWJg={jLbsju8R75B+wst!~tKX}5quf0fCp;CuP=qbq$ z?8}EOwWBhpV_T^uLpi4MXX5M5KOyF<+ukKt7H7$0o3l%kVriWBsps#J`pOY+I2N`V z#eIEwHP1Tz>P6pmiTYm+wN02}lDpJD9!a9pn4?jiD3$g1v@7?(4XxJ zdh4y2^q9W>c1%u9eFUf3I@|x$FHhE+Eng7>7wUO+gF80$WfM*4e$xkoQOmG2=;rL( zW%4~$1~#`l0sbN*>1-??w);aKFanMdFzwK=mZ7Yj- z+Gfeei4QE-Q~j@-nR~*!jA;8(pVahYSk@-ZLFDeAjGqL2n2!ANe!zlZ>NboN*J`YI z?bP$PUs<@_Z{(iGh)S=Qn+QvXEUA|7WJZ=5)bB=AVEHo{>y!C9OS89klNGPA%}@2` zrbT-->p(9oU4S>s3}F4?Sf2arb-X!XxO65HEqK9a85yKuUoiJdO=3T&c1)ie?*7To zaYC`ET@{W??|oXr*_e2`y`3M{`*q_iv0lvk*_C^nCUmMYH zr~izo2o&m}>hW8i=Za)`Oyu5huAP5k$nw&HTU}=eF?Js}4m|+NsqOJ0sM1f2iXs5^;4F_B3<&rJ+b8~FnkZtCU!lWwf z(<{%%eYvW0^#v=n>jM1cJvCQ2AHOlVm0UF{FZx9!;A#3R6!KPXPVAF_rwuyL`Yq%N zT%lXi@>AZHQybxWwvqp9`4~@1M_R2AT z;W)o~v|{!@aaeH zuUZ7zvQo;Rm5(ic&A*s~sA>Eh~Z#+x!^wmYAS+!TL2`2A%)2?MV}yHOs8ciRDpq)thR zdGh+_RNE2E4Z8x)U~=riPie03ZQPQY8}y>&iIUY)4f&q(be)31%cSnbEUPv+pLrKI zb=$_r!@2R^VbzssY%$^@;%saS@~YZb=J^ACE?^LI%^yWQ~yqQJb7-yZq>I>;8dHT_1EXZ?B za%uhjb5Tdwi->nF53Sul>OjX{H?WT+KpmMA>C$UHA>pqhO?JrXhKxTz3_eMWxCnK4 z?!!O@1^J1cek2wrEl*xBjN01m&~P$;#rw5)=$c4;2?3=M$UNg*PT%q zbjV_~q=Z%6+Y*`^*mK=ukC~>aq>57H^QYV&3*TQnNw44SH@h`Q30-LU-g#33w?rfC zG~X>e*XkYf!2jIO$FzAJN+)N3G~Dtoly3;|T^#DZBfxU$%!wTgA_bz+(NsM<90+Au zjtYm?G}n%>)e%FggYOJbo4Ld9Jd27yrPq`4M0ZPKG_Gs*`v8jJLiXv{ei?AkJ4b=M zD6emuo4u^GN{9maO!#2T*y+}NuA+|#)?KlPv2FICKprE}mvrEb*UpLTRlCh^P!r*G zQA&%jxtaBL;#8p~P5z+S`8~Zr#@$oNWTn4ghQal_n8h#6=C1dthg+zlhVmaZ&94gd zk)P<@qa$rf{q9Ia4x;uk2Cvn%E&tgiyV3q*muv^DQ6_ZBIeU!tz{UUN*I{UW9(T>t zK-YW%_$ccE*s<)CA@x~BI9UWDjd}Cqyogl@v+R^Rxh|r~gjozueJvoI2o*VYpM2*}- zw);!>8eaaM4jhpC0d!Tot>Q0Ljk;F+gJvJZJ&1CoFO-b5tuP0^Jy&=;M|kDyq|98p zhMAHJDB@~i>7`J*M#ZKWu8_5HqMiL;Eb8xKo1Rer!1lJRm5d`A3rmX*&NAVsxA~~o z^VDXdD%)cn?5z_gYh-4>Cdhr}Ta%52(+_OoBxLukn>OC;{fg#l+W7M0V$Z$&#J@-CVcJ~C5ja!wR|BS>-~{)Q$SJk%EsBmz!>?M z+a})XMb0n*E}!o3FLlU!6;3q=E3warL^%?;lWSW!QhjnZC}zJ6;4p3qh%s>dT?q@9 znr^3O3?8@IZf&*DkJCEzV)!4~k=r`KH-zI21`3zsCVg6M8tK&<5@)}ZiR-_8@6P`? zaoJNyAZ+2-h%&3o-)3yTPGCZEN^Vbp$mz_pzWDqUH6H6dO=encSI@isBkGa;Zqw>5 zj*scJr4vGa9m&Z~ps%?M@MwU750v`I#V7_^DU z&Poi^YFP`qfiM6=QVC7Z+v<80Bn?TM$K7{=#^@6ob<;K$`IPe zwDMFXB@SgfOH#gF0T+EQLZpd*h{f(@3XafZXV#CTFR4zZk8w5BeXc|v$t(IcBT-`aeEBV> zEVLz;IKHQ_uJJa0=N@}pAx>P9Dd6V+{LZ9pa{%$;!O-lcxSu+rRjPou7eh74YDli& zG%w=19ntcXXl&J~#@XqGc*a#L8_XB`x>vlS);Ieb-@8-OEzuha$!}D ziXy(QAU(KPXIWfb-sRzEoVWR2<>>8zI;yrzTPIvO!#9m7WJ0sbvOzWzzhSXl25r6D z`;s^BL&%+$8mW5=Z0K`lH@EgqP)o-*R$X_RUyLif#+*ENJB@KvDjrK__w+$E=5d8% z)xpjP@sxt)u+NH+>#yw4*KdlJUt#ICS;yiQi*-{Z;xgEA|(#?p2vJvR&z!);x31yk;pF)iBJK8&|kyG*@&(kW9d5Gv@BwFHbCJYE*6HN{U{W zXIYr?Bc@6}XeJ_!eGMU5Z|}-QJi4z?qU?AXJDI%!dE_jrQP+{+s#vX)(gDeSd-vIg zXZ);*+^M(ZNh95PH0fCz`uqLp>b(mjetXZ43mK%|V{k`$F43?%{M^s^U9(<8pBw#? zLcks(ydrF1X*D7|HWwk%>&I5CDI*)Z6N`6?|!gP2zIbi1Aoal@y2_Js6eiEVNYu) ziqS8!hALn|nJ97FXC(rn(=hm?L#iUPl+`|me?_*|VPK%VW!w=(OVaA3y+Ebkd~sZU zYB!AI>Bh>X=oy$v;G?R0LAJJ@LLck2G6XeJD$AbnSCq`x)Sc{Aanftj4iBMI{N1Nk zABrxyC!|xx%~N<<;q0q$*Pbjd_Y!M+97}+DZ=PwNd|)3;d2!!nz~;>3@49szpG6Jy zO3im)Re#riFmPUJ=0tOdBq;HOn`AO`nYadhSso_80>oRmR;N&sCKvOydFZ-beT;wY zs#U>zl=l^Hp&J*enzAf1m*Sk&;w+7Wb>rmBbh&dUm#;^v)@|v$J7M?a%%p)EpKf=S zm-8SO`)WeY`R6Q6VKGb(7faokM|xmGC#S#63<00?&Lb(qwU(YIxwV<(L44Z6F{SYA z%zEpk+E!zF`t#Va-4gM}ElM8y3XTBM4%mm<8D;2_hA+{L)=$w_1hdS@h4Nj4kbx?+7 zh?B|5+Qw*?sqex9bc3G^F6^^jzgN5|MFD=oO>ekl_@Lbvd}AT2Cu%TgSo_L87BkG- z@9UrD|L{dte+zk^IW5zeIpmcOi1s|IS!OxwL3xK1#~14c+iT(O#IM*k(g(d8#5)W~ zCu!?3sRC&wc~BN^8QCZE;@8tleeOC4S4mE*k7&mVH0jZaPW~WW6%>7w`E(<=!TpW2 zCv&PFC(#d7{FAEOd7<@ZuMh$6y!IR{E`GHqb^Kr-Qt zAq)FDj3?00% ztPP(dM<##MAJ8;9Fuc}~DTM5MwwfGdap`h~sa$_#*arF6nbly+%AJy8VJjS;3 zw`bCjCrws1bU-u^+n=>FFf^2pXdjkCU?bpbYdCRE$jS&&_k(>pGv%UyDk3B=v~_#> z_v2ClS3c+G;`t++#ZN!BRv29`Q6-A{wg5f&#o#)2Fm3vUEBRKs;n};3B#fk<9W{<~ zDspw7ay|t@GkeGDs)XXt8c+0#4=nJ^+`LtClEuc@vf8RLrasHS;K6L{<$v1C&`#<8xKOjm6LWcnVI2~k?XKV&>c497a-K6Mizb!fWPUD)(d}6 z>A`-32M~=lsgmApId!QLZPiEDktim0J%h|yYa{WNYl9G1?++{ukhYhkbxJR}LHj~4 zzBWAL46I4}=8*6t8u$cO(Dlq9sS-g(`+(VQC zhTXN&!M=yV?>8&5G#mYY%~PEGExuaG6j;g{Te843s4F;LU>cw!aByp577Dz{Eez|~)RvJ>^FtZ{aw_&EoLKNq~0Wio)e_|{ZR zdC%xQl)?|OhZ3JVId>{l?5^*{d5f{eP^Ggm3!HCe94}mXza!c^b2H}VtEVj(`ctAF zR$L;5xo3arudGxla+6#888)(ePBCz`ex&SiIR#j?J&CfTC4L#x z#h$#Jb>H!)&(M{i=1+?3Q#@mnb(K@`uX*huW)Iw)UeYX`P9c>Sb&ZZEj`0b?+?D(? z1bX8gHn`^d^(`~>ZNe!q?MKfD?+Nq4-Iu^!AG0qp$4*ssME&_rW0)8O($dkCl|wUv z7(vDODG=Pb(KND=&v_&;tud>l^I2mLFvxd6W2j+nrlw-7fq+Sn;J-)Dw?hj2EfWX? z#XsP;gGiJqpEI^xl{=Zk=o=58Z5;0m9_dPR;qa$bF;7KY%(+1+WW1K{J zsU1UmNs!zfm4u8~;Gjm%KF;_bLKy&|N|evRt$@&ze7^CFe+bn#F@G)br_eU1Bu2jW z5B%14r>HvwSU3!bv$7$AME?$y9*~Kme6HLM$h3s`67&5bGYxI7$B38t*!IN<#Yu_S z@(yQO@~bvXxU;&N$xvFLacWb*k6E2)r5Rs(nU zG6`8YF;VPKB!6blJl(?=aTyhVs15@CEm59iyHlgqDw5f3Ql!9EOUIcpO~f<*!M6(c zJyxd4=U_0Ur%6%6boVkRSvV>2-xAaRO(F=yKrklYa)~ya+{ts4zQoRBfAc66Y)-TM z{EO_%Vahj;>KQMbqXv-{2Blyg88eD zXOJfr*n`FdVts;xT!D>L0iNz2LGoZRI6)3o5Eds7M*LTq1Q51C;W$?mCO9Yv>t}x` zKg2W86XWUQ85AxL_V9FZarMK?|L0S2XcrexKlfw!RBl+mAhAHt2v>Qq>>ogmKw+@J zF~0KPqst@6{~aYPJlIn#5C^~!J48va1o-gvA>cm_m6AA(2m8l}w8UvUIR&uz8E}w? zE7(pB>=_6~gFVpB-oOAl2<(gw4s;C!WBq)>!8#f;;`!%Mq{A^JE)2kfH|WvIe>2MQu#c-7 z;7+MSBOafM4i3Tsd;b$l@V4@G^$Ye4a`grOdEtY`xcVHi=jhl!<^SL0fjxcQ4`pJo z0WPiq00{_2ArM;Z$hne-3WT@@1bI56eZbN!L_0)qgY&cN#b0_iv+{>u{dzlV+3 zkw@{t^I!G>qG3K*pj4OzJ3G4u9<%?y)dE5|9;X+=#b4?lasNM`_b+GRA^*$3Ay592 zc1ZO9jvxJRdk&)lpO@7<0xK;g;{vcaSK#SLK`_=0>>hv)cXa_{ zgM+|$rT{T^n3#{($bn(t*e3{ICxP|=sQzFbV22v8103uZpt`5CnLVP*$CT0|N2+6NmNuGxrJr?)UR_aRgF5Ak@v%HQ-REqi8|M z9rhOlQwR_`EOkw6fbZd=e@u#pOOM17Ldo%uE&`Zc=O z0>zB=!TN_2@^sW5K|wfqadAAFKx}Y;vnvc6;4Xf&F;Lt$Pz>h-^9b?8ej?6i(MtUM@~$E{bU>i1j$e?7 zvp5<8fryHTIHR0Tqalh&DJ8R@0Kj)JHz4@bJkSAn;3CeV2swznGb{*uI4gpbhCref zJl#b2goR-Nu0UOLb`=qK5QiSlLm-i%9-cnHMlmsni!JaBu}68^I@?D@;a@9wqip|z z=Xwke3@o&dwpaKA`tg*oon5G?aI}Im3a${X@V96H0A4Bthr<1Z!VmC;sjIt27)}J( zh7lIUpD0Rr2^Dr1hCm5B6b?-S#wkRL2+M$xK_Un!5)MURp@=XjA`pr=2UUf_ZJ=;n zD8d~IKLOV<06OAwxtE=OBk; z&cJp{s0maZ5-AP#Kv~1!;UadzaC19hh=KKzZ4oe8dj&wc97+y` za1}W;nzo1>6oLN_gG&SFXvhag160ME??^$wrGPWF@fJkGya1~KD1g`S2!eDEKp})B zU@U-be_6{Kmt z048T}aI^v(BO(pVkhnBShw1ImA1VdOreW7qoyhhk# znyKJfhK0dpQE+eI`EOPMV{Ry50M8L$NF?^ijB0km(fHR$KftC)Ex@RRD@_zX9LsB96;(4mH?^|HtQT-5!e+bg2h`Cdk7sVN5GCptnx32 zRgMs=;Gt;ap{N5;jwGnyC8$Iz$bb>vB5*V$5>Nq-j*5Zu7eq=a5-qvt*G+=Q2 z3RnaL2wAuV3b;Z*fPL@~0u|v1fKG4(z;t97ARb^w5I{<67*b6H4y*$-3G@`!MUp%6k?Z6yLEHViZv8gMuoel&^?ReTZ)2LACQWe6uCVc~eQ zso>2fLogd~=pn_dMDWS+FDY=(BQf}Vsdg+I?sq&Ih|i2iCnDSkqalDwNSFrTH-M)A z=g`nFC>$UVel!F)79WcMi3qC@ZvQrb$Mxre5P*<}8{xpunenzc4(DSLaL<3+0{8p3 z0ff&V0{{mBDdvZ8%z<tjR3F^@-2RqJIWoPgFZk3 zcYsiEDS%M;;lC8ZXB)!6G2Y_=90~(W97%G6*#K_qwPgkdlk zf3yquP&yI=NY^LW0S<5hI1@-pc;VsrAkZhAb8NWdW5SON2P|=eA&@}Ejg*K6m;g6{ zAKjaYh{YAKA^^OI>eSmpC6x`=8 z;7FGv831d6317ngzZiVH|KAVzOCEkbe%rA;JUyeL_}u>q*B|6P-j6vl1pXS&1W6UJ zJHSFwcRW21Fhl@e4kADVxIU`Ux4(#3B=go_|_@N15g!&ietp;~}92*S0G*Qp){fz~0$h$Bf_fJHEee$zq) z9P$ySPEa6NAsUd4*B_`?!NAwCA>e=>a5cO?JOC+hH5ft#66t{=ya09(UP<~9WFaC@ zKvM`5Ff*VwNn-IG7@@!Xqh*1c9rrB2GGMP6(7E8n0!>pW-m?f}yekL;2%xY7;|NU= zesz8*K|wfPFJMg42Pkze$Ads^h(7Fw;W7YNGeRi_9sveP{_P{+yZ{tJQVAgm*jgR~ z9Lfg|0Lpd1F;DR1MEHV(z({AXq%RmA48!LsXQ0#?9QD(1oCqAKLy{r}Fk=yZQyAQz zA8?G>-?M*?6T*csfRz3ZD~~7sUTO+M0$Ki_WD>>+9>PQekb+QVFiD^%6y+BWf=LGQ zABGn2ju|ZJ50(Vp>jDuLgs=8N(Lj3fhDn-=$cPx>En|cNY$AI|0u8*2fLH?T2L-wY z!a@`LLZ}=Ri0|XYLPCGX%3M)80(@g4o)46s%fFPHEPq!2%R=PnBn z;cr!p2&%wM|JLMhwFxl~Y{$-X{?3_Qw`! zu*DHUB+US@K%5gY6%J(q!x7-)goNZ^I6nL}9*Qhs0_fP>@qPkU{7dHgJ7WOqO6rK{ z0_MY8l3*MRU>pm;+`t3wIOD)A4|RrH0&h#<()gqcKPM!_=MKDQJeBsK`uA_%DXl z0xAR`M;BjQ{z8W^5Rt=&_h0yxOiTf|?#T-#{CH^F6nHG{Li)%dsXVAd|1 zomWdAUVppsm2Hg9kIVPJ)f3lB4a~M9w;jW9E@g%&tra^+l;3*U?EDP1&XD77W6yAF zrNv^g8z4z{SQZMb==|!~twg2&BwPx|gdr%ezU90xf9U0l_4Xd*{FN$; ztPi+#^7Dpu;^!y-`9?PxFoX4I1)z3*X|&%ljlX`mEfTtNM>!8#-@xB~7|X8au3d7`w*X z+E#~}yUpC8Vm$2+jg!2j1Jc$?H6Fy3=9E_SdbSzH3AE zRQx00^i)9m*Z{t=G-$32*4JB|xEbMn#QcCEzQ?#)Xcubt*`x}W3QPZBV_=>uORxU4 z{`iY89t#gzAb^Uq)C}cuJpODHYO2NAeY~{v$^}2So1?EObNf3Q|9$B(xcqHng#)tR zSXw!0+!rx_MdIxY5I%8^>A_cDF_+Et_8qzbbjEt{>(jJRw+3p~789^$V0m-<-&zCe zw%@O>ywNYLxiGK&WPSC)=DG&R75e?M9!{59FaEXtWVt!=VO1h{+Khmv99a3f0HX4jiW~ZJ%8q8w=-e- zd^Sat%U=eABz1n=eP;!ayXrR=l27JyG%>DlCHWA!`DBh*8KL}3B*t?zL-cbtKq)hK zV}bc(+(VB2cAgGqKMvE2?r6*V_|aybUL2hbXS;*3GzW9kE3+e1sdFhps4-;}gGb}O zDFZ@-kB5U%pT3`~Yc$}e0cHy@Oy{|(V2)zvhYP^FF+K5aXOqcjHarhA>|yUHJcY> z9*#o~2%ar>6l;4yI^FcXl6l-&vRGw3k)6Iso!h zP-S3)pxu0Yp;KRqw}Y!)loV=jg3e+HW*!)FXx4EkCG;4K=BXv$6fRQ{R6;!0GJ2U>16tX9w`fM4M!K#fj5K}YA)D=OW=U7Gefi4 z<`V-FsOtriFp3S<{b6_3ogcF!cBWg?0XyQUS*JLDNT)yVo}*9cZ=sUt&wEznQGiW< zz_LxQ=F&^;qktL>OVee4r0Gj7(BK`bIhbwCP>-)5&|oG0=6k$wtjB%D)GDQDA;KTey7ka_e9mV$sy#dJ9 zmo8}DxpU`^rurNd*|$yWZQE=IeQmKVB5 z2V6mKr4u$J+chF*AcQ1Oufn)rPUdGAas`qXS~2cp6O=OFYm9Irq_)$+=Q)o{(0wWFdrEHD<<`)`7MNjH zFw+5OO4@y30p6T(=sJ1GVYA;IW9zncI^Y;`qEQ^zurG9jAdLHwP=-Uq&O%>|;$m-R zt5`rAqXotHfQ2GQhel7VAsy#)nLasOU6;Q*$YO=dLtocE*W_*2W3yc{^tn&JVksqbXD@JrI?(ZLA~C%n;|t z<2c%L$Ray&aJh5L=-_@*b|`yn2!Lh&Xg&7rAl<@HP{TLs_o6#yLeuPQDxkrkvm)9~ zM*bh~?7f(ep-)Dv*@>@ZKQ><#u>vOoxlcE*EMGPYFlDkjoMW>wk2V|;0q3&Va0Hp3 z4bxN;KN_4|z%UslX0M)g0k~fK!@fv#A7;i7!cM2jn4^_h&n8T=H#s{WVeBwJzerE# zr$SF4DqApEGI*@sXp#;Bx%c+fUvD(%PUAjz2o+#I86R)Lg~$vva<)TTEf3Q>Sz3{9-J;J{dFbzL8ct`B@}vQJ`d+I3reb z&bY+4Ev*Js3UKR-12*cW6&w#<4`-)4k&Q%X`NIT5179|6-!6SQ$2Q{5@`sPNZ~v$N z{6GA=#mj%y7B9DcXncR`!D{p8^$*i;?;|QXZoFMSMISrDHs|ZsgZ9#!<|`9i{Ma~X z?3wIhX}__xbnBPK(yw>E{^qw2t>uruO3c%=w>!%pZ{NBtN!FX@>)U@?U;pX$hqvp` zm$sUJM*jb?z4Z3G^?Oo5tTwloZaqWUeA;}me(R5ayZn0N)`O$QX>*rKPrvx$wE0q{ z*Y14r#hd1Z{lO{)Yl(GUfBoy1R^zW<{>Bh5zxd)3Van|fM~xnJR?!~b{xG74)+w3> zRHF|@O>X12Hg91Uh1Jo!W@~k6#N~bI9cDM{>$IwxA3q*7-hV^`4#SKlx0lft5ryo*obx&q7L0u_!+v0#%aBjJ+Dh0!j}oEQ=Y z*t1M71J^aX+7HDy-f?%9(e&I+-CQhG6aWPVLlX)8%jl2`5g;gEfhR|A7y{Fr4*4-D z$K%nYYYe_7wvA+?JK_>Q?}--X5-O&XXjZ8*nQ;myg>|y|#GuI1DP2Cx~ z^q>Cy4E?YA43)*h&&%lJx=Z)5P0{b4?l&>j4e(aT(Bafw zqV8662h#uO;}&IPYq#|C?b{D1%iR+R zTuOoFxrx5NX^@8CyNU9{Ei%wW@rDBCt6L~!Zhf`V{E_nCG+HYv_G2i8)V{geJX*3c zx4-Hjxxb1@|8{Hny~cYbi%(DeoyoL1R^Z*z`{k>zDL|7Q>-kRXxkZ84B-!fW-4cJ7 zF{QGSGH{j7e>-&b*DwEtBb2VTzmpZnH;pF^o2@EQ_0IA(3IiIl%6%$tECYBcU-p(Z znBe-YulAOX)qv0DuV4O!_N*-u)X7)3zPR<( z7#bb>5rsIaQ9HHKqo}>VSo$UtO>ckOdiUVvLV8Lk->MA5gSmOX^hBfHmCfPu?$S$a zxlznFe*iGBCVAH?96A?dM(P|T6=k$2_IeB-M58lX5KA=}%OEBc`+*0g$);H_zXl?{ z%$maZHei;`V_b`{w%>=fRkF%`uX0w+$8bakSb}&%M?8Lf!1G78#R*KQci#7ngpm|W z!M1Dtar;BRdBL7bZ!O=s{lK4R`ST7|m8}gN$~LLuxtGcXoBG~#>x#DF2|?_;>+OGS zy}{f(q95F2cd4h1*8F{K9gRGDu{Bz^6bAo{eorusY5ejn=4X~FTz7-4m|{VAcB_Cy*x+jn5s^+q8>eam za~zp+wJ_D=d4uLCYfH`RasGPz;Mo%SU)^e~Gg`9L=b22NFO62cu`#?gHI{K_tvh$b zp3UdRfkjP$r1d2gR!~X>b_`}N%6u*;IXsp;TOxy~>ME(ITx>lT*E2^-JH2v8g5BJMJ+ZO@VEBG*9B?6ZAp$`4l`sG5mG z`K5VDC{V~*LpxI>PA9G)DgbHB0R$gNez;Op4Xbgfu7)Ojsna zO6>Cl{eZJqE)?{kN!n@J!JHMHjOL>u5E-6nIHs=hb+$qN*hNMqE|5~=t&eXScRsE*SAJh= z;}dXqY4z9D=IPh1-@E`qiWfRP8h?D8s_GribGpK)n;vd|7_Z-2!V6=m7u-?_2It~jk8F%s3S$c8XY&`LzfTf^}%%fh&Jc^>z#@(eC%RsuvzbxaKu@?&5SYmI9tbUW(7a19qd?TM%jM5-nvtmbNeixbNh@5 zGIBLUIgD-3G0|LVGm}EQVn_huuP>Qz3!kUo#0)9{ljsyUy!_3^i;b_AH7~|VywrZi zOvr(K@fxkotVX5y=F(4Dxs_Qgcg_4y;2Ktjjg@0ruDtw;)>-8Y7?{qi7*7EJChMhP z6=5-nuxL-jBV?cqX!A;aycJua=Iw1%dNV7rEbmznnsAR{$-<+;d)GD-lmJaf$a&zU6r4PS+OUZ9vW7_voRez`I?GFa-4LL!ypEg>L z8*($)bn~G1k~+S(op<{Kd$aut{HA96wbcZljwC&dCCKQJ)cj?cKd-%$b}x>v*BBWF z;}SH2Nd?QX@&i3#^u=JdjG6V9p9{~OeOTMh!MBahD{Spp^po{pmPSli;!i5JPqDc^ zX?EBWB%H1Dj61;yDg=lh$kXhnX6Hw0_~Xjm+f3l8Fc?|so5slIqaB(-kZl9OFdCB+ z6oai(6dr|AI1b(Fw7>0iZZVgT*7{vbW!bIYo1Ioj2NZ3=lI0OC>NTDNHpU=|c6aGH z1IEvVzv4+n;j}n2hJ>Ta^Kw6wq6__1>(2!ceDtibO?lg8UdXS=b|YP27+{46(qVPIbm|4<{~dq`1fO8C<1 zHag?R#7w&3ulwsbx%~A@{{N~EDS`MY?Oj7i-lBh8b`8HTe?9(fy>E~0EhR61Xm5V| z2kwzQ?#Q-TC}H_KD*6`aKzs64*lr%geN9gDfOWY2!G96HLe9AF;AV**7Z8mD{XQS) z-`7p+W$4EqXk9&Nw5vZc3BB3@*wpmY?XA@x|N7E-8)YHbLX0o#My9|@dIfaA!`2bVbFjQ?wCl&EZ&)9&kUw!*80q6iYox*Uo2Tls zb>3)qaFDQ$DC@hWFNagC^3|4&^j2#ZOW(hKIm24F(YdejQL}SLHqzKU9to;5&ft3Nb|8v+OsP~BakG``md{6ZJb*3;&e_G-I{Kb4^i zn?gIkwJlTBHfGQ5##v)^r_uhIg%J4qjc>H|d))0E=g!0>{fSjutOuge`)*@(zp*-P z*in6EXj5sb^@9!M*0W{{zt6vDP~rJoduDvffCRLjAUx=tEwz3KlWfz+M6+u>Y3{4_ zm0tpGXmp*Ur4(fjRo<_+etAHd&81YLyk6r;fLQxJMVP^p=I>v8!Jj|T0rZnU>%2K6 z?=)6B>VpK(W%_}3%;MbEp(89#g}K(_J?rsJBTS-matrS9R_FK@^=eY_X-M&&(R^3$ zb9(vOcJ6tbs^FO``(*mMh}k%nfb+Qw4?N&*H?Z3_%w6ki@vgl5_RPjr#%+N zKizW4rO^X+^g&|<+$Tk=)p@{a~f?we(*DYaw2dL=)meo$Ji=I zcB%U6?_S;c23*aqw!AvfpJV>C2XJg(wFe;QGVSSkRnLr8Xxq~B&wBjX5FEb=x@ZHRX6FgS zM~KxzqRHxh6CRtZ(0u$V_Lb2_=&F1>359_zjzio3M>?y4+3KXR%0@i5GsOU9#mdWd z7b!dI$setv5yjOr2|k7Ig}%_Jt`3b{c1}Tp5hN`l!QCZ$zF1#|8=#MfB8R zJL^!Vxkfl@bgs0m?jeek>G?%t<#l7}LP-}S+_tgaL;gH^@J2xbz>-w=Cw!*A6<`X; z*D5v+K^L}b4~byX!hFuES>k}i4z59vEUF_)4Q!lE@m>=*r(Od+LUV*N{;gpqcewh& zuHLl)N>|aDfekQ=8thw+dV16FerT>@3r{MmW2peB(_FnrJ{|GLlK<41LIv2SjK&_? zsfLv;(p&ARb35$s%PWmVYWK0c&ly1-Tp|bMfw#=B=!DMp;VwFm^C2|!9xi8Uy5oF8 z4mf%cgmfKm-|k^=`ct8~)>~R`|1Ki((x&`7&JT9DK-8b>Z~-0ukVC}1 z=KJ;ch_c%t2LOgnXhxexJUEpMRlf1JFmYSXM>m<{_l;HPM?S}m2N@KNGDRqsFp@9i%$){FmTenJ^q1Htrn>E1HSq&X@@e|>XlP^&Nf zna;z>e(P5vfxrvedi{3mBkc9+3;JyRthK$eRl8bRz5U<{VvG~X?>sw*3-+ABDx_09|SxF-mwu7n0>>&N`re3_`}P$Q(OP*%a56qp&JsEVn=P?oOd8=1e`WE?stvV zD*`h9pQCn&5=JD2Rg`^D zw!vD%Wnv1v*CrE1zPrRm)HbA$`Zu&S0;!R#?4misoQDv6tkHW0grCyNid+u4!?eeZ z&M(bI=Vv)tDMQXf62oAr!xb8Zt-|mWSpw0p_0GBNPdgcm%K12ehwi{NkT&3rmJCjv zQ=KfnHrWnpeWM+8zj^l6E$tv{ex)z;fNlbwRv+JKZVllA|Iwz#T=p6(#6Wu1=xjDR zTTE^RecOE_?9BG?);!d^9i=^GeNE^ zKjtjlkJ|ZS+X`&mkK(WbEA1SeQgZHJ``c3@$p&B~`p(bF8Z~Fv#rueL6+nH(K=uUa zJplZcz)9!4{t4!$^Vp&dHBiXtIkKQJk-?fq!}d!bD59MWGu~I zv}Q)p7u9TTeQpZ0%n`uK2HWUN*=r_iHI8{!l}<5U)2y&j#|sRQFB4@H)6rI=xPKOh`{V1q=J(84jsKnfx((^P)^MPez$YUdcY-V$gp*L6vUPEVzZBdVcJFb8_=} zFTVv$8T*6WY~DAOywGH12ukGchPV*SqniT8`3xRZUz}tBzg!|Finkin(tnt(rZ+Ah zh}^6oGfoJ;wnVNJ1_79ePyNYRbcZ;QiRVNQ z6ksDOLjv==P;_UxotTf{02h)pqOZF&Y8ht}vj?bm7VM7j7sYxbx><^vUng?WVW~uOeV%YKy^wnv#c-SuQ}Dyiw*7=C$Dl!Loli9*&?Z zJL8x%R2cTSEe$en03nY=A}l9eoekF>-` zqwe_ad_!c%K(%OsVaqsRV}k}ez;63to6YCm!lU8afm4QEqtupP^l^7L%rH9~L)lVB z;N$u{y2N{i1@d9hMgNe+oS(`4b%EkAKh_Zg8B9m8@9ys~_V+s7j7S-c5?*ayWm`JZ z+rHWCgsqVK8@U4*IAwKhnrW&rW~5A~Xz&-qpya*x8}VA?$QE63yNl9K#x5gC1Re-4)Pi&m8lwJ38*nN_@b{11gFZSuSSZ92nKpS03fT7Z5Ug zY+m5Op?Ag!z!eu$gJ6~!y`igU&xd%2fgunwTh6(i#+smL6#L7dh-1d- z5EFhs(Ut3Lr8aaIFVgGIT8D2Kk}S6TOxE#g{@Oy?a17`%Zo_Qe#k_DbsGN-v_}Gab zS;YOfL!AA=l8h&F%zoXSjy2-D;IcEuSc1*RX=Wl9jTO@~rp#fuv-{}f_RA-JOupLA z-8+JFidcwnhG;Nhr_pn_^rk#{DB7l-&$piM?5kDVJKB>Xb_?FVa$vBq7LejsAhy>P z;#)8Ypf>!&tm2^E6Y;h>-6j(~un@t6q`iulzPqG|ABkPbxQ=4(E^&k>c4W>pKEY=M zk*7;lRV)P1OsRBj4u}vTLu$CNct}tNY}8pMCL2$AvoVxkit)m#4eFUoFf@bMCW>P* z$6fxy`eVZ~ysZ9){3F5Qg@ZG6Z^N(_buiF#V8WEd1g`bLjC@7J7#L5Oe#n@+@v6GU zU0ga1QtQGzS!eYX__z6MNQ^l_LqXK=BAQ+)E(zshI*;l3pr=^n{W{~n|K)!&nkp%kd+ROgd}_8%zHS|(6mFxCZ@rQ1Znbf|o|Tsj z@VKdfLl#4I72WG53Hyw5xZIJ`U8gx+Uq>{z)R(0l&42O5pYaRCCfkQ)z4QJiv|){% ztKBE-7pU)<#h;#-_nr^)Urx!ZDXk&>3x0w4X|{NLijY#Ux@%T>w?B429A}jfZLBoj zFO8R5cmS^Auh?tuERBP|VjInydSXbL7M2F8Z0{PPy<=#i(BMO6d2jj05vzOFXR=NxM@<&HLm9`bwnaWy!`vF4DjzeIVzi`R|dh03~xc=mh5x{VgTANL!NkU)J*6`e~%K3aZ-uZtcSF0k-N znt8o`@gT#j<=1~AH2(No_13cof5z>g+4`P-Yf-0wDH&S)49q31JFrOs%XA4%Xg*0$O0Uw@9x&akUh5)M zd!b9IltNl$;M6aq!LQMMAT0+GtG=BH%#&5tH zw-t~#QaLaa8JV>p5FH8GTe{4fUI@ZJmGLMaM^ZMe?h zJT_5W$|qjnVibdoOZXG}YL4!!++KTchy8t%^Z|SEnI8Quzet#`w1ch?g+#1wkhk@? z(hs>ma2H-+qhchh8UZm7F9mjkF~`xu@7NJuJG)^aiG{?x344cd3$JEwZ^3hzm7P7- z+GI?BxKS2jbVdF*vZoTPiO(6XqPSt@X~gfU5E$ecLuqT2cN0ZP3Mt)@e)qjcxJn2M4mi^4@}*k z>e0)CM|+YV=-T~4YIweB?MICyiPus7Y24V^bK z2|{*lwuoUaMRSSo{FG=U9)^qUi=%jVRL2T{7bD|MBI2O#a2)#ZsmIk4yhC`M>_p|B(F4tNrBv`G5bLygZ!DUgF5ZjutSJgX93WrsTkIAvsW>wqy+^ ze$@Z&&Ees}Zg-ljAqKe^a;t?tzBaAe4E|R z3n^4Un!iFTBB0AVa9hqoF7M5%&h6rwfVZ4K zq{-I)pVz+o=J0UKguxj=UYJ|qLpCZwMh5Mh73OSNxB9H+2cxX|;k{8{};n~Gm6ipU#_7TWXUgRcm;;J=wT4;&RsFYHKy2XUO zfugl6)O$TRVjCFxqbUQQY}Z?pufPc+DWZ2&858;zn+t;tq`qd%p}-c0=-d6bgZG8$ z?D46~%l*{iQ-YnQyDDVsXzR_22?M^3hyDkY)&$Z*7LO@9(`j*N`_5#=*_5(4PD&sr zyb2(X+hj*TBPfm}c7;yDR00%i>xsQOm^>%sSfL#AlCYhFa&}ehwQeMjVuV|dCpjFX z#Tq|Nhgz2r(!*jh11VD^4TIK+r8~1ge^48k+bD=5)@>ncbAT8feRioMN+`D7Lzqn1 z@BvFAz6?#J><0={d*Oh3ic9zAFt|DwvmJG>%P!!2vC#l_Frm=YE4~8=%g#4s`x$G+ zl0eA=5zaRZf^{9U1Idi5XGEdR3?KnDN+1ZIajcX{!kjbYuzOS$J3{`$AU1U}PaMsB zoS{Sk3Z+cxnd)X;29-($vI>snhe@&2_K6~0(iYzq9`rL5D;C)$iZX;5io)F^AU4s7 z3Ip2EmoXm_Ibio<3QIev@5)M{ot;h~S~QrK$^cnt^O46K%8Ue@lEuvz2vgLv)s}iZ zB9>%*iEZL+U-So$iG+-`$}0s2E;kVhn3c-DVpE|I>=73MI)h^0B4{R|jG3Wmy|6gp z6s<3`g%XFJ7BU06lm;3uAITP!baJ*p?|);bF25SJYa$Y~8V^ zcIUEn*Pc2nm+cjMT4`Ojzp z?_1F}$)PM4!OM2&vvYU#vb}mY33IW~wHj5z!7Cw7cji~R1jMof83kYV9560fd#o?c zX5ot~(=|>zO)kbmFnGJ4tm(KQeu-P_0Q(s%XQkHKPiIxg-H5+yB{MOnH{=FaZpI_s zgLfSrZ>Pjt>ql_e(8se!3If8yCuAmoNFeRiPG_zl6=_y~s6*7PmHdO%dES-$w^Dd!p$GSDd1Y)$< zu@l%Z!g3r~u;>E>4#<11l4OUL9Rw z6%rJ?Cw#j2WD`LPKY?#a6N?92liqj1Oc;9MvYIAm0}Jt9m!<`WNEn}*m?4UXy2S^nW-GV4~C^+r2ma5G##zF9G7$c=h! zwGv$)$Ai(~jmmcpY4~rcu=2N77*OFQit1zoE6Vd3Y=f{UVq*$^+6@&R5PZ}Xvo}bP z!Xk(Q4<&+%S4q32au@d%H1)dg$K>VU{c{A98BHjZsG>l?*zEAHF7KN7_iML$s9$MV z-?8@Flx_JWwLLF9BHq!3QF6~fbmT$E1L6yzQwVhwBYHR^JK45t&~%S${d5d{_)IzN zVmA2TvNF;&%c^M_cDmknwA#eJ!i5gIu$y9~5aRV}j^%P8mx@=KnmVsl0tU3pU{y-I z5k9ZpaGTsvF44N7V4`)yldW~r@pTi96qB|D82Bym>SnvT#hzP>MvN7Ra}1fOrrl$! zx!R{Gd?d&ECo|0s&cqn6X1!0Aw3A%+Z?y&Yd)!g0^&!;*#gMPT(?GB)bvPHNUD*OA zA!3_^1>vMmxJm0)ACDH7J0lQD)}sTO9W~NHpha zy?ricc2lWliMVjWGwiVJHAT?Y6=mhs61ojnQ=^2Yl5^%~t&^bur8G#HJbZ5w?z}hT z^6rY>_XZvgEjCm-%F`=M-X-MmTWFHKOMWnzCd7=71%MUMD5SuQOt0YfNkoxJX{Z_c zpoQ{&0Z#fDDfS0DjAmy%x=PMmO2KtE8F(}BS29n9;J_1@w70-4_XnI#`Bt$LEbNTr z(fOoz8b*-sHI2Ul;I*=vrD;N@b~9jcWRsfPw&jQnYzCVFZJQJ$S^j4G#Tf(5Jiy(lKE z3`nHQjt4)JlC|u-xb{RhYDd!ne&q`oT@S}M=NkgyF|2?ix7GI-EGKr3H{nV+rBGR1 zOl|#K01%9k8EjehUYQ*Q%Ch`wiR(~5aEc{-P1Yp9o}eTRXH>O0VSj01uEq5t_FiA; z01^wry4;*y8wq%&=ku(HU}{=8_!G3<;yN&~b-p6I9w%$hiCiC`^MYfm(%{;4b40Vl zVKj>efL(-4D^j~F7HFu0n{C$&cmo-AEkKx~eJ;sh99E`z4d;^~s$*_-{I+!0oi$*U zjrqF#oK34V%<@iTjw0gm*wAF$%TD_+XdU_&9P&2yG#MLTw8V)it7yCEl?)H7aTlRouF)||&sGSLbb6diRq zP~4wYKuC07qBb_qeQCYIlr2at*G-lDWiXvMn^wP~ItnGVa_r4fzS1v(l~}5pXI(v# z|4B8^L`!vN1n>{wHo0)MCUWgh7FgV-Nq%2}tCNx|pASnhN{$fwO|R_waLnB~L4X>A zG8doS=Vov49)=2piT8GM8R}zsr2V!y^C5ZX;?6N2vI(0W`TI9p}xv`GqUvW6r zf666g{0=5jtIN%W!-0n^E#agw4RB({TA-v1NgfVR2EedsEL?<+r8szDIX)-$tPKd$ zOG~KW*kXa~6D+=%-O;GJp>MXN_iniKH?;R?-O%8pbwinK>xM$v_6>!yZG^HnGM2fa zRH}VLsT7K>oArA`sZ{&!4coin`nGSlzNqDHHjf)x^t5kCQrb5pDeeBv#@D&wx^-5P zHDi?mS6$heaw`tB)QLf^S|S-$Q>BI-&@NQHUiq{ZiB6z$l~zW>qbX-(a@Fk*qmo8s zvF92D9ih_vq=_yhc85t5$;Cyg^pUDGflgtIo=m#1Q*gd+7@lBiyn<=1S9E+7jdLH>$t@nSLrhqxXuByBFD`3lL+5YG=<33L1X&qMN==9-0P?yN+wa5D1$3 zs4{zCD2-$_-8t4;Ui$zA(nz8=XR|7Gcj5O?X!feyE4LOXKC*#HFFla+V*-gUl|?9) zS&~VC@RQ{FU94djkCwIF^I^do9KOf2XO(g>Bi?<`gTMfC=txSF-~qq|qu5R<8{I)> z`xI|6(OwIgM%mh_dT^u**Fu*eW+U)dSvUl-;`H1=<92kytA*Ff5a7YnL9%1`hnCDA zpx{AyRJfpTW8-9C&5n5qI{+O!t5QWVyQU+s8) zTS$jHm4*lYByOS%3bqcFY)98}A;4+oJ@z?S*xO+@b?iuHumkXG2NO$t(LGO)?{wkW zG!QbB($g&n8ssUJS*+O{s(7~XlYKvj> zsPe@s+EqRoa%1cEt$jm)D8T`tvFAXp!TiM^>JD4!GSE>wq%y=yjt%HoG9uk@U+AI@ zTC$6q6W&W`WKvcFwljGFOFHzWBKIoA!f#Ycb15H0l6iMWxrtfwYX1qrY^GzGj&h*k zilP11f=tB1BffP=Cbwx3PX!MWag>zR1bMUJk%bho<*{SNTF?%|9ifMOPu#OrKrM=~ ze?r6dWn@~DUPt0~-%=?@M|uH(dybsQ5%3ZQx#dWY=cIaFN-M~K(ocn#;0>TAD3W&x{I@? zRJJ-0h%@5CNEWLD2*`>coih$}s!s)98N8WNKF=ZWG-9PDzc7|g?yce#)L@I>KV88oUh(rV4YZPPLTWsD~W2({?!k2sfF$VNtC@xB?jvI4mqUl zZkn9iO6cS49JXd9Gh&+ux#l>mMKTcR6QZ|_v@}T{AEXn5AobIkF0OvKK$?knW56)E zJKI^v%aryk^DJMP(h$u2e>r$VR)nxRWJMCXV=qzDgjq&;m_1{i1~7rhamH1o;}|aP z(`d9)>DAXg2>3Wl#6EK7_$8!Ly2w68W+BpI0V2rFEA<$SA%8U^@=4X4pw)ngU&rYe zn91vkh!wfMiwd(`9fe^;JfmtzOgHE5&7J`Lw2Xv`z9ZE}_mK;7#tC7onI5?a)m=3! z-24g#6O}SBly)5I@DtI8zce;AJO5!Au2n5;yEryG`a$KAMj_*ME8Q-(>5O}g_T1Dm zSqEM$Tx6ThH)bQ4qW9Y6u%LBGq4zYZP)g2p41#U zYf`6~Ygyf){C=u%JB2%9FnrIt2)u>tBr=V)&g6uEn)}^Ra4bpI~3}ih}ShG{w{EBHG|mYfHt<= zV8azPDI4a;*B^(hk<2MngnNXW;Kqk-t{2X_O`&XW;l%e{6&$}#NXiR+v)a0H(h+Yw zMM;M1s$LIAeZ>rTi1@*5ayc>)M2yikpBp1f&_LAMSi0ls2#L^3tW$+R#B`1`_g$?@ zNCG{o)a?&p?1>^c8gZ>JP}ekZJ&Nq~VAGS`*3cmU|OCDaF9VMVXh8=cr*vblbj-n%4uyx5i6D!a!9(Y#0QX)*} zr|2gDzaAgC+kzU!^&{m1H=;@-{ctEDXeXPy?`0GREs)))PK?K0hwy{ zb?J-%54{?r#64XKYxz<$D@wMHxw)i6$rHDaH$2qmBd#)--(XDFM;yjr6C?7K$RHUN zH;TPi5cm~0aLyWMEW!q1G)pfpxUp{z{8X0g+Q~uPi2{+!NU&`9svue*z?A~q1?mTD z6ez9$D2tq%8OF3RsQqWOBXj%h81C0Sw2^`Xel8NSBIKv$;u;T}%G5SS@4HusACBW; zpWkfOuBCMaaIoGPa8t98L{J-C;47UW@{jiei(z6m6daesW66C>*nrVNZHCSWI~;m$ zb!gEE@)4lgboy-k8N?yHKDJn}l>rrr!*!aHAGzWFh`9GhB)vi8E95m1kF@>_(`8*e z?+PCzg31yDaf$Y?2`(ae?H^fwKbU7h*is6iX+6sP)d1wyPwM4$#SFZPN{Mgd+NHV zlmeF5yGO_2h>l?#XUL&t?|j} zREyV7tWu6GW1%oXBBaH{p~n9ZI|m6iqCr%iwf1<5n6#gZXU&3JtP&pj1(DQq{JYaPHVm5`}JFbcPoP606BeNI$XiYN~(h45;vVp({u@Ef9#Xp#m zO3zmG+^$fu0LckJ8_T|+90mnzk3KBBB zmE;K#$vmjg;BvNqb#^3!5W+D}&>nP0luI%}HZPSP%nqK3Z^>E0f`L@!J{kY(>RApV z;Dh!on7GNr+V7&(){XYbu^xZdW9gIP;F9-Q#GQyllOraA1S#BJFn9G&=Bm~>{hRJ#WvuQ$ga$$Kim5;Ex;0qOL> z0%3(K>29&(YEly=a3TvSP<)zn3w6@)5UnbjS&V&-y8XjvT$WF$89ChOQD<+zIeB#fk?_^f&1Pei9v6R zqRrht2&t~vT*a5e&>m_hgovl1gbyt}9F7q_TEzLoKK_l8C{D)Sqxv387J3dVDEFu2 z*mTyqTn7iC?CEfZbjC*uEQqu1qY^yBQ_-F@3NyVH@jb^ge=LWGh=*cjz01W=#^~cI zl~RF`&8|Wy1CIuMhz0jo3uwW$hSOdk9f2aLa zcSmgD&PIPG-D!G9Es1k-ib-kpAykzFJSmF78Bf;k_=w3@q}{zRvh^v9zvk{CXa zfGTJz(dBd&Uu2K6H%Ly+O3p^gTlgLbPc)aUkzV*@MZ88ckvc6ns|d}h&nsS}g&m4> zRT-=TGH?UQJ93SwpZ|HP(-^%+9)%WBcVj@s;ZlgYmtBx8MwVL^B##1)KFdtiBeu%m zLxw6$B4@$3Eaklber zx`>zNRT9H=WeGmv>=m9kADNG**wI4Yz6u%vs|~AzelT7*;{*`9#iW|HV;07lJ7bv( z#RS-zk>ZrZcbj2+$*-+3CBGP#^a$CgN~tyDDCK8^DW%2{EhJ{b#Zr2{rln+?MJXkp zN+~&CgS;j2aUK*d&bp}9-gysySkmFgkT zxOk;REo&)30e(sep{cm!S${D>EyU+K$i}<~iTGXwS(X+pu3|!*a(vh5;&XtNA=^S) zj!O#}0gVxJ%z*qm3`hl8jOndv;^?d z{bCyYg!A0R#B4I9_45f9ItbG!&p6lvz^XpsvRMFxSO1ZlIJcrW>Ks1TX2hb5G_*az zQb8A0RKDh_6vF2gAXVNHrYrGjmom2d1P|l3K=7bo|G7X8iU8Y}+2&;;Fl|mQz?@uWl zpMOKOpj`r6Dy4NpbcW4T6EcP~Zjw2aR#6=0Mjx(_SdA7RHey93qgoAT;Ei#LTWzUM zmRhPH^l};lPGgbI|*QC?s|bsB+p5ug2Xo>;m@f0#Q1__w39mvQhxeqP7W) zanPQIHDgRLNq6t6uvJ4!xY)#UGIb`3NZ%GSOO)%%)DP8iT70v4NZ}L{%-f}Wl6sQ2 zQUYT(*iveVm~sIt+K*)2l~VIL)+L9Dma;Z3`p7AIYy0wM+v~Y^n{rJu+$ zZ}6FwoWRAchsHI|E|V`9L!BvC%gHcVurOxIh0es~FHz$C%x=HLTK22_v;D`!bCe** zK1@-QZek0`J4&-OP%+SU?;2qpWp2&Edrlx5AX zxF?1(ObJTnTE0BCLUp9O)va&&KhUiZZvI@%ETSIGM5vfio!; zDYxdlUR_i9Zi(DTU2B^c=~Z2A8;E$8Qr{6or9>}!-DJe0>&&U^BuUoHMt-`Y1v|t4CXPRusAX4+EtAO zitvkR#T6>0Ei6vV%Rn6yt^r}p{`q3~Tpt9ViuFoLZDyvmeKJ)~;4@bao(DPn&Y#5;kZk_6>4&f6x

s_Y z>+4ohN^7-O?k%R>x!JM_zt)1H)K71W02mB=g?eaHR3VjKzkb>@}@OJ$&9T!T0 znC3@ONV>iv-w4Y4r=}U!6m=YV?k5^q=-wKMoK>NHE;(*%oj00k-U`LIX!E6@yiCPH zq>!iUGS>UW9bme+LJ{fE#Dv2f6s$}N1s2$$LQa15&J(fCBspr89=+q^SEjJTjq{}2 z!wuQ)@2NSbA%sa4cQCV{%u+F+$Ndq51bJ=X-zZJ2(?|QoW(u8*zO%MtXAeastoP`z zaL81{GjFI5qL|5QiY2|>>CrhPrpL2zhgq&AZEu`y#0rp1@!S_P$yac?^3UDd)1o>-s6YtIZP=mkA}TPln;D`$pm!C;a1k_+IQ{4Lt@uStCg&M*E&2z zSdK1x?You3Lw&+ASsQ-0dU)7!LlpZ|1!ExjyU`(fU$Y8enNhHzB3g^o-D<3Tckl2} z&NFRFhsRE-%>6v$oBXkxXgS=PHOMho5w~GTwua~64H6_4FLSm57fo`3oQ-oml(EOz zDfas3z+-04Fz$9?5V0uh^5YEAqOzw)V;0aONM&heOMpIggw8W;SVLxHzreaM^FQ=HT7Pkm~1A_%4rAextZ#L53b%1;JmSU|EUIcpLreMx(e+8`C zsvNax;`>F-8t}mYoxrxxG(VVHpbP^_{z}*di!c?xJ&2==n~HQ}f3pya3Puass;wN6 zbWK1B6H73O!sao40*0xRw~%Hn$n4n-tG!GmQQtn{uH)914E_jwjIjZtxi!gnf6EpD zL9S*f#Eyl8RZ3%vWNCUo&esEFKgv(Sk?jI34B*)uA}Q3YjTJ3>FI?uu1zCuh>^m6T zat*b#bSd)4sK?jj11_$a8*^dcoZFV9A+hbyf9r`|XVEY83_95}AA_?zaLV5;Hke8j zQ0rde>V#x-$o;T;etKoz$8z^hq87sgaU@YqA+A{B=f}e-K55Ufzu}WZ{XR50FxnQW zVC)}udNw&azyxcMyymkGgG{B7{EYrMc>xVQ#h~J9=hz=jBa`f(%R0pu$4G8-}I=J5baAx;F3rGIP{L}Inj;l+r;%q-fGxS_-!_{*_2cXSft za7KOYf7NxcPK%y_?n0Za5m-pztBg8@jDV=Ni8(e;^&yw-F=p%>&cRJEQFKKejwVA& z&hSR!h~mu9@j<&Bf1mc{wcUV=vVvS!24EhN%F8HwrAW8j0YsE5*vyQEsw|R&u%3PL zyrL=_$}Z>`*!_`~%^R4zTujar01+sL_r?l(y$2DkoW=xHkc0`yK9x3YuWGuE5mXc3VO~k6_-Y7 zNTi#E8DnkX8ipRk7n&NY_D>HPlw9Ew9yz-8BjnU^9{4;ZX@&9x&cs8!1P?jP2#Dyv zk2Eb=PQ|;o?Fg)PJp5ONoJnxgk34Y@5lYAQx;s_e)|~e>7c?ZzI2Hk-T&R+8feNVO zPXU3n5QJb`)BQ=0oHx~5gfcjI;;kp*fhu(PSVCO74yQu)+>v)_p?^d7O4DX5MJ*_h z?7Nb+5wRPvsxlm8SPn$# zeO)wI^I_i>LkM|FrCC|Mz^HrQJ#Hv&hHOHEi+-RM@zurF zkai;ix*oh5i>Szy7IzsFYR9sCu$;4^pf|Dv+hL*ceT5>A#l13T?L9$#U9yfqRl5P>(QA zdbDIHF}i6!MMF9)la=r21(JKjI*&yF^bWxtnV+*>Ah%X>MK4fVnI?uUbd+S_vyi^9 z04gFuOn59@qZkK^7dW_9LBZ}@7DmW|M1ePqF~}Ea%!ceISnlJ(iLZ{Bf*pE#W(G4@ zCv03f5S73bXh%=^aiO;^SnADt$N5`$QX%c~NPgJb3>&=W3M#w8^7xo6^~@4X6`3%v zdg|ytqbq9oHkQ~A1-()L(u^wL4QZE@)4& zUa;&C0O1pY0%xG=z)KUGL&plWG5L5GndRHzCA$)FLQ=oHft6V=b&w7+R^06^`PpzpYYwVV|97EJ;*$ z`|qk-S1CfeDW$yva2)zaE^k;?AHlp?QGFz{wR+RS`dsJD+6`aaykTK|{PTuI{p+1K zD{P+Q6v@QADY8AVCQ|T?+3%V`ix&?)Gqlsp<(j13?wXJ^ci*T zkTVPCn7s7pi*pActYg;orGq@8?|8;c1 zb78IV3D0x(wCOChN_tOn6l4 zEBJkj{g8i;*NW7oTPur^zttxp9FV=tbc+|=)wfGT7b?kWfb}=QmGzRnc+;k1FRjVG z>)o?7m0L6|w3aG~D!CXSLdX(~BCXP=@~wV!Cbz4g8^LByL*BwCON2JmZGL5tdLh=W z$x$7nl$isZ6<$bEsp45>Wl9Muk%3K%l)WhDQB?bQJZI?xRHi0br3>!jR;>80{EUOQ z-26>>d)%W@w(E<*>Y?ze+`6bTR<1U~YB zYO|NI8ey##1F;m>v682*LcPL-idBlqD!sS~jcfeWE-e*s0M$lz2}@g_=i|IK&`TKb z_4#>yL>#6=D#d;&)UVH1{q2(SH`{x@GS_CRriDMK5B*|2e=0w#pG(RL!88m&Bv1Y*3~L!s7Cm%TZpLeN*-I*OSE!c-fY7cDBg@jt+%(FQg#_n7)tWdl zQxvP2>_s_0b#s%@d+ z7+l(H$_;vYwbi_Qx#_$-95(vWAnP*Nc#4%sEg@TDdr&7FRhL*zWKT~9Gyjggt-18M zDz%-)FJ4&D!fW;+H7c4pFE$o@@FvZi2N(}ZnykObG6z!(Yds*WH65STYxM5P)EG+4 z9X0hu54>)SHgPMn%uI5d=^iQZSgL=^*Qao{6oo1rDIrxKn&@4HGa_cmtSY~$Ej}$o%$&F05=vMuw+y=5?{k+ljW^n~Grk#< zy=oNs6*by`Y6#U-l?`|7D3Zz#4ihinHklhT+M+(3(Cubl=Z61NbZGjxx_8kYUmlK8ZAZ$GrlGL{W(A_$%Nbz0yio}u`*!kk?>z{lT zMButUSCE%RQ5wl?wNzgmK)~MQV2XurISIllKessTFyah^&cw){CA5*{gueU^5qr#X z^KKk*wlI{;GDDwn85a9|B78IEOk=mr3ANT3+}ak3`v@H#dQU#G5fF|#<&i*itqFBZ zxh!%_rBn$VRyz2%MQEb<~O4Nu_ zAOQzoD%cusrwi>^@DnoxThqpkJE&aBPBsM3pDBUpxdxnqzD`CA zA3i%vmBR|+M&&T@xKTL_nr>7M=HYtiXke{Xqs8IMRMglrH1MeVl8|pUT?t= zyzp@rD+Cz0EZU=4S=f_4#NF*%EN@j6|L^J8#T&KW)&o3?^e?k64lWddF6n3#DSk3= zqjdsU%dj{W;^7?6&t(6KcqnI00@4Iyem)i-r2iPCH>q9F1!w?U!C~SB?Y|U*3jwn2 z-XC1<9J5~`97ds?ymab)hv9y zq#!-P8Nqugzllh8XQ58%CB`rITJcT%EuWJ%Q^ilFO=d4~90(=(*mnNm^*BKAC>|<> zgTa=rAjSc{EEglQRW$hO-Z18z5f9*|K01@Ft#Wdq^hW-T!$RRgs>+JOL}pQ?itmNC zoMG@$*l>gGy&uwc?1+lyuQHlbTTtY1h!BJxasNy#0vk&nDl(~qOV^LO@|3<{XhLP^{<*DN&~73ebm8h#OzQ`@Jm8ta%|bJ}CQCiyWs5m8m)~lwYqC^Jvo(_} zYd(L=^1NTmh!@X+Xbs*tWjB52tT;Qa$yJMT{Czm=BJz`*Nl_VHJXM!oEx!$Q3u=RM zg^&@)Eb{OKEBL|ta9)Q4C`)u+DyBkNBI|@iDOIWPUSN>5?PUkg*INf05G-Sg78AW) zHSiEbd1t#FC{d4ja=qc38S!f}k)5N}@OgFU6?SLaXrIr{AQHNy6^AAI@A}#5;FRZD z)A~FPs@h4Zo@<8d>&dq7+KRH{{oI`F(E7$UM2tM)n=gc+u$(=QI_h^@A$cj`gaqFm zd4b~lLcZPXIlk6OS4cFImR^C|-9fZXJ6sP_7wQv(a zl`j)@fT-bkw6ewF>HQ|1#pzwcfN>ZHvguD+JdoCoE7%JmzaiCPn#yHv4pt(6Q(j=4 zK#VW|M@{Fs3aKi)**(bw=+TH9RI{kGhK+P?+s)4mY3;l4i_QKI=&xg-6xkYCjPzgk*k#>xB>Cq#3A;lUKZ) zC?O1fBcl32p0BdeX;nOd!fx3}#c=NsnonX$+xCTb&A*VJLASKsiwBY#xHhvel{?;b zptvSxwZ4l9&JSiJI-6Zg$%L~(=SPh8L8~f|239eOyaWj~)mXVj~km`#Of zT0KH)P5l!>#s?VvTwJ^bV)T!+w@AVNrnVLl?H?Ui37$oS{6`x8Br*#Hq&`{-!)3lyaC`EolQSrIgC}2x7h= zZwX#P5-(F$n1ow{D4}T})J^uH9(KDSz`Am>7v+Tc7-B24_+GyxVfS(m4o?=0!J(jL z9G&y`YtZkr%`A?_AQk4#CfEGNk)e-JDyFNvdFvU({3%N-VxBs(>|$b8GU^wsgkBb) z;`5;6=C)4j@=1RXLf-+XX$=mcup0|_l+yHF!sGb(M8HN zrMS*^H@c>r2E)bLl)0gZ-KGW{$ri$LGLFsNuvks6Sy=uk)J(aApZ<@@z63hsQXzffmZ(Wzx7Oktu-LQqUAv%8E587j!1Y7zsD5&Dx76hVyE) zXAj|wunM_!!OPekG2)UXAxV!V3osVPV%c__Xr#dwG%`E!x2PCCVMi=7K@!Oz`K!wc z@+@U7wjSRL$DNN~h4Xu^T_Thu)HNclmp#Hbn0zF*!YT#a@EHdr-=NUn-=$8((T_Qu-%QkuyP0QdYT4f)T z&ahBrtEnhz$Di z3f>&P0~bG-UO18cBkVT5-@s8e zo@a^I^e-gX+^l#s1d6mQ!}|qFS)nJQ3260#Y&m9ghC~J+BeBM?)*l?;5m95Bp5+$NOiPNggKPyGUWLaz`!hN-(!!Akl;VP{RIx4wV6&dugQ+)tk+~aIlTUU5%AtFC5G}D5#TfG zY^)18pePWv(dNZ8%_;7tNW6_c?{he3rYp99*%1)}vxz#?r4t_Ftw`wRRX;J{zKi;CoX?y9P z)}qF^u%`cd?)$1v&Lq8P2C_rMY`%n zc+)0t0=&<(rAg;Z6kuNlHPB^sX zLLH1-3fDjwZ^b=&QZRyDSXJKw0WCogqhvZ7T*^|!SIb(2(+%qjHeTO1q%qo_psXV2 zVMn0>LZcs_1b^Fdidr!)G`Em((5toDjChZATk_0gEB0PvT;7c+GluCzh;F ze^svQv0VKYpOp@KT*QgOtL1htOS$=Lxvm?xsN1{&Pb;@lD3>+mX*aq zbPSPZp;?VPtZgPvswpNdjR!Hdc4Y3uCphGhW|9OuG;D;?b|JJGddbgitImLW?!shv z7Cr?{Q@N3#%7yKln~d7r0diH!zU&RoWu8c{fFw1U zlwIu1LSyLn?K)BaGx`c-d z(hc|FFmz+1+SlxC42505)HcLKucg3t4K_>GKTkOKV5?|9s zrlG|q`2xd4UsUF12a}T@xQcwAKvFI;a?BlG3JBsjyZE?V=8e(j>hH96H%xz zNyBrD`ZD=bXvqzn<6tukeces-V>LFH<)%ftl;vhJ;9~B+_8>+)B0VrSDbd?vyhkBI zB^x8sP{0Nlz8w<#@U$qp4k(xF}XYOF&oqY-?y2hr(OhmGm9>xbb& zhNG7aBhL}lC@66S=sdH46gl^DeKrSQ#GQp+LPMqfTWKfe68aiwEVLk#;iv=3YbteT zYSXUItQ&T=ep;K}1VJGIJ7w)&EG+&er+cM6Rlo>HNl?9Jy5}(NG}^HX!0?Pm*QEor zMZC%atYquVXO(vL4=Na&4=|i}8|j9HPlr;-0Q*U%Zi441vLr%8M(}cC^9b5d*?OO$uPNQJf+U)@(%K9ffNr_+g8>nz-b92X z-z04#b&_xJwAx{qQVU`3ZgyY+6-+noWvYp$Ul1cQ z?k61_g7D}nSn?m}W75HE5|55o=UK?D%#(9tI-n5@u8G9T2g-|Yb8kiK5(C65}(;MW4Z4IOCEic*^m;sAfg5%N`iUi(lw}3f| z+KYopff+W&Ve=|iwenQ9Q3(?eD;>T-Li_t{>->{~zTqFGy{^T~7f$%f?j83!-`u|o z?pwqLL0>g_=XT17Q`8wT&Ed2kS34&JYuBNpL zW+`RGfD%&Rs@iMZdWL&xf>pm9u!_@PD|Jvm2ty&nP@2;XhoUMVT?Gu~0jU&@5jQA> zi$rzsHZJ@PugSp+|C*c?J0G(%hV`oPP%{zHum@shZfk3wCS)2^4w9XJzD6huNix5zt{4$#y|7GjlWQF8BoPdY`iU|9^M@WB`ZU7r?7Xmn z1gThQfep+HZ;ZiQ?FjD+RF>hX??rd!Du^uKRP9{fqjSwHDDh6 zOW~G65l%}94#KAey&M!q0uV0ZuzVV;C0nDk6|Qv9XD=O_$Fa;mK1H(m@zT17p(~hz zvnufffkUXY2E&^hB4jGgD0vh|A-t5>EXXhGJfZU@ zM814-k-LIINI-vLyDKJ^<6?+zI4hQ?tNiAq?`Bo@pp@w47-+gdaWRb{J0AlyMA@T6lg8Q#B&qIe$Zn!_wL-1_YDM*)ajzwYh_2 zDOH>06l=PiWNnv|_!`LyJWV{Y^C^YtlCKZY`AF;=O(wqD9Zb(8MxBh!*gXuxBZ}B! zg-6wMA?^YN9Ka(Yit(! zx>ATKa-`OqYCYt;Z=RBQ2`Tx203X(K5KgG#Vw%bY%OD?Vw3PuC<;G<9RUTG$2nPQY zyIT46#aMd4VFuz)WKU80RFc`;g(VTxSQ68_6^f~a;%jg)&)ZP}83?qk8$EXh?Byfnq?lSIPeQUaBVPCk` zLJhG1&Rik#yu5U5Em9R*+l`-m_XJD#>}`R0cT=inG2CZ!yZ9C(a5n8SS((e<-Q4GZ z@DDV6J@o1ug(bId-8Hx4)894eSh=Q|>Z<+CBgx@aTIOADq5%^!orud_vyZb0fxVa? zIy-#8yaK zs3}^P2k4DE7S)7J{Tpk*ylP-^8fwH{^?f$klnutpg%#Ekz~%@86;{B$S!jq=Nu+6W zNDaph@JCX?7s{AhvS$&6Mbrze(3w~;)y4o z_wZCQPFWg!H!K?f$Jd9A)eEV#)Vb@OnqBR?z2#OSQKE{4 zN*`()v`np_p%qs^6$1O1otr>%oq;B4w;9?cl>$S3QeBvHIoXsbP4)c}wJA=<_CqB! zKd}c_6DKcIa5fX-C)3wdfQIF%m}!h3UY#M)Vn~tg1r zSNo?uyKV%}_j%{t$k4pCQll$0w(v$;mCe##TYaaw(zf@;psoYWk*XSKx=?l@nCXZNqtc?`g7kVv2Rv45SG?cOaCJBP`gL?8W z9=|RD$j``*TLRtuE@Dm2f2no30$Ii7K{fSeV^!5B)uG76$YfKGpDLBrFRqr;E6t;7 z^8z|mmq`4~j`sO?gnw;SJX;K7gj1mPHgBxhQl$^UT|Hhd&(3FhufA<#+g8VLxa_WwE*{-laU|vi!r&pw6brUQ zhn|jbv9JL7=fuu8WHt@PU03!GN?XdM!}ap)ck@df?H=OG9?c)= zy7tls2EuJ)7CLx>w9?x6E0tr2=zms)SWh+!v7&4ier7w~Qj9C9xHN62^HAeHf=gMP zoZr-91`Z}jShm-a^8-&V36*z#F>bF$Gh4f^`%sj~zE+D2SJNjnezYJHZ6 zYQni|ttNP=oG5pnJxN3>P1Rwq0EElR%40ID!t#!GOaxXN%6Fa|+8ma7G5lu9u0ZE%m5tWBy(7lJ0DOtzh$J}iTO+`5jR>FAqW=_R zu1)L;Xdsm40>RG&-O$-0j^ofgdUn_zh*& z57D{c*sN73)qaScHSGU3J!{MxD!(6U$QvDN9*M3!Qk57~mVA(Wja}>q;CnUHq#T9n zX=K=sb0cKHLdR$Pgw|Mb@+PLPEQgQ=J6@yydo@9bTxDIAo|}Uehm)mAXxg$ee~UFx zjn5-C2i2BN`|lJI;%QRIPV6j8c56rM45FUyXqG^G2#z?&G?PuBsIuxQi-)#-U3DKj zFySW-b@y{hTJV;&zzDfqoO-29C@DSnb$^S-7n%C)gXQ(nIRe|<+|J=R(L;XnaWGH@ zF;gKzqLn3yg0ifxH5X4zX+wyKXkjp8q*#474YkOFqBDx*RP$!Oo_V;IE$^U6t-`9O zKH{fJ(O(`;&#xMLWWU78w3>vEVI7Wp1Yj#vEl2#=1gb$^+Ls&iLJbRj0gIdd5=BdK z-*nJJ{oX?!{hCcHq$J7L5F+t#vZGSpTORX|wySS{!W$EQ%2AM+puuL{=&u= zqIl#BtVZb%7t+Df_6boeKp{m~^vyNEE(+=MRUED)IbWbrBEbbaYM_Uy)l=>m*pYctYXOSTWZ!euKx5o!drTY46etx10#*G9FiZoP-tJeJR_!Tin_VXYa+}$JS z7B18WQ=&+1V*Ft3jeJ|dvt@ojMh-RMuh{A=7VmT>}Elf7$3K3k=KyS+PX9LJWnvWb{3I@sz2J1(-C1Y63R!_)*wv>vPQbLC5}kh#9p z%R0v(WQQoDy2B^CB9mY9=$RP9bQXRC!Q0~RLByF&8!^rz5ZWS`W58R^NiLVT7!+un zC?n$dc(JU%1>dHx>ddSPosgCYsutVrL>hTU@5&bikr`>hd?odpQ<#W0i%ZZW0>d>| z_vz<@`L}c9kX1~;!W{p0m47)qCI8C&^hyuU=V!0tNrQN9F^&uO;_r};apuDpc4@Wu&@RVUE=o*D5njPcvk~0p1_3Zj& z>5nMVS1zf+E1b@ec*9n#YSSl*{u$!FkRxisa}PkAtSyeCSFYAN;bcs{;ueQD{+TQ| z1X9PifidCMsMDn+ZFT~Bk>YYJ{SxAQ zRvT>OfgpF6@XIk5Bdf3z11*l<32%FSP$Z0NhUBkm`)?GA-ZFxXt6=luozXgT!b$HG z%sFM)Kqy8MK_2^y(kuv`&EUbD(978qZazovlRHb}8?Df6dKIj^lkK(}6>hW?vnn@A z4}0ExX;8oMzR2SCw|ljE*ByFKo=z=#Mic6ns7+HDKUE6-+*lix4-18ec8}L%G0Rw4 zbdWb{1d8`pj#zE6m&gF$v{nBZt3@|u6}{XKk2J4LszJ^!chTI2WqL1kx7gWc3H){R=qg?juW zR(r3T^jWDGHrv3?x^ITb`$8Af$_hKJ?qN9>j_@NZYrz zmuPr#Hyap8*>?0CdBG&It#9;eD{9*yk#99JAzc+9Z8GFyInGNa>d)T34eQZx{Ob}0 zVYZX)19NoKI1)Ymd`b1Qt0c9{ z7fFkXesj6WyHw^4N9Y1nq0OL~9fEO8#YzgAv6L}K_E9C3AOh}{&Pgh4*043qxosr5Fj>E4)GdNpTPAD!=J}-G(52_tJueqHE_nc( zwMqq49sT~|>*o{4ONCFrn4Ssj;TQe<8ll!1PUnV-}p$bneXY!-1fm1g*`Gl`1{1u#rd0`RfbLPFt?2u~0WBx}!B6J>+94XNgq z2g!%)?b^!nPU|=x{WVIPDAC!kHIB!x^AR^Ac1WII@{Lcf8mhgn9ZVXksHi!>6wt7&XbPHdh`NdpCVTR3iR0d_NYmb6%@` zc-4#9+pE3hTMti;H{2{OdBjY}Qb);bk$YSbo~gJSM6l?*=Da8u-`jOmZfsTGLHM5^ zI3e#1r;s%FiuUGCP@SDe|nAUbc!}FNs*8McHE0O;hdrV z*?ep0H6A>Uxp8B<7{=%_Emjz%WJ}N}Q$V5vC43_OLPnRi#(0qjOQVT~$oeV*X9|JY zLjo9pvpC@#(00@`NDj$9R8(>Ck)UPpWkkC#%|RtHBFU>HwyODwQSVDB>^Cx)xuCwb zo@;Uyr9{a!vIU9yO&tfr*J9{y_)QwP^)0_J0oEucIpjOWG$z9%=^br^op;{uA2<=E zF(gDjBPVbogt1-B{uZ?p%h;ZBw91VpP0M0-ZpybaTrkZWOUv_8qD2_?a)~C3;!d$) zzR^3IX`(~KFaSYDSzzhH0SFjdqab@VBC8OJ)Rx6g2xp%7qe;8frJ#(dE>Y=83wz9= zf0OPt$@f~$C_Nw)yM|v69txWT|Nit6%^qHi>0s9@7`KSG1g{2CC3V^vl_9H_${pDJ zhF+6VT>+Xp`B492&k0854Soo2EMRaL)u$i6z2y zZ44=WH)z|n7+qo!vYWN-%(jWVR@28nAXyuy;(h<1f?;c;4XA9i)bK{S@nvi-?HnT@DNA5;Fh`E} zY>Nxy`>dMvYnRWyXTRo(`<`v_%*`=uTh-nK??TkS+Y1du-tP+ySl;giV57AgSsT05 z{$8y6*7{icZ6EVaNTs2V+};RE;8@h(0b0S2O$oeU&yUpIv*X7&2aY9Tf^@FtKGyNA zbOsXCIM9vqzGqXB%3uI$s!fxXMZU*tAcrXtRi#VD?c<}b?5oE!7>5Dzb^#Khb|(^n z){Js~ysdN-yf_?~SIosqh4DSR2;~e}9uB_!1o{2)XnOn_!Y=oK2{{H(e)vNpN<_)t zIZe@caPCLgtASE5j-lyjQHtJqsYtV1G$`HxVve3%UAVum3%BwTyP97a=T%M-!TOeJ zJ1otgA)Uj|?dGr<@_>6n_{(FpdY9vm(F-|_`%0p4==BNNY-T4RgJUH{Ewx;TgOicj zU-U|x7{uC6&&>vl(f9I_RgD)P5XLGdzxVco<(q}>Bv+(?6!rR>;z@e#OSTsv+GmZv zbfg9`V*M=T3{TGnCHOOj(p->YU5afR6zklLY`a>ekMI1-MSj~s!T2)J9yS&SDDg;T zr`@I=8v-L=sz<3~okJ-%a>NqD7YfFA&1@?xt zgxah<1vE>&SYGWPDa5e3DMng5#9>89s&CVW2qyE?n};asI!?Gj^WrDbp*4TD%x}e` zjpP|-@zd38{i^1t_lxeHPH&)WGPyB`!%MCc@@}LZf#Lm~Aw-^pPJ%~k3<_-xPWZ>K zBR;LySyt$cNXU~Sn2T77hKfvq?p=dAcm_hbHo=VNq&Ydsm$bPy3e~wZi!1_1oUc0{H4nOerW{ z18Q==;>wo9XCgm{9O*$W(Jtxo?UnTwt?W``fN1vb)9Q5+@&j_p0>557bu|B;=$;yn zy;*oMY_#}#dVzL2{QLuN*Fs{g1$r~<^C4-?WCCGIcB>auGo_gxs<$?k6XO5LA>MRV z?TF^<=GYRr41CGM+IZmO!?gzY&|hHgMwJFdBG;L}qb+C04DG31cc#LFY-oJv-|CbU zT_^M7czcls=Vk6s9<+E6Bv(L6UGMV;hYyy=7JO`=2n}nY`;!N)vXvvi#$YF_DBpE2 z8+0CgvlE?mLd|}OK5Ut;3OQGseu>&7YDuwa-Si4<_-i}m^!mhqa+W@yeT%8}1#6-; z5B9_ya(X3UFj#kja|vncWJ8cO&QccPbKX4bi_h}5Df^)kw>_5f=25kH;FWD|Fk@^s zm(dD)1CLAVH-&pW0LWMXr-Z`zZ3VPNF!hTKaWXd__@=$8g&M!IuLRX;fBP2%&vuoI z2bMK$5W}8HJeVBJL`2YZaaQBH>D))jMoY^Uft8w`H`>b1HyyQd=8${e(#$1weI~wX z0Mc`RhK9#RBi&yP-9x+}=-EpK%XiI4z(w2e9`jO5B$3+kw%MsM!qs@=B32`AszozX zy@yaWQtJ09vV(eYvY4Kt_sRFdbA%tT(s>-t}D>kOa#%c5WAdh!&Lx)xbkajFgnKfTvl$o_iqNSh?CW&wY9PML>0VQk^?c z=o9`+Wp%7ZSDHtA!#pF5<0y#&*Ll#PceU!+esXbIp5sq@My7iEQ&qTMS3;eNRb<|xdm3Ynb`36R})OS7~e>{W$Ypf{8g?56ho1eg@7xE z5+|R`GUoLj$RG#!M4Ns5TVl2M^P-S+A*eZ*6qRe4F6gZ(#ot3A?iOBgiO(&@6#tq7 zC)gD`t1mp2;O=^NaST6N&W=xcdYi!L2e5F&mZ# z;VbMHD6szZ6FR-3bD^}($^>B`b6X^oD95S&P|5xE8rmCpT^>|(_-gqE051)-%7bcr z9D4{(aiH}ItXGU47wAZZuDC4NZXYhTOphik@mqVTJg6pE)RMPC?+(kF zcAm(hY2*b>i;~l#X;jLZb|ndejVV4^3!9d(;|Yvt79~xaCig}2-KMl@o5?VmhFR3K z%9IQ3@Jd_p2|Q##zo^BX*y5LtTdvP|vvuCK1} zrb}MGdGua#$x4g5SXQJ~e()!)&aO5~)i%$H(qFHj|IHkyZ=D=TmiF7m1hbJbr7@WX zQvDM35X*#8`SEH=1d+ZqEK|D)PDIKqzg*Qrz#5NM_!$=Ge@N2zUlAWwSb~}drW7d+ zCV@5au3E1M9oWa7pR>w+Q-|OfT5!!c(3$e4TY7H#s;`pT9zT_DEEPR|1-{Y6Z_F1C z7QFmOPn6$xwq#;Cj1MsnHlr^h{RCYn=kaf+Z;Mk1oP(}P@ly7ubfWkNMDSSgzF+Ge ziSg2{FFlsB(p~Je8$SPH@eQbV#FZdY>bdq2MtpayZ?VbPu)J>D7u1N{;qPvgdUJzw z0PIUNDsUVPTjC4pu+<``f8OLm%10rZ{}Ot&h8e5s6{yAG>-nX4z%$U4tJu*L(O;;T z?2TI+sE1TZ>&y8&%Xd#Cy~9uz%ZOU^OG{hA7IzoxHz`u9VJ%WCRL}0x70UbeS@ovf zLKL@gmj~5E{2hR_VrOGE3OQT`WpTjhD!6<%WshQ2wjP^?p=Im0%R=Moq=XBOm|o3U zFk4$^!#d5t#OVxo4MpWd&U~(bh@TE6m3p=?M+a*b1!{rv?b~USSgbxawaEPz^rvNw z7qUpLcCSxxXpKZs<-u#NmO9skRrYL-cy93?JRmsMGInJq_#E0U&Ovx-bFzeYymyz)8aR0udD3Tt z?8m1#+K1DR$Hj;f?qcg8NijxHH{Sl-j~LN8&nXmaXTGNjGj69)f1_2=Qm2%d4$i>AyYZG?GU$Mku7o27 zB_)175!_(^!eI#cwtu#HJydS%)L(3;j; z(@=a^*0xJSjXv$9!QXGo)n1#vd@S&xY{HF-eYEcI#AYy6eCcB>**Fn;ky{MaX_oXN zg*1xM3cWGJdK(O;qRzueT(&i49b!_-0RWL@9Cd z3J%4c*7_gYXfhBo(}>v9K0U6nXu6^0S6_*RJ0>EECm zcS9?@7kV>01Rq^5JaC>>L?&kCl_`PF)TR)a(7d>-A0BzI|4G z6}wVdkmgiTjP130*T9YDceOlQK{DGHw^Zq^^eXxL>8s`Phy(dV{Q>8;QhqPq?5 zE>1YTwyjR@DSlg&1P>nEf{g+XiquNltK~JR5l^R*^w=+#)78u|zupCCq$tl@z2;+Z zE0+_ms7-m^b91zErfz<7rs>3-0EWi_sOon=8}~*~Vz6c*sJoaE)UELE{uz_pa!9a6 z%)&X+*zSXp%NgiDkHJ!nB&A96sjf4_H(y1emgzCcAx7@g3+uS zFvISkOjU|lS-o@t#z+5h}+TQJ{wF4NQqw)61#w7)`Hm+#s zsImPkcgkn%#bk%<+h~$&GRt`~5LU(B3323jn4!t)SHAE8`PB;V5KZ735Qq&Q37S3` z=tR_fUKSG;Ud{<3V%PFcSj~0CQa-A!1RbdraMl62^-J*xK7g#V5_S>0+J^J=n(QNr zIdE2iT>uLDj^Mfs9XoIMuxW6tPWc?=tJ&?JpLk<>!UL>}JHmlpe%Se8Kl&60!;$)Y z_D1~kiY`sr%JmCxbk~NsxO~m2bh2@SQs)F>X5P{@)9N9U7YyDBhHFdhwjSm2VY|h7 z*gm)im5<2_>zPoKifcI-M&#(xQ!JF?VGQu;@>g8)tkhNZCvv~fpL&`5to0tH@k@oJ zs}={ux8xvhyCqSvM~a79u7-&e78}}+PCfv2cFm2LIAw|9gf zx`grf7~|GHQQK~ zljaFm7aMKN_dx81yp9`ZJPnv-5>M*M$!OENi`-y}Udk*K0}k6duZyULn%MI&YiUI*|X_jyGEz@a#QW9lsCk8yeEmyChc`HGc4ZH|mZp z0~@AXBzo7bH|3j}>pdXJEwAIr*EPS18G z+a6($mJ#GTU*rWviTs7qNE2eZGBd+my%r(@#_RX{TLzu_v|(wjPQvg@5P5&v=t z@PmLt1Gm)zty`<#`!FA0#)o-N&U&ZV-Qcjyv{_4HXMaBq;D`9|He7OnjqUdKMq)R& z2*5f?(OaJNreMnoE3l_&wOPtC*sId0HMO2lQT6?_`& zA9P3GjtV2+?k&n>?FSX1OL&Bx3KkX>i1;I?Z#k#qXsBWbUHO_9sV|^z@~@UKe}C?Y zRqA_c!R%#3Q{laCZ%Q=76`wgFaW(X$D|tJW9cG4rkNB))my&z*cOSo+ctnl;;td8n zE36MVmqQuk(Eb$3sk5$UO4@wL$AuUj`W=%MJFcj`UO)Wj?tlcM{5b^8&Sy&Gsmzxr zMBE(^Dn{zpH~5?J0slc=`JuuKWg4w7bv4^)lWH`lwRdBkm1)w!-OGD-FE8lmkc6O| z@S#FC0SQ1h=acc30pDS&DK^4qu1R|5ENWY; zrTpagJN;Vy{!XL)1SP}?VQKk6cgy>H&LBF%_`xBTfz4hvT zDb)Zh9?=>iTkjda3n!XwxB0TCmdBazU;ch;RW)viw0?08WP)ArgD%l6U)i=Y_keA) zH1{~n`%#=iRF))%oxz)qzoW%{F8|KQc0xrQq=q3>B{nRQA=D?;SrTgPukyo)tZnQ} zDrNnZhhiPn8xPmVQ$<}``!tT1=uP#zQOI;7Jkf`!i9xVON?p}CSbQjc zJ%TX4La}^|R>`bGB@8gS&M2UaOS`2Qx>1ho}Uw)`+#%ckFU+K#i`I`2&(VshbMt98Ve z|9cL0OJD66zaK0^!s-$I@yw^+bL0bj_%7dTXVI~#?f_S&TNZ7eA?~V+moFZD8eXu^rr*v< z{uuTMb1#)6phjS9>CCM~2M3b}fX;>g%4OPpcxb{Bg5l(Y8`qP{GnnqV~+Id{Gw*D+4S|v1GuV9?f?P9~ZzrMsc zas=LJdCE02(mUD^*VN#SyK<}&e)ihoq<~$@X8C+Q)vAiww!OiPHlF-nA6n>u(p>Pi z6s{%Mc%evoot#8%>TpEaK(I#>RT&PvcU5Njw0koK%`oF#VI;>fGDIU;cT7ggO8KGi z&BGh)XJFBB<+W{*g^cZ&8#FN!k~tXKulvi($gu=hC`KU1V%Y-0AhUvMXP6q^4NyX7 z#}sW^i^0~;CH~0~3+~^XB(G)~r@+PVP3J4;D?NjAMAlkFq8>x(mdNj`fu9#gFm}Ba zNM~PH28qMj?6szj^Xt+EtO@&7it0(Bud|g2iRKEXrulK8pkyHSL1EG&Z}UM!vn@}+ zj^Rf?hKHO9>}rt&>g@&wVxRQYEOY1@a+WSFQWtQb$>wGO`+GU%+Q+;DBZ#2_2W=(@ zkA{M=?``Y`0ACMza$DId7Dxpe14PEAJ=H~eVd_TtWv|+hXYh_b(*6K}i|cF{;x$OU zyYQ9blr18*HVkyYz5wa92zeZB_5h=;L1E$arTnUfqrDZ-<~}-9^?i6;uz#+R=U@2(#SLrC>(zOj(W3XPJaG`Rra_%pF zhB)ts56K68+D~zMpIUQ4tkGEYs;7EAmn_@sT~ z#ga>b*{cvdySqMrCeWJ!W3_ewM^DhHmtX?9P~$}ClrCO)B>c%n0`l(R{mDd0Vz>r? zV^l?&n1Gz$d$F`6HQ=pc5a?Rx86ho^6|^~7i4d`!rCwY+z%j^fbspbyg!UdguOSET z96y%O1=zhgLIy?k+lc%i{EZGb5Wp8%0p$j2A#h-2(cBuA_l_hhDbzJcSu`_cul;Ul zt>$2dUf&R`>pgJ3*P0nip`lLEz!r%c&r{X~=)@HM`v`xH#(C=MKxhJZj ze(jynT6?z_>S1@$`dcIA(VmN>2n``bf}N=os_>1BcBD#gMFyGn(A3aIimmmMxFBOq zEo!P#<&pAe4<)#sMOtiMEN!n|p|@11wyF?_W9xdLZ7s8QtD5V^2HHHU9-j@gpkxsf z(_DczQmoccq4~x2g;vwxlS|6G9)fafgQkZ(&wX#K`=_-&aZ7_j=GEW9{1Wno9mm$X zK3UyrCf*aYw9qGSF(^|zDJ$;3x?a4FUfO5XgU@j|agv+ok@)z)^pP5SXR+qGulDmI zlYtC}keozn;v3%G5GNfZ12@N4hItIN-@+nek?&uk)@U% zDm=F{m%f*!u|0j`Qcy5juX&l=SDq&8P*GS3{Wp&Q29GO~#i+21#TL-syet-S?!FL~ z&g^?*jbh&6ygvf`)H-*SjKM^zb?iDKCI zPsJ`y)|U6qvRK*aWn5{XI!_DIl($)f|rw& z3Y=r}@mNk8Ajs9^f~{UEy?UY~ou77Fp3Q}ICf$|^9SG%lBSl=LZ7qz(`cdxfS`cbH z><~_};O~gxTr*{p$>g8v`$!B@mFXiVy7m5>IoF3O$A&!}OvBGqnHkm|8>UYn0_25X zrZxbxT&3VbfH*q?&+fXqU|EM+L6hm!m3(jY)pGS(;1q`H*^+A^;Q57< zD&-EaSDZhC3UnB7iN1Rv9&x_WTy%?|vp3tLfUr?W1qP1gVzj?^)pcjMU#OZC}O>7l>y_L~xQ4&NB^+-t-}$W3p}@ zuwOQB$I%`#HBNE^`WU1VMZGo&V=J7$nO7ABR!c;)tK7SXXDwjPRVVX+_UPs}U5Q~M zwA3ZFRX9Y|UFrVnc7Y(_Wb~#q7$ChKMttdgrV8hli=Yj}1QC1E2SYPg9NgPy)whum z`CH}bzi$(cYy&odS45l#=VAU-{8ssMAYni5bIqQ!8?3`rKEW1$u6}~~h`0s4Wg&t# zYWb0#qkh#J+GkC;yI%D)41J=;0@|w}xUO-5Sg6ZKFqu}ox5Opi2H-cwu|0z+;QTrgHz|#e4K#$)U2W0=F{1Y@w8f6Q5*y)HZnMm`7_Rd2ydVus zonSm+fmcB3HC@^P>%|!c5@?$-F-6+JuqO=(P+DIBX1IFIL$U>5fO1B%Ra1xvW}?XE zz^)4h5N+l1{U}uWE`~EN2Z&TjbYgS%Ys60cY#=5Y`5vBY$s4eI!A`4t0}?M8&uee8 z6#J*}2dRUEhLjV>4>@TAB~Suq=^84da=^scM*|bk3H;k};E7XFV`NXj6?9T!p6%JQ zQy60UQ`~w}!yn={W0bVdL+*JMlOrhZadnUT*3IoDgy4|@Y!myC1dQs3^Y_Zi;bj}ZFW5S*Rh--lLc$0@SPkRc)1oTM{o!G z7={G$X{cdO_A3CS!^s?&7${Kpi@5cpZ3K|D(~R7#I@lWpcOfyDo@QE9(y?RUEXh*< z;b9a>i|=$7>$9?cF;r`_eQ$i$UE*fk;jyAaN=R0c`gZ4F{gqU&VwZrX@N5>hGWnC{ z2j!wJ0dtIeO6r3_6hQYa2&y31#+-y+*D@aWKk8?9H?7HOyKAvX*;+)^yE1a^dj&$} z5n9b_rOaFB5z@^v{dN0|T{Pl1zvD9vIvV{U`&=Zt?SaNe>2jO2>j50Lj`4<3?c6`R zBkr;CeJU`Z?#98dTVr>doI=;ROj(KKMK5M3;QQY)DXf`U3W5Dro*J_MYJmYK2B&Wx zw1Q#p<=k6A1)TEM704NoD)9OUZcOuN#*-=Vwd-``!eao4NF*Iy%0mYX>(1bUlxy1_ zNXHEV*^S5Q(#T#C0V9R&R{~@(TU_<+o1ic}FzdD}V|!V{(?PFoa5&PG*)E z664`~@(sJ@gRZD;ir^llWL|Y7f=A1&Jpcu~xRj#7HUv{4P2z4AsbOf9UDXle>Ncr zZ<6^yKdIrS=V$T?dvzfy;+XJ&xf$2tOYWbRW}3que-MGA+<+P2UxKN6BggH;tGHy z#Rb|Yp=pSJuV*)zsDyEttqXjSSV}CE9mMN^8GIf)2p);ZpzS;gj$qp>@!8v6`O6$( z#sF#!yD7Uw+D}foIl}4m+?j*eI!w_G(oKWV1aS;?M~L$t3Xag|vecPRSbT8bW7#mO&!(N$0bdW zCY8^NQrU#`x;CN@0`HKHYcs(CsNK0MRgxh1{Lg3K!WzYVP`YC-Rut;;jd3p1BepNh zjk~+D)3H0BWa{!@8cdHSc68mn#m}&CpFAX??k+ndP}gsy*|GYGg2jy^|j1hVl>R3Kv>k30QR7dE;(=s4(uL8vhb-V zQUr+kyOdf><7I2#58>@xR`~|b{ZZ+nMs2dD0h`m5_63i-Q!d*unGB@$Y|ZgwZc1=) z($*?@mUV|^8`l~;FT`J=NR8EkP`zS+7m%jPpV%>if1NX5a2(EY+3D!IUQQ!JVu1Vb zZSJS=0%FpIKX`j_9+WZon`qOV5=V1#v@AN4A+QT~XPuJfiabEwI!?^v*M2vw@D5&O zff&>gd@b@kch`*Td3SwI@g4quw zgiVpU76-prp5@VRk#{%%%#}t&ZH^%iPNpH5+RCqBm~59pIVbBqvuq@4nk)~Ud+;R8 z0)lqT>TksWR@J}LKt!YzyOO%DVY{@DL8wa}3;?r&K0RlLnDEf8E@26rhhKNI%kFh| zBS{VHy}GeQ@~Mc4Pg#Ed)Jfx>;1e95A%wQ2^I*AsDv_t5`nBCAO4QpCb~ zey@#NxLe+BFnjyKOsvq>Lz@7(t#u@^xTW$mwrHD9Dj1;3h+lTE(E3TDWCiVLf#}TM z#xEm1+VRj05S=E{5$3{EQAjXi7iS*!n(sGZQ;0ZZ|q%i~yvAd8A z3~~<|yKvM5j>8A|4Jhg{e|J#Hg-1#$Z6|CZM_v}~-FUJ)L%>sxIA}bKhJB2Cf$lWF z;WE&p#quYCgC}7WrtUWrtpuT9$FbQqPgkMeI+kA`%C0ptL9+#jG&ubX90~1(9Rv9r zbjhC_ZOzYhb#8@}m`HPJ>JuXlLZKl_ zbytgL3kZ?Mmet_rdgcjgA^Z?>NeFgIroU!)ydq z{XXqHuZ{Q|UFBk5$^G4mf1H8jX?YFjA{NglV1mUpE1J}b8kqm%t4HTr`YXtt=&4gE z{Zd^mx2IiCqH<9Zs63sn>`o&Vaei#}4Y7)+2rCl_$7|_rua?O9@tcvKxVuJv-7Zf8Yls~?^i3dr49ZF-XQ6cEqy?N~h_ls~#R;T>m zwlmlS-C*(HopTbmQ9mMNw$jbJAAxShGqaJ|7x=)w0-+G7*;8EEyh80@!mHGvVrsPb z(wJqnu~@FP{0b}7-!8bl&Dky+>u!}d>>2Zee0K`f1xISql+Kq%tM5E|w=X8Vdu|DQ zRQ!IVy-lQJ$r+%fDH=Q=Hu5^Kzs*G>KdBYNJe64 zU=T{Y9X_;4Et4OByO79bmUUCnbcfD$mEmC_O5?wC0NB~xnaO!un{b}NF|PQEX?Mh3 z%HNYML2X}|Vw|TfMLmnkhadJOI!QWtd(5}68+)@?gcHc8Ck7h7A zmSAh?)5Ni}Ozb(Bc}UW` z8r(3z`L)uSB$M!vC~rQJGmDxNN3n!;FsQ5~j8;r{7ku}-z{e(|Z;NFN+Z5|wPY~{h zF<;@7nhNxB6qYpgKz6P!N^!hdzm-}X=#W~>TJZ`>*Mmc7PA`* zXnv`s&?xE2tXvwXtsG?!b)f15mA(M`NE92Z7pMo@QOd(n2jeWn-bkMACOdTdzI%+> zPLJ3LfHXZZ{k+f2ToA?%hw9P%S%C-Xj+I|oexY0)R*6v>fd3(NwA z7{w$?+y=Felykg0z!qiiBr-ApOHdu?n8gY;iW+etsXW70diNRV0B! zp&v>UcG(jqXo<3~kAQ&5mWS+5yP%W!4(yyZCYIK1YC6Ed4O`CmZAv*&;))qEjykU! zu9`X<#Et<%lgNR(tfBeHeZm-p^7ROq4u?CWH%0L*03CW zHoMkFxwIzQf#98Mwo=(;fM!g?%Bo4 z`2^j=G8VAtTA;OXHo0U`OUePG_qNRNhNy4t%fvAS32)pdz!%P6baQt;?D_)21G%8*!F&p}6!ifHNZkFhxMN8@F=vn_Oklg!*kWicZcRGSro37MRN)4c z$=bcRKtDITY47J6*zud?y{)7JhjUU3>h@LPH`;btriLc_!p7`O0<(7Vm>C%No0b~I z65Bz(ktCoQ-TS{>acTQId1MYh+)nYkzx_Ty@h|7TAAWxX`^~=7v4;1dBw{3tGe1N^ zb-`BH>oP|`kMK=*3x-m%K=m9|Cx$I29mtlZ3&(FGi9P&i zC8tDDqp)$zMZaPxoX2SKR5M|-2M;1F2VXqoj>+n~1_9?7<9x}F;FY+%dPc4lWP6Qh z$8h-WPGE5e)g*(mNsw@VB~5(L6>h^?QwJD_q4ntYuTQ=q#NareNjNYV5;y zGq0~t(ky$@a@$cKtvRE}$1)1KSSw%_zwC}O|A=1OX}ieL0#tosA#TE4uUm|;0x53> zAN2ltb!Vb&*WVaBgVW=?y&GOA_T`ucyk{5_Vb2*WW&(EsFw`hd4FN4S{+y-lzC)vh z8d7X4GB`R0vNt_x7RPd6>*O*X%0ORsM2sfLmG@t`PjN&m@+@CDEFpv8bDXSF4kZ3o zrq&o3_y&;NtkWTD3??5(mn;>$%5fPcmW_kyg)!VEGNWIGmx;dC zaf^HlRugVc#V|B4!lIpD-_fISB;o}UnPTMqZ7MuY z+^}sqwt-983&`edRfm=5!YvdjR)42*tzRzRfJ$g>uWn2=ocLn&*p6c7jT$zovy+Pj zF-O+{2{Yi2oK!Ye$O!@!t}oUq2O|)*U;6!fG^oZ7{QY}N)ce6YtnAouslEsF-iJGL zOexSGvS(!hhQsj{(peUgma-YkHG!gGCqq_l0Qa%3T)Pwq?1EFvF5iY`-?uwgKjtPJ zjM1SVXj#~+AtSnD*yWo*aQY**^5^#%vLmWCXpe*Tfd>|o`^sVvgASSW3MUqmFCrP8_~k9cl%qj$-zt9Y z%}(*A^&I9PgJNf}Rhe}+bOSouz1USW?eF2+O2mb(@eNc6dACbb5SU@6&$#)$t7mS& zwK;S{V%F9Q%2Z&lLt14rRYX^En~JF#doa>OjHQRxJb-ZzFH>kc_;2Sk0sJ~|i<%~S zZnmSeARiqd` z_zF{ATbgD&hfI7VV?k-5*i40nucUjV*k={r;B_X#eQ_Fy`68W^ulHQTaJ3H`Ooz|B zUl(kKqXPZ06+w|;z==NXoGp3eNsI1)9Z(psYi*7#6{KP|s!kuS4um-=>^+vO$j@Aw@6gDhF_bFn6Vq>@qL&p?cr{@tSPzo zr`4+eAHW_8-Juk+2~@cD5IUE=nTX*bXMSN(jn=TnCpoaft9>=~>^!AKsaYot$Pd)- zXU(DZ1Ku6l>eKmxi?<3xv{8i;EGiM*Ed@aKTltMA-*fz`pQ9>&qmJEsGCXZj45_R})@T1l$m6o#9%wj{^ z%6mxSpwQ8wX*!TiYx8C?{Sew-1=Y{>ZhDRm%Kq7SKWp|+HQVOR^fs+;s04>5C2^8g zrC%`|o~sFf@9`3K%CO!`?e&`FAEEu=J_ePTdsPT?mfhV2(i)_QKWT2A6U`$VS+z zHf~F#R~<0&{)bw!CW|y~)?78g${3Un-krO>(SJkd2>+ic-OrI)HP+mHlV`HP4EW-!zD5EN;1|7L7fH>x2R`HM!^*k5)=F z^Y?h6VZg$n0$8K@PDy5M;*vR{;i<1v#BX0>>MQ_&iQc|rz_FpTP#7V1@4 zMV{=l2{DTgBkkpI&1|dwF>x%M%h$8jlld$tL7;X<2}% zjTpU`MX*pMlE@Hs+H-0b>t|XQUvi;t*cKXXCA&i=2KG5;e~ab27R^+UzW<8YKv~G1 zp>P3_uCYX>Gk^aPe3Vnijb{4{8?_irS^h;A9^;WZoE<9c?$+NDCT3zUG@GRvp zIEjLX%Cd3Mo$ zRjxzyKz>esa+M#6H~6s0(8s5*Zjzzn#O|Lxdo%7rD2LCp8Tn*6p-P_^Lgb7j!CqSg z&X|4X1BS$FZ=CCuEVGS}FUL3vWDeLKjHgd{;@s@AaMZWkG@<;LG$B4$p5YkXo+F2T#qp5T7T(G6GKFJMsXYwoObdtJW{+K5soY7k)1 zFL8sH1*^s%P-bHg!-BHLDX$otRq)cumhfGiWbiGP61PxYkOnWNcDl_OU_e3|%U9Ws zELVWdKNVNx1W5|+-| zWjIDi@v54F2}ScF&@V)${S_1iO<`>+ zqp>I+IIvh^(1fb*FA7EM)49#Jz%_UnKjQMT1{aYwcncQ?=-$%c(v^8TSR_D!1RREG zzom$ljBSKwys4JHX|lqjCPk!J89|JtiMglwv@76->3*-1=@fiO4WAf{i0KXU_? zI0J@@_0>l0Yhx{_txTpx5NpSzOxz$BRcYimKm;fKaxqOoo=jyPBv(hezxY}KPO>r+ zp(1dGDEIstTcXpzF!F0b-ODmD_^CEW9|pxC0BqT^T6-gyW7g7378!LzgWPn|>|=@l zuJ5*^z~xv@*gV#Qq2Zj8g+kTkyQuwaStlpVeMUao%0uNjkke*^5I*4g;4%`5s=;ROrcVS87t_o2 zt0n%O#!+X7yyC6_UaSzCz2#ds|54=G40K!?f66K|wrk7(B0YtaRl3(|jeOpOx5;J& z?Je%nW-v7^1OkP{h(AAYB3V9PNQm#-d^Fr@r&Xkx;40gb2VP0;7t?E;JCYfAiFa=T zt@!0*h*6(xhBaG`gvqQcF#@x?p9(`uyJU5plc2zIh1$0YcV;~HgQd|OLpW_fL3A8+gCiZ8pMX1Y*J$zx6pU?SvaR$1<{odPChtT3x=}w% zv)lu)w89(V5)4zoJr{?)L1#wa@Q4I>%%on;`8)Q7mYlz%UKn-f?f!uYLu_B2eJ7Io zwOti-#j==Tn~l+^y~R+I+r~KKGZYJ!c>u}Xv6#ilHJL0XTysEv_N&>39J1*&6Dolc z!$O)z!!oIIPx_^y9=|`m^b5PCI?%eNzj!%OaGUl^xeRX}X4=HK z*@=+f%p?Vsk`!Cy>1557Q$*|_rYd^D{0sR>j7EVn?RCxM3L2oWgV>q$8{;6j1-Onq z&<4WbTR8tpHP|1xr;IYiUG4_*9b#1~Pr?Etj&aT>)N>b$^o7f-pZFW3eNf*Lj6BJ1 zX(E+rnTSoQKLZ23{JsUE0tf@G0nZnx&eJ#yJY}_yIox%gLcc|wVEI@A&nd5~C-yyH zyiPP0Nhs--EiCpPz=`jwtzSUE8+5kF_cJ6~VIcInWEs)H!W6BP7y;4c`hp3!oreFQ95HTt%WhUnrLIH6eKb3_S(1=NjDge~q^5``=T%&9Zmn28m;lIfJ{b=v zT9Kwbg4nbSD{GJs-cM94NwsQM75Q@}ne~jY@tUVSdg@tBeR~)E9kc}GMwNnEOoRn1 zk0nWZI?JwV3CXyxu9TC}zZs+Dtg;NR$W0l+*5JrQG4|d5K~to=mG&UDXDda^^|@$a ztvtZ&@9qg(9UhV)A)2d(#>?Hsn*8tXS`BSLkaf#E?lckDrtFZZWQ1QZK}WV?i;go3 zhqK9U=`fD@xM)!`1W;!Km&W4EteAhBhNb6jxStm@78#BPpb4wYeB*Cj5?kK{O&Lli za6EMb;Z-(VJ2jJtKwHcSFrV|B5kn1M}^Xb$i$A(tE{VL0{5YO6@jA z^VdIvmaVhcLZ^v~`}^suKEx8*y6Az{M zj;x-74hA&K!jO&-RaNVpwFCrZ#Okb7ykTnG1k7ztC6N^$8uHJ&YKK!hqF+*(Dmx3yEF2=57^ z7xlIGeB+j8sZo-lsz2lZ5O2l&zw<{2E9toVPJ4g-OdA*|OZIal^yLLS2KMYQ``$9I zb|J?{@~{{mc8bP2Z9uieHUqb@CyGJkO3ILsmt?5&BYg}3$8h8O3~1z*_8gOJj?(N` z%T;*cxNrLJ1*P^F*mn1Jj^p?GP^Gj*v&4CX38}(fq~67HS^tVwn3LG~ASG0_%qDSl zG4>r#XYl<7Cf=ieAMo!tQR|O?-iK_BVNJ{eFTtIc6T&==1Fz8eev^!C*<0pq*Wc#! z(FODj1>NUnww!&TLqpu#Y$cTZr#nNJA!Y8jt2o7zko(}8n|0*p5l$QBZMUt6CPovH z%;4p4bF;U+sASWq@4{f$hrx+aeHAx{)*Ljg;Y_256&t+6CNrIlpKzS8+05cd7=zhp zM+mq?c8@2HoRmG>a`pssaBFW;v<^0DvTYEIG0@Y;86r@4hESjW53;l@@ z%t%R8@p6C)JIQ`yYjID{Dm(N_N`0U_Oq=Hjs0`KMa46ViuS#$P^NIP!WEyToE>pa` z;)V(|mL_0?ctjG^lEKL(A=#olcZLBi4Emn6!@WV;a*JS2;}y`bq#o!f8{@! zU710DmWc~YvavY;rAp3mNF`~hbSN5pz^ZbP0xC2Q#qMB|FjuJgOY-OkGxx1wG$mSC z@_=|6e1fjtaPLq9+yHkfwVQ?6HNxY^V;QY_aet515IYMF!FHa;)l$9p%sP~Ypz+R!0jr_X4neBlOQPOJz+yt@md^zI@b5v4CZR>wpMC?^{&cf>$%K%L zg|a}Fm*9+C(Vct3POezEN%Y`+D#!}f1H+LZmay)4pyb_nvMD*JT&B-fuJn(OaPrzs zL@~?uTcfEe;v0XQlg8Sx%VxEk z4*Cn=?{||>TsXh!P)$R@BoFr9Vp({ccPY1vKiNw;zosH zD$n+n4Y-uA)|>-5p#3+*XBxr0+z8)+-o`VO04r{o7}-7f!@eB;}|N2Q*2_S zq0uevdVmP>H`d(sHQB2ixHdLHd|AK|u9UXDPnZ!Y=RVd;zNW1NzcCGjs2Q%>g&2&g z`O*Lk2rMnemyOuGQSj3tY=E;lo=H7#?n1tMnp4YJdE2GN1f-YR7&+Y_c)mgN6_DJn zKaY%hAhwxJd)=0e&@a^%GK;Cd(#)xw4C;C>+PHIXB?UoUr5w0EIFpH{6!^?#)^c;? zV4qu0E>6M^*%RvCxW8mF%$krCu6I(TDYW0St-^sWX1GGD6ViXbN%!PpdQ8fQJL9!O z2n6mKAjZGR@W>{gq}m!*I6!dsSNqE&BaxhQ&it81j;F!M61FyrF`SU}W+KawbyslM z>#L>gkXBy~aghMNl8I1)$QO-ctm5dATNFXDxO{V^O9)e2neWE(7#oJO5js$9>ExaV z2-TA0SZKByJRaev0|t)I4t(O(Z+>-KmV@C`ygjfk2@<+VFFtmYNf2TbEwZh}r19vm zpG2mC_3r98nBm6Kz!lbIX_!YlCR{hmU3-OY83HB6ORVaR80lhwH~|#Xyrsiu@;Y(k znK16%l(|*;Bs{;OpIRQ)W7Hc9*P0DPuF9E4-Gh#Fw2!b%Rr#DbT~OYL062K+`O16fq$ znLOd|5Lvy7m>drrjF!)q`%A8`RJGjkPNtLOyOzndHG+C?+XNVK4m{jD!tlF@74R?LmS9L`)#9 zQEF{vIp2IXDI)mO0O4{Ng{lmPf+0GGKB(GNXk@ZL8K~czdl}Uhj0_O1tE;sgJciRb`gjQ1Sloz^!QeiY ziVKLUqERYCZTc<#zzN0>rTiY&GS1T3D9L^&AdLqormF`H*6*8imB%gh54gNaG~ zc(dgjXj9uOJBR9AXF(%Cq5my(k{&%s@1E_w^oiQC@10(1o-NBV)g=vxRRkzWeo{`W zZF7sbyAGEbh12Y23m;mW~!qcJX@cMI{aks=U!(LyjH-X&~LT!ML?- z0|!HIgF{b%%Azs@`E7-YWu)>a8^MGv&J{S*p+fDFWF-J^eHm?sB?@gh(VkJSuGNDl zoW%{>!Zl$?ZwP9HB<E$aZ*%O%8>4j&M>~-4@R`gSXESPgkb}!EL z>2k5$c`Ey^Sc18QUOLxOt4MSLnG}LtaKAGuEs<=)hVr&I@q{E!&_!s_!Ey80Y`QvD z4))>8y1UtmNq;VfLH%Zu9`H%9k&E`Z)x^OyzuT2Dby3z8cbrl{&YHZBE78=CnOwQj z@2m&AY+O1T)CR#Q)xGaTr4ygPx6K#UBjh7!!{D9X0Tv@OSF;D#@GB~mEiR>ETjZ&NfQ>+--xAAp;3bY#oXfjjvI!Q>;N~tZS&KG7C5yBWTDN?&-KvQxx&6|R+?Rur;4>P|J%ZjW^amS zA@8013aX7VH6h3{Wq`>=P*%?tJWgv1x_pa`-V~auXqt_v6`YnoUr)E||B^&+4lG#o z=azL(Caa8KHeUCxkg8hA%(j(M5G_a4BIURlzSd$9!_e#qcy*1kXg-Ue3}Y6NZO>Y% zEE{l7suG!&&$wvbM&feMkM!i~;+*pU9>V;2&DTGmnl^W{RfUIw3b&6Chf@Me+{L$q7LaJ=^Dj=n`KIt& zTKJDJh;NqO87;j#T6%A^^yAUeUyhc3qSByyB^9NCj_eeQlKtXe?%jX*>8~C>`1r$* z9)9}ShaZ3T;8!1h_TZPFeE89wJ9~SdKKSU-N56ddUq&YKtI-dBI$HYKXz6sc^k}s7 zc(nB7pLDVE5b(3nwx^?|cebq39kg=ad}Bx<=VIcouf&^$H(I?1WbGbn=71cH%1eIL z+_1Fh7dq}$n$@R#4dHgZ-cpSAWV1&4W^}vC4Jw7^W`h!a1q($$#JO(1TFsBH@%GP; z#vmtl7gWYBQ%{Hl4K~1E5He-|9Jv!3$x8s#%_~Dst zUfMaOJeO}cGB0*UR}B9qcW~)-L;{b(S7m2ahyOVVVXME*7bo9*qYFKczxjp(SSgfj z`MA-WYxcfDz^HdQMblbtK3r=R|4M;jC?Fy$V;)Nz-Rge4!I$pb8#*X~xN+)=2<>uR zc|>Aty!**WcVlHoBkfKLSJPKiezW-%0F(^EyV~CQX0xY{ zX|XYiPdAIWp*Gg3VX8K}6DZ!N-KX!_?#@SJzxMMH}jA?u;G|=|_N2HTd=rkgEralwni9|`Z z*ry6HkBdCg#SX^HIN(MN;o3{Yc+^DFCK_|UIcBaa=J0sPJ!YTHRt3^PdCQkfMb^$6nJQf6v( z#2P~P2$GdY(uGF?LD0Bf+eM?oBat*@71 zzKIlaeZo4kT|#VHv2~`ntG-zJsX9iSoh2Xa`;TeKUNZ08aY!*oZI8`LBR!GB$M^Zz zS5GOdBIIT-)N47!FEnCg&1Etk!=DX(e@rqMifAI+N ztmDX^-JqRb{s{h98lw5J<>8(z<|ZsFu=LlT+*0@1ZIyTKetOHRcRss&OYOZo_in4c zbN91bUgprNT%9?3k8EZz;*}z%pFrj^73f!ZH|OukQykNeJir$Gl=SPU+GO7$;5{8f zN?;Q{2!_#HPx!af1=0G9w~7!{aBN5cJ)^puVt)QX!Jdjqr93W7+TeN9`Bai zT)toNkz!73kS}1%} zqP}tCPE}lGyrWH4bdR{46Or!Ge0EN{Q#wgm!yb~Fn+te#&#%t>?7mI7WTx-L1)Tn~ z)tB?dKSSuQiWIFpe;KM^q}{1kbed`l3kl*HHidCBV+m+BK98K1+_6ThCx1XI=D9|U z#O5Ab$)**Cuo9tAe$yWl9P6!U9Xj5e-iO;Q^)1YBTgzt@;z z*hSLJZ?9ECs#~fz=F;!GA4U*pm~bg-rCj;^j*OJ)mwbPHxx2n0X@h214!n&wdS=$c zC%bol`AHg4{mF6+*Y|;w&c*D9C?htpa;F^bcD$e{5Mln_HEDN21Bx4VUl)0^Sytq` z9^~t~TX8YFE|Y49xHEVU{doVjyt`JA@5cUs=0)JHex+``tS#Ci2dz>&mQs6HgvN3O zWskkK?1gLMEt)z8A0QtstZ>}pas@s%@yS&eKtmgiGQnUFmIf5!>z5#If{HdqmuXV$ zgY9pZJS+LIP{t$OOkevlOGnV6T8cqliQL3HD4XH*VrC3aZO}cwA7nmAT>4k8MEOP3 zlJwbGU^fhrcZKr!X{Pz$kK0?dV6B5MD7(aiAKu{I^c(DzQ0dwzzZbig8#Ekq{NgT#QYjHO2rq*Jp^$KpLF&<*U#so^nR)IOTwh zak=+IzmhY0KUDME`#Bare?6^amzYe<);q5ROw!>K^Qv&oojudlIC`s5@4(f2t=+7Yvo8uU~bZFr9S^IG0 z+BkojNvK~T?0j*JBp1ZTQ=zGNiUX+~03~X!vm*yN$34`vA^gJ=b^^HYmXu=89*-lP z?Fa*TI3c?YENO&GYh|I4h~{P}_F2?@4V__ZcEW4;wc;VFTZ>38LdJl6v5xYX3=~~= z=R^f8IF~GG#s*cH_>ok0lUjXAnxpzbtiLJp7%e$`Ggk_7v|1M$`f?#=)V6hivewk? z;%w$lt%57856B%Ez1%BQ_7BvQs@I-bmV4HG9W1D2(KcZ3TppXxm8 zn*CeHPBynoyXx;idDmjxqQ}g{d@OZAA!;CmIWjZ{kw`dKNwl1e zk*1!HlHhmSizos@*6Ce2UMD|!7`NH@foHMWlY>;9#otHMi@7c~a~u`dbtn!A8L!bO z6TEAlcuXa*_Fy^3eWqRfKwf{l4nk6zEZ{<7GOsKxW3d7Oz%cEl{PJXfXHeUHHJx7- z;5(-_gwj}#aRB%W2WU-(jokJ!{Mz8T&cHHEq~Di2IC&I8Zb#E%Wb}#@%(*vu8)&Dg zu{|z`ke^bgq%TnLbQ7HGEN@^BJ$es*!Yp6U3;482%So*-HJr9u@2ya~=t6=f)3No^ z6tt3n`tz-oiJ9v+8+tK$h|sNZ>vK8nN$(+NLr}srp?JXEDL9B#ZjU@fd@(v8-pNu$ zve*~r#<$Fmvv2Vl%ARLRNX|a@VhDp`eYRwp-4i&G6>7xSuu8Mz*K$Sr61Sq&l&h7T zd^JKg>WNIl6nj-D2*($!~e&Go( zS}Byo;q_oOB}3j>P9=x>h#498TMql%`!@3NH{6Zj$jsL>TCrIduN$b)CU$Bt1lU+% zu3Y#nKcLP77C-V@=EAo-BV0s&!?j>sv?c9Y3Q*6Nc*nFOuE?P(P1u?klKy5s1Lm&3 zOA#_3)ek^~^(tD>uKAwOFd-=<2lL!nE#SEBTI}sru}^W@KSIbEY{rXoLo#8IBy}zu zTFozuzw47Zx0x&qVY@Mk+)(E|2wt&21m-tnSoWbOOVh6~bg3w=SI3P*lWx3N;RqN~ zL_vg{ZzHU+xleFaA$bL1&4|d{C3&WOT;I{Kxc}0nv-9a&`_;Hf1v_J-&zQsdw%Epn zxV2i8Cqbj>o}T~4U1e%3ZsCw^e*U%=<%=)KOWq7Hi_@qw`Z2&+)%%-W+UOUJdscP| zgL;CIVC;>{o0XKHn^kavCqy}6ohsg5&t}(Gkeghpb*2QaE$)ALs6h}hxM;ehDAID) zmXeL?6S+y2ZxDMGh;V)rIq!v^0JOF;=A2btM{h5dwJxV>_F9?9YL!ML7Bvm&&3Es^ zmYfk)UK@|XzX$geXX`ugNmw(kn$?6_SRhauOA6JkFTr#x2LJvmRE$_$Yeny4m4?&? zskOjtE*EFR{jx@7lKtYKf-2-fF_R(%lGrP=yuh!1#00PU7`a#7=2nZfBIr*>rY9k; z?Ed;f^kXEgmg?LkR7IzHf7|9%N2xPpX-n{BNOuvI}; zrd07ui0>Fg(wup1840-*`#wLA8=AF97Ik}#Yq9#`elvowyRays4Y;jNJ2HiF;jyz* z(l1$5Rz{YwtV+tilEh=mt%E6d+Ahwt+}-{8CI0vJQ~p1$T{)c1UVBP26G$NMmeJ1D z^igDbWK&7IE=T-x@G8*`L4~gzLi?|hM{2cQ{&^^|j&!z%J%h4rDvRz-j?E5ctE^CQ z>3dAgVK5mgG2H7XL1nB;z^Z)g>V`c3-K14V=v4Fj6fnh@Gy{xH?_;CUN1|i>#M2Gq zMqf0ki`OqV)_Bks#z5|t&hUrpui1PQWM>MnA;XkF^^FhAbULVVvlIg0#btmm zrYrn{%vZ3GKl^B(B3jXaVo27|xdjEe>9`Z6yI3DDSLgGiBnfg3%HL_~69g?2w=R~m z73S`;ibf7R z&6@wF-5GBz__zDF%V;(4PWaA}x@^6o^(FnStbc3$;Ty`1y64u!0aq&KonE#e(mx8QGe@E6R`g z+x_&K@#^`Sx+_|qbYJnWk45imX0-cb!RXjVHs|?vK(OeXaZXh0QTxuioa}?mo9zeP7hp*Ca>z)W9;r-t?VcW-Tug3y}x&*NL&kB=yMMSEd} z;6U3y(bp>+9TNmIjV59Jgm>1wxkt%W_a$#=q=v}>-S=qupL{kNz3}J(BX~nU=R6A* zj(?Z@odT6zT3p%8UTc)Q!a1Ld)8#__q~7HS$}!LQ-4JdqbH5P*5em_7z+nfA}9>|wRQii zetVzgaOB-*{WW?{Uv(X|A4I=&iB|ZtE`=; z@%+|WT>+iIN?BPEWq^Hn8%@FE+XLD`(^m{^k!Ctga zV;JtZN0f=azGCEqmOs_b6g|H-e0)SN8mngOxT`aTRr|2t?xF26^>xVqeFuoT3QK|D zFZ!*&1P-EF^;8fhYxRXWwEy#d`}=(VoO&Mx^*`~|7G2dh*PAElAH1di3*PGfhyS(v z1#f8lQ|9!QeM8VmnyT}S6XlOITJ;#uf93Q#v2_o+p|?&nBw^F(GtiGll z=v0&u|JfU$?UY43UbB5dKl-a$t*xl|YyNK3{`9tY^+m17TgGx*FHO5Y5H{JF^oLG0 z-|D3JBd6;-KvbMY_v6p`wKVR;TYu4Ye3u6Tw!y7Q2^U-AUM zXi(P*e`&2WGtF<8a^LT^-+uMb`qFu-_k2y&=8V?*w$7@Hc=r)yI#0ljzdWG*oL}`j zT7{O5VmP%Pv`>%ezfVhtt-p$I_21F10ndLbN-GK>ywkY!Rqemm!TI>CyAMzKmhUIc z?kR8R?DBoR!IA#YKd~L15Y`&6nW^)u`+TKB^Jn&5@qhT(0FU$T=Uw-ectp{Ehn>bX z{Kf~}|H6MNRo{JBYlP$d3J=8TI4wNm{X^F6DJ%IwGmihjllT(h;EKN=&|f_liyTA0hd_;JDU*JN*A1{|W)lD7^~-`l!3ZuaCNq z`S-1%s*v`$`^&ETPhtu3uys`Wz)(jc`T!^keRL3M+iS_|=)3La z*Vc5x^#Nm?vtiEZPw1-es7?%`w!jWd$avq{$}PG38E^ia`4@zqiKS65$q=HIY4o$5n*5D6Jl7U+m-*8%MKNq<*3Srcj3iY)nR_v6h2tNWAthGW7-RPXd}yXfDw zr4<%k5gb}(Z39BaXsuac;ed9_MvH&_KcBE{FIYg|SpCM@PKmr9Fuax<74Sr9z1(?Q zN2H2!BBCGCdumuTxw>Hfj+WN9h|u>(e=-4)_Ic}5{`(~;_aSKgqo3sI+n=uVHE~w_ zrCPM3cmDMQ)9FN;pNKyZV8w51lp<@r7Ju0vdmVZ6rN8dC@x@kONj{pkfBdAG@tS#d zKmLOlah-Gbp%A$pyYo?k)dk}l=%xO7_{ANzqL6D?{ z4&pquO4=;q&?-;Wj1L*7l@ zFM1X(N^c<|-Mno(rGD|LeL1maV-6cD<#fO)UF`*u{h^@Iely3rNfl}Rum8vQL#^Zw z-|y`m6Kv}+H>US*9uIb`>#J6?5`cB>y)ltR!vI6$j?gc1DmezDltL*)_ICNr&R^JqdGQz!QpuY;Lp4NMBh5_G*i+ltE2p1B$>#*O zKexd1lAMYpFPSc6q&u#^jv@bzE!_^Sg@>wJ|f1UCBn&+prxz9_0ADk#w_`%m57$XNg6^Pn$Pi@||%Cebiq;bU`C zk<0)&tDMDlSX4gaUpUDAONbix`1LR7z2Gr-^_9vFJsm*uInVFlasS?hSkVrxL5@v- z`(n_$NBbWcl}7n5Xyq8&zy9C5pkHdekF4wMOX|eBKMXNaB6woBG|_Ph=r-`_h;!Dw z8Q5PBmtvpZMZ`u_$bUTq#4T;7eKZx5_iH=A(q|{F7sGZtofK~89G0%{kr#)4^+g!A z*#Gv~3u8UhwXaU@Hs6K97wKE;2_mhbw0bha2(z_U&!PLNJC=Cf?wz(*4Z)X1i`e#g z`(n!K@B#nr$KtIxJ+u(&PqJL{r=k#g$|aUEA(z4R$v(OjCyvS`5xMDoxDTBMyXqn- zUOmM$o*(`Dw)Z|@3AX#aPro1iMDz2VDEMn$gRlIdMz48be*IIIB(#o$R`+~Aijrw9 z&S@dU6eqK4R1JQ@_IWlHqD9IQZL4`n$MFVP!w9-YH^?rsi#FIUk^o%;v;h`q z_m2g3fd<{6{ii4v`%e~4fD}dl2+;56eBWozIrrXoI3vk$i`FvVdEa}_J?A;kd4507 zIX4}%1?Fh=Q@Q10W<0$eLr$IBlU*R!%EMx>{pz4N8D|poYt7 zN-4_K_XWLyI|`woQT2IhEzh?&ilCu-`B+dqCn(TtdVY7?bB~6m1M;*vz6D;=2G-0T zV>;4Zoe}_~gb==>m7O^?%v7I&aRo2mTsVs$J-ny@qqa0+MSAUC4f_iz zbU=Pgt5>o37X{sd{z1jWcEV?QO3)HK>;^$%EUn&b3q_m8@4+Hva-N|%4@jQH7OsF8=^5(jy5`I39G8EC4EC>9f@y|(t*lp!t$lDN z>m+0aeg~4N9luz?z>0LWcZn9Wod<1WrG@_Js%m^y^S$YlVv=;U9R>MF(HzpHBo}(C zaP3T{+t5}{EFl36H>2Ql1@)RgP2unB4)9`JSR!=;yk(}6e)~)82rRbr9CWF63q%*; z`Hfgc-)Tu1J@3nFZZ&4__uWC=<71O49mH>Wam z&^a3VVCE0BE^@1VuGjmE!&KEZm~DN6ODsw#8wz*jMxo}4>&^`KTYTBV8zPR0+vSbN3%M#mX(rMNDUf^i;NrWU0q?zUMy|7U$*pAOV zEIh~r`QaKwLv=>ulr>35?%k%xv1^JwhIJ=+4t-OQAh9e*`r9rl`8oRjSpk1Tpw0;C zr0=NKN2QsB9HOvl!sy1hL(yHr-zD0GAscCClsdDZpUA`ok+cF>#PJdELOOGr%@Cp3nTh9zNu~7B z@4?IiL1PrO&!_uM;A!;z(!~%Mrv@p$?JVfF^wbAtCAv==$~LXEy=-x7bl%qBNJxO3 zhc+{uF3%N?E%yQ&GDxPcF+rQQuWm90p8^hAL42v0n zJr!mN>&_=4&x;klkSP`YN+pZ2zM6JD2zE#0=6o}wMfHzQS|U5c_j~=#JSohg-)p#Q zuOuBjlUEatc7$nS%jJ!T@Lp^*BJ#JSUr+|muN;M}`!3iM2dEeN{Di$+URy7d_=333 z(CP`!JNssY%C$atYT5NFOnOn%y&`l?GOIq#QTC`}W6wAoR`zVoDftZy&xx?m^ET&J z8W*A~4pv#f9@+hBjli1RN&wShx|n;|7!WFg5BJ@PMi=rMCc=ltUkFD6pRi?t36Uj% zf92C6gh?|NDUALF8?}j!;Z>V=kQ3qUw}7D&(RDWjGLvEo&f-kwO)5k@K_<=^F%Ghj zNOV}wHhoA7dYc3tJTT>g3)giL6Dzj=9CYb}#EBxs&wPt4SD` z)cacG+Df4x4BM+>4VM6@y875;Sh{U{MDo&Fc)ys*Cn^JDf|<5Al(V-+QCwz8gs%g8 zYme++2pgjqlL%_9O{j6|;mEz)^k%gJ&9yv{R-n1IWp50n-(c+3Dd9*#M*>asd1STW zp$M&smvnLk?l9b|aM!N-R}a3?KffSmw#!+hN2^|1-x{fB0YF^O&LWXZo$Q6pBFuKH*1kzyCNDx2fm?UugTYC|MT@MH*QE)GF|BL+ma&eQT~p+O_bZHkFnuu{Qj&8{6#bZN2hv(kq+ducr&rTA&QE6< zjaJOP8%bSF`FCA8CtBTE7O2mFf3l>BdJr2t0bbZ~m>_}3F0w#vx9Fm~A)Oe^p2Zmgn(qrpRfy2-jo^c0(kF$kezw2Ie=~4f?Nawz3nku-KfYxZ)^u^MrF6ja~FtMf>z;F+k~F z7fPNSLbPFlg^8J(ZV^jRsg~>XT72l1P%o$tbE!n#xD><*TNpl_SoxHvf|a?-g{u8| z>6*g}6&IE9p3}&j*wn^9sWM4mKXI6Y`>^>sP`3OmDOpL5V$oSuxtr6r)P#oWZv}D$Immmb6XC{R^=-K*48uiH zG3H{ITPHo2_JI@RA(RC!p|KtWAN?%jis>Rc<%&F{C_aU|y#|qynA34mNKi~DSH#7g z3%U*s#r?=watH)ejFf~wk(?Es<#UsZ#wqyg;buQrv(BycPOsew9F^5Z#>08CJa>pj z8hzmCCt_9|lS_wVU6y5GS=YO(@_-`U2i&fC{AwVDijWldp!3mhdLR^vo$lB2BOmBd z2iNSLhgt6<3$a}hk@h|zIU}2$FWf1J!r`}|sMEP&lo2sy;aNhNPO8EIWSdkk=s94B z{UZaDm0#*3urA3f9iN!;(pmLqZz}F0bWB`vWl2z4AOmf`7RjC)q=BhH&9k7Jji)ck z*}o*=dRCZvQR?Enl-DW!yCea8URN*ZU)qlGGqAinQRyiEf%)7lVv(a9oc41@m*oW8 zU>J;HumT_RAP`C`4)|^}4<*g%zy*HC=QS5h;PGD6y{(8I3jL&wh?QlNVq?%oHZXJ~ zt0{$FJ#w997OXsKryPh;jw@#-X(N8`_3Q}B%-zHZ4q%-z-%&l-%4ToP`o>Hfs`53& zBXBaFOt$$2{i=`Avg$0pIwlS;aK zKiDc*G+gX-Dn^J{NaU_ssA5M|jRA@~oF7P!uCABoG!xSRl$lMq*^`+MyL(Y=WOQA< z^aL~mg+xHDg{Os?xwiYR)9Lzo!UWx8>QRcJGB`FBdRppnZ8~~Ns|&x{^j*|1BoQ>k z(?#t(rSB1hO-D`%cBquI`%og#v5j8#Pk8;?88K2k!zi(SHd6UT*{YA}sg%+QFb96i zY&;jQvZZDTOWJt5pplpXlqfEm?e{_UhZ!UIEjdGC0%yAms-1^N_llG(LE7b~f*RXr zIQVz6GlW}>*=hVD0p$?Pp4R6r$wa*aS$Jli9Gy)Z>*g}l|1qmn7^tyGX|8` z!dZ;(MNzl+(Op+dXn`|d%X8?SFvmmQw|%7(rX|MloQ9}0+^{9hsvOC^Jg;N!<9%sa z8}6~orX4FF@tnqv!2-_~hZdOv7D+g*w7&_An-|jlwukPR$hCZg_QAFt6k_wTM%I4fhq$(=GV?MM{z7{ADfpvKky4}S);W932~23 zD!$iKw#C~g({7%#dU!UfO_ z>vmi23^VOo+U*m|mdg>-J6wESy;|BupywI&WXrhDC^0X1#LqCAzXRJ?%Jf=<<+|MB znG5RqU5&`BZg*tsO=&P>x9tPu(2BvFnYJ(1q1IN&N1%MIqoE6ZE@%c&u+9=Vv~tT@ zI;6uxZ9}Je#aQ=pjBYwQ^hCQd!I?!?re{9RQ?_Zk{5@PY)!VH05>$YKBMjNziS*`IC`&a6eUrJSh#pfRZn@n z31&l?Lv~3|e&^FS`@CrD8D1^+Df*&)JwwVf>^~h8=3uw-mM56uz1x{0+O=NBL*8u) zS6c$WL47{L-;Wa{C(5dsA(}}o?6I|^b8ZM$;waa|)e87@4!uQ!AuaK2 z2Ylrm8L%DJ^P_Lp7(#34we*sASQ(DeAoJrOP*&~jjx;9P5an3R*EI!%CfSu`swWH? zhdL_Wv7RUaXTkS(^(US4-oM&|dZV=p)`{fZuKHK6?fvMYYYLKG&#fap1NHWkaBb3N zGCsoJK!mbiaaw z(>ZCXfh%eyypOmlIOAO#=hyU zE{1BWY-(fet#ID8{eRN9oVv@|F<3>W^{cvq?P)7{Y8yHgpJY}s)`)IQ&Di6hka<=Z z>q9iPiMiQM%PYLM#87;7;OwSt7sVg6W-RJ!Sna9NZ=l42r6SH>G3Q^GHvXJJNV>auN9w!@lH?#6H|NBA!yai+f+cg^zQD4z)=)e z)oMWPY<^RH5|mt4-TAGMwZoD||1_+gJvmuIl)u!D7P(#$dteX_c|T*4fkW$1Acq|D z1fh81C63M^+xEzpv)@*%9M%~LS5sb~jaW{hM^Jd1XuXh93J`io$=ru0Nc%yw?0-ww z@w}129v3;(>uLRWbuF!vbk=Dl)}v|NjIMl9|MsV;bqDlU@_gMZlH#wZTt2Ov&fgTx zTcEhfjhkTeU+Kklln^gf>#S72HKAPxVG9%@onvX*$l}6;ZPz}?bN!<-c|w|%gvku z+j|1e?JVjJ(~gJ~_nCa;SO69j!BbIy2Vcg)-Qu5o?o{9M>aF*#y5HViog`95jWqXD z8p)OoaI(~~^>nDU<$Z`w&dwh1gw{qY1Q&Dkh68Zb5shcTCJ`L(O18d0h$44xRdl?N zBOqWT#64VK0t>sDQ~kR9!3z&-e(0W}7M}AdjfXs(z!jr^#k4F)Sq9fhvs~A7z0i57 zKaQ$MP*#!*kWV2oiu42Nm-UUn$vaYUA*f=i!Be4)q6ecjdbln)IH1sioM0L-6lW1L zQiZF>2<(v&?j=K{cOw}38`G*lNQt{^|C4zWeFtZ?t~@xmMZ{gH&!F*jm$ z)#T7a;OKW2v?5MF#iVQ3%VB`8*OYZf6~@)F0#OfXlMcoS zLs24S^g9=_RI=uVkPzIE6?2NJX1K(W14x@;ER0JQ-y%J>5)fnPwq(kz0gFu*9(hAg zoN#Y8;4UM(&}^nTIh6cX53_4Je~0-1ll1%!qU+LySk zf7cnQTv?+y3DPm-uyu8K9A|aC#90rFDb!Ik_^TFgJ+6HMv4$RhTN?=wO0NygPFxgP2M8sc22~@&j#sUrWT% z{JM;d{RnVkL%W zq76Plp#(i4k2yK9yr>BRWTEEt*RPxXK-c1>vq$yqVL8V0c`6tY5EMi>FEBCSVQ1R6 zL~a*?zERICDaiKI4nWEMo?%}SqcipmmGse~-bRylmlkC-rhh5-m=2TDbHEV$h|$_q zXpfn$4JCtocuU()Yu)>-JIn(clNQO$y)Absu3_3&V1G|DD=cs+&)Np8qCIFMR{Xj; zw`I%A{RWJM7TqGhoaT)MEihrBwy(*s<48G9J!yga3#+9Z{ow_X zGo)>S304CoHQls+c8OYrB=~0TqXm|0HDlQ$hp|9jv0sPjaS+@)iwnXzhm)8@DI(mX zjnL>UxYIl5LZ7r;)ymqM^qDeyVj(KXYqI<>=iAV84|VX)Q~}?kt=yAEX<;*?w>A$a zkA~Q{mv7Pz!H%>mP660Br+5;`r(Mt}Iyht_;<^so!^9C?1*2E1ARJ56VdByEXVi#k zIXz*q8(PT+*1-<0%(NM>q~EPAYTa>O*O6U*+MFD=>q^g~T^v+t#iic?SIewf`C8wW zVwf8JXjrGm7J}dum*O~-VGM>EihZrDY;mBV5U&k--}exv_4;#%seL`FNKY6%WbY85KuPgd7qIcRd*Oo1#zu_)3)*OWytT**+> zG%=@nLXYzr%R&M}c1|X2+HYhtCo0-w#2ypqgm)moD0N%>uCSIkL z-Ly}&kQ~eLmZkxPb1ER5)0(xxZC&jaaZltO!3@ZY-QK+M^gVr&#x}vF<7+W9B07Ij zy<8(a_~=@mw$}p5>Pe;Q9H)0*1G4jkp?A`od0Z6>)X#u)v^^PT&!@LY8_JkTslWQ^ zUfYXj)n7S19MZDjjpz1=4Sn+|# z^6aAKOe&cdj$vO}C_1Evj&zBRrF)rkNfXqDkObYMt@s%hIXBhox3lQ^P@h;U!qw=% zUFc1Ek78`>PO+ImEI#ZqOd9wS9gIoYx|>~tfCXeh%LHt3d0H$1J)<3Xmj;Vg=iEXS zK^i!x5rg3k(<~h>jZnFjssgUypMpBY9$vN*B?Di(!`3SHMj-J}pvYRFgr#9-`f>Eb zVuD_skT5zAG6)LlJ6TwU<|GsbmH|0FVjcvSc$)NkIZY|f$X^slJQ2aN zIwOd!u86>Dh!?TR+60z4Xrs$sLzFg|9%@_$4a{j0dlWNU31ngSrwekQL_apD(IjYUl`E4=9f|yz6O6WJw-c$MOFQ9Y$7OocobBGLpTuryj@P|M>(@p8 z$QKv}^qQrd-|aXW>%@_}W&~F#iSv2__2e2gJ$-g9s=6Np3>mVl`V|px_n;0a9-YNF z5uRsOqX7DF5Ew-*Am6MKbjHlR%3sw|U-h0L$$T-td#L+6?+FUWSer2Ch$>x3?plf8WiSwif!7Q$|hVc1d%@&xKO z;S+g>M+Dcyf)D61h9na1EIgMd$06O0S&A8T0cVhegIRTH1MO~fHcZVIK-O=TC z+(Vb+iDS`4i?1xVcvgL2%W%}SEyif`$a0$tf*GFrr7_A%KVQvlru2pl$fIB|ZJ=Vz z*y1g%#!TQh-A@!x`%5-5V$74byLna^=UJ6*DrP$Hr_BVVYG|qDGHl-&!MkfIs!ALPVGB5}isA(!7)WNRFjs?oiftyl zYfWc~g^ywdgKy`eX8DTShD6rXoqQB-q>KEbB+j=3blj3+*HVVorMv>@$F;n>vd8Wp zsA2t~xiDg}nM;0@`!FD!5YNo(3iJ+V@FY*v65jrcEk`dTvx6S?RD2Z>VOq1yNI&LH zkMAHM%W=)+=hdf=L!ngXJ&9qifx%j*9@kuceqh$VUeDUS+*Ch2fed?HBOK34=8&M} zC8}=E<_n5pfZsUSBmE5KQA*5iUjM$7zwzY$F|0RM?2Q0G;41n9U&H;Cv5$|({dr-z z^uX1?_Cc-7)CLp*R>ch+9MiH~7&91O!|XR~$`XcHX2`wdXuAiLJgt?1hQX$42;TVg z$DLQ-R$sGOG_h(^Jv-;)ndj%B=G2ZQKB zu*~MC5im}YVz*80_)t*zojM&b_hI}Z-hl0~alrF}zFW`QZc7K-R?q1^MI#G>6=CB* z40LnV#ki+iK0PD(%U(Z6bWiwCN z;)}v=LFBez+@->IyIV*qapvmQ)MdYw8Ot?}OZ@Pxm0cx?ivO zn7TaKY&HM2(agx_b;qb}NO;h+ozHq3{TD5+%gTHlRDGane2{h3kqR+vnBqSW0Xke= z#<)fprWg@)%gLB{c@m=t;ZkY^ z`!ZM#`k6_P0TGfN1C8&KAaR}o$*tZV8AcFKGgn%*nMxQ~&)r$(XqsS;P8zPHwA)BV zHyvs#AW+NTJZWcyz-9O7Cq_gd(1ycO7@yG5P!`^t-wlUn@=RKkVCABF z3!4fpqkr^uVaJEfmK^ZCP{g`3MQ|HH6$3YF{>ZmXLb8Dm!yY6$k%4BkVPh>V5U1lU z1nI>^p`niIeO;`Fo3W&cv7|wxMZAz>f+8lXJ4Of_Asq~*@~ob#P41q7q8D^csuHnU zIy4qQY4p#YR%fko;Y1W@ZjF%wrrEZS)Dw9^JjJtRi+UJ4h2_bPEA5Lw(%T6ZO1?AT7k|DqPm4vW{LHf|jrqX5?guy1nvNONwxVDW+!U#hM6i{8x&N zQ0tt8JU@WXu740Z67LpmRSXCiEf@vO1sxHSb@-r22Q*XHdc<~2zZ!-M*3-QHi?M1m zcTViXY$$|5)!Li4>UlgZpLbuiWl@iUuc+ML+G7~(PZ)aXBaBku%( zP+73YuzqW}^k(|Kcz0Jo2j+%Paq+qN7+IP5oD zc%RRs#`BDOFX{4%;I)DCdA-PO>cwHF%Ev256f5@K4z=wTQH%>M6e(KLJR?!Oa-?Xe zUqy=66m6Q&2S*Z+!bi}rCWLuF!R|@1U1AS*z@U9N!79QD8jKz|A|zLsNi1=R4~Ntv z%D^2`hjESkKAQD^E@evy0rZoj*w|Zz&7xe%WdYq`y0xtV&SIua0Ii*9z_9tkb*5sY z!Iqwb*=3Ix`m#Qwt!}%Nrv=P?R57{#{-kc8h3rZ&`=}_ayDX_TPcKXZBpEmk85qMk zWP4uy67&UBBQEX_fzz*_2+Ir;HhS>*{6Z6Z#h8f7{rjp0uBTBsu^KfB7L9*m5<}Cq zJyd|T_hf>gih&S)0K~b+^fol5oH0Ds%9zXIcdTuoAYxtwdWqLZL_0md+Gi2WP?1mX zo38{lc@!%elteo5aeJ)tJI7bs2MUW(&*>j-8!)aO0-MKvYJSXftf+!@tDc3~`gLI- zLUEDzN@qXGEapY>NK=FiAw;RuP7Z$ZI(OG9vS1kYP%(4-I4f4>iqrt_B}aA#+m%{K ztTmVb@1^)UnD{p}2}lUSguEl;RoI{_)QI!a9>zloz^@b!Q5V&=eL|5K5YjWht9nRk z3=v(O2+^grs4m7>s+jAn;CMqjxnN+J?N+CjQfh6-q=ia*yKGw2ev}8Ny|pnASLZd4 z!r*BKYzZ8Qof;P2cfNYHeDAp}sDCSY%jdk6T~=0Y;!K*Y-hq6iZCTF&A=RIK|C!-d zbx(TcFoat6Bd}2zCMsdw9u2H%8$TKc7Sh_zdnCMVnC|WIc7$RpbZBiJs>K#SP@#4m z@|f6uraO}!KIA+Y3#HFjKZoQrK1 zhGChAv0a00o zgwA|Nzel#We;j@dE-q;O+f^$Z<=-y+K_SYeiqsUNe=%(#xd@yMPvn3=TWO+_5$pD< zG?U^5cpXcDeu>gw8}snm_Fy=f_HMU2xOl^+S_-1dPqIgZ*xJ< zqVsxfU#%C%)e;foD(q7v^Ly&Uex=(inTH+lMtG)+}{hS2HpQ+ESfSKV=kzuL@g1z1YB6Q(gkv z!i15UhKCSyJdLQeL(VlLqMde|Rj}|K?%3Cm2aiMA{q5Dm0_8Zjrb@qx@mWVGXo(Oz6VlolcA zEtDHuW~`TnL=mQk;aSsDqd)3CW?LfS7xhqHL2oxL(lI-g8dmOkMz^?A;Qpzh7 zj{aAMx7c1iHv7W)q*fU)CQtSY=?kKPPc~8sxxpYcLPL#E4@%W&m}^Y&H$M3kS2M6l z_Ul3e2e2SZ%~AoHKso)i$gcmwCU%gaML;0WxHi-=bX(aSMZ3!$PZ%iY^;}`dwCR+3 z3HweZ)^}cA&;`p!#05z|+cj`31Kid%Br9U8wZ}|ab`FrSE%zeKZ2mJ{I4ag3K^F!z zvH+RVRq=pXJ6Cg(I$e0$sS(LS*nyHF>iDe6`)81qA$gr>CVrx z4J-_cVacxo;xm(F?r& zMMoM=(=Qfwn!cPzR*Ut-@%R*B=~Hn#eZHPQ)uX;&%byxe-_?gc-^rhT_FMV8;$*t6 z-3R&U#v2^)VWwt&U3w_TgV|^3o^{KPU^vQ_43yx1l{AM1J=qKM9 zi!Ez>GS)Z2j6NAFC!6%ih|mO|%aS8>4e>JfF<; zjf~GX@*LmHFi?Y(*1ws1;O&Ear~R9`{k04UQOdMF)22RY4<+&m9x%uG z=J}-kujH1$k|D&qOzYpuGkPn}2-|}zv?RI7Cv$l#_xVv@jXGd$NbJlAtSR1|O*sIF(IkiL8e zw(EJ;*Yj9x8{i6K!I^wQQP(r%*E3yR&+uQ*@FVuqdL$d4U<1D96Z*ly;givkntU=M z8w&WO|95gf=!mo)zm`w>xsm(1k^8xk=W-*@g`=Uk>-Jz6f1FPs$NT3KUgPBXwEkPU zPb6kqkHg0&=^;m^`f`3d~KA~8=2tJtwZVjKz+ z-RY^?teRn0jGc2rc%M(p=mZ5wKpo!*b&4xHNsrpQQ^8W4%)MUgisUt?PFUc zM~!?{$A~_xzlZhT5rvn&tZGPp&FNQ~Ig^QqwYQPUDKN$7m>Xzuy4zy!qMr3LC<;tT zhv4Xy?2mdmeO7It8&^7U2Qv=Jv#ATVP<1{BfjkFydOr49Q)QbluLBJ{7m)y-$GHd> zGR7X?-AkuQJKn5 zY881=@KZWy@o9M+zo_FxpVbD^=W^osdAZ9RQFBq5f)|zddP!U6(s9ffFagy;Z#ct1 z1uyy+d}H?=crl+b^>_hM(iXV-={W4gc(vew-kkKOZG-_#2X+)ne=eM3O>Dv!Gn{j^ zmq%Uqup)NagtX~Ire{`_()Mcq`gt`5VH`yc@nO@OrOhx*)E0jX1wk<|UBP}Z7;@2s z<3+}^fw&MsWikLsD~IWsI`^>#9P%+T(1BRs;e<`)w;rL3A!ksI+$B)xKwj-GIyBG` z1ZUQg3<1&oR85G%gF2D;yDD^Y@arR$r}-CUdF2;da`-Pjiteq2$9erOvAjqV42Y%C z|76+b_^77^dWIi{+E@Uiu9ogd`ToiE1eTy12jqj-%-taokO|(c#gYyo1q$^Npj${w zoXkA;O?^Ykvsh6>!jiev{I4&FxVhm-C0%2C0={zy3( zGa%MToJbam8VbeEhgKOg6ff2m>sJ^Ncnj=MHGG8X579cKaKfVtYSt&PZXU}BvGfZp zw_BNG%^@**jGQ7{L0u)vbnAF&fZh!yxO%|a(bB|>O93s;E-@8W7m9?=LO0=Nnu1y+ z8FokX?>Z@{RN=Ax?8JD308i@N88NN8giC6g&VQWda0Pe(Ob%`GkR`-|f! zOe{VUXxLyBiVqLhH7;o(Aq1$sBU?W@sXHiJRAQK@5euDLzJiRN>&39z`(3gmqBT^* zU7&HSrv&dDab|`SQbsZ;+e8^AWgA6X)Uyi`e6VO7(_`B{9U*E#j0V1+6hZCa=L~p9 zx^&O;pBsEXwc6gzYWa0?aNO>*)Hp{) zws)VVvk(%mD#KO_cKG<1;ehYbpL3mk99uNi7*5+Tka`R=`tgDgW9tc}SYFvu;=yPe z%w!C?SV9YO=pxiSPh0SZiAcXjdmX0^u5^t6Q>i(IwX3YpC=x0xFK;}_H|>j|LHX;3ml zb`gnXW3!7vp~@P4Lu%e$q|sfJ_^_rf`YKYRXvfG3{`;;R^UR66)mT}{!s%ivR6TJ> zyJ#?(m2|O9!T>;e3C7fh*C>=8 z2HlVyWJz>hi!!VXS8EgbnEn{FMU?I!> z*6u|p;|wF>$$*4Yjn0OpkRvOs_2@?-vdZ4(pCO0MqiJf5bUP=vp&HDqp2W=uQGt+w zqMQ9JNW>>D2r(0qP*>0;1nY~-#_>%=tw7y^dVgE#S<0J^Ym*8vV5Wrrv0*|)f_9E& z5wK>7dFmjQFN;HCypWgDDa10)x0lD^TWch!r=v51YW1Tt3q5t*1t-KeEQqlp;J(_y zwwf47qm6zaW-9LKl0bM{z!gW(EJs)khD3!9mtoMtdJH4OVjP;rygo7(ve}g<&t~C0`ty1h_evh{JxZ}^OLo6i}6djt)YN~0A;mk%C#ztQWo#2O; zqP}4L77BW;4Oanr=~RA-XImYHk}WU%2>H|J47;b;NM%OFVxoqsHGqdg5#L`D@b-0w znp1EC=pc&tk)1w^ZHE>DDR>GnBGylTSo$DX%49qt1Inhp^ubeA-!a|Li_nryTU$bw zZ$o2%pr8vx1=&|lM?^Ch=?US(Kv2p*T2KQ|sh!}xfM_k`p((=#;T}L)R@)AaVE*}x zV`K=^Lj{!T{Q&VX8C~T->a}pN_SUSfo}?zpgUbL@Scr(jWMbH;9SPqL>;rIZs@3h| z2ropC%VsF zkmP`^Bnqzs5k_Sx=Y!UeOm(%#0o^Y$37BU^-L}fv#)ga2hSo7%T1QM?_e=fJy8S|_ z-6u=DEMy?=81}YJQBm&)#b_>Zt)ZU0iGoNi&`*-JL*fOlt!3+6=9+(7B%l#s0Z!LQ zLI-ovr#ucr+FtWsR69kMT+UG}iPWAIa&P42W4VhdT}b1k0D-5XbSBUeWj6K1J!%M$ z^3Dv0wt=cP*oi*9dTte~S=OYD6->ftfanN&xXuQG$udy{gU!_b$q9D(p+OXcU0%4( zQWg^c-bA)VjZBEG_I1~Dis1MF8w3j#FXn7>l;yXLz*0N@VQv{N6MhLo3LQ}MyscNv zp2!>U1WRZGh=mZPzUsxntaKfvM@C{G{2-sUHZ69`nk(Vex@~I`rP2RJngc|}^qC@R zhLy)Itf?r_90H}dt}fFH8?Y>P*BrMb$H4K+1%kd?`mLoui)2)W0EqxOB`An2L*a~Q zRIBm~5m*~FKUqsG?z}KoT%VFQZewzjTSYP6J!5pE|C~-*VTv_{0B%DC;1wYk8v;TJ zAke(CA1@wJ@9;@H9cv0V4-3k+XOY|K8I7}A3)!n?iwl^Z6NL0AMWO8rtWN)4+EBD| z8vR~NUg!lMi)QY?7V*P=0>rt4RMIRLK}`ulIAR; zswhP#ql%*){74^VT2nh%C|nYj1_OuJMRJZu(y2m-qRToJmoaTIlKkP2VN(e_0DXsv zWUH<|m<;XYgARqF4= zS{Mf8FbdJb6JweYvn(v>I2x-GM`Fm#L<*f_}YgM_3yi&a>Gb}9`!!^D6ERN>w`J5B(U6WC-Okw>{CYXp5-g}*U_sy0 z=wD6eS+QQswB{7Y^&hentyEu|*6I|Hh?XYRRb|FLbT}ig4tniv&GoL(N5at)a&9)j5JL2*VHd3R>o{d-upY>&^8n< zA~frMSDIZ;|L=uDUe$kJ%M=6ccn@(9``6OcF0R#d%og#W@N{}DD*fzuu@}V?OL;}W z$s2+^?H^8QA#WPT>+piGT*tW<_4GOQi$g-cA;-ZtE0SJYPzxOJ)^Izkd$2qAY|32_ zeL#$aM*Ax4YL1FMr+#?(Qa2Hh&J2&j2vPrqzA5k2c~*CrJ7UN+RmH_gr|;bxi8#s& zR_sUE8k#$}N4A%pt+pHG*q&P36E|gRAl_T^HXT~f2)17A>%1n(Q|};N5GGhFjX2wH zdqI7^E39BI-L4L#7o8k=Qdh64x1o8R)0}XKZKuWwd1;5A={w@-bO`@27`oI|&h<8i z>h&yGEd89+oZv&?KqfdI@}#afoB3L<&0|9WGT+*?SQqKy2|d#$a7{Js-k&p~KUC+F z!V>huyge>@9m+O0nHSPq{a(9V0v_JcfAj~m%#)tpQECj?5*2Z*SXc+q2Syhz9ds}> zgJ>5VNss=1Q@u0db9po<$)_b4Z&j~P+rAc^l2(dOJEVdFLL_fdbuniq@{6HURS-Oe%|hc*1~E{ zi~W^pu~8(*iy9X$SP~ubeBc_pcTq>S^m~Gv*shKg59px1TUqwo0wYiy1%Bx;VL80M zfX{lM#VOpvDRyY2bnNN8rpSAq3+h}{n=9(sH3#SQ*X37Wl9KJLv2;w~Regh29j@Ri zE#O1qO6>~W%#zX;%1U&Q-m3eBwk=!M##^hDIcGdm;sOMHn27_N!;;&OFvq?=2AlMT zSq`Uwfm8YhpT5_eYl2MehF{ZZo<%1>f0+BOawRTdABg+Tl$Bi8Q@QW!TFa==?)Ee3 ziGKgq?&0aBoh>{_Bb+BFD{X77~q_iV9N5HJk;$hwao$OXj5J~Qodi)lW*wx)>6BvRcj+EX@O@Pro&@h zNwZuK1mMVhEZZx)TI{wCN;(dd!xR@%f|a%(PYr%;O{GWI`gFuy(gIJO5*D!iuqp$8 zEroaaIOL`%em6bT{2JPm9;DIo2s}R&B4gybXso;1S%d6jgchDYPSPT+hAdvNwbFVm z2?j#3E`b%qv$gf#h0vpvwMhHw))zES{9|O#hr(-Qrqe)mKT;T+n3v&r^Rn?al+3}7 zgNns}FX9TrsjL^$*tFB~m7|?N{EkZGD4ye4qzkqNxV6S4*?}CF4>He{Vwn=l0iN&- zdb8L06@Y1)dl)Ka;%e!ywXaC2-AUeyXiRme5toKgDvDb3Jlo%VBohBcqPaft7A-Go~( zPp^sFGOu*H+t$HmtO@MXV(%0Q#}ma)Lr!aZTJIIL(JG{sDbbYe(z&tK{74sq;U~FT z&pJJ`r1fl1s&64ipA>ro_?bUgM|a*99U{@$-jEK)d26i>dQv0MqP#{b?F%_ktQt5H z>m=->uPf^duHjpJYU|poStcUsCsS~`!gKiRa8#)gt*OFTGd6>AvDVCeeR}EIQt8ra z#{lDzXY;7-%1rQo^BGL5nL}98ttFYBUoCvY&tt7(c^ww^343dGPq;^~MOc++cVjKI zYrN3S+|q$+JgaW(!xj(TBT^6#r_P?5!?_05&DY32c=N`%nyJMpah!MbuX_p?UZRio zux##e!;zKGxc8hc2siegkuB+vtts~v1=U_@%d+qR)OP>mwqb4MJ~!Ep580aLJ?p4N z4(_pkLN1|`3_MnJ-$~tFNy|p&Y56U}j}V(H2MfQOxsN;|NlaFVD6w$Dm7eDzZ;68M&tIpC)jX`qFH?nLhc1XVkQ3_&8Z|6*v_--dFIIF(<_Vm@nLA~wIg{yYkTcz-f=m#{b_m53zAr!=X=-3ee|x6``G~=Ezh7f3TUBpq)W_x zQNLP?tH<@#Yi@h@*0YT--Ff6mAvwV6=(7$k@q4ADD#kU2LMcxGCYzQ(!`N&Pi`PwG z(5M*K9+xBzLWD4Ilr2CqaavfMRYqQt87Y~*d=hdTIA2ICs!rzB8)U`{Rank2&C{m# z-1T&QNq5Wc`mQ6xE}Cu#w`+cQ?Hsf+{v9@Q0vHTfH3;(k_wJ3HSsJ?pg{=s2nTa61 zE(H0ReKx|%Gu^r5Rx@X_I7A_%j9S&^ep-xh_M;OiF%Phw&Jfhc(W1@<3>O@-vN#iU zKmzuOdVqK}1f!WM(?J+(Xl6au`R-{6hXp+e%>X^)vw@o$Cg_^^V+^xuDe>{kWB>aWoLp7#6}qW-Co}GN)hoXwJboDg;6L%|w1h(^36) z0Tb^=2>C*fY(@#&#$|qN4IT6fd zEe289Igu^4>wHSfudI%?fxn@5HB5d_1h^?@40rqDfR!4H)%ZQJ!Mxa9VkUrKt@Rx# zM$|0BJ}}SQnbfZ4S<=gL+XW(kE-QxYUlc}GerI5h$af*C{ z*XH=*up$GjdCH6IU<+iwB`2XqWCya2VF^6a%Pkd1z{8=j%5Lb(`MNbsU5r_tfrwpu zZEmOkKvL`rpr)K!1x!l{I2b9IFEl2_H&Z&k3<0&*S zY!``F`XVK48p&Gwc|QZgpvSEp=_Q~sWh_dpd|RYWIWAJ%zrUhyy&hkk)FZ5jacm~^ zyl?`*G){u)vQSg32rxP6q&dELUQYx@t-n@>Ph*Ajh>IobP-501rvwO$!u0BWf*5OL zID_ni*h68mIG6!-H5eP_@K&A6^s<*lATG2=w)6#A#?R`T7Z>zc=5dD1CsF0mbEV2Z zcTYvq6uQaXkht`7h>>0 z0fA7NFtlfa1=D^M&L*R-EtY2G!Mc1_7OZ6CU-@X+SC z9_l%5?Osu<7fThkQ&SX2LA3;IUEK`{a@C2y;ARI@;82qh3*-Wj{7$~D@kaX+oJn_f z5U~n#Dpr7wVN1OEJ)*@Z3itXT91$u*02BeYSb+-IZK1h&3RPlLwHE6zCUx1)7kE<8 z5M!rRcKN?!$0ha{uglseTl&dy{EPQ{vyGQ9cz^~C`inUnM-GsoB#AJqO?mPK^Mf&lf)##v-}s6V_3@7u&w zDSe1;HX1I!b1iN6ub%O6G^|>WeL^@wgg9nwGYh)y7&M#DXE!S%DTmY4=r=9cVac~L zBiMfrrw3)$FSRH!0pbyLQNtb?oM>rM-UxD@r$!yUiTwxD4}qG6{pkN()T0(lA(H6? z!4=i~#TcbsJ5XJ`%w2Gf9)P0JK;~t9I)m)>Db?CGRm#>BqF`{Zxx0Ra=I|s6T4Hs0 z7A|Bh!XH6Dg(1ugWPa{I@m!FJRE#?FPa6IEa_gMZ1RN(8Vm7ujSblrkvZn;{_Q={g zoF36%C*$ot6lSx55z5ozF_Hw1(qN-6<<-LbX38X9=^JEPmwKqLK*+$LN-Kg)ff|yN!U}YCUUxqpDx#;H$>T9*VM7tN% z(|h7XvYZ^*h0HWO@^@#t^ND*QKhs-9?ps1a{5Y#fKcK~y=73OEFd_yK=q$OF^VL(P z8%P^TJeT2mQ!Ab}mV>TUr$0TXyAW>LctHJIo=bb|0D_Wb28MCF9oY12WVQsT?;tjd zY^d(McuF$~s;|8WbVS)_V&(&K^l)9pYT5~mcy6MUbx+DIEtVL$N4rEg$M0z!g0s>h z8{|HX|I$|I1-B`DA7N{IjZWhshIt=qx9 zs2f{=^a{mut-Oo*^}H_Bp9nKIhb-8-51wAlxUGfS4TuzJhPeCjr#0v#(bl2_m4lNM z;<8;90W`fRHh)U`B~8DmIP7`-N*hk;?|EH2ukTOkDjQR@Md^+6)v|=pMTy$L2~EJl zld5IGVi6!)muLb@QM`^RF4!o+snOhQlCo;s=Zio)-+603?e!E4QIU(#oRT26)BaCsnG&sX4 zNhfF#CGls~E}}#Am=`pnZQCe9hJsN)D7LgSR8w~wfdbNp7uCX{S!j+tPn43oAiOw_ zK&shpLtS>^PKUT!=EyH#z=*)SeN(&@Fs35~M=lzsyq$FjTgvgTC9Mah4$r62zn)AE zjse$b>@IX{fhr2o8MEE0%Z`RTbl^`bGmy@?HCQ{)-ueT#6Ylr}_S0>q+N zkcLbHx^_6QjinZf2TE-F{!B^&K~iS)4=xHL2oi&i#^X02*mm%V(_YQ6hnZ4Y7q?ys zDF!#54q?z2NX3n?XiHD@Pwg%Ya9rL$=PN%fWbqP+!}@krr!GGt_WqKbny;j^HC&&P zgif36t$_v>H*Mz75BplSkJA0**kom1T*!-KOBCD0ekA825idL-5@BN`=P!`~YTLyD z0=AapX;IkGuuN^2lB6~{6{{1`2acmENAa8uhKZBA)6Lb2TOWE-QnTF@@!T>W-*a32 zYuz)giE@E;gcGl%_!WsxUXXA@l;M3kABc%=OL28izvk>~PQE^u;@s=yGp~?+?$cwijVUR)pw;)`c{!Ig+}pS>JSO? zholCQFV0DZe?n;zLF%s3q~6l=2ebmF$q1sj>OW|&cpq`)fX3$;gj-xIt#n4u1uZ4F zx*c=yt&L+?h8SaUBc6pyJL&T zhDmzDzCdl#503fUJrbZ*NqorOILmx3B)az~Vh1X0fni0vkS!JL@Ca3>H3fbVpx*TN zAz{%&ybCjg+RgNYY;!guzns3IZ?EbNnFsav70vjNte$TSv`pImwvzowpcUJ1E{9zC z)>-XCCvrWD1#lhOw8(DCIrq1gTI6PcpiZr^0S0Cbm(=znG!^b76*Q-W!&2~(jyfb9 zYf1_~0xm#|!a=>ZJ*S1W_#*USt2wsfY6TQ%0PEvwn(6Pwx9=}JkoJlVJ-8zuwfRvP z&rvNT6%ine2iTX0wEcdVnqA}X3jtJ|6JsC>MdZP3V8g@)O1C!IOln5cI;iX9Wcbg$ST7SJ=d6I3#Z7&CUst$B6+>7sjP-eG>Cb0~iAf>- zif`}Pwn&B89>@?po^iq5o9Y9i{+fvTi-N6%%S*5);~S}O$HO=*1$w{)cFK(A)nEDb zK>D7b<-fi9*X<`@?)TF6;T|ZxdqNmR=wiRwCTA9N1MtT)jEnn1l*^VK$9NP7>v^74 zzpQw79c((6x^$bf?lEA8B4W(=%h?1^hysX?zM}EJ*uhP-1IAOC68mEpm$LL9IDJL$ z)hJiXw{|7#U+M1D|Ib1u;{PwPP)h=TW)cX4A>1+KX)R5WGw_T(Bbx<5pCLtO#f`Xc z1Tnme2DySH#qPuvj6L0Pd``G=^op6~yn`#%x)LfR>es~iyqx-bsvqvGObu7+iTC zi&>k5hAFOd1V}@l73lmr%L0F^iyWy3!?o56N!^9gvKF0#G<;k$<9wIz>61G%`prqc z7+4SFe*wGa3@)w;tLPhW!t-FH$h|4O?9%0TX&UXG_uAzbU}EH^_v7p#>kCdH`kF@P z>MQDxHySzE%P+TiMI-Rf?eH}S@R1KgqZjQND==_E%?@zt99}1!yU*1e)?=8rgRPEU z)t%auBb#Bn=7Rou-+Iq`+xiQF5?G;n_(FRfH<44nDhtE~+|IG{``J7K+=vmF_6GIf z{1AnBY@92L9Zrfe?59WQvo#reaOiEZNC(fccQCxX03CYTc`fql9x{#{kMF zB!-PuW3I$M+#fiIxCwikc&)0drLkwy{e~p%=kGP)1gGO6xmm2)7sVkD$<6tqB0-9K zTU;ptX<}cj@*b_7t#8&3PGN4=2C6+cG`SXsxgaqP3Hw=cyj6-3=sEI~5sizycAd8b z^Q%8$nk*!*y;5M{TLf&W`@kWuPu9d|iRvw8%S>YDYP}_9PVLI}03@@0pLYJViCT*v z5&+zjj|Vv^Rve1@#+i7ayN&*qf`HQ!1{d@+VjnfZ61^uOOTH-HL}OJvv|L(}4KL|g z7j>q?;mLZr{aKQ}eHhd3uWPJ$YIa$ug~vMeek>QJi57JZVs&zGB8aC3e&bzIoQ_fkF+&(A5|>O0*Ma<4qiI&mL6S8Myc3?(l6UR8zk&I zIZZe2albPx=QNV5yOA%}?*s=4c_M$)R;-FQ6bXJue!p#-w1H|9*ye^pXY_AseNW$( z1ix%FoiWpwAae4R+4|A|^5RQ!pyFQT~@lb6^TwkieEzY17sZ~m@(k7;9Q zhYR4VT&B?vR}NO573KgHygP$Abf(Mdjy;Axz^@VYq^1VX%_+Mf+Ii56F+a zT#IOyBwhZr$FiLYoxqD4;nh!jgeK^_IGofi{A>Rk8>ny`Sv@ds%LMyf*2XTAoNKjE zMC>eZwec}|3~&yj77iEfYhSy$*~} z&qXdL9V&!fC=$UxAT1Wc;IO^N$xcyqjLZx*z9@)miSPM==fdzYhmc?diwAa$Mh`&eyM$CB}5ky z|6)aoMnfMm!<6P<5wtK3jAF*{VH7pf0GEw0AM1cPxhAqJZIU*?3(eb@lPid;d(#($ zshlgD4!6B^upyfPBHnx=uK=NI#3agnNqPkavtoTWZ?&+PfykcJJzT}isQHD()EY@-q~*l^gh-#ZFcwoHsC20e(q*fQOT?=^-pLgUUlnmL)y{ahpoH~sr%$p>I2Jo zdB!vCljYc+IN~MkY+Lw^c;ngZZSR3yix?m1LaVf^Z3DwXk2c4;@I5QI!2=;kb|QA~ zU(n1+9Q~4d$tA#B8Pk>gx5qinbnsNhi~}(3==cmI5nO$kw9670fhK|y5~go_I*PZZ z+e?BmXb@h`Ho<1Niq~tIie=jEjk+?5VZs-RvQrGmTWM-5mPO~<{^93ts3l>6;QXl# z4~u7xDsZq*VT!{lX}JM)ZE#&AxS%8@U)u^!DYv+#PlCt_Q%#2{oHlSo`FjdJd`&Rd z3XoE5c*3i<%wc=Y8K@#FGUJ~B(=re5=&I`Fr+3#+W7^wCvqG1uJh&*xmoze0kaO@G z*Lo|v!I@}Urk%CA+B4=|Ak?V?JL>g%Qq+hW2gRjLH7tLergplnFKC+c0%D!h_APD~8YJ6e3+-hfZZ+_bCS`nkP2EA%rmB zk_^L@L7MnLF5zH#8@t0-YKoa`6nj@^21VSywy1){@yD6f$l3Pzg{LnN@oUz;Ie42WMej|Uy z{ad+zQ1ZIw{8hydhvq$%Pu}dieLjL@Xw%s3-1m%jBCrdv_If#Y2YVaX5xa<#badDx zcq-p@CT8HNndsTdn;1qX-|)uj%_$g`P@IEb@e9wUAC*P*g(-Lw`}U~)j1VuwLb3;) zO4woCu+CTB;fZ>-@V}@h-X#7?8#+G z3xfQ%M8lP3gE`G~>8&^4YoCt#FN%N@v+CU*%Lc%X(q^e?k#-c-ak8D+rmqXHhz;X6 z?Tz0Hy6W&6>YiC5wh+Q;S7`$eakeeSCs|NY^)&793)8mX;8|UXc;(clD|*7hJomOf ztNlZa;5fgtSQpePit0M_y&rWzgx^LMDjY@7!@OQZKGcrtQA}-Uo(QU+enxF&l~8JD`hOy3UvRv%!wL?+F(uF%ABsKhw+-`b6h=BuD+0AM@eN9WHZhmAyrlvjHMlR z2j3NjY=9HN$!dLT;Vx9}cW9mCdv-0}D-po0bsyuH+*Y5)=2abMT<+%tJRFy@-jSh8 z&tM>6K!HEtMFoesz;|ku$SE#p+-LR8wZ@O-)?mvtl4p4sC&BWHIf7T#vy9rKp3$F9 zYhYf?;&N%%t+xqU7vP(KPG!9tOmaX<#kmBmoBa}8@!FK=vsgai#Pjm5ek%wx4%M-b zN|{mHZcc6d{vsCQgoqG}_^O0-j27chWkzc)gb@2I4=mw#Ws8;9$=iJwCL`@c(5Ia} z)-6^HmNr5JC>$3ErUDE0M)v1o5q<$Z_^@wI#2~h*@-mpIJG;ueW9Y^%JIi1+^}$$q z5sUyE^8IC))0E?wFp#@{j7YnHEUdYNX#K3dd%`|FAnqZ5n0{DOK{j)0PvWNp7P^au z9=x5&W=<`k@ABR{LxUNLV;X%=ZLDQN(nhf&AsR`r6}fCqTjr;HDrJep*Jm1w19xGW z#hf6yS`wyh@J^8-Az9k19mz8K$y#WKsi3x?V+1849SROg8REYWGElS(N=L||lwf{R zK?nwDpGXsitlp7(KgvllbQO#^=AJfz&JFWB zav@8?z8U9=R%J5(A4^j&udU~kVit>k*6AL7@4)yVso%rxTPx$Xm`bZpgmkeAK48rB ztxtcf1&Kmpd>6Em#2bkRekj>H9`Vk)*7~pgtxK|YV6%7&2L1=GvK{bNQtgrbfmeuh za~1$k1MMdC+&QaS4a=LBwdtrq~0ORtQfaWA3 zN~I141hfGmxnd{U&1b>LsW|guKvy$So%B`xdsvhFvaVCqZ<8b1gi(PY9=bLw=0uEG zFiqY0@pQ%*#XsL&e!*Pm53>JHD?)R2Y&AemyiRX=IjUa|XA(lPexTmUvm}X8aJ*{r zB^k$yIf{n+3y{Q3OTW{)5>5->h%CM=X~sk&dKWg0ZNB$)_f=Urbsqs0GNo3n^j1<& z?K4LIH#2fPZV+?nnNw+POq6Re7IVS$aG?WwwENONKl71bfVrdK|A1y0IULzx$69v9 z04L6D*A5+xb?fMvO_i|oB-gk3d&|n{O55W~Ssomy56A9@z~y;eL@co zo7jCz& z^)UT=*(4?m8-esNc4N7IMSBSCLz0~hPJ;w%A_VD*w84b|RFlMyUtl72KKHtS^m}Va}kb>i~rG6!7V>Jpi zE3J`d7|$@D)xm=w`gRrp#etd2*s{Hj-ohL)d08yjn|3{n>u^yE1jKF8qagZJhOrwf zhC38&?ze!7wN9;`iD2%U24NplQ@Z;{(;amTSS;4F`s>_gpWDpOL(Jl*SK`!IpqSi4 z8DV?JY=~p_vKaDJF#{aVYoEIN#XxZJg^lFZjB7cGt_W>X#tvW9WA91c=0BqnTt)-B zwgrdohBqEF3KIob9O%GM!nZ(X#eqlX^Q;`uu=C_H4ZH~NNkq1~2;Vx!Vu=N$rA?d2 zE1i|-u|EW>&MlM7^a_x#1+OiUIga7r-<;qf4uDXwYdoj9!gQ}!#A89%fc}Qv0nLduuZMAU<8r=-9Pj6h6pegBZiE~0kyCn3ROt?J{Y8gd5at2kOvSS{}}97C0z#Kdegi(x%M+u;QiVdKr=9;J9Aksg10_4gQSr z;JMve*3#vdE? zpN><2iN-jH5{y6ux#Gn?g$x9E#gImzQQ0>xLHLwLs(GdFT4%Rr+L%Tu~Nr(fAYA5 z4h&^O%Ar2;x^1uz1E&P~7}Dv|0{F@C>*I(de{Gq(Ny;LdAuOU-W=#4oPx4a6p?HB) ztr314h6z$4CI&gpib*W_-^$UnS}b7DFb7BhD9{Y(KB8_Q1r}j5sdU(;SYlO_i`)NqphO>Zc=C=yqv%{UBp$c znG*FX^<1UYW0QkU*uV;`SJW$;w4tnEkhB+9e>U5XR|N|ybXM@O;+VJ7A)}4^XKRuJzWOWH=Xt+Mt;<+&uD)D@1(!GJ19b3zoHLf(y%}<6E zRsed9nm6bh34lpdk7R7kXzg_PJ^r_ulG5&&{_a+6TP1@hRe@a*DW7|!Uej#S94)A{L zHZ7`sa6*`QY0M+<=3;<2LfTU8yjqvsK$;Frr2CBtvJHHbIv(#&qEw;HpLJDTzmPlB z5!;R}m5?ytpUuS%Ot1|CNd<--6~RMDn`w_UW`0O3UIE;Fx!v*xj)O=ghXdQ0VM=36 zhk?W?Agu7}xU2LUu}aa+iCSC5bw{-?DN4uu>KZn^0o+50kWuhG?})=q_W~`{O%w zZ829$C$UAt4GY~5;@%$%-+GrjAH0D=95p%-_0)v@t%a9O7lVHW%m# z`w`{tID&e3|0yj?Ae*ARcg8L|g4pjYBqD<_MvRwz{)Qw9;cNpB3;QlK8ufBJYF(n) zjuti$3(Y)8&@rnw^u60}5dj+EwRVIP!Zpz~C#zV=dQKmEly}=vU^sAmBU|uwX7p1U zZ+2Lz+HpRw(d$)Do1?Xhr7x#+Jgx){LxbUXTgZVU`(v1TZ)YrHwouDb#Oja&NVE1% zc&oduS%j9UXh8TaETmu52w&G)*nEX5t@O)|-LRoq>mm;6Q)~Q88&+5;0L(mxV^{X& z)56E^Yuv-N)%Wmm!_niBw!{Apjxj4M43$@Gtg~oob2k31H>aJ*t>I{My3~!4 zAlW8G7b14zwR7U5>=XK~jAOztzUxp-ns0H3VX;zjAZ?>Ij97S`I7mm3UL@FEdqk|H z8(DxyA}RqD^=p$N!p;uJCGkec#+B;|Ew72dO95@VAP9*6SVpEt%3Z$&ff)AN^4;-x zffgAJ^t9WmY;$@+(4OBI04TO}=Q%PR+G5j%zv>w=}1(>92jMiX75WT!LXtf zMfN$@K)?L!VByfP3^o*;F%^!HMw%e+X$x(yrDu4m>iLmjD6C0pecTyi0z`fe_q@Dc zNbqleGSd=k)vU$QlUi4thmiQDws}2GEUjxt_--2g(Yee9Oa)_r#}QdB#zMu00As2q z*nvJZi z=9FrrvqO><_U6rmGE0*52yL(G3K1tU=`MtzIezyN6SEKAzYzoUQnWm0DUBlW^R8;C3~ zA?PNfztzPXb#H0(Uq*F^x8+18dQOxBvHBF3pK)zS4!o2Ff|&?Goycgk*JS%x(cEoA z;f7S5x-c%2+E;IA>Ql7cPwFd&L!eW66H*=QWCNUon(4J5Q}cxh^y6lqBJ>dnQY1a)aWhpbI)4`PR8 zkSlft)98PP?P3kz6;nf9#1nox>&a*#_GU!W-SMamCI)dWhraRZ5d;=7bGq)gpT-+O zO2I7R6wy{}`67%6GlLe!p4yE_unlU4!`N97Z`A@0`gTa7R%8SKFw|q0r>%w>YSg2rMl_DLVa-^sV`-q!BI4$#nS)2b zfuqF8W&9f%Bk_h#(y!PFENPC@js8jNTSaj^LAO4!TRH^ETV0gm1+u3lH@&vfis(5q z+Lk*0WiN1QFR~ZU1GKYX*tjf2weLb_-`%^gByA3JXW5(ER+gzGztTGSRP)cO$Kv}G z1ivh!31TbRy;q^k&4fAYJ!ENyb}Txd_Eyg8TZvbs4U{DyJah`2irKuxkP2oeE0MMl zAvCwxzR6eD!&RK#UqZLz_J@NT>xj=8jS9vL-31XcygzA&y~UPPTT3a{~#uG8|Y4h@Zp zqNtNKfdNzJ;Jsb+(~m)npUl+GN?E~=ug=n+)8_VCh@KC*n+5;SPLUGJe6y3DCfv(o zBM}{`8;|`6Ppl>SI)3gT^X$hskY1?Pa!5W0I13p!( z*xAzJ2kE)K^0=f8Tl?XI;_T?yhE274*OR;2-)FU^5gq$L5^_<$ZDA2FLeivnjw zu`Z5k*$^PPg_&k29w*##(Q4Jo9>*T}1-vNdFel&_!(8{7gaOtJY}#p(Zn;>_O7`j$ zwN2Zy-H4HVhI}{vR?Hr6hEp)$k%+R`_<2SnLdD^eM}CQ`&=IrAhm~v}evUn=VOn{N z){IIsNCz7+L-z&I?!KmeO5@s$QIvJY_bJ&ctK78M7dn)Yz+pJPO)Dj0t^Ezr#CCc^ zZI>RJevVJ>2g>SGWb^b4SvS_tagR8U&&D1cf{u4J`0F(mqz}1@gKq1Gzf`BC&6F-O zCkh@2<)rCY)wKPh?!jrTc28TqYBdhhUe?*hA9jc-xKqEhk8xNBToj@>V7ynpG5TGQ zfNOvu5Q4fGN0Dv!(V~m$pw6oMyb4FgAWR}o)35a)(fN!@ zTowWg*7T%6mlp#opL0lJIcfvTQ9VY5Vct=A8^pb#Uc>wZLZ0U;3!qU?wePHGO}0oQ z(gS`93rUm>XbN`J%QU_R;wPP2OOgQrLz(C8S+Lmz;2rCW*0_lqntRhNI!97Vi?^cl5@o zp+T@oU`T8MSTS@93?1{ww&z|E4gkwlP7!Q9C|ptl38UMlMU-?MZpIC4Q=dRzl=~pF zJlZf)crI3DQZ8X=EqM;8LqA)DFe4Ytd%nDX*Qf;sp>6a}p>*QJt>6vJ#}qIw?C1n= zUBvWP1(5Lc;qg`>o3pGUZI}!rBf|3(qoZ~m5BR;GJ=Ghq{*;SmWD9kPTM5(aQA24f z2#xrYPk%_;5Vde12NFSTcra?T2$|Av1SdnQ5v;!}hO{-@F2fdbu8l1)((=KV|<+bx^#;rnNgUwD0y_p!h z`jUtXJLuBb>rR_GzmK06oDrT1#)$LCLos&^1lvcfJMT+KAN7S=SBRk`zzGVy+Z*vn zSAf7e$SPKXb|ih+dK*$BWLc@)5)3;qD;#v|sKIAu)Q?p?`eWr90a}_)kYXGO=d2lH zO6AH1ywqGvyLkc)6PtB9qi+B%s8yV?BX%Gb9va)0>qI;2i9e-{k4vFnRDIX8iuI)F z2!8Y4Zm1XNbd14f=E|HR-jO!N6;of@?1;u=^1#O2ux(zP!<^U?ynO!jzM-peE!w5c zy(`t3twj6035xBtOQKK|8#sab#WR~u%7mHKou?Ho)H|Q0apVYi{x&;N^=I6Ax z94g@JeGfnF?6xVKm=2bEmo&;`OCfD7(jn>>694YvqL04`RPp112bQl3s^e2?`@r(p z<-yz!4=xYv2jhBxv*jYwzv!-*=WA12`18wCTW)Fg`g8a1tXGTC9sPP`YRmV}jsJet zcYo~-1p$->%Q@8AdQA!c7q>`HW)j($5aioD9Dk1MrrQ7T%li9( z=T7_2Fj>B+$t(IJw18-?s2%h6*SvZxta=^&GyMgk2Q%D%mOuaF_}*XUUw;YA|A(6X zB~AY?HRZxzPi?s~r3=Eq^56CPEn>MygF7?2v2WafzZxw6=Eg<+zB8-85YNR2MLfAr z4RYsjbiOctX1!*pPVd~-|8;_R*F*cgF2Abd2#4K;QXj{PdmAXoNe_jsf-n z++S*?-W>O~XG~6;?=ZJ5qrbR+o4<|+*|YiXe>3h)&u+duMJJg)mb=N=*dyBb9P0vF ze=DQzxAaR08vT}5^|h&SxB4z>^$_%TbV>vKjR%ZZurvA#<^;wCO7871pxR~ln1GO% z?}Gk4dB)7^?gD-B?wHv2VD5U$um3|N z(r|Zq`Cq#4AvL&XtGvitURrgppEe^|k(1$NshX+C2S7ZhB5j@ZLjj_g= zhD5NE6%Xpq?0pa32NOyUZMpkbl@Q{mNsVtIEq|m(?*3NR8F!wQp!-mimcQJP=tiDi zj|;yre&kNRBK>^l7mz!Wp4(`mzjqI3(?WkUuWi$>yFXc{pMqD^{6P5%m|K4Ezvz~_ zKmZ*^x8w_%2XuM!-QSiNXM|@ZvG|L|)!(~+I2P}KaD$=w@}U$TIup*3D%6#~%jf8C z=kNcH&ma7c`TO6`NLqKF9$2TR@BWE~|DLYt$p@#$LiNE1t?*fg2OqpoKXf;1ohHvaK*0(xrdLF>A^4@p_X*DZG+V(hyQ3Bu!9ufWE%&}Dt*%env-?mpyp(h7Mn zVRqcVT1haE{vvnvZ}R8A)B+13oA3U}6X55+Ek8BCS$^F&9`{FixF6}V=A-M@!TLgH z-~aD&m;XavM0ND*|J8jD?#gCk{_>xWnLYo|-TxX1I7K%?dFBF229 z0_AUI9vzt2-x{~=LGw_4qUvI3F1vE0-m_&ju>e0~X8m0H+}K3mTQEA`wH#w}!EMm5 ze3K^NPthj)`dsS#p4#-lx;&uoer_t01V2O)qGSI(HAd%1zcYJ$b}ULh3v_}qOAMG+ zA|>~rFJsH`?jOLuV+rtAV@m$3OiF+Cf3x>CFmhejnc%DDk4TDYktIr|Wl}CtltfDG zV)Y-{q$yebE4IxhX?C}MVmowo)$8sutE)Oy)nvD1*+uq`sEj?Z182txl8I-=!Ptod z!~+}aAP(T2b#@)Zlg(glz`=Tf4B%iLjDt-UHeh43$bR2B@4ml!)m`0PO-i;X`}M2$ z?z{KgbI(2ZoO91PS5~W^IP&qWFUv#9?Xs4AS*YFlnpJ<9Qaa?nR&?2jcxcB%0Kw2n zaO)?Kylt6lB5v%z^&?P*+{UZ_j51(@@o|B)6>5|`IJ`qOu-3yn%!_Zx4d`Dx)rvbQ zx_`zgD(nxiEq%l3_R>+sOp6wXKk5{WKPpun#sjS!cVOuIXK*>ZgB@S`hFp(=@3fHB zKZ>6yB<($7In{_j`TBR9;rOL(hU&M-8@po)#*fe&$gAu!f&8(+=7^ouZ|PI>cky%h4X!7D z(Q6r0{N2CwGhxx3)?d|yLjDSl&#PXbZ=kK2LYVrZF7pFt7VeWd>U$vMFDe|Ga3DM{ z5T18_&C9QO`~n;@V35*UIYbcCIr{AJ;*z_+?8t2w-7EsyT3l*%am+`8$R%lH z$@zwl1<_0H$G4r2Z+jo}k$fzR-Xed>N4GJ9IEitkc6uL%;wt2F&dm)N@Sg1}Y3B_&Y5 z&NNOQLUBQAz2KB$>pDy224l4JRV}#mP5ebCmcEIiRLPeFP~LpjRnwO~=iPo5<-m9_ zRkY#T1JdyA0jH_k10dM8mcu*ZHSrP%oc4 z$dXq}e09t~C}^kZX6R3BP(Zl+MSDw!98l#(fHy54Bdk&tbv)Lve`(mM3Nq>b<(Js* zZ#l0pMZH#*X9cO43y(m}myukaMMIq9`)9xw&Em<`OGH?C>PQhN0)7DenODyA6Imy| zl28n-B+T@~+)Dtd5BX*zc<$FZVKG_2Y2AAi5%y}{>3mK+C|~-@vBGgvAFIc^Z=gQj zvOaTv#Hr8x#;b2qh%~=}fCnO;bvU1e%cAJF_<8twe7W+jRo?9jLD3Qc*0+OTRR~u2 znXnoMnGn)M1~r&^z_1~FXP(6&xcPn&XXZ150QoG0z;`%RhkKcjh0c75n!^Pkc?(SS zaFmh?!e61HdLI}()q9WGr9iDx;672?4b-M@Vbs?2EnL9pF5%|@L1q7l7nld&Y+_#} z3;mHZldE6jOe3%T8fWmW4=4wzehusY(#tWm{r-rrZvMGb^7ePRzGHI6Z-3vJukr|@ z7#~3?hiy$?a&fx-edUlSD-A9GKx+GARC4<#BJ(?Pj883S#iQH*D2kCQ?E|peKZAgR zDaC0?m8li?PBF3$tsW~gn_d2iG`lRK`?3hDx4y%c7xn%N(p@ePZ|qgE=Zyo--+lVG z4ZzXbxAgm5Mzz+JLxwlHoaGP~HGM86gPdk1;lKsn!dW3R#(cZDCBA|;!fwq9`1kk(!?=>-YrQTVggDHOAA^PfOQzg{p1-pVszZDnFU>7j zp-c_u&HY>%j(M;53XwW5QPB!CcNpl**8pYZyDf(gwK~&xxflAxQPhCJaPMWcAs`MD zbzk7)@3*vaZ$tj#8v%vS4sb?>3(|z4MTs0Nj#X|taJkeQplfA}Pk6(%R&HKG{pkNZ z4F&w$>LPSy%)8BcxBP$zo(I_juk+MsAQE##N=N=% zQuz-{B5D!*=mFF;Zuyf{^ z%9npr6(s(J&K<}0m}7{C<=EVP-o5*Rd-p~6?#u4oSKYg>yLaDk@4o5YeapT3w%lPH zK_6`G0pgsn&};|NF%W#$z5Bl0p%l<6Mt<;_UHFMVGK)EauOGt$uqEBia!h7#j5$61 zUHuCQN8eZR7uY2waRUsu5EGZ>7t_{Kix?*aYGvE)qPUq{?t_4gLVDwFP=I1SD#G$!N1J*{a=s% z<-aTZ!Qa0=pFaE#`@i{z-~RM{e?Iw%-}>5~-~FQ>AN@bR|Ns2OBhUW&|8D)?*?;=# zpN!`J`$PZlz@DF<`RVneU;66G&!(y$%l`Hc7hC`E_W$zDGoRaKoJ#i5_tT$#_z;8q z=!HjT5EH=C>ufy7={I0vIn=LWuit5A4+DjDk2=l`aIiIKbPsj15sz5`_OQXXyE8@ zC^#VF&b@J2(WE5NAt8;R{79_}?5NY2QheF!3F5Psj@6-V7=5gvWHN=d@!Rk~MB+Oc z90ZacpO9>bcfw_;mb2q%u(%FO*a`L&3mNA!y5%=Ao@FcW*#N4b=bmx>CfWIcF_A81 zE9LiV*Vgn2;U5(5TK2%W{*|pH$%3(rBpRMo&+ZcB3cUHr0}al5(WY&kqBkcw<_%0F z4LZ3jteL!1iC{4=v+gJg>jdV4z?p+V3KnKK zs5%Q?L7kqvHn20MIRKy{Ac)5U zkpVHkMG}9TaXQ}tx;$c9|uHEWm3tUx$3p_n3nMjrYwK;z9Gq@vdlEZQ8 zXy!loz}BmR>5%Cfe1Np3Ni=o+CVIA8z-;x$=g@II4T%Sx5(y+l-jm`qS=FSUlCfBWlTS_CGX(`>V>zXSL6YBRAv=KzC0%jXei^p4t&ETe|fFyJJY|V-_R0XkIiq>Yg2>Q2Yq5{)RgGt>%`JC))8FEWBeKHP1z){ z&()8^l|(sm93wtysO6Iw29A#&;-(Qu3?H1pcMRlWIA(4AoWbGL^kgVp8km%xj^HNc z!&Tf-aiH^YK?45Yok%3Z;oeq{n(+k|;g6X3ee1B8!2W*ozc#+lC2I$e!!$oKVTY~z!j^>R!pm739J z&0K|l(P)SiWkN;BBQzt@d(c}QcMUNh1%xw&=bW+gQ%rD95Rd+m@t5Q~m1;=&#BRUf zoSczaZf!jAGHjFA82U5x=;uWqZ!!FcPh#OE@(I%hsfPKpRlHN`BS%(R-Oi77CB*{i zRKn$yb`Vpk_l9>hPos;*P*fLd`P}>It=*w#Qm)CDSS%zu>|{95gd-l*gY09yP&)g8 zvO!G0=OGsjBQxpy!K_ALdg0m4AAq(!ipe<+#py-FH@s~93MR}1rZ9!jNr*?3tv(8^ zHV+0s_B;#0kyD!lcpa-TrJ7d|{o9TurxO`4yRB0=TcQWcc?e(~911sG8-c28BVZkf zf-4&aG+Z;g%g%aTHQfvYPGl059wH4Aweuk&@aRNDK9TYEq0IIKFNj?6 z%r%R64^9GqVCf@XfvCW*quy&W4Nv61Dr2e9B-;f9wB{2`TlQF~)tIt>8EFH$u7g%W zjTsK5!E6ltqDI*fgebaDF!pO7^(Y3Ll%3V6E@6o{-4m2${gCn?VY1GXsEP_2MW%UN z^)%#%)j&zn*E^J+t8K+P6n^E;P4h5IP$Xv1S`f`A!ms?_g-<76qp%6MS9R>AU@uuO z#ZgM@(LJs;!10tq3T|pib+HiafsURYk6T>|HyTtEq8nx?7lAv8D~)<;ks@Br!QQ8F zmjc^h3C#+{D~%Oxf=^No5y|kUiZ#F0K+sr9y_ZKf5b4H9S^f39)pDC4W&uc0ttf9* z|Ly9qY*u6QmLBjw0D=aJV#bm~!}!S~VM; z4mRrVS^assp6S9y$T0QS)vmmBa~auZA^qa+SEFqUkJ*ouidEX7>s^F0@~f zWtziG_7NUVuU8x*36GPz;9m)1aidF#9(SvhQ$zV1BS?RhC(#+T@Q@!7;f$D_Y(DHK zF%pVO&Swtfr1hb#XodvA`MdomkPGDkL!s%|iIbRG+{q+iP{QI|XZk}Lca#!%E-}Wt1zE@2yH$MvoFteJC0vZ z;s1dte*k23@e&Y4B31h{`^20XUTzH{(MWnU7BJg}w<|$j?N=;AaD;87F5P}?08P}l zf+|o2u>&P*Hhz;(e-t~k6I}-I{&a{*s~2x;&5)yLPbIw&kf*#6FsTk`i7<79cY(|@ z>8r)<*6O-u^|R~gHAg(^{Ow@x>z6u@{#MY7bzvD zJZw~5Ki^oYvKX@+~vj*)`9)AV|XU4(5$7zD|A4i*gC{Gjjd$6L> zpWqo0{4^W&Ufq?}Ik1oFaxW&N3CmYoKA^Jpc-!emyjxmR^!UhvSWJvP&D}$htybO4 zdW!SJzr~^J3$xjB+o_Bz3sOFMN)tRVn7v~B^CdN+{2M-4!<8YXL z#a;Z2J&Kzt=5;br9}irjbJjj$!M`zw1=yq-#OAtphO%Gbd7|D6O=DsJdzjc`PChC% zR35z{Kj6ocNxYKuKV%jMcFMm`OAhMwZJ+6`kq;mXP#G=@k7aI(y~fT)9LDt>yJtia z$Zz4De*&o~E*>(~D;yM5I3RHkKZXpC_#Y8wjwF%m2|t30ppt9aIY3jms&HQ8I;%N- z8ofKT8vpb7X^m)Th}n}dbxu$*RiWji1ur90?5ed#pC<9vH?>QvHBYwM3${-)c@ivw z_%bQMYL}RXnJc#j(0i)wBYQxH<4ir(aoY-IZxG`{%U z9vtz^1YDFhNLS1;<7LHSf4PS9Epv?-LN(ctxZ+bDU|ZbIQNfj2ZJ3gpnL0H?Bxew7 zsaG3$ph7}vh{>Z=me5pgBs)%68)eQpO96B29JAhQJqj7-IG!h*|Fo7~bdcFEHO-r8 zm!^g}%xC6ac)%(b-y>oC|N zOy_`E@+A@ouk1xK0)F!i+wBK-DXWs7aNHMs5c>Oh2{m%$!{b2w(tSzACDy^!L2ERy zlOjx;<}bG%-U|v~3i}VC{ii~>G35v&Wnk7EZd=EZ8kJYS!Rd!!CHJ0scR>pC|GI_p zZ0+qC^vg7Z{1otnUyM8o?n-9(6j;MiED=vRa_@2D1F6!cDOR=yjKr%ij5+NFwp@}R zU3JIcDGvOP)>N9zl!G&M6)o?NS(k&A7%uJcO|`;tBU?A=Ipf2&Hd8H)KaacwN%$pf zAq{}A+hh;iFJWUf-e*-;)><(=H7qH&sp>~%o3Df(EbK*R?2_2J_8McwO% zGUYWpE`7R;(zL;3Bq|W3VY9{P=hM}n`}ZGKO@aj=P*L%||^>=^|^)nCAueiLEn^_cX< z#@faKx2%v&KF*)G$AU1O+(lVtlbP99#41PO*@6Q*1mGGa068Oron zreV!TCg-n^;+W*v$fl}ylKM;nRt~cN%%%bS@?`Z9NMV%7HUGoO~80**)h#4JE7%&(adt60=%btd?yK(Z)#o zt|M#fODITjLwWahzCB`|_2P{hX~@bs^GRxC?6KG(uMm~zB9v%OMw-7%cpaL9G7qHk z7glHV98XRP;(&lrC0CoQDpADc6rOoT3>6imZXy|-qmM>-_b|MXx7p2BqJw@`>@8`7 zgEDEokA|xP<_(P!Bp8yHnGw9FCGaf3@5R_(z@6GF&Pr)k;@N-p4&!6f!a@HJKj)6C z>7od0IHwvh^$0aM(ipS&2idLIh`3OzZ@?HPD5vKE&N__?$l#Gu!lB^97X&zVi3`m> zHcJB_sez)%UnLT;U=tOGQguVe&X;+Pw(4Ry(sk z8RRS_nVMvU`ABi{k#O-~|DOoI9t0lzK0eND;xxNMk_{xlC>gauX{Sb%y<6f>q;MFL zOx`>)QG>$tDgsd*89G96f0#3g{MR$Qo5{1bR7F1E7u}uZh}_cEA(TgxcdmZd=U?H> z+C+hH9wK*R+C}wWuf7WSTiC3E*$Y*Y5+sGjdWvSk)78jE*X^@6L0OF)fcw2k{H1)B zMm>C50q(sM4ap7XgqyDC=X`k3jhR5&&Dee zmhVaGY3qctUfO+C)nl{l57A6|^KU7fTdlA%Q!XQ1@krpkV9O=kF+u?WII^mfFbmBm z8$%vJLRO(-_Rck@2e*ExISmr?q&#Ybl*uXi!nLV6mFF?Qs#J%aA&ru~1q~Ukgz^=w zL$m1H6vRw%G^i0i4B@*9Usz)dE14aaP#@(cv+Y?sA4$=kRViDK{FQpchoP@Z{uFRm zJEQ#}p3un|Ov#OkFO~jT>(pvf%CBVvKdVz)oyU$Dh{R+j2-NLqi~{#^G_>lVr@;lA zI_AAFW)LG51`E0xdMmreHIAAU0`1q(>_teS*(QveI7iF8P@Vq-slU-P%acKq2B{<5 z13fmif=Z#>sWBm7A{e-gks=2pN24-Nk(`@AM&V+f>`u3$|ylU41zODYJAS$Rg zdwvZJEi#+>1d=s|)p)A*W|c7pU$qSo50q<&Odfo*Hd2W1LlFbsE1F{wnJ9sHF9R@*XNo3>qXx2%D0H_Q_y|tU#gE zCTG!;Ss3zl*E6`j_cdNEr(ICEq)8tep;ut~9K(A4GN`=z?~U0+w=~QV(@Efrtm(~g zo_h5Q21aArc{4)Uq$ScXCy#<;{DvVFVLsZNMSt~%RCsyhs*s|YHHLMmWjAfL`Z;EK zee35DCU}WDkk31#J9$9}&`c9f1WKz3Y}<#Gbsn4?vs~d|pJ$>_wLQTPxZ3loW@%1z z&kfVFX8G>Kq$b)^j4G7;IV)P-9dKrg0NZIyI^w4%Y3KJ zh-G2X4OYeF$&C5|eoWo4B;|v-WMC~j4>r%4&a5`2`aei@loeCQ(ef_zdmB4 zVVRXl!$o@DI=>k>7>H`@{0$FwG)x>Z+9WsGHTrXA@gJG&Caa>*L1!gm>A6O+q`N2d zmnwjAPvWW@a}5(#85G>GYnXOxKh+7T)x8X)(&8WTcUTW3{_1EM zqg7(sy3iICP@0Z+Z zQN$KPqnKK~LX$wOXjN|qYowUK#BSUqq#EH5A>-Z!bGB%(9Kj<38OUbJY6(8+!Fra0 z$a@N&G$*l{ayjti1#GHZ#rvz`pQBM-2i5B4os-5pE+>)_iF{p^5UyPQLKLnQCi2&^ z)n(XQba8S9>P2}}Vq9p;R?CRhGE}p?{|o;4mi*x2@48Lzp$eemjy!4VK0pAu4ElYR zj~WGxYE9Vh+k9B#gB;;@yoz5mlI3trY|T03ZMtf}rzahCk+l4;GlD~|-OL4`VwI=R zQGJ733U^Y&o#1fr1J5q=aJX*ILHPu0AY-M2Ezv-`E5G-OFy>IVylU!ErIzxBWK{Bl z&xPOX-H|W^e(>6Wdn7?>tS>d81DYC#A*|uhfrrUQjDfTbO%RzR$*k2;uiFIMZ-TAc zd7AM^BJ6x9uB<-$4Kp~3Q%W5t1w3lP8j{;E17594R!+7v7UU=!gOB-SREbuLb5kJX z=+F+)uw<}WcZt3Ea0J_WI_o(daSuO>*`Qt3NHk({cH@|=SGhJtnL@cYXSUbih7qI5 z5GnB(D%kLVsV5d0gI8I@%U*cE_?weY?TlW9p~&8i4O>4d=QQ`K%{G6)C@}@6LMTvw zW3UHFE}AOB4R4t7c+?TDa>KmBPbJ|>LpdB8M^Knr!WI8&GltirnsD_YXXM7=9)_pN zNo>gR?VZZyVi={hl(cfALYS@CHrWY zn3GtAlZI8Qa7A>!n!sq0ad->xhT$^RQ7)(1WW$`&RCECgLqWt@Y8-{eb+dXM?S)W~ zcFZUnUK9*;%=4+fyrqrHL8h_+41v)cxJ;C-hDX(}UeQjZno4+78y<{$)zKzGk&g;$ zJN|2Gg#RBalAoD&+`N2YKlW<51ftX#A!muBrk?_6a%Ib4`5_NPnPWDYkO z++6KxpYJ}MoGnc4&dsE!?31{&tm=j-Ze3s7V%E?hXGgr!07Lxs?h1p7Rs+69cUPun)CMR?Dc{`tilt+t3+0MEgRWFMJ5B_CG*a>T_uC84+XcInCcwuV!qI8qC{=@_zlm87dN{gl zmnMrPK%24O+27mVlj=Hq#hxi%x5o=}WjlKT*v^-?0V}&l>@x8=oPF?ev0ND|<FzmO|TT~3!kiTcd{sJ~dKl!|%5ZwlkEZ9>s(d(xZRy}Nt`GI7oyQ1*CZfRXk6GR8uPIY5 z?~)$l#xl2NLQYVSx<+m za5?_y-0W>wc}vSY7N4$JzFTIE$iJe>m9)t?sC+U%gFl!q4$@# zXzeJbakZ>R!EeLwW%lk=lpyjcW<3&F0vxk=J(smhEyY>OdMaiei7w`!^DQM5eW0c@ zmbHW1pMh&ssdvPzcz;qNGquY`Nvv}4xItDz2YB{`9} zJU5ZgWw7EslS*}TrTCA$5&zEUuT<((3UKkCzVGhn?(AysY{vsF!8`oFcOZ49v%mB7 zDHJ%}-*cw-G@cIjbaxJQ^q=lO-PJxcbf#mdx2Ly%Fm-C+bYD+Lch~7uM}O}?cmL3t zGwrFauCCKVr#gH4Qr$y6eSN2fy4z87pr^gRr~gdnK*v!3U{8NXs<(G&=ya;9WAJoG zdw*YV`>Da+-oZ0Hr%(5sYHuGH9B6OvPxbZzfK+Orzx&jw)2O_!JJow;pm$)fzoToQ zZ=eStooOHJ9PH^G=uD*shfZ}3wfA-Po$2m8)j!zRerl+%t1Hzzbf)vnQ1|Im9bLU= z`nq~f4fUKl-IF@qf2!+D?_gI?XKJvwucxQ~RDTM?fq|=jDQ4~S*87X;8BC?8u+#(G zv%^`gzYtkU<ld2|>$WT9I%w@}2(9?M zK31CxXFi^V~KTVcdTs}t*K_s_m7XD&rDyC4W>;_)?a55rnQOy^*}1x6bM^Nc z(F!8fjp0I$GIj11`dHqLqc~~ z`+Ub4pOm56;kRl>ty$V(Zo{J$P!9VRD)t9IY_!9uU&qPMw@SyoxZYkQ9~&waXI`4g z>l87{nf_`_A3K$r@9L--s;}2}@<~zT+s_UZFBU6T(z&t?mSC5z+gVRJ3sP8Eh0l1D zuc|1om?)J6iXCMto0ZYam#-A(3fb~nb4P1{5;O?`4chZin)=J}>hEp^mxc+WQn_Mh=Q1=AM8bc(`tP;^ybDp_B_Au!ULBdsS8}uYg-B>3 zInnXz=W9V+4|Cm4PGmTJm;?r*A=OD3_3mj(DrQ2Ci}B`o^*1&L;XQ?7WgNzpdO&tY z0g`+ySB5$;k)FugwU!VW*cvf!Q)?#{$;w=*P$?QPH@j+9e=o3Ps3f{65FHJwX#oEF zW&^l8lTX9umCd?A=X+vH9a&vZoiauxWeDaI=V< z3k-L2sS%JR+FQ- znb|zVzNuWfq8lNlEr6qrEza5hC|5tT1#LdF7RFsuAWe%j+GJ!S=yDN;vV|xtJWX-A z9lBV#jE$^(&URGh^XcpM3lMs<5YmfL{?E1ISF`lE>Gf(r(VKixnwt?KRffD1>a)kD zuGo{@Ux8Xs{X$^injnPTCwA`Zc1i4r_1BuPg={_9&0h^~Oy?>#c5YpZ z%VrmvNW$zg7oHTc}==@5v2YqiYi#=m(2h*&(B_RJ{ zvq9cjD7MY!TyeK{_&0&yA8vL}eOt-?HG{^m&Wfy$k=v+db0|3+TobNvTfJP7{aF|# zl66G+H9k-FtLowt_y29Phh#@-u8>}ZeAa1|O$Ojo(XW#x$<9u=f4~eo32WqtU70Rs zUHfr=I-jRX-M7#`oy%uKHp-fz_{->_Ff*^5?0sp-u4JZr%cCWGYOItll<8hkZw&k! zcgbP@FH>XkQsL5EWvYmkH*%DZMFZrost$b|zxnjmM!?%UV>Yasc&bTs-!h8s{l^a2m zA7|n3kKcT7>v8p;nu{xs8JatTb>9Spy;+E%4uZ^=b?4j8tw+m$xPxdh^UPUq*2Ica z?)c4zw;m7w;~m4pdZv&|A?BuL>O5bo+Q1p1qob?yY;OfSpA&NxX9x5G#Mu&j^K{=H zJB?-A-Lpq>y9g9-c6Tlw!s*EM%*O-Gs4}r}VB?d;U|=y$ZhU{_8g25d7rn+Sn-;Tg6$KNoju*B(%H^aU3O>p*;SmI zTzA&?_OAJ!8eh$Z_B!!pd(D^ciCHH?!{vHZxs7)4(^?PFhFb0DoNqrB-nMI~Rrt2d z!!Qy4wxL!#yXHG;oGBY?^;Gvfe3HVg!ryZn{G|epN#dOpb-6cY?Gz*2fMr2{FAe2N zc2>u~Nn=5DFTw7X5+(1FcD{pcxpGX(7 ziF87|;}Yo#9EE2qiCj66o&X&tD#gSEj9!JL<2u!j(bdN1uplKM?!YWY2`5pUL@mB* z)!ojr{GdzM63C52II$n!vS+wV-pt;_##(j^m*II8^M3&cwMTuO4Z}&tz_NkuUGSjI z=OzKp3>>_ImHX=)iCO3UbrurofMv^%g$&)3;gp1D#A!kYAz`?vY1-#prnjvzYd4$_ z;I@pZY{r;C6vY|Qvfz059s*JJMiJi6;`p5yu@mB^F;Sf7NMzv21aI!d#Dajp!A84L zeDHnZBH4EDHWI}VeU6;T4?^Uw`@05w!0G0#7P85oTHm|OkV%84M2)MRBFb7X?7Uy;j#QcEtWXd06A1_=GA}}tnCuX{-H8Re0u}~4vSTOA1|cM! zmYs+SB|{^ATQX3WGKjYDO;R?Cxk7eF#L&&#nVr-n1*j!Nc}d;X%x?9TR-yfg`eu8Td$5643n$Vr#Q`!&de-hJVCOuDsLa~&4MRpR#lwXIY;dV^H?mOH&AD|~8-#LJi zHR|5PDv%z9-*YAnwmo3h*&1BvM7)E8wI62`fG4?e8pdf_yGc^SqTmo5>ke=zi^ER)$9AKYPm?(VCp=hDK5EemuJ$5c{hJAI6$ z3n*-PV7Tlsey>4mU(C99zLeuqlE>_FW`Kjnl>vAdguCM$35gcgC#4pydkaaiDmkkhibfScPZv=>_PnSV~Aq zLH^RBfmDjS>c5FuiMaxZDVKqAn|1AWU~BHiWK9+09}W$O()uKo1*8ckgw z{L~F(0ES{#@2jJgbY-smTH;mE6&E1VFk%9+i1Y5X6N$WxV!Soz};%cSE%vh6XQVKsl>H9tzmr0p;*IIt5+@@5>SWw0Fv`=?OHi(@>7^ zKd&|DVDBo~jD(HiY{YSh`TC==ypIQP=CVuXEfCETr>^axswsA4Fsl zCToFWxXf92y(D3edQ9LIr5$64Ve#N~CtNMuvCa)FgNI|*J$8Y-A{$YoGI6ln#9Awm zWkF;<=u)_22#|?(JzXo0w8q*+7f@Mb2+riw^~*vRXzxA_T{2h5>J+fF)pVnEuS~MDsrF=dD&;LI7>j$TkwtzZRuLd8 z^?(GC@7gtzD~P>>vE@&LRXIF?UP9%u;uQc<(=bZzV;Co1_`ZiQ0<=Ehd=FoLVa1LF z5uDw-_MkBAA+4_C%Xuoqs4rTWUsKZH=kyl4RDuJZjqq5#rTtAhyA zejwNzfn-a%#I}N9ZCzVfe76^X*}Asa)wu%&9EjcX3zl^$xF6!>c6b_?1>@7hUYY=r0=akP?5896vb_texxYB`0#g1!P9@KGwd8&XQrLRWQw|I* zCi^Z@sxCsG(Gp3l3i|I3x4UU%J-1n#=IRhY3V4?@H<{1Jb@xcTN~sH`BkY7#fjdeG zyN3(dPo$9y8@BiLQmt|#Ep4@^t=^QpRrGIhr?im}Gg0f z`JO>I^uahBHiXHRM@Nl$o1(nblvDMQrLhpF<6K z;yj!V@^<2x#H)G-`{m&LEL4gzpEB-Q#}5M^{)vESTk_{0an$fFfj74=muDFj8Z^HL`r;w6?j2ad zjtaewR;N^@a_R}#D$YO^hMwTfIPh$j5H~o-T2UWuKw=QEEdEUAr?9tJnT8n*rk@k9 za=m~$|61ahW2no*O71zHymmZs3|4he)@#Q_Z-sLJ4Kr7B+12~Tw%p2P3+q1TOKcy( zh!*-9%+oiAm07|rvIhzL&=?H`NYxSYi1B@}epEfrirINTJA%@+1CBs7jfJ4|#$^Kx z0vc>9W~jP8OV2{6z|!IG85Hr|Zu!-VJ`RPIEP3@(u<2mqQ%w|Ckt}ib(n8~~F73kR zH*9lJ+OQv5xA-hzhAZFdRI1l7*>@DL3Iv&|sq#B?>x*wzM=c)qXwWjj+ixQg^6{ z$ts;eTAA`ykM;SM<>2g4C!)+>sKV(j*Q+y`z`8L0GnJ z?lW*z7P@h!m%{#5>cJKbA`t_nF%JR4BN!|YN4rn;4Rj9lrP>COh_9`y{Y-mX@4!%h zTl-Mw=~Q?BK*y=hQ+0`r>&m9P+s>Ts zIE_|L4-A|+)!WlQfCPr%%FU-(=tJPjjpsP^?|@s@{a7emX$!_z4_oj@e22J03?yE4 zHaOwCK*KG>_4}N)whjEs`G~TV@Kk;FNX&X?&F7f@;@BYiXd_%T1^@S&S`-NQQG|mG z0oVpOFcR6mSks26C*oddU{1W+>$yufI#1vkQbUmD1@DFBryapnt z*T)J)IE8!Oln{6$`Sj|nb*toq)gXUWHs`!;P>j}Et3ptQvVJ8XGiVsy1|6pFhlX0? zBrV9-*?q?(HE+U&?i7yD!}b5fmfw@-UQNAr*7!6H7P7O52(8dBG+lY-Nl46CDW6Q7 zeAco!=Yx@={nKeka&TVvvxe27xE>fKzt-MC6W}cLwCsxzx;+EnD*H3L=y61eKCJET z>jQtkMh|9nu2(mA%;jkLlrcR$?PrJu$EjXppI~6TBB`o+OQrMzcQ`{@^&Z!$OVs_J)J5iF$Ixy`m7vOkjn(p3picmJa<#U*3QS%q5)~PJ?K7Acfic)6@};p1UIC; zpdsT5ClO}J`KB|-Z1U2JBfJA3oFYj9Kwt*Y-1t=fGaOx`>aME5QAj#dMa%XQsyP7HB`@*^sg9}%HkszAi!5nu5OJeVV@Fa%(q zK&BkyAXb^v9j7#=)SiSoij0YNX-4vCdx0H0q|)&8xc34adNVLqLGh33hd>8q|6awP z>=8vG4jq0-%eb38SCQWw`E(+SOTBP?uj$RkHvnIP&Jpe&q)wnCQ%RJ0bOE@}-D(#u z!(B4Kgi-fkU$OQ^OY1AG+xDj|0#vcE*O1l9g-;mIe7W zcE5;`5`>Pedpm0!2ybE!>*jGmsflwo2L**D&a>x2RXi(S$wLupFpcbIj!ai7vu979 zEF(g2CS6X>&*aO+^lY+NnmT!-d=e*$bf3ikV8Df2dS&5chSsU_NyjN4N=>;4uW@}% zuXRrDb0=$BhCjR>TEjVt(0uHlJbP~T*_RP;otWV9Q6P$J5#k*k&YhwOb`a-qNfbYi zIx8p7ot#DOk(CJ%g;4@J>cgI&PEbdLEUmGd*}8|m$x1Xk+7Wu!?v0zr5yU1KqNzw- zp+9CR;+20^7L2?f8m=0BV7!!n=7{pjRu~~i#h`(Q&axE6wLlwB`Pk`55t%>iRd{ez z9Wc8c^VQ)y_bCi8O)H>b{8LJ%66yQ0E?LS*>H1*Gpr#vjnc@aSqn(!uqjX^pP1Fa* zZWI&T8AUuYgVnM)iq0EcxvTzq01g#&Hj*)|mQAEYsWAdhVt6#6dvvjt92;FGh|!k;!aL!)|zMxSe- z(OmNcwnrRWBy(WMu|O(gFj)CHynqqW^5C& znS2(}X^xiW5d2lBYm>PWGNFV>KSt6I2`4bO${I{x*l(_l##o&Z*t_!$JHJrW#YXTl_0 zOTOLS+xT?y61^$u<)y%UP-CLRS$1@t<;c-4;_TvMA05YZXQt(m9NbqsCqjG2p}9R4 zXv}9fU;pH*+Yr`+ZQcqQ0ziJ&bun2#6!(YrIHH<+D?Ymu19cbh0@~1jccJZdHTe#x z9?a8MU#D-Nx_XuTqAyA5dK$}y9faJ0{C~HP^SqQ+@e+DtGg2smT`F34~K@C|lr@}_4_RywUQ)H+co zo;VUn?HjU}F#t$zq$7;9QZ?VXfvW3`dh@X2-Ayv$k+ejANOan*d?XZ1t^0RLFTa_a zRI)davs_Q(OAdg%7}PP-8YVW1v)rJUOlkoVz7OvTxy-c!)M-r%3kQQ7 zwy*gD`Tg_yg34>QI3Zy~JEyoO3+C?8UGJK7S9=0x5<6I^#-TMf$Hdok^|7qI$WoSJ zOmzvlq4+9~9QJdVSNe-&{|a(B`HgqvDl8>Dz#DFBOTF^3og(UxOm| z3I#hqn3og!%E?Qm9Nf*)c|98tf%p!=RR2{(+uK8HTYz25mZZBcv#leU@(6g7z%+`q zUtN{=bl|L<>&0Alyudu_P5|>z&dz7cpz5%f#1&-UlN9ToC)0bdE;z$cD6cUN{yi$< z!s`OrMXr1mX%}-@nN7ZME-3|Pnf=&><9o^@7%*hx2sIa4DZ{(L?dz|jcKAGyqwcy8 z*x(>TVm2H&L(?J%r*9I%H(@Q(4t*Qg_9IFWKT=agsQIW_iLJ)H?xaE(>8hBm#R|6O z_dB1<$q83W#p3G8Bz(QzVgkjOw5*#lNh(f<#IMcHBDY2eDIq-8422L#ig6^$AdRQo z>ci27kywRxLX9Fb%^odXfqi=QnmvML8)XgKjLLNpq_G%j!(VzMXppukad}A^BB!|r zW8FJ;*}*8hJsapUg>ml#q~2}do9cgwp2;C*9~zCZ@q&}b|Ds(x&xBPGIFlyoJ!j%(*Uf8!Hr*P|_txzWjnvUI zt1f}ai}%rY!kKsLS~hB1+i+Fll;QVB^7)Haze5*%1+X}K6=JCbslNH?tNwu8Y>8NV z-Xa}pmV{WBDDRpgR{h@~|2c$af<~`O)Iw-zf?VHv^YXGrJM<=G&h;mcM>x-WW}&C*06>ux=Tua@U~HCF#JN}34`|62-M)vwozRcnYPZ-S+nqwkH%9Jr+ytG?+y zfOM{OBUi3*Y`=d5XKP_^fX61%zujy9m-23h_(amWV-6f)oi%_7e>#Kk!FuRbsI+M;Yh_cakkHOry&QG{Q zAh~r`Z6n5-feaiXwYmzfTM5`L+Ks?82A5>Q3S@}F1Zk^koWT!#W4tbnQ@`UU&geGK zX@Tt|BLq~YZX5vti%H{n2vN|M{QPk9On1-}!=^iqq^4@30en@O@{Qz{bhLp=gFLCu zui#^^R`56HYd1U| zvo0fLl%NPkASN|p1}Sc}x~G+5qmW_eD8nP6(@0MN?=2Ja>cchzP{1Y3!LL!>S^XIn z`5I5HADNS!`d7?SCInZz zh0%($f3>9Kh51Emr@7nbQGQWo`~2g9`M+891u=U#DPgJ*o@fWhkkrSdDv*=KHGM(y zP7U10n%T{rFXXbt;_NSWCwIR%jZjY>P!;aygQHH)38t-e!>q9+>%XR=dc#nx&f%)J zYJyPLu%q}DEKM5V?Eu##F(uosIimsl&zDMx_vyft4=N))*PDH~K(p zmT5w(mIZGvp8-_+DLDtak-DjrgESk?T-s-=M^1$D@OWRYkfj@{nAF(%konnOl~JBYbZ4)gl4FVFsYz(AU!4J%0l9XJ&`D5g)?F@BoSXXR1n(e z;e6>Zz4)@R{!-C~aIDifP%$tjI6<{AR$OyfkdQabNT8W^bReXS8mW>ySJerg|63kb zwdd00CW-4V@{PMTm1^0zPO(qKtXE!~2CK$OAnE&&s1qstm^%qNCeqksip6U=J28j! z=*a4nq29_ZioE1`!%4%OcUUldxu2%f*D;BUECS(Czf=c6GIG3NUJ)}hpNU!Ho%NQ3 z`~tp!whz|~q=36rxNN}UX+QjTU+w;Yb}RVe{V{8Z^mzkEZKu&AiF1Z)u66>z;L*$+ zJYC_j2JKrr1zD_ODA>nJ;QBS*(3U(Dr_~StJqV3mRnxVyyry2m|GHds?QR*Nr8?&yCVczl#h{SYmY8t6E z)GtN^gA-2DR2f6ylJ36@8%IBI+^S~Zn9V_N$Q5MtaYDqby3?o+^yugX1su)$`MHjl zuo1m|K4$fCup9=jIk%XX49K8agv2v3SE&HX8#%y03<71E-xaBA1YKzARLp7*A*Y{7 zzP(dky{aJ;!OQ|fRuHyFajrT+p^chz!C7W1$e5UzD9*bB0l@L^ewb--thNoKm>fqX zeR>k<5m^P(ph-$7tpt6@6=vru33Mz^Ve27x=NJBKL@9e5CU76Fu$l2B>+K&M#bMuI zmQ1`a=an1!^+6eiOzYt&VC634keNn9IXY%HY8nAt0RS7h3f->H{{q z;^$)4dwi^ikq>R9rYy#(5EdcW+m@Hl7L%Kai^z*cVV?@b~ zT(&Z8U^D;`K;&a*o+B_3d>jpv0v&$$-k5ckH9IF%Ckk^j6QDfGTUx*T718gN*KWai{W)AXAgNf{zq>y}lH)MqTWpHK$I> z_c*;uOmJq<4Ae~0EK^F=P~n8m7;6NBO~gsNmtxlYB=cY1zHaB)0h$SfWitJzBttZu zf~x~gmN9_@h=IVtHWh#b!SOn+&u%}5!O-3tnzI5x)*q!35iKx)xP(Ghoc4qitb^EN z)pC#!r?8Z1=60+83&mRVAQ+2Tm)40P39d+_vsvJ=9Eqk4pk4Sh<1}h3G%8;6I$am- zLNsz|USm39mt)rZ*NNweT&Xfm@AO)ffD~8ngEl%6v(B%xQH_g7R< zP&4W#od@%PWgu$a)@`ua(@ALOV$2#|X9t`>p-A8r#=2c--mo;UCIuM*g=6c)!>qUt zFx8KVmWo74U1Vs(8<=bi$4W3BE3&=jVWuwRLOB2*|9+`7b3|*rOfh5p$^{Bi3(V6i zIe(EeTf-?~Cz*m6La90{rvgr3!*LoK2n0%G2v%7Day%ArD20XWNtocukfD6m!MmW( z)*WbsKb%nohQbA9=#rg?5CV|TAJRM%N>kH8pNf-{t_V`McAWs;I_BNQVYqk1qzlxF z&&pw6ZNz;hEs>RqV{C^*H-PeDL#QR*@&5=-0+bq-Kc%hin1%GS&Nnh>5V=b5;4&NU z_B;-nhW*Te1&*k0ufi2lY#h|$fY#TwaKVLu&1{pVzY~t7Z~<~Wgn4lca1uqANt!b_ zp@XIaY(|um3KUe_Zgx7(AbRprv z34p@5MU>4!M+9bBXV{Q6vRrWo&Z9CC=CB4xn4*~35!Gs^?%u$0jaUnPiX^%>6rebW zNnbT&%#0emX@~Usl3%MS(oQ9cwTEY^1`N&HCLm>@Rtyvx3mGh&VRX?QRHwoN#uW7IU*^B2L7t4~H>Y zDHijU+^m0^-w@N8GtseL!Eyte6|TZkSBFlK9Uj<@nAJ84P++Tsl!6mX9Wr#LB&T*_ zWWo7W5S3mlx)8ITca?09Q>0xSi3Px+2%yYPmveN9a%f?7%=rl;46*;6tb0I*EGDur zn3aZGtq$-P5KxLM`U@!+$)z2ur$Sad_#CxOFyM8&e-~g;tg5*vph@d03C{~@}a(NE=81zPL z>PjKkn8*W@X5nUm*14^^&a=yMQt?Twpp%wGi&$t1gm?I*czJYgY6^n_i(lE9Lx?3i z5yaH^m0`0FtBoW^24CW`E$JS@I03%#Po`tB*-lK4j8QnDLYprl6byL1cxg;|m`=cXi>kXLe?dnD zh0tQd4yrj#g`{M*nXA=1#^@wM3k-v35+6SaOLt{jY>F5)l1*^zfoe4eD@Z{!!bKzR zq?Yqg8JsT^GlMmfnncDlXU0rI$kQVih=S4H5gO&M*#(T6aj=J$n+-bn2z{NziEyh^ zIgspgVELt5B$e;cV(a1GvD0#M14|nYw&3}LJc)|?9%Ritkt&g%WZW7DLkzkQ*x~O) zxg2Z_K4M^OVIC`^VO&AVxmP3vjujZP0H>D?74hmyCI;-uG<}~r0ovQU=6h0@kzs|m z6YKc#(D0i2lIBJv{ZX{Ii(E(9j!tHmfw#f=Wvyz=QGKFDp`I`-u=1u-q3myg6OfO}iX%ga;D*QH=XSOTV_f+xw*|^) zE19#LlV@=h*;zPJQ5q^1EDNKP^azVE$fVVi$^!!|Ga6rq7Yb=H*h@_4@yA1GRvlIn zQ1OKL7nC9Cc|aYoPL82z$Np%Tm3tbe3JKzFXWVHbT9rp;56RhfD5<%Z%MC2@bnV3O zIL#PA27~lV#Zjuao4FFbX9$a3S?o$v1@If78MZ69&^5dR7Ni{-{zwbLvwXWAYTKnF ztIQiG?<@({3^m44nWYdy_46^S`rBsy!r)q3z`Vr#q`|@&dRJrOhP-g&Sh z`3ds{Ry7m;gJ-V%S}0bMiNx?Em?~_t@Te`#*(V5|#2dptg0zro9I+D@O`Vh$#Q5t1 z8|=M+?p<8wcaIY%(6y1+fa<3qGFelU`) zg>8+ig!BZJyG`yluP4+bNN9I)5Q2ah=UaylXq7Rl=ce`1XfBFiD&nz~p$Ov77faAWP%(`vE5qrTd z-0d)rAT-)HMYYGy>$=`tdXqaFOBb|Hb^9>374E>z^PclYVFSos)y23jMigO9?t)f& z`HuMnHxK-grn(e28@X$YV%^tQn(uPlJe1dkx_M1(iO2F9tmfq{^A2tvUN$g8S9c`7 zV+6m&Znbw={HZ%7HtAejw_Y7Ly~-k#y%S-Gjff*=Rfk0i;Njm{*loi54I-CklUHEh zf)J;ns)2AzHI_+T!A3U~M@n!k>-|j(Yt<2`R%6zy&)X2{q3T0(*DW2*1ky&$9m%^& zxmkKyLBzM`5gd?MKgo zsPfZ@4#oYUP|NiNYT7aDBYt@vt|QpY8ZM~q0rq|f^y0M%^NH-k!6y}JP7!uZ{0(_R z!Da%dYhuCkmdY=nCsBQX#iALpiiR{nTwzQY&%K7?LTe&G71Ke;o!~=qY+9byj#^B> z#$hK?wEDoFgk2yYcAi_8xX0HL@(BF+I`NXSOf!X^>4Vy$9F=?G-PbM@0YLAtwfgwIH>oN@Z(>zHwLl(j26r%r2PN24Cu`@Y_n z+`gjy8);yOMmAvV(q+P7G)rf?l9RP-EqyNlA1M83%=(a%BV-I=H>0!Z z!imHTPCqNNU{@-2mjCMsQ@5|nAn|R&or1VGPW81Rw2o=R*ePYZ1erjv zbCNFD#kn$e4sg;Fd+M8cjPgYWrT`U@nlD^>J~4dJm^#Cg1NgCphB>st!pxR|<0-43 z8;4o=LS&E;QTQ8~l~L~#$J{LpSV4jz@EjO7N>-_cyYl_wJ*{3CUS`NK1PCSAJbh$UXL+?e!%RtpqX zcRx_BWBvMiZ&(11%6iDxX|}GO<`LLeG(}H*|GP%W2m>tp+O8+743Uajh5|SNxpm{G zX=IeLcv$Ge0}h#>(8*u{GoIIC)+EQoIPeQEg^=gEnR6qEj7{gR_?S)5;t4KZ%pj|X z5dbTw#7Cgqg`eOc(i)tHNazv>)vn8V#7|H zpM)v$oj-Uy^aYUyCkuDpE0E;`u8iwVu2^q~S zoFS$pPy~R@Xuu-m5(e^`rP>`F1unSY!wTWcwxv5cMONAl*1t;S~S`|0ZKr+F*x$)y{_z1P8qv5}D;@j`0yJB~XNG znRN<;tg(r%Z-Dk4jcJon7%+=Xvqc_P!isA24vK(xSh$s8N1M@!iysDQ^>lQc9RcGX zkuarlZ+R4%CUcouf;z?w(m0$o?`+KL<_l;Pil}UEJBgT`AXLROg@1Urf%O!p3iSR# zROzF&>!{%z42f7>Ok3x2CH;R(OnrA>9u|}6(ONsrwBnqy9@iO_*St6^DoHZ45pRi^ zcnAk+Ly0G+m2I>S8V>d0hyl6_7B)&6?1t+f=B$$d{g=wOW);qDUV)=lmjX-2Cc_JM zU&f3r*;rV@ZU~3_@c0^8JhC_ymgp$rUcWt z0mkkp?{IS=Y(Yq`u9@Wp)TaR&GLwiqq>g;fV(cyIO3mng&a@3FP~g&@z+EK%(U0- zezCjH<9#hGkBk35jEGQ-e4#L2K2PSeO8yF@2CvcQ^Ti4FTp&fDaeHT~=dA0QI4X0k zJXRb>5|84HK&5$?i{=E8{rNoIS#UDEWwJU>#lT>n@Qt(D z*Bd@4ulBq;j{|rkn2kl9?bd-LJngWw>QOI+ER@m=7Id`>=%Fv=7qK~i0k%2K%N(Jz zL^bC%EO*u43-nManFkl1?tr2ap18=ePYnoK1GOX+wnJym>{N9*OwDHpXJ%oo!8Q#y z2UVkXG-F?cGSa`a(X^5EXY>ofTlZ&_LEQJ5`3N|OWDIoON(f447i8M-dbUPW8iY2$%^T^UftYv%ih>I<7<0qocOW3(9 zuoPN$ig9lb=5(Zq5CnkzG`G!n!sad~N~E&0^4-!c2FC zHT~D-#F&aLXMfh&JKNg2aQ}AU#?7l9uA-9niIjM!&#Lo4YV@x9Z<xh!TmyHi@5-6RLN8187Nd@vd(23 zF>q9JAUT_{l*_p9jx&yJFp@AkeD_6cvYFT1iko5T7AA?ocZo5d?A<(5MYM5sv$oah zzp96zO$mJ6M&QG+C=Y8*OeK2H#9I2MspO zVy6cJ>=b$eRK?^7VobRqJREdOy`nkmlE&|I;flCoCx^>}=A?vC_+ujU04syHZQR`2 zFx`Cux1wQ#TMS3fZmfvjp|_3aK!YP~qOe~5{U$rHj8hZD zVu9qXJY2Pm!!YP*>jY;>&Q7c*?lLMtBq)H>w$sokp|TbQf>CeSSqh=rCWdlkd~{4wtE%2KSCFJ+SSD@ba8*uLSGJH2o`PvR>kqC7jk#C` z6AX_?R{w_p9Edm1Io?q)N_M2^QG`Q~m~FSHXJwlxmpmdDu%(5#uh|HfrROd)(V!gk z40i*b;3@JQ&#+JhlX8>@eV|A^GnB5^um+$cs3aN1K{q@$hsA9R_JQeQR+B;%n3)a) zSSsE~exjLV&@mn{+6k8;FcYOwL~QY}QW=7%>9@gWcU~aaz_g3%TlEVOgTOtxRD1hb z=#i4#k4LwI=KA0yN1G4gFkG`w#GcX>Oaj9@BwKH^asqnRX-eG`Nps1R{0E4ENI{Rv zZQhH#(%eSVLe3T%en1N{ZZpynj{+~0=^OigFfdQCd293%3QY70wXRT@<1%V`)Vr{K z+dXGoV=0Ih@&hVNceK4tOp-`yXJXIrR>JyB!K-9eJn=p*<5>QLZP54MT|~ICY|c27 zGrx5;+(h@HX69Xe7CB)=c|X;8c9{7wc-p|QE>ZMDcfD(B?Z7XSZ!kkWjzBiEm5#hp z1spO;aUn*o|IGs4nn|ZeZtlH ziQp|Rrmw%lp)a^M53BEB{_2_7Q1$-AsNft@eg z2&Nz>(6}p9{87flvnWmctYj#6lC3H#JHTf z{66{dh;?OyX7SDqG=CR+9!0iW%C4gteEZo(ye`&-wY{1!N`s2z%Qc=n5VKnQFI^nF z(%U~adUa_0!UYG$z;}C)jAvl5Z~S@73OttN;2z(y+QTLO&F9M%CKlGprKcuTZSy$aY!fNb0KN$LP0OZ=& z@+7M6+TM-Etc$c$aLZL3(3q%(O8^p)nFJ__5-f3Cyd{$nWq~}*VEGfw$;fYWlWq8- zfD6rHA@bge25Ng;ix4T}UFsC5MTqxF=q^x0;76$7+drGdqLJ?^+QRb~wB(*tw{iJ5 zF~Wh^Rm9E%Y3g(Nm0W^mpf5LEWvkJ^>q3W719AK}!PCT6gV$HrQ> zLld`m56$KCVSK z`^|!w{jsr@z2gO_OrQy#&=%XaGroJ*&IjXdE%Ek4&Q15B`<*8b##cUz7p<-G+x%+L z*XCz@+$r9TC!cGHcYDRZQBwz8!U#o|kc_Bu6xB=&&S(z3G!@Z?)|?%K9< z|HroPj932*zaQnzxA{f&jh5C{{`#-He9r-QymdF<{WKP@{?oluUHs+({>P{2*3H*i z%+uH6H*ez0n_oe#M=#Z>d}6!T2+=_{%Mg7u|KD;aUO0J|D>FmGo=>t?tOLMi!phQ)8T#o`YVIlN)nJL_^&G$0%gZb;W4!z`F3aD> z+vR^`kw0$Pxd$_4hV$>%AGM&@80eqIT3dD!8Mi*i%in<3rRy?5@LBxke_>UBfy?3! zKNnX9cWz*`e`MwfumDWq0s7vJ|F@F{ zFtYJ+ogl68rK9@j@D5=`cz1Y*`|cZh2Xs2Ew<fpO`m)1MZn zQ2bF-I{v7ZK8#0BJGkXw{EXv3PP6!HyevC?c)*G;rihhW9|qiuN1etNkG48=vIv^_ zl=~FqwSN(m8egj5vdp{1%k1Lfv6%K6H~W{^*z(8jQ*2<&zACe5|022CB1kyCd|PPz z(OBzF6naKx-0cG%980FfrB?6ZZS(Lpr{prpb+O7N13U|4C0v_DNP&x&&E4$-g!ylA zSrX>=HN21+yR@CpZ~=w@4WDuL+!h?%d^CnTXTe!HDlBQ`piF?@+!kLs8echx|2Y6H z&l+r1zlU`|pYC7$3c*|=&X>>eE``gYpeD;AY@+%tzW4?&n2hnI3r>xTpChJk^Rwy? z`AqtRi56etw+jDP`ST;Z$cX$7?}*{$?NU9Kk)_YMcb{cv`NiVjktf_9;O}qqlkd0e z+>QCUn-6{<@3MG&J4?j3wH)3dObTPls+Pdl7JK;B7kT+>e6tL|_b;<=%b#WuOrqsa z6OqdwaY$(S)6T1MCfB6FMP}%b9JNe>D+-|9sL zpXO%?ewLTF7;T}2+kA2Rvm~tQ|0m4zwsfC#v46%H;az4(59*L6+#$tyCgMxqdyJ}U%;nJzlFOMK3n_~ zmILjq9BK^?$x6b!Im$V)f>GYT@<~3UptO7*A1{5SW#>*-!X}m|VlDljy!xNx^l|AZB+~~h{6EGTiSAv1<&7?0dUyd# z*#E|Jyl@7;f$r~r;{wVHZhnYguW#o?kjAE8KZcPwivK6@|7o;a{S+^sk?Ma6fsn91 z{*gT0jyY@61D08w zMEG2uN0G(P@xuAP_*GuUc)86Bsp2+&E}vlY5CoO0kpIcdUz8QqcAoFQ6?2}y@iBb# z1`+$l5-+Un4f4h1KXxiwIm%yO$7SUpFA4sv@Fi+nIcRR=@fSHB(&jQtEjz=ryiCS+ zn+vzL%yF&$J}x)E$IE{c<^#!ys}e9qoH)Yx;(tYfl|#G`j+JA$ERrl&Ql_JPbn8I} z4&jq4T`bVU%Q-%O{elkA>mR|R*V*{%-`|$7V%rl|eD{t-tR=pGXCfBg9p8UXq6I(V z5AI5AJA}WF9@>-Gt~YpQwZsp{ACKS1&+fx#7$Sal_yG$)S}{y`{@_k47QZk4;C4J| z#pC$l)*V*tP`q8P-7HTzgfDP|pA>d>N~?!hd|a!HkF(17_+AS%qe@=9{a!0ZMkFd9 zUc|?JKX9w+Tenk6ewkA8V^_kGF*`~)bEyANJO?ba0#va5gtdPL&tm&$wp&*G7|WdC z@AwJc4#@2QZ+qmnhqo`u?MqVeM`H2HZj^s8&O6lG!g_JB;#nz{Glp1aG%`}VC1#{{3k55vUR(Vm=&PPLe6O(Q= z{m@VyR@#q4n{`R&9k&|4lB>m*tHpUq83)qRBpSLh9uheav(w|m0uS?QS(F5}^FpQX4(g24P3x$9igCiVxpOXdR?lX8n)n2z9% zSW_TLIhA*G#^p<_bjkcS2|^~T^o-@FyrPXfcb4m&<&{V$9msrd3YV_**vR+Azf@Ev47n0umOQKK84;kk}KBk9S5ls0Z@=<70j>;W9Nx63z5qoE#f=l6||3yaPAuHvn9laUlsXR4Ak``w(K;F^jEwsD9QEZo_D(&Gm-l?hV>*Sd!VYxS4 zI%KDL76C+FU@8c(DS1#FnPgJOT8mHR4u0=8h@4)E5~z&OXq60 zwHM|&My4WV4W2fx)~JpXZKCC)ew;f-rjXuHr^=0=ViIGK06nq4EsRiOz)fj%z)HMy z4K`1G6A{u;r3%*F`Ey8;93*oM2kz)RP!#wxu?60k3XxPAg!f~ zvDE?<4dST?1?sk-#iHq7c>*`~6sVW}odI@&D*v+Y%c5iZE{(=U>Il-el-js1KT4KaL2s9734Z`#Z9j;6H zGz)5)_`s0D`7ELYmA!gIj4xs3KI-N$o~t>CMRe%_(dDU>r$9bNql%_Z7YH7We_Egw zGwbEg_@Aa_mAzaFuuPR^{)<^ft7mw~w8o0b1xH~`;a;cH%TGl5q~Rmg|C{e<>R-|S z-<<7mUf}aXK2+Z}Sg%}T^&M!_F-P&qVKSwa<7r%U9Yo1YC04noMOIm78s9aBSFSNjP@dtVUm``ZgqBzh zd$PkJzw#WSp2egiKhjbEyRA5ebgZ6|(f(37UZ&WxHp((p9(B0On2;qm&4)%#X1w#t z4*}G}RE}r#*wNd9S*1N|B6bNr(|7=XS6c#6s_4HCqd%Tuji zpms~j5y`EUb>x!vw>2xAKbvpGEHUOVsk)fsPTy_NX*J3)+!)l2C6(KY;qgWa%dOJ$ z^{oV~+R>`|q~# zM^gkN0kBHtwUjaBJ?(Q---*@M0A32ARw;^fMPk2DT8i(;?`rgv#_W8(yhqBI#LmUMz8a<*E(g*N>N$m8|kVv9t7k3 zRH~hnSf$ZZF6s|7;-aBfuEC)DK|vb z4nL(bL7msj;KwqqqyJZ&mCG=IS;vS({u4u%V&d?hBrZk>)-jd#Svx3g9r+ShRnPG1 zrTW+K!|fur(Nt(hN{M2k8!oLZfCfXXDH>B#%p+)WW~V}n;$HEFJ1nWAcPgMl#R8V5 zSSYr+46-Dbr9DI@vQfU$o>2`TMgUjAF*mROIVHuilI~ec6kt6cfQhy`IZ{VM6{JX| zTS+fa1&PZrlN*I-S3OBi?F=g^b-HJ~;9~s~X3<@xH1= z6e)0%9I!l+Z4;s_sD27FpK2FIU6C-LxLr zcrwWz9J(f%G%sHEz~tvl33do?ks_jIVlcVs*7IAIX`IS_H+gKFi`~}fN(TzG4fFGd z$+u8LVpWs&$8x7QxZvXXy0O-6Ras19O&VZYQYVnfqO#xA;`pR;3&GI~W|3$Sr7fs^ zTFtt&Md!+1JMV5Gb#;04o*kIjFkaKhCydsLMSPDiR%1}pu1toJ8n?>(WYRG6RoWs$ zuJNqwEF*|5G@I^Z^tg_cFaLOF0tlC)RFs?@V9}jm-3rw018F*vN6c6f1C7O+pNBSk z9m6lS7HT(sV*$BbzyKxrF&g}MamGgr|G zHs1_aXA+*2pJP%&f-65qW>K-{MoD){2~C-z&3Qx=BwlGPi3^tXd!>=VIP2Hs_n_76;PX>b(!f%>+Qjm{}Q{!jWk)hZsLG_87$qaJ~%H|hq@p+OQwCW_t`Z8+Y zNK+psrIp$0G{0TodjX|nbc+` zM(gV47qYYt&Uu7vf0Jr7^`E6%@vVHK>a&y~#sx#U5VCxfhFw03VkvjPl^#W{#>@uP zW>c$6M|Y&MQcZiTSui45CXvKg>Z_P2;0~8P2*p&1#)&GWH4w7BmGamzkd8CNXDgvLTr*Wt0u5H{@b=xeNm*~=GY2{xgH$k;(5U93LG&wP^lB9`kl*pQ`zfs5)&19ene_FYub`!^_7jiJxF zm)zE~=$X|LI{|8pBGz@Jqc8?1`SD75f;L=OmrYC828$`hMwRx5#rjEO!jwXNwM7S4 zozcm+#SS3ftS3P!2rRWps-M~<>Vy%i zG2rh^!TP`|q1R^;8g<&A)M~^|pqkY}bv+5K!UMw(t*&AQ5FUdx45f0D>N;FVDy}}I z0|v|kXVZXC7;gEQq^j$nq!E^vX{LrXf2q<9Wi)0j^tR~24k~PNZK^tLby~;MkunG} zt*g=}V6~T0*BUU$80xNo>KUWiz1l)L8*c%R$Gd7!wORh@tfY=ITGLGCvx~%XwAtrq zb5Ytg)XPy&r306LJ}E|afbJ#LhR(}E)(&9Cg0-w2uwJk>2dfeiv0-y)Gc}Mue{j=0Zv_>WYOIv9T&sm>{R4t0ldFmFcgrJB6BVZ0MTYazsSTI`m6j5Y>8ql&g z=J!FXwfSMvrM^^A)R*?Cu_1A(xtb!^LeXV4-AFaJs5Pd!RSm&T z!#o_G7W~~X*|J6g6rjLOforScQPJ!f15*0&`~7_Z$`WKFC*o7w>4G}&)-(YXLIE2g zDevGsFcp>k2B(*YXiA zC%eY6EY0+3k@*0#b7%m)zYeT{UH$t^7pMbF8brTSRf3c00}x4gs) ztay#T#iVhQ=fDKWEwWvAvCGu5I;eLZeZ%s!Le>{qc(Z^tru;O6L{i=&BIf0+@0+RH zjFsTm!%`GZACo0AHBF!RIOvG&#>aG_LIJ=tp!s$OS!(<0@-kY4Tw=P z)itA?dB1EQQt|Lz)bP_CR11jQ4{m|Goo�DO+$+(xYtNz&0EONa;GXv%cD2W=MgF zt-iX=Q8>S^(R8zp7os6YflHRpnn6!$3w2XlXrinw zCQZ9v>`UwmZlTGCNf7m~&j`9tc1q1&H=9nBv&xyury6vJnJd(rWYUE%qgj9x2%PXTX1buFxDnWfyP^9=*v58P zA0J!gVA?_!oA=u`-Ayxwf3?Z>Wx_I{*&Lfs;NWexO$nHq)D{;^*|33Voh%_XDa?Lo zrb?Y0Ylw~kGHapr<*`+=xrwIiZBgxfCbVt9*jO`X?-M~$I~K8Im)q0K8-?0X3LC7; z5|NkoZ@?pxQJc>`1`Ss*lh&t;WQ#+w$h|5<1FO4|$~pxi@LgsCOIy{hY)OKS(-Kpn z3=YQnvOy@X3$l(zty6c7@-SzlAxL*pS(=oeW43_E2+V35mho1dYfQZ{kv9fgY`d*ZKMWxwRrWq=d6fndDlS`QY^YbIjru!Gs?14wthpmBGGcZ# zXU$xy>tt%RTa0nCl__tJjCaG}vWMdx4k8}kX!?I-x1TM0p1{KRz7Jb7-27pRRvDgD zdz)@5%zS#M9)H=?^QsjRnDw;1D=q{7mTu|WD1ds%p+ z;L=ANAI$D!X{Jvg<|n1~{4Ber^%9w6$V{wO2Rs>o0yY-g~> znpW^*R#S5s9}@5-dMvW5x1kYWv3T!eIPHLzla`;SwWM{l8Y>t@Tt76%sn51pYPVa< zt=^2>){w2v{?)>{*p2Bed)akUpJPwz3_yKJt4}p3^C#5ds%A7B!`u)RP`ew*w6V64 zX#;{Y9+|>&Uk>j(l|vU$*Rlpq;*CAf6x9lhl2YwOX$(u6r}%4SJKZb|C9p7sWfN0y zLs~O{qOksQ?WBLGVRayh%0oAJxWy&afu$vk9(MkPGoMVAj5#+hQrnJB`5NFT5 z7swoM;wGRN&jc|VZMlz-cGAxql5+o|CVGL1OQK$uCF12859y5ObFRfwKi3kx&?l%1 zk*Pl?O*|ycq?$}@$6@_^l5mUDhCN-J^cmiu^!mNW)^E*5)J~( zO6OH5;5%QyAXm27TMGkhsnJrz;|Q`D!28G+8#!uk-j<-*u_Z#Q?ef|uW8 zc7`>Cb^n^d8rlW_GW=1b!NdPE0$Oc&*_JJ5sFOvD=X|`G^}QOQjrJ;2(d!)O0=ph< z*I^qQ34MX~O9*~FvLOz$Sy(Q0=(dW};#@NDsC0DTQS)iz`lS{kVz5C;k!ko|Ub2~h z1&J#m8mmaQ%t+NHa z4%Qk=qcf(tRG+en_8k@XVXdt{ynA3TtH=x|?Rm$FbZ7ro%MmZ0paeY$yAk&0jq!|uM?-swhhs$8kl-P@JFP^fySsb3ncPUuM}g)i{rB_kbx&tM z8%^ZB$jilB?(Bb1-Yv4cfX8DFiCn4Ms~%UOGu`yAyosy-ibPi{&SiLoA-~Bb^bC5z z04*(jisH#@Td8(Zxf~^CmI%Nh^57;(x3a^Xlcmd>bLHO)z%l{eVV|m09k_`Sp8; zp0QZ3Rp9bCJNLxCw>;T`l<9gkO-dO>mXGgT(k`Q7v7Si}-LAYn7@nSq(laS~Hb2Xr z?FlHSm?KcOcvFEF=vh3rgO&1COd&A^N?U5N3CMDvSz$IO zJ!Y9AanzOuTE5ojr1Xp?R+I9l%ttO?4`uf^7S&xPM5v=6VRiQJ@|TBX6UsN+Y-?}E zE`hgou1^aEl+-b*h;E8)ol%q#`HnjEuvvr-GWc>DPf3`%CVYZem0NPE2l|& zHDAmma&xa~iYt!tRkSpo&~f%QA1v%*f_62wv-vi~Tycdfwk{Z*h-c?3hoziXC zb}}ie-xRk(QH1vBgVv3GtTp4xp?hoCsRMg>5H7xjs|__;FnUAV&C|c@pYN%dQ)7QV zK2$fB$EP{cAq_er{cM!Ti|Oc|M_$p9v9a#>kUeinObDnhZ}e*4%y`Z6;}l!DJ1f@@ zl{>tsmm@(Nsf0za4D&bLJuQe!%0hdk{%#&=O@m%dQp3f)ft-3xd0H9N-Uoh|jDnY( zI?wjuyxM}U@UOG-2-8~x)LWM}d8i!@3?q6no&C?KWn|cpmI>vMjF1Joqxg!bQ^Qrl zOClPXGzMg7PB1BI*q33IXtchH9<+QiEK?JHc1Y+h-QLcwKwgBfDcH&*Qb)#lC~0Q} zgF_$QDotu@)}%HHs+^L|48btNB2!omZ z2~Qmp!d}#*M3YsnvNuon+VHyiUhj|(q+~s-*YYzF47Av#pWX$546rPevHd#^1+s3a zt*uRdgSq?K&ev#~ULu;sF8G?JV01GD-$=dc3+SL%Lwm|sbq=&s)`E3|^kfCqG_lg% zX_kp==Rju%h03`!qZaXm5SCwv+(Jt*OCId)|xMYWu>b<&G z+?@mCtjnoxwOZC{6_v6=28*S6?&LSxqlfHf7yUyXW1*k5v$}+&$|r%Oj5X8DnyF+B_2XS7Z$)e8TATAiDo>!Ddmk{^3|dT~-IqA2 zolm@-wLY6&sWHpK@~{aYjD(bG`CgrC7a1oW2Y!V|E>mvGmziCvU1dxkG#hoi-lsq` zJ)Hv+ItM0eR!!|zI)aP)UW=%1#qEi)R!m?YlKqZ^x-e- z(E4sj4NNj%t7Q&hK7~kqiR&vRmI4r0dos-7!c?C!naDVZAh3xUYd|sf-Pgw?m=3#WKezZQ0LjYDIfk!fARKr;9P%qzQ6SO%X}F-d*gxhE|9XI zX*6x_F6tb(Bs+yy+I1S8nZnBvQ+O>lThRO5KvQ)(OQ#t+EhtPuAPe=j_7uE#kVQI8 z*J+wgGg|`#?_YB}tA*J3vJvE5oo3r(|5i1(ONGse*o;PC-kF}_3JS}6(y;XEG%xZ^ zZ}9Q{vy!uyo-L&-#JD&wkZB)#h-1uLKJXPS1zPjnD%ylh!4(O>lChm1wDT_Gw;?o4 zyc?`&{A<2?UcOzi%r|l)XT4#oC~h_6A)R>|?vpVy3CK2#< zCTBMHh<&Q1&iXS0LXE6CkyTFFZ@f2nHvKsWwe#w&{wt zvN6dh+BXShb`AIJKN8CJBhIBgI@g!$%*wXTtL(hi&T~~Pw)${pkB`p2pf#g6>s+}X zPWEaT|6apyG5RK-J--7&B9@-9143lj^)Q9VeWE)QgdGRrq1O<0m4ULUK+mK}Otf&; zzJW%3)isz!^Rt=6uxAUzSK4aaLYQIKnKgQy7aM!!OwHLSuguGeWuZmr;h}6#w`aXp zky=!?Cu-20OB!_$S`dZADiGfyos@-67QU3#-JDtIGD(?aSuO&p47c-jIqS3q>=-&Y4MU;U=tplV^X);_x%q*(sWf=9JPYtujcWk^+}DDkVSf zsC&~zCL6`Zwnt?(ObB|?_GXEZi8jvtCIm{7XHhbb?c$X5@MWByV%~<2w#w0+wENGJ zb@QaXHP7bz(aGc<-A(38S>5?OJ4f~MQ{Ki8e%Am4bHAr#ehYC9Ow*Y!9pyC;gTKDq zf3qZ+BsONtCbi}nZ}?s!&!Awm0@PP^C?7m#Y!D`?J^N?{)1q1+LLR4^ zUG98tiK|LndMwRbj;VA{o-H=^T8(A2OjknkWLY1jXbGRMDeD82W&4PcJ<(lDS3aMV zDVC7Q_B)!n)iN7HPt)_pr*F!Wb!Vre^*yrk@wz`P$>&+nVxH;Tq}&H}k-oqPpwqcJ z_33ocNM%nc_#b(?L?tX=GC4oYXYnPEhjK0tw|q%Qo+&5|SGA{)v7LpzY;>Oc5U(iz z8{TKQW^+->p1#Ud zzCouOb-Gyr%eRWWb!@(kob)h0^#A#ifz|P~R#Ug4pUfNXNlNx@(T5CNZ`HSlFA@z? z%`qb9s~HcWTg)TT$)}W{O6v|st$0<9^;r9629_0hutL6%d&Sr;t_P^Xptkhp2+L=v z!!iUTw`8QU?=VHS4^E4w%CIyk-9o_>$1NlC)W^o8Lf1n9RPd@hI^Sy8IO<4Q4#p{5 zJdZysFXQyV)yQO}ZtoygGD{UzCg3F42S+Ot#Jzi@YQ(?7Ryj6gN)L{G1v*iB6lble zHiOf(ft>NWI#KrMb5o^9t(N7EZIBud6^>%qOMa>yBYG?&jj{{6kQ+R$(mpT6%7s)b z^U!G2B#NyR6st8i=~E*IBx(;E#-R7){4nc|V6g~?u85bfiDI+Mj5r2n7o-iE;nnv2 zUWKO^PJxHGD{}wwly!~HRy{!*qzTYg%xGqs2CcN zR7;#F%05YIUk>}n<#2C84ywtf0NVL5CZAn>3lA*ueq)WAL3IO6Nf&k5eQTB zWMEM;FwZ1siCL}yDdNDqAW|}eE(|PA1{NH`xLAw}Fe~Iqs?-T5R-208W4WrI2SQJG z0sTdR*Tyo*z!k{=x*`?@zCx!96~n;NWME<8RkC1<@#Zlr`kVw`S6J559kr#rTkW;H zwgC{jyjUXe%(`8s({7#Co{}GaNMwPPO+{?6xeKPGym}~sM!YdfeL1bHQ{^sEtJSCa zp@$lrr^1DS34JBs;pKP;cQa6QO=yp8GgV7yF=Q^30m4>b7vI?;MNp%j^FI%lf2|>QK-wR9bPqjFODcV}n9c*Z2;% z`OfUl#!<@Ib&cWhSj9w;`|s&s=CT!b-K&K?X+-r2)M(@ z%_28k#{VY)PZvs$7^1SYn5EY31!| zcWT1wL~&Crl14z>6M23I^=bhnkUW!^44E6S4>*&H5Q5J+H-$Id)qZVN{AC(Aq}%c> z__yoy2BtoxY7(*+K74 z708I1oD*%0+|sxc#{)WT>6Iq>oz<~HG#Un9z@XaUDhx*-D$_fcAiv7_)}`{c;wlC_ zsKLv)5au+QPqoFmc5@_xPlYh$zV0)foeF3wwS}zk>q2MQ)v1l0`>b>eE#LB4m5+te zOO#B%`}hgF&$9CXMx|E@Z^HrD56u-5#fZ`LkzPuB@T5rT@$zZ-uz2MfZDdBJmU5VPc2MIek(#A*nPRxi+{zp5Pdb!t=%E@0u1f}L%>8*8 ztHDWNlzBe<1J~(932{*e2Junp+59K!Si;IRs5U>)(O5}d)ur%R%xjW?RsS;PHHvxF z)O=?$u$mt$I5c^FoJ@wdGdN((_Za?yDIt2O5Uab?ZN1DWh1P#$zKvB&7BE?XddZhd znv8<^4nY?_2AFip+m&}hTTE94hZ>WgxJ%4n9@fX4jyZa zldpC#NGBmbQp0NhjgR2gYo7xBpTWw$IZ~!XwtvDrGwlbk#9k&Fc(BUeOPoqg-)JsF zx?Js{FQcaQKlU#?uap`MvvEbHm6DAKOWsICzbJNVJ@O3s2ts!t(LW=x;u5?+Cj<9&RxgrZ=q#X+npWUtE4MP5%x7g7px`KPov0WF z9zch`Yq97y=MO7#*&dw{5_moSdd#Hb$xXb^F1endm5 zWQn}?HZD!`E_6`zshAFN%S2;3@Sv>oypZ!awNQFD|BPNwKgJboP7hV4=?2vySLVUT zyj&Awy_@`1mKXhG1?+yDqk6(v^Qd`>!#e2Y^uF}{R(aB2R)y4NWdEy|bz)QE=Pif& zr^k%NtVU85sl}8R`5rc(0a6V@R<4Z$%K9?ekHc3t>3qeY6 zQi55mY&A=$HCx(WLAlv#y(BN4^5H@$RCOw|zDd<~-~OCB;C4^x3;IW!TuShYh&$cD~2xG+bciNp1GQToki5OQ+e?6)L}-Y58Q}acK)~hQG)f4Lp80k{@`I zpNE5i#O~qDh~dczOdbvFO9u9`C~0CQ3ey(OYRTr_4VZ(omtLRL&>kj0Nf4s8P#*;F z-Yem&lX@w=oP@^|`laUBM*A&CXtHWoFct;x6xqys5H$r-=ZSzU7tMC4IyZYBQ0j#LRowXt0fRYcsp3 z-`ZLJiM`9tP=zJGS(qxq*Ur*O#=kCuRCjVIDIj|);~1==3*8bV?vVM0p${if2P{k*g#+TQ6n1Urya!BeHmaaWk2(| zf#;?5%@j?^A~iFy4&!8z5MdvB7FX{u^?zxBNTz8jQPI5gxqN#<%0AtFu+Iq6dEav7=@po(e#h9A%=i@FGU!@H0ZAc|v z4^e`UT{&Puf{iPg(|oj{yd}}@2O9ga#vzSDJDpYaInPncjA(9VxJH1t}!`Q_St~emri+{K*udzQMryYLgs0Gw8C{HCX#6B~@)ptlGT6 z;1tNgDW+}&Z+u_M{sxTQPqX^Oxm0Xe61^EZmQASo=^LGjH!0C-H-E@v%T1)IiPiZ^ zn;%w>GgF%Ei>*EgF`roj%PL>6;x`}PHU@+>ShK-NtW#K);i)iQ8k`jF#6Z#61EjwW zW_}i5t&)qO&je_ppguL>vsCu+C?&*p3w}Oc2u96GeI|9xPq%!XO4+X=BLXSh5!4a4 zrN{kkEW|W!^f1oy4=IzL*QaPw zuReuD)oYuRuWw0{S&M6I7mqayw@-z7X~QSx1V>5HR7Ts{1+NKU0s@yF(}7Az=C2yx z@#LKz$a_gtwX7JCtJ!g9DlZ>MiTQqQQ1h6B)8zy3^(dS1!cRe(gERE2?$J<%pSWgV z+mh-WGlg{XbTN?9C{K;fv(2-}&Mc{%{%aa-zLu;|TFq0I9yixk4z?Ul=KmYY#$RO0 zGZM7jCmK2Mhjs>MaZ#$XB&gaQ6WQ!g!}Uc=YFkXz_$Y*ao2?~0&BLHXwJky2YFh|z zr|Q!hbIU-aM+Hma9c7kZS&iSOiFteK&k|*6TilOO!#CEl|Il^l(RJZbyecf)%yeF5 zXSocunrfc!+0@no3s@dE6V%oWk=Hd8gxz49F+8d_Q-Ip$5&2d#o*;Cieln$h3U)8) zA5O!^Aee>eAFiSD;M`2G6o4sTUKiXuC~qc8fQ>-NiSw0W^f)8_)LG*h_016GoC>(C&v4ZI=8f@b1fL;*4AO{k>MF9_@rID zCaLTUE>LL}Sk9h=tUYPu<02m?a`EY1Nfi)Xdble;T*)<#q;fx@b;tXu`PK+GFq7+* z$>3r>=7d~pnr9xoQm4gAVZS|JmJD9e{9Nw%;1v?j;8MeNzqFGQV3_3r=xe0}9-~PZ z8NfxR+JlRr3d{*M(4f(Si&UiY{4sJ=W#El5o?|^NLey*sM>GehZtMguG~b9~v7Bki zZAopOOonYwsm&{5%@Y7!-YmvoM#zT!4aVvW)ojYO(g%DyXEeCDW`DgN{@3Bditr1u14x?<1u8j?#UKvvlnUY2@0WBysJL1_ST~mhw$XbAc7$8Wl~` zwD|fsPg3BdK3rwDrc`I@m>CamW3>(kpn=^EUWm2&;!sJ2f{#(x_oO0XZox|+ayTecHdsRWtgxzCYN}z*eMiK;R`rN< z+LB{+4fPN^9`!lm8l+b?(>`c-^wxH_s$qpg&1=lg7s61=4WWRV>eFsBv}fTM@7*Oe z^Z;>4Lz^U8)99Xkx~8FuqNKW}A1*!3nP;V^RdWCh%q9^f)G5p=dufM^hq0s2!xU4G znMVg5U!2s}DEfIrIiPDNdr56kLO$(Juhvz(`aGu9)&KE!4)0SiTdZw1;m#sm^ve7& z-usx@ke5a(a9Ve-5Y@YgMBO>#ZD&2FJr{*z00*g5@0un@EGP#;G4W8-|5{!A@IsB> zra2pJVmf-JX=bkpOHp4HQ42+o>Zpev08jwFadnJl2E>{SqD`Ey<8LDJ7ZLe;h(WW6 z#B^?{YQ|W5x^c&uOi=9Jv(XyAJRLlF%-;|i3JPxGQkPbrYqOmw34I0YcHX9H7a((j zd>c6B!e4*Yt<9+2n$#{;qkGy0UbRbYbBJ7YK9=DB$nD^6lA_PpI#t%jCJn984esPG<0iEg zsL)jnb{q89RkHZ$L$H3!ya_0x=A7!;6PWD>2}`@!8D4->8S zGA7llh&I3y*u$K_Y$;DuE)r#JiS5X3CsB!lWnq3usRxtIj)6=eV~y2e$=I3{l)Buj zNkW2m)^}@^UVk_!`@@n}8UIzwpNZemQ+2lPzX1i*jvgLvNy?kUmYxk7X`pPj1TeVY z{&0a7H3Mm?KlmILOr5R~THK=#e=NCDJ-~GGI)R$6X2CjMLwYY%WTQ1 z?+-a-f(sW@Hbjx;OJvTIBnK}_ETmmTa=kCl3axaoL&X(mA}8T zkgU|7k=hQjvY=BIpPG6zsjM81RBYj8MX1h@f6!(pR8;Y!CLrf-v1ESY3%OcjDAj*`-nBFlTzbjUxxtQ3Gz9J3BBwgh&}^` zpVc5$&T^R~%H>!K{rGN@!q9c-5u-7C6t6>%7KBIfYE8-BL6SZgAs4fMUQ$|}lyGu2 z0oXr}Q%SGcG^Ga_>!N=VR~xl>*|PB#rZ^<4rJ+FaYNm8U(jNf@Wj8KC zM{Ax;%PJM-Kp0Z#1G)*#h_Aq@@H30(=z=IC({EEB1~rTL$w`4pQ%}sY@kw(H80x3R zw!$1PLlZL2M?htHFAF8M82!gy(L*&jf5S`!!bKdunbl=BrThwNGLo^U9jU(g)LN+d z{#i1|{Z}Ua3;7@%WxJC7^ULIy*6T>GF$R=CX9eq_AfY|_3a@LhVxv+DFvWT`{${m( zDn*R^o$4WaZ45@nO8>*`1JG6x?Gmw95VR0tZ=&($9rD&-19_(lGD$QFKm16`S7WuLfY}?E z!sgDFf>*Br1h%!PHo+@<@&x3S={yShaQ4i`PUp=k(mEqRkkIs+iv5-VCjKhBmES(!R3jZ@a7{Z&m zBXjG>Ayxx*Dl&4jT7|SoLHKSDBC@t`uJFDYa8xIAVQ}t{jW@?iCI9bit7SIM%x59RB29)TTC>v>tFdu}K3iYY5$}A7= zX7-WsojmgE`GScb3-g($a4$lmkl@!e{1i|<|w>9-J#Oo3ppE$*5=DIi||DJjB-ucyGn$06+* zUlCOv3wM6#!hat({n3?$4QIUlBb~e2PAwdN&y0V+_2f66R5<*s$9BG=bHN06>M>*6 zFS&g9Yj2wUUqAcN;cK3B{7duoq__O$Td!fH3JQpVx-rdPr|JvLRsE0Xn?oXWcw9Wnd_7v}2i)!aAD(6OVKFY8+ zalY87_jA75sMVam$We6P;OxV0g7Qzl7pWcb=@U@kmWHP}_m*!p^7n!8bc`E-`U*#z`wnN7sLlNVN@=<`=pxWFtC|`~lk(w8&w?ZlAHn$kcr*>t0T7vR<{zSmK-1Sgj=IC-80@ddJ2WmS< zoBKti9uCxa_dBTn<;b~g0UjOhXwE)Y-(H<^uQKcm&OWubMY+rdd#gSDK%f%$zH3u% zkh_U)J?C%Q)B8C4_MYKF68AxdGPB*@rkBN+A+=64dKB+T7bYduhBY zQtyWvaNZfwT!`no?lCxq?+-Z?IFHmjntx!rWaqoyv zm&T{p#;0F^^6`B;QoAGdw@8f{Moz7~uY@{{qs_gA^Lvb16{*ig>c&Xj1|@0a+{6tj zcPDpfU3~hZNbP`*FkGX88`0j#!FSP@aopwH(VR~+%6&2wsM!%) z5U4h{NIWKuE1|B@ox3GaZEj0=+UC9o<@J6?q#lXXlaYEhQm)vDxdm!02W=r>$GHFb zuT;?38DP?loO^xX``wz6Es;N1OX;q#l7%duwy`9jPGQKY=OT6Zimf+Ku8k!5tZ> zzq^y5^zZ%YAqkxgCb_h^^F>+i-xjF9yLW{UZSG1aU!r=Titgi3%4yN93E1D8Wd8*) zuXT4t>Zg%cq|AbO&e1&W4OuNY(ZSJ+4eY&rQ@@=&*VsC}=X}mL19}G`# zOAqC~8nB$Z2I>ZmHg|i(z6+(Andp8Bx}bckI10*_V|v8S3>caN^>&UfcNJ%^u@xxgIp;nDr4r@b*CMtB z%3GCRM(j_K`e&fp-0+cJra3oBlxgRypnP6l59M>(2jz9+;)wl6#6A$PiSFZ2k{`Vv zlychUz6!O8<7D@h-=*Acs5bW~XJ7KaLisduqda!98w(}AoI4WA>-}+1@;BPtX;AYx z+T7BJEsxl>ky;N~mvKh?mZ59o3ohxyt+)lG&H*5=NE@_y4CC|{TFfKuBZh!!d5{u9h=b_wd^ z965KR&Q{8=1uEz6gz|j%Md}w&3eo0%&)IA2eyGA&VG}ufTX$Tby4=Z7UQf?~@_Y*; z-@7ALiqz^rb-A0N6t>HK3(D8v51~}kUG5i9zvGzb{=wN>m0{z2IlA1{7dm^|<;H<2 zY@0hSKAj2WW8U~K=U&fUmwQ{_>vEUJrxmEr*wYOW+X|)ly4)`#_4`O2fJ%4iX*Xw2 z9SNnJB8`ZhAE}EX_0C8wiPV2a>S`#T?rJC>-I9B1cP3~5bZ&UsO}pFyDAmk4ZbWz59l>#qJ0VafxS3GmJIBqAPu~)$D+2Wfcg2rV zZaH^vaMyG8)RzO*<-Q5!^Kw6wm*h_a^;-9<`1C0#<+RN`3#E3Ha~J>81q)Z`Y4oe3 zpwxPDZbG2C+zC*=l&3=}wKn%=s4F5gIdm!bD!eu`EG*p@!cD+ocmdzPIte9 z+Q-r5az{4!4u|q#rvuve4UpA#q39X`Z*}yZ+$gTIrj}H-*<0@k~flbKY;Rm$}gcb>d3i$0pp|F zlN+gxhVs4rE1=|?O>`$ic`N^BDDR=XGg8YV^+_n7=dVCr+@i1>p%gafegx%nwHwO& zNRLHoZ=kx|U!hb-U9R|w1~oBK)1lP5bM9;??+LyMO6lI&aygX#<=h9MRBvtW<50ei zz8v@%bwGKo`$3@SQ=pV?oBIQlufe|tN^y?*sb;72PqR>E*Wr3Vj^*H!xB)pYAbe+^ z=P8a$12WuY-8e%&)Px*v$Ta~O4^NLFHwI)P$V5`?a9;=6#&Hq(JI;_j0l5t1L<@Bw zAn)aG;?6K6`I!%O8DsCWEYy(^In2#9WJW~Bx;GngQ4=!Xkjo>|<=$#Ye?+?7+YR|f zM8>;I4cQWrN$!1y{5&E@xepq0AR@=Q0Yk>@Y~=Yw_en!$MP!z{&5*u;T;yiE?;7%+ z$aAi{&ybHs`D`u-}6CnqT1l*QI(p+>0Rj zT`AY+7PvpT6c3N!PRJ&t^Q2r%gRD)+k` zaMLW*&Va0QSG%)~=Z5PVJSF$0)Q#kNZ{Trmt-FDknF;>6=h+1E`Ba&-x&qSY)`2)m zF+Ct#LB3$|ygncf?)c@Lq{K4WG{fkC@eaZdNkf{OrVd_inPbt;c zIRWW&>)kV!p9KL~=l+|IhpWEc8<5M=xAM1fCFg5FzRcm=*ImJo`*Io zivj5))bO-Y?_xrJDn}pfWTb^UgFDr`bKi1wLh$_eryI5WEjQVC{tcdYayYley*i!h z?QkCqNFT^q#$fVRZ_YMn{eyEZ9Huo-z`EZb< zIQrZ+x7gx2hdaeHE%jr!%tE~}AkO{NRg7nGK&GdD>iR9MY2(N(p=PFbxsMyNBJlLN zpS$Y}`FIoZne;lzAjbT2_t~`C#ScLwpPLA^*3x=1@XSr^cIz#k7XmUb^(*&PLyEs_ zl>Jxk7DEn?$ir>}6JE}3N6yOOChW*}EcKHE5A6y>bulL(b5ncW7DJAV<@%HRz9EZa z%ztwC8`2qh_POnbd@%4#O8wdGH01gwd0 z?Xj3ggQy0lrT*f6Z!(-7k>}m>hP*i-Yf^uA|FBS(2V`yPfXif5_Wp?c!?han-x1*} zONKlWkxc6FjA}6Tuut8&Olo{aH8?IH(^8pKuZ21@Aa|tlsbex~7fT~gYwASf`DEm2 zPo0)geZ7B;k9m{pNX<5$djike)EE$&w|gico7~vcn~dj$7;|?(Mm*Ax&&1R_jpyiy zydt&4@^co5>Y~pblUioTnp6GGrdM>HW@40%lx za-ZdJK|uOQ{eI)QvWe#blTWRQ=O-E2pD#vaMrxNK8zOQ_>X#PJJs{q)%}o8)G~tQJ zGc&cvQg^@cd7hF!BlTB9j%Y$&uy{@jh;wJ8UbOtYH6VQ;xvX^cs))QU)tQwhoN>R8 zd6RoxYK-x$iaf6m$PE#ho$AU;4>y5)pQF#cAvMvE->+&Q=ci7#czzXl=BCe2z1n#8 z2V@S&jI8Q3`)H%==ci^GayZC|9L}AeI^B@ICS;by^PUiDJMp~M(kg-Y{Jb%Bw((pO zk-4b_*)nw@i>;XZ+`p&ZWij6r;&JZc)JF{22I95l;#4`ij$G^k`3Hx1t}&$du_5FW zmewo~#e8M@;?#dxJa39T|B?EpBp06p@!InK)b|M0;qCxY>VxoXv$TE$qCEGxt5Q3R=g%S3uJnge4_jLK z-}-nqxpHb>)*+uR5QQ3a0|7a)3Hh_}oY#cxw;alf`qT$fe>LP%c)T=Lre4gZCUm$J z5&2ju-=cQ$nTTA&m*b>S8zSMTR{Mr3VjPK)fu zixK&J>N?};_+3L9x27IyDZq0)h`f}(%-2(o8qets#ND3yts#98`F83B5cUT|t{Vw%}oN~AUJ0|_P31m)A<@#9Q>2pt{7UtylegQ=K)aUl5uF9>0`U=R` zIGp=is&4W8PeA%WZZc#?M4n6SG~`!J$n&`r!G8~;{A_a1r;f-A`FljtX%O-={BfVd zKGyT5N zWodmqAkH10{z!fux%hq)QnFBw$54l-`we-q30Y~#xF;HE^`t*x$Vm~InEs5F;=F)t za>u0q+jtg7o>v8AML=$HC#G*Vo{vSIlhWTcWL*<-uOV9^a!PueA-@87lB3U^n*MQK zZKw73Dc8l(=T1vMWXSmunU#LRa(GcdHo4cP|CCp|SQ>fG1(6;uZ$h3m8TNyGp2N8} zq@T5z@8-^@{)Y7PRy#imq1I;pjZdVhzII3Cg7i2;o`}fX(^CxjOGFl>k1r@csV5ty zxIBFZyJtGwXb_*45b5D@0dej<>2nJz`x`;t$+0%`p7a|G`DjGmpYAI($|W8~i0K8! zb5rE`Ac)fXK8R22!|Asf^81J^Pru!An0qSadN}&riu5~T%pR$MD4w@Po&gZGxZ7^? zp*CTU-({iR9eF+uB8h!4AZs%pPcJrPAR^bLKVUI`8pK<_&!q>A=T?yKaIDRIF8wh> zj=a5r+?>8W=1@F+?#}cs%g>)es7-EL`sarH+k2hGv&lUGqEh@l@btN#fJla|3=~Im z2zkh)aY{sf7Lcd%g^}{`8kMc@GT&+Ee=ope+#ld?+-{H$e#-3-VXQd)`tE0 zeY&Mpy0Ho#Ups$fb6N^yJ;*&AeeRj`G(#SV$Y0VkT9wwmfH=25{aSeNE*RYUQ2Wzo zw>r`~97G!4=blZ!fj^(r;f@N(%>$=ki8L^n0dgE z++JUbh1nxByDW#jAd>T>?BvYDCc~2h(&t{0`K`(491w4fkIFpRD$9R)K>FNKnLilM z>d13!=7rW061#OeyWfbp&mEgdwMov`N1hWi#WwNW7LZc*#LOt;xi9jZlsTeJl79^z zsp1*To|Ku;mLm0^2cGTeS7)XevM(YtGOx6FI-hRj`IOA7ES@O=8O)xNd3Bp=@brL` zvZrOvwNUe7sM9lVG-Oc|GS|||({_}fr!uE!K+u+}1J5RRcIHy!`D{S?+_^$1#fwb; z`M&bJ%)2f1@4(}cxtRe&eie~7XFlGhuKv#;>Hk%~ydc9Lm_eT>b0?%P^EMD^%LxIw zKXWmNgJ)Jic4RNk+-Nb+2U)04?$XR{7W3uYeVAjDdv|89#q%-lK5snl1Cf003dp0` z_htURYI z)G(FeXb`opnb{JEQa?2y2eQ>nFQGczzk_&A&_QVqzw?6sNm4EbV2 zKACxwA@>C2tn77}w;1xXfQ)MSOlF}W&jjSc>}NBV8uI+NyqD7FZpbVdrrJ3!Ae-E} z%(7uOqT$jy@5!tOQ7NQ#LYNK9thBP{_jzQK+nBk{cqRm-&)o&0c+L!nbDJ`E81m*O zU#nCeL&{6d_VJN z3zcIcPo>!8evo;=LLDBEKDQl2bvh#;Ie_Nn3O=#Dlb=m3dsR_=NLA<|ucJ|bErL{WpoSQw@LVXFu_uX&I zo@dB+L3~LUWZz}+{4^kwvKM48H=ai$&n4M9Jd`5xyd%5Pc=CT~jJDpD{j?#yAR2K@ zN&iRovxb}o;#0podt-YFiM=HvS7g7|UZ%dzLGoPC=l_?z-O9cc9?kO2Vf&J#pPz4JUx;aGbiBziS}v+~l$Iak-wC4HNnO)GzLy^ltk_lP`^eYYX+XhN14vZM)lpCQX4vNu~Zr2T7+{QN2V(PEjh*Wr<_K9%`% zcC|_4O97dd8{P5~Lv9bq^xUkL+z3hR?tm<6c~{G8M<|}10byRE<&DPkyMWBf{YT52 z40$0Um$zIrLYgq*SzllDJ1vWhr#B!^WtIlyRUlgN*`EGD%X^IHoQQn5-~-O zrWGw8F`mx^s!7xqD)WJ$e-_=4olVFDL;lu;OzdWo9wx>Uun@gTM++i>H9By^j<}T>W5cAO>`q$^K%Uxo~X%ShI`wv6rM&$b3 zWri${$hzG7I_t#qk%)XX_hI9?E+V%Ema%&9vSVaCO zcY`5!MdW+AFBq~XB3pAe8uDC3evn&l$WYnu&wbTO`pN^19R4tO^Fcg6%6-j{(<9FV zxmyi+V?=i4?lk0*i2OXa$&jle@{8Pe47nj9yK{FNGE}Dz z+)hIVBF`UlzcS==5qUcIYeR02$iCcf4cQfuzvP}UWT-Co=bkiVsO-L?oAg)_4m4Xq2mvKVZmE?F`GiM6K!Y$fK9}g&Y?Vy+Q69e+m$a8c+_T1Lsd1XMB<7@fWeOy5PD~6f|(!%340U4J)5kzhI ze_}i*<_|OEt1;9``LTv0uKg9_*X*r-O93lOxYt0`l63T#$c*#dCfW@^6-(c}>VW56aJl`F9_b zpNsQL3>nh8x98tu$b~VUOY-kEq!y8P=HG9~EfHCizsisyoB84VM+~_)@+{An4H;_h zEAmxChU((#d>w7+a8JijAIT3G@?u1;&wtb;Hk{pN`nSn_KL0U`=Y)Xtxi1FfoQQlW ze~t0HH6mZmf5MQDMdTa#>kauvM828-oFPN?zA=A;ArD2KJM&*KWT=)m~kRU2RU z*XO>S|B@ly5&2I3D@hCbb7Dk(oWIR#@U(z@xn*bm9t$<3;lId#@1V4H=eJs@3t~JE z<$qwvyCd@3{7)>@P$~Y9-)-${MdbNo{+EV)EF%9KkWWYCF9G>xM4ksxD|jd(t^h&} z{xKry!o!B}H!*`WGKF6sl%H(jQA0*Yo|eMz3>hkWuJD8*Cq|xp;Yma0Mx;>qgCUnh zWNhKjhWuwl#ufG(vL+&3g})kdTSO)l{%Oe8h#Xxgj8wUP9g$ZRIt=++L|#)EH&W8* z$oP`p-154@MB_OkAbswv!laQSF&WbvNajt2V-1;m2(si5ty>a&bgTg_*|l?ugV2vkdu2L{=7F zXGlFF*A~vAa*ktN{EgpFxlVUF)SHaD6zXk8t%6!)l-BC6H0qa7Rijd@{(jP^DNtWB z>ffNg0oC{a(f0Q7U5@|%|8ZV4uVv9lLbP@D4x^?aT?tWAYAut5kS-XCsbqM~)+9yQ zWGM+nm>S|8LTY6wx@1yxElfff@9=#*pU3lfo-g!yf4;xl@AvB;clYyoTp#Dvah|Vp z@iCxfOjDJfQ+ieD1EnoWdzAt_(Y3jppwva_N~PPC%9Wl~s#2;^`cWy03-DyomUg02 zwh}#awOj90nyK`X(gvj{=kL@-<%W31Wb?~Vx=87Ir9!3YN>MKFs5@9`U(41^a|oV? ztl;rT1O3nCMy2)8xRFXFN)<}$lzvh=8Y|}YG}rO$Zfkpx5kxbD!rgot+Y!iz#6VCqp4Cyr5vTvN(t?N`;2Q)CR;PjJkaNG zScepc_nsv#DQPEYJGSP=YeBo1epaH7C0JKqsgcqNN^O)*Q|heLLn%k;N~PrmI2y znMQ$Vj4p|nf~bs3;!i8RB$ORr4%&{b+3{WKaN6J$?ac|GOOfB{CKE)pN;iE$gPDd4 zrJB1z!?@f>l@@?*V7Cl3is?9w1w%)r*w zpzQcUkR8ivA*0^NYH}8@afSAj;1(R|%z?37{W2=NX_sL3S1&QBAY}t|`+-P-~{& zLAgw=j>2;graqtwrrSWDGCc;OTs*S{WM}LzAY137@WmBNr-8oaxWP&jK>OLv0@*tM z8+3r(8jy$eVb5#=)o1z^bU4#bphiqdM;mhtQwxx-L08ZT>@EQ{XBwk!8p!VPi$J!1 zA1g(*s)hR((x#gveEy{!(~+RFK$)f~=sczqK|MjK<}}d7OmvJG1j>$I21lcnX|4m& z-ji-_2T}df&3&M2m}Y>6Gd-`gRJVQxva@76D39a52if`^(5*>$%bMa6=RLi7JsK%; z7rk|yD>uqHYRAdC z^<1T)AX}>_=O}GdE0@dP$D;@}$c^8HTrAzIL}O$f9j}Ny6Xopot;GCjEGKe)G}4x) zAwMF|Ob1CnD^VX<_kp@ELAFKpnp#RXEkSm_{O^6>TIrdnPhCwt6OCnm?f zOk?5bIgn>6l(vFqX`DSC9Bh`TK)sG~5zwO*ij>R&r^y&#YpiE4Lb^wb)87akP#)!I+(J zxp5jdOU=b)$J>JJ$Xo#W3UP_$=D_V`mk;`piTa?9X*wJo*A9N2vk+T<=eR16|32ls zOI<^JBg<|*9Tc^Q+JW;MT5gZUS7GZRoc0!wJpvbK+UQ7K0!K3^)jTNVnMx2Hy)*Hf zUw2gg2$aJ4eG0NI|5>STnscL+rYOCjPiIqoFT zMyAt1cJ%v$?2Nb>v=v+J>c=i7x+k$j*VNy!qibsG=(_G#xO78(Uk^_#)6Ep*QlDuC zh~{6Wc^-5)T&8&ybQ}n8T!Q|^^d2aKX&tB?Qw zfoSwo&8e-M@Jz+7~{6vv(NZfNW1jcaRNFvge9SlL=ab z{4&j1N@puwsFbZVNa;GI>y>U*8m|-=^2~jpjVR4CkAOCT{(iioYx&&xQ`lbeEOFv>I`Znf|#Rk!to}>v7nc9dDRnYn2^8RVX?} zq?VjA<@ct32lG*~H5iO$4!Yk|0&coE2!cE3_7XgIec zx;AsySDsmjt+dBy$3K=7?agPPn~eciXV_Rj$h*&{9xt{ANj!8!uFvqV$B)8%pbia^f`qsP>69_(iwY&$L@J&8Z-| zeo36W7s9>IHMmM?n9_|(`9e{P@K!mT?X^-6tyXyEO%UxLp4loCwLCkXe40&>n9B*` zFd`tkl5io&<}wmQYi?04iD@Tk+9yGFX1@vgh->hP(q5%ld$+ZPQYWQLl}0H|Qkn~* z*>teFWSV!dbpw~X0c87S8_2fk8<1U-rux~fR6k2pKTA}rPdOK=m334rOH?aMR4byW zE;;cZ#pT5Rqf{@;#^uBtDV?I!LFpW&UP?JimnmJNG)(D6r7=o(DcviCwO7#J=igIs zG+McF`hAL}SA-Jh>6>snIBuCxPW(L(^+8U2z0!82{X)5M|8#q7&y6=wItD~(quG>c zn!!>167PvmgWJR7;f^_|E8Ms2+_5+sh3t5q${2N_I z_)rklB|AP|$TO2c+qu1uf^503gW{a?CXiiCrnL;ZnoBo7z|oz5y7>(>0deUjrIWqG zEi};?yD8ix&V^RN=vp-0w1q2U*9|m-(_R94irp}f-5c)#&1XmSg2uhXZYG=^)wh*) zgD9{vZ$SrCKIsi&FnIP{&B3iew{YUE-*3r6!b+m3_ z9j#kfN9z{W(YnRod;BuwoPwNl<5vlJ=AXxxXneEdLlH+kly1g>Qjr#WsNTuBV|LPUnG&1c?jS!xdDOYU%OAJAQN;*8jjGFox({;AZcn{_$yV?nkj zyMpLU=b4LSt377hW7E}e_Fm&Ake$zTeQ*-@!M$*HU!|2Ddrq0FaVtP=5og!%vY6;h zXNjK3c4bE^cjqzfMhbhLKJ^?+i7grfN9E?m<3g#X1k@MK9@p%#^FcUU)982~9TVw@ zc^Oi8<{8A%6+mJc)I(Qt8Sh}LrD`Et1|5sj`RI5p;_U3CI(ud_;;6le`3=Kyas=mh zmD1-*KO=?R8lG#(Ge?4MM2f%9_FLf6&8gU00P;*XkR7+nK=$}N9#q0xqjivJa8ubu z^W||k>U*qwf*u7Oe2o6NvXj`h9Z35)(&om$RQg6JC;lCXX4n~q;^;2*3`232D9(~O z4=cyWnIOt9$#hj3tW==%h|;r4?=lJQuFn z*t#7p%8AcZdQHePpD6vVTU(rOXLe4!r_wOcQk3DD2S6*Bo|3H?U)}n>y0i=2{?QX; zufqmKgsVAwC3qVg^*D|+hr8MN6dcX_?D(4?s(q%Z0oj&Evu-;a9i?*OuFjr`YPAPj z?H-!i!_FbkoDHHL_sj^8-TJW7GNoFjhCN+e7p16`(UsOM*lJr;46-eX#^?#%`kqpB zjrjxIN8G1PFLV@*D&2L^zGdgeCrmUqzGU+1x%(cv2Kj{@U4tC{5v8DOkbg1J+0>?` zvuRg$bT-XpqO<9ECR*{gbBNaJZ3_zMn2GJKh^ab1gf5oltvoGl2uH_y!9JUD$@@jTgG7*+q*z{V+&icg4Ps& zcZw-`Kf?8fXPP2~-D_zrlHRpSJPXm8q&3p!#LtqroOrg<%}V)7ZNq0Ql8RSr3aPDm7Y+Vuk@1AJ3_hf)#^S` z`by~+q4tLQ^knoY7T0i=Y{x|BWO9i|26_jB`uxi^D z@xCA$-&8XMbT(Y#_|nw_z1ff(ACIj>ICDyhoOrp?e5FM~ct(J<=OMrLhSFN17WHID zEh6Wc4<$un+jgpRZ<<6`WZChgYEy_PPZ{+u)2+g}PgSP$8!4|HF9 zu&ufAE07EIOK$ucr4dRu3VCKUXfT%+y?J{VobCI^l%jWamuT8eAUZN+$A17_ja;(h zb+R=ZpCYz3$TST=w62$F8Yvy8)LbYho&lmdV{a7lOb-yfbBr%&gNAWUZwKAL{X%Pk zqnPMy`qyhDdyKG-RuL`HdDWi%=)5|f>-@NsmL0DYN;R~`I0;*G;w#1F#Mgqhqkiqp zE)c!vn-dRnT%DUKbrrfKewk99(13W6(sZR~gz%hBX`|9!knQI`)g3Vat36!%Q$RDA zx`L?xvf~$n=>8)+emTgdy-~LoD?O_8y3!h@T}r z8$osizgO}GI(HPvj(KaPGnCE+(bIzLc&^gTN)wc3DZQ-pzS1_OUxhNwVV4^b-OiPv4fY!6y z0;*x!2in3^Z?H=-Mf%>}5p3tJ4Y8G4gfAF??7hqRAiFoZt%+wzdNR5fX>;SZBF+;1 zH6Tm$9xV~(E}ZSFnX)xIzDV6VknQn3>i)SljBD>JTwT&Ywx$naEyLEYBixVNj%ce} z)kv%}t+W2lbsmfqL|B8D{IcU?#bw9u1KC?Om8z6JRr*0Gc9kp5ogwhvjUM@%$yU7S1hR9jhtky`+mnxDZuo0y z9xMQ*Ff9Q!X1Wn^X(0Q?ek&$AOIo7y>Z$DLJZK#~5hI5;J(2cI-b!cP&Yz8>e8L_qq}H(y>Ski_n< z;Lc##@&D&%i0I52ofo3>Wpsuer!9}p8qpaxI<`mW>4%WQwlX^JM@RYS3LrY$|NnKA zkFG|rN_>V}G5qgmaay0W=ksUKjvO9ew`!Ub|44cxC%#uH>1sPSa^lAeT@vpmG$1}u zC_8?GQe5dNrRa*sT@T^P99!*E+FcTdxAUcbIq{#w<-{9a<7&`W=^~{(r70j9nVk6Z zpzVCLi1y#;d>&l^MArvzNG{p&ZA#&_Zm(#o)L&`5(j2A5N*^liP&%L#U1c0U)Rl3t ztC39I+DmDOQjt=06pgM`qU()kG;W2`H%iIZxf*0Bby4c46kYK|*LtIM>jb44O0Oub z1lfINm%1N?@Hc+~cV+1hb0hfA(a(-I$5wj`>!1{kmTM8NXt8x5&+Gx9E13RyjJ4}} z*I=u>DF(`pN7rUIAg!%)G;@ly+;XABa~_?i=}JF0PJe@sC~@n1aCAqI8(*umPbl3a z4>x8UYLIS@0TnQvco5e?U9QHBQ1^hk+3G6QEmilWx}Vg!a*s4kN8lMaYH+024s;)p z>8@@d=mFlE2P$QXgUXr8bnATGxRpj50hS!t%ye5KcfJW~a- zZ^VBh6x9m9nudD?waShEtn`Nvo-O9tt+=)Y(Y}hmKrWP+OGmiZIhP(vmnhw&G*0Pm zAv_fXy^XY)=24Jccbo^JUrpobu*9JqAX|ggN;M#Q{)V^xL9};!X1`Ei4#?JY)9^-H zzjV_WM7gA!7D8wd=snZ`-_Qi{xS0z;tKpJNKXn5^whT&P>*7-27jqg%Y1eYv0ucRn zJ;_W0ZDjW_XcL!4x!Cuw{(CNSG?xXM%WINLPP__4b;*f;sPu)>H%dP#1vl9gN#-!6 zV?g#-R&79E*!qF?Fm(X!W9ki}F-kYIT1)dP-F({^>k<6ik6K=bxFj-^lWYLiSc%AjAyCh0G26Ww&Fi^p~G*HPS4 zaCXdT+~{}^&6mW{e-3ena*CIg-T_fh;;$%zC~cDY9CS3teFdW4O)~pI^c$EYbI8qZ zj9j^iTaUxm7M!*Ps0~wlP0u{O})(VGKFCN|2^@gN)54sZR^_cA{@VyYTg8m;ItorZ0|-h z;$yh&Tv`rSCvIT1n9tROsvT^sZ!XJh;_S1ED0- z2xPA#nuBO{AAd#R82e6T;@s_ot<<(8(*v}fDVo{3HKE*G#Es=ya+T6hAM0O_9 zTWbfOiIqtEKBss^iPElTN3+w?+t^ye?nBTPrcXh3>kpvq?COuj+c8XyLHn5gTm9@6 zz^@$V-V8ptYmWSE+uWY_zqO5e!|o~Vkk*px7rW=#{CZ%k9rNBwxu8F|R@Z@I>uC?T z9b|Kv3bH-EP`9oG+4C>0%r@W@v@&byV{AQ|-EL4*P^S3-L~o1Wd*kD54Ls9KsiRUq zrQt%UrVwO*y*x#?&Js#8)RVSFu20j=TiDtf<>G4)pp%)_fZ8#A0-`rB(#}!N@lAP^Z zf2)^D!@D0!^c@lF=nEy5=nEy5=nEy5qFSQsby3-2kF{&LlHdjdlDQfbor%YBP5<{A6motyBdslM zoKlJA{4mJo_XLRk`nVmV|K7IyIp>32$^745wJg-SyalqeX*I~Umqy0c%B{qBx)Ot5 zW1;V9Ug14jq?pQe{#|(%v3Sg zz`TW+&{T*SEhfp-h`9@9C1PSGCEeiPN;3)OBbY3v+}GLCiXspJ0wO6`aqsZrfof=SF5Ro2WN%!s35b4g3lCE1!sI zY?g9NsW}$LY#=kBIR#Z2D*X_cqs>4uRC)?b6Ej2%l}<6on4w}^D~>h!Y^Irx$oUAw z9BblYhQKs|InGRGQ=;S5)RftLVy=cw&76P4%>PHsqJPBDSBzXMPC!{rO_dmGMJt%& zO$JtpD27^b3d{*6ON?tpGt-kz)Q8PXKO2+mYS_#SV6)QDeL)uTX=dh1KGcVuVDJSD zF;x0FFwITVmQm?FVOp3hF|PEMW=JcFnPy7RV;3W)rO6lbG|c5NtxU0)l`z9$TAMO4 zyJ7NS{$(n}B$ePU6sCEr z*TKwZ)1)=kxk$(KWRu3GBz7xe79i$ilO^U}n3vde7c&#)-!K_wpqPa)OW5SGiE=*0 z#Mw-bEl12U#GGR0uqlacgn5_EQZYMVRtey>XgZC1$I{v^QJD{3J2$&3-ZUCmNHq5x>JVu{O3{Enw=iX)30(#GG#0 ziRmFRrVy=g2#3r9jG=I)C1vW-!!kMPn#>DPHs$-GrOfy%^BQVX_ zEMgOlatE`-8dHIoR*30fs{RqP%9_}6#GK4AwPM!5v}1EX%odn4V9qj4Pqe-9JxnJy z8P;f>JDMyuC9!(9aou`n0087hX_l?&6!6pNvDUCySAP1LT=W|qXXy$|pG zBBryc6w?=GIGZXlH^b1}=wfQbOoO4B(8biUDdPUQ38}go`YKc6KG@YXu_pGi1ry)dPBm@+ma#EgY`9OgVTQOvzCbJ>)$iDq4QGsha9W6vR`JAY3J zSIsdRi-l~~NX#S1=M|Xq%|0>nVBThfLlFMiaep7?0+S|&#(e{ucGl=@>0vrZ%*)7! z`ml%TEoK=E^|irdOmM%AxzNlK(-ekcE;N;5PKTkgdYLLQ zm%>n4y-bam+hO*=Tx4p+%!b*^28T^<>2jE#V0xQ0F`Hq2W7EzWo@3@?&-5{yt0|1|G?{Gc)5oM>6^(k8_LL;#bFs+~L!)yjo6gRlH&S8x8v4Q!rJ~U} zj!m8z+ACYb^fQyi(CD;dGmA}8tP@J_1e0xQ#AL&q&t?ysX-$U1^n>Yd+TnQ(%F=fA zHyx~rxiRf;dW&&m+TRQja})BRw&$39F_U0uEON|5F;7d(07G9MqISJ0F#}Acm<=!k zP@hXom6)Gk2C=CTH-9cQZNxO5Vvj8YO=mHu!O*c~ zAb&rIYIrdWwd*o7RAO#|p>|zn#))}AVg{MXViriuATvkIhZ1wSStRBgiMiZVi-|p8 z%NlGpi)jNxWeqm_#PpPyD@>SaTRKW&t}so+xc%ZvlOe|K7gw5Y*6@738ohdz+0Q0A zK3`=HSQ9IkvaT`>PouJmVsoXet4vEVl`wRC9%4F(Sq(#dIK=c8^R>iWZH9;m9<(u6 zn|v`%VW^+4F%!jP!BE?;F|)+rK9xqhRQY@p@A%rn$u2V9Ld0O3V#rzL;(> zbib2ls>Sq$p?=OYJFPL7!%RSZ^31*jGa2Sa{ssl2{=Ojr%B* za)ve2VQAb(nKUuaOU!7KCFb7}GureNvmA!b1-F>NVm86hasC!FO3e2XbE_#9lRVAF z+-l0jq{GZY4fD-nFVT#jA?SFZPx^e8DrXrc}!x) znx0}_k(jY&pfx&w#+f1iFeBI$#a1KLGpOM>Gg-_RFbmmKvWaHYII~!cn^EJ;2AfLD zy4`F}Ff?0kH??d^V*8LY-GgB1s)KFUuP_ud-ZW$r9RcnzO{~!)z#S$-j5`9{VY-R& zAHv_DLY)iDWHBi)Z?T!hCOXStxq|<#tk)PZRfxIMRB}wT7u;U_6Z zC8iDXq4^v)8^oLmL&uG{*~(_6xd4XRj&Iev*T!w^HIKVcT1&8cE^=R1bYDr-zSV(ws*e~!($JxmGA zQ>Nd!)^vxN0yEd_6f;oFJTsuXjTr`0hM1>Klk>?;Gk3wvfO*C&7Bdy*NtpSj;sP7< zB+PR#&zVJRqP^*Pv(uW`>xijD%=4z!8nXiC4K}znz`r6k%U~)@mYB~Gvl?ch86u_* z<`b9~&CZ^bs?bo(7ceiGaTk)AX6ikRH3yhiOo5nIFb7~>HN|4ihY4!%My8p}#?Crg zJ6&wb*w{VAnni5vTuni$#b!<~D$AOqU|u%^E+SJByAC~+?vnh<-26Hl-5fU>2 zhUVcrW|YLtfT2C*9aA7NFTk9JRLe}U#4Le1lg(6#`9NZpn{qZqu^Ne4ZstnNE|@Mz zRb?t9=6jg)*esTq-(h;etT0O@CN>@S1#GBQSj%m2B+R8SE6pm7iH@r)P47Mwv)gNp z80xW=^uPGGvfimMS8yt8mLJj$hW^6&N;8;KRdFghV!vx9vWezTwV9e=u1BhBQ&y@~D`Tz|>&*x@MX_;+xfl7YH>1Q%gPFpn zz@{>;6&p<0m&z(K&mo3JaD(Z_X1VX$wZSZrm?emzG2Lj|^rKYMOf^gya{k!NWn<^h zY?vCeIGb~h?Lf@4Fq_PNG2e;#%(UxIF(t7-U|vDYX464TqerkevFXlc`JpGlEQ8r% zdW$(1rkc$tHbt>PFdxBuZpN{h5W5X#Bb#zD_o zicMAW7cf-T7iNQ)A7Hk!*~+FkR<9iIXuxbWd&C?C^DUc{9BO-2ax0kqFxyNcG3UYj z#wLwTiMbkv&Q{yad@;jdyif6sEmJdq`_PPmsSmT$>=9D}(~wPFf@uP?%S^r`O4S19 zOGCdd##nGZC$gzaFsH%nF;jDG41IUA6U1agm}?QU&&+32X3mA7 zGtoZN?lQ_J+AF^| zI}EkmcxhL&@s4=Z_Lv9Brd~@J>M`G&B{3agUWEy~rq|e1y4Gh&16hhHt-&^ z$Dd|i+D(*dx;YW18&Wm%=-v3lEBrKXa)P1bbDCG4VCd>J-J8oMx;ky4Wu1+j>0H@L zjXT3eraxl(q4daH2}4(LYU<^|(794ggS%mJ|B`At%;3M6xiECpYUNdO4WsLpR^DPZ zyOZBQ%r%^9shE{8beG-As}i#YhK|^+ylOFDz~phNHDdO_jA2tF=6jesVOo1zt?_;n z)5hB)<`0+&h&jot6;pq{nOS<5z_+Z z3BIinoS0q=>D|5*MUvctL?pR zHlO4nNVT3*b+^XLgP}fb@AVXO8w}OCz1N#fV$SqS1FK&%@2TI=wbB0$erU-^&&h#dWnFK?tD`$D-VrT@vModR< zju_YToxJ&CsOM=+J9!misOR^=boMI6xKZxvEfPaLUx%2py`^lToZEWcqk%~-zuY;JKVlMIW#C!+S95DmEssux+27C0zJhkEv#GC?i zl{ZmL%H!5t?JX741cp*w>+KQKO3W~?>8&=OESNJ8GtwI%rUy(nm^^Qyn9E@gkv6u-kwDOTO<_PpycKt7E-}Z0t4v5afKj*MUuyc?o6Z!HoCleR5oD@xDVj-{H--CbkqY zbRAycRkA6JeF8%<1>RDL*$YF*-aEZ&i3#W6eKzELr&l8}$HLHE(p}zGi8%>|?vn2E z_DM`f7`g+x+p80E0nA;<=WZ{&&EQ{2tUt^In7B8044LWX3Yh!YG#P769?UeDd%WTV z^C-*&Z{RqJiLM6k^G2{KGIt}@(}=mxE4ZCvqARpX-c&ZW59$8&es2$(=zeF4x6c~A zmzm-X9#8p1cP>-Bv^zLwL-%oX_5OgD&&KBb0!n|-o5g0Oxo-~s-Y3jdoj;Gjya6*! z&1{&ZFb_G?U>*#OSE)1gUYAs*UPVG#H0#Q|rEKh*7%PxZnODOmI+B!m`)n$+7WsU{ zF|`E-|BBdbf|>4R+-c25#O#21#2b=eYGKN~S!|;D{HV9Yn%Fj^qB=k7Rf#zOLv!p= zZ;hCvpRh4Ay&5s6!BEUhZ>N|(Fmx84<<*M09EOg@v%ESnBPE~5F!89)C9!10>3D!Ia(+8%~t7S9I%!9cM<|S_t z&PjAt`3B6@FpIna_gb?V=4O~zz0GWT9=02F$y*e>XVWz^o;l=PA zm#%U*Ut@Jg`xGIrD~Q_%wNnJ z7#f{-G-ewN&AQ0^ATi4{#-D3rB69@H`6zw4#+(Y%?=Pm8#8hd_aEXabG0b43TH#{q zJpe=da%3J>Gnm_M_qgjg)kHSClU>_adQ-)?wy*SNiE(Xz*PAQGwf$YMQjBYRwYOM| zYkRdgY;h|NmR_1J1JO^oX?{M?HFt!(fvQjJ5-ky#IO*I&#RFmyM8 zSF~-adUOvv0Wp!GyGSx0c`dmtdtRpTTH|G~*`4glTH|Gjab@9i5mFyl)>^Nd%_p`O zrI#Y-wO&6lf5OaQ^Y{AT=N2}fdagd}ydj(_S_xe5jbO7f=E_>{z{oKH6~uBDqjdV2szzu23Ip(Dv=ZvdNZ z-Ul!=?pwUUY^pqWf4apRV)N0X`W7#rO;HSw1xz){+Ts<6sSmT7%|tPcVAjKY?oAcb z2If;Xv&3|ke7^AL`6ABUv0jqT7aqM~fLR(F2t&`Lwt9=j+yp~wAX~jEHifZb7&;zq z(@~!K4>J#j>J!Dh{Ery7FK_cUaL&Ah?zad zUg>@9ZJzemRNr_z*+i+n@$w#`nBAUBRqMv99$n?qd)?ov3FqTp4>jEDH7cc4b}WvE z+2_$yK$N~$uJ$+RI*uK->rx5_ZEwB>*4#ohGmpbRm`nX|Kz2Kack5+ zdEMAdGZ!G|bCC1T-hMW==dXbI)r&n$`9ycMzj+zBlBTPIE0F3s#Qf%Ev5Ags|M9xB zsWNV@@;}}IF>XEcfVbok%BRY>wbS3dnsRI0dgdQqID9>dfxce zZ19c;YDg=XYVA zWMlW`O)%;Hs=uXb?r&fd&4lKD7S1<``(O)yGMlImTl#dCN}N$G{l#o->0hF(mVOq_ z9CS`O9d)L2K^wobmMevxMk_L%X|NK8`sZ{tYhjK>Ok{q5 zNlP^KQc*(dznJ4-PJubYExG*Iq!M9r*!sbiJ1jMGqbZlpG{HBU59t^E5*3$ z@GkxmF?20KWp(wd#L%?_mDSZ>BjzXMd_MZ{Y`;cKP+{*=&h~eTp=$}sr<-3ZhOQ+j zpKgAgm{g>qm~(u*kU+f=YX(Cx=lCgNPJy9o^>h8EY@##cx&8obb7vyz!*l&1Y)WG8 zs-U|+f=!WL6?FIWCFX4Wmr6h1FOZmi_%D@yzCV$TJ;zbb7sv=MKm2NJ=?Bx(uaH#k zI-#e(h)r~z(9>VaCaUv=e##5nQr?>==L`KN*2Hc`EL{m-oL&L*05{rqAvZr1hlCyQ~juAg5n z#?88He~uV8>$3d{Hc@^0`;}~pVhg1e{r$yaR!A%Q`&DAxy=RWUN{qYr%<*fi(RK~+ zce07f%Juh1s?VgXTz{XKJyKS#e?ZJn5_72^F5uCL`Pf3eda2*g8ZB#}-;zyK)*!zP zn`o2=>HdB=@}cpHOf$)Okl*`nIbZJ2O)ytrbguAI7E*n-CAXD)uJRj+86){z<)^VJ ziP1b9hEzlRHf-!XyqQfFnO4}}XtQ+BnV%&@x;irgkGirq2giUlD8|kNsamTTd zeugz#!|VN_35IHz=U1>PiG3?Ay~$rB<`-${P5x3b9>#=5@MgbSOk)_D8#ntK#GDL6 zd+sQIvzQJrwC9fU_ppgZaJ0Wqj2pqx{sA`jY);37Tl}mSc^+~rsLuKRWHwQ+j`7RH zxLzIO&k^H#b*w*EjO*30euWsuyYBRxh;gmB%TE*IT5*@3!KNtY)}!wB zv&6XdsJs1cY@$6k?svB_T<6YoSvDlx8q9`IM$RJsp7;BOG)_Q41Itzz6h_@KW>jN1nv z^!JN#``}dnfEc$APW5ApqP>agJk4*(CaU2>eufxV!-xESY)bU1=^=lh%_rvO{6qdw ziE;P%rGB2oxZ`T6KTcxY%q;Wc660oOnLk-#+_l8Rei@tSTH;}Uj*a1-e+sRb?$=1F zff$|VU>@xY#v<^Fz&q4mR8+29pT{3|gNk?KvD8GcJPD?Ku+ zU}pNUS1HDt&tYc!0}{+PFmwE^Z0udqZ!k~!b=JflMm}_nJMF!6_v;eONSG>r&r;6EEJVy` zm=*r!ccPpNVBYmpma)-Zt@ay

rm!Hdp&C*%axDbhV$srZ7fl$RgxZ?RT)L%&#z$ zVBYid#2kS$Nh!?x{vt7_!aND{p(^it1ZoY>36XpwloR~V8 zdRTiV1JL+3*p!2@c(67##7-(jfjfB3cU(M;H#?4HZ~;qMdUo*ez* z*NJh*xVGwL!W6PQbQ!i+`it1xcIZRTJ#U?sa z$AZpm3iV7K3wpBIoqQ(h^8`{Q2mK_bJIpg|2HO}f8-~Wcen2H*|7tJ@W&zBhYDU4l zmT2mgz^s5t2}W@~QU9a_aVg!6PJ^IWj2oQ>!DKORbQ%QZVqEEm1#`r>(hmzN*lhFY z3W7>MJlJ4kbW9HqwyvgD;B6MH4bv04hC$XxWJ=9Cr1}7W5)&=Y^sdQ=h&b^jLYY^piYeI`KAG0^8ZUdO@oGPqI{YL8^pL&$LpB7BS~c3 z@h39Zqt5i)Dl+cK78$ov5t(sFMf=4GTGkX8+IJ%JBn&;lY^E``r!bBRwb=g=TD2EVU0Cz z{z~HK{qk($krz4DaIYy zP7L}^bF>eh8f@51rqJ|6yN*X$ zZG*}!)?5qI5~f|S^m8)yD)(fV%wWJ5WJ+RgX0{K8ilOg{oQ|0GK^~jJ7=KrU%{Ym< z3pt+)lNC%B<7PruP{yW+zl}iOImrrUNj~&#gr1ygzQoXb1$|*o4=TmbRoo?Pmar)? z52CEWFlPiQTe;3`hQV|QmL{07Fr9+@ZBfibn65#EnEA+O8qC?jPBzh7dFKTC*-S9i zh?$9)bArL!DW3^u8_YbI^Ma{6$Q1Jx?3*w>f|fhUL~rh07<6D``c6Eh4s)1G^2FjY*En)zZX)hrdWPEC!NJ!O^~ zvz1MB)VegNvnKWwV(1Gzmj?Jj6OYcnVdx7ymj)?fK7gskY#A6d60;NL2R7Zs{4Oz< z1--=__qvU_EEp)}EEvjXP%uPHw!{ny^2CgU`4usj2l--3VCcMac@Sq)6m!3=7#x&Y zW1d0`U4aY^cCwjf-hrVb|KOmOjorV@4yMEC-<1pt zdW&)IEDZ|=h;eTg4GTtzaqkfg3nq(k?-30Ps>Hb8rwk8Pv5DR+8Xjz5vpl%qAw1JW zyM_mCzM=jpGP$TT9qUE}S!|-Wk4EUR#XZ-HjC-yZnW4ysjz}Xl)i@YBYDLB!wXW9~ zchriEJICFiF_R^q$hiB#JdK$pF_Bp)^|?`F-jbNexL&m)t2sYc2KbL&+gHd9#unt6hm>(2~nFK@q zd|OZ~X0ycH7EEQcJK6Q&n4nyY>%%d@TuF5*){`iou|b8HA{Z)bY_M2Njl_%#mWnwM zYfcn1E?6aIJPfTH-yUob^F9o%HQgR;6?5#{wyg2N9x+$LP(I^>{bJ_B&^7iQK}s$4 z^S0z)VCY@7JAw{kE?8>wDG0iWnW3hqm|ZZGb3rhGO>xZ4%sYd@V%*HUGZ-Pp&CI)k zQDWT8yelXW<7VC6L9rM&>+TMwigB|p9+Zo5vo0RY7321%!k|Ko+nWl5#cT>=neW(^ z-V>}6b1n?E>z<&NO|&9Z|Qj4BGkZw>xMXY-PvQG%gw#gqh{+3faQs(XXj zUP@JBu0%d`OqdibVN+;E!<>hlCk30?L^}HhyF7lZd#KjcC ze88qsOeqYVE1wP)i>ZL2cdefes@Uw-yQF7=ydSB~(OuH~VB&r{0{3dCF|F_pn&G5Hcx8O&l+6f1(E^@JCLxndrHp=**CgGw>aOUz5bVli(^%u7KP z8{5xxU+{9UfsMUpqi@bE3brQ1>_97C4Tk(oy&AW=gK9Rrlil6cJHZ+;?r!UyppK0#{acj& zP7wRW&W#_QvSYC4D#7T^{EaD#JKuY2NT(p=+WlAV5%5* zw0SR>#U?u1ydTUJII?1P{x!O#eP7_4Cv)n`pmBgWNdO|X+q)b_PO zt(Y6oKeRWk4Z=Dai>N+pgA_5YK5K&}V%%EXx*$!ATZ>y4WU#TL{3mL-J}6Ewv7LD0 z6HH|j)ww1p7vt(&6U-Ik#`M#mLW~>JPlLs5qIPWxma>Uju_>q)<65yP*dXR^wEYOw z=d)lZn`kC{7SxJyGvTwKj!j|gA?dNr!2vdQk86T_HV5Uu@_gp;Y6i0<=tS7g6V>oT|tKfl*-0*huIwrV6*(ti~ntZC9x+MEQVGX=$(o^ z!3diw=B|;x3Py=>*GOLl1!Cr-U369Xbxf7qC_)s&055{CAI?}7?8rDinD0M2L0pPb4RORDdK zIyTcd<|@Q|AG9+bf~J|-h@m%Qe+cG_c?o7XVtx!JdlX}T5l?5L{lQi?rTojyQHc2| z80u3@sac6s<6wRc_OP+Phb@7r3zh^FV@)Z{uR)V~*3g^hkHP#W*q>mYhxt7ikVG-l z%x>iT3e2BD$|0PJ=PF%!ny?X@X!Xg2gT=VjCld}8<5r(cm?vf*a;6m_FDw?5veKDZ zVlvb$5_6H7Rbp;Yvr|l|nge1MsA&|VR+PrpsmT!Yo0{%oj(OMBXRw$v)#QuGRWn&k zfttBu9#OMI%&TfPh3x2+hYrlpvB)N~dzTg?D5Z>Y%=^Rb#@F~6&s zC8jZ+n%X(GNX(gPR*4y+W~Z1EH3!7ZRnzED+lpmsGQ@0C(_M`Bfh&Emn4{F>i#bWn zWHINenJea2HA}=yQ?o(L(`stPyrCvcv31_1rm2|U)MSY{a+RxdZ!xE+87iiingTH+ z)s%@TRZ}76MKx7oHmcby<{LHp#l-N8)Q(_E1KWx;H7&)oSJPQcA2kEST(2fi%oH`n zV&54SOWVb;Qg zVdsX{TmiEa=8$lXn9(rbz{J8TF}K6~36mUd7Bc}RwhPb1!-lCgpBXTzFb%>oHl^lC zF^7lMVk%);ASN|zcqFC5IR)kvm?OiCqpYcg=?c?0OlxdS>?52jVVZ>bM_ZE)b0y5N zVY!$NVvY-!i0KV86fsT1&0MSu{IUOJPVT%R*9h)GN*?7#1y0SN|<(G?Qu5MlVVN_+Z=Dr zQkd5flNF8=^PZT~!&PE7z|gx!XM|ZN*i>J_yn|F7!hH$m1DK9sMKc>i--_7?(>WZN zX3ZZ+^#x4Vuv@w{hpfR9d6;v;J!0r7`HwK?hI!3x44DHk=Y>OBThkb+4%v<0O@#Zz zw1hbVrbjsRUs24lFc*el8*92E=46gK*v`i2%F-=ijTrY1!>!@g)1%U7p@#Wk=QASn63p1J`4Q5=p*qYd#sNpi0 z@!?W2_rcJ5%lNRGO<`;n46V0}4{Ic5Aq=hm+!1b-n73i*s{4*`pTv9w^C5CB2i)2sn6WVR5i>dL$)?augER7})7*?~f&%0Z}JQS`GvjVA3W>dpvw|)Wap>PkIZOI!EL-$_~g|!kx-)Ey= z**p|>Kbu-w63gD`%vLeisM*iPehbc~I?#=KEOr}WGP(4I=aAW*Oy3rx_x&CUhlrtX zi=By>(y+=J{>~ejhr_IMIh9A>d82pL9tr1&p)Y`uDGy`k*%taE-*c?~lz2YsAp^$ND1Gtgu6O%6XeN6{!ZnJQkL*+3iv36!Unv zNDO^{Y&guEaD$|BUw)etZe~-$Usa-~w{yZ;F?7#Jb9GMG=zJ6OcCSOd*_Bt#JKg|d10Cux86H1%n;+& zd!G)o#JKg|r^9Yy!jJ9zc_!>BrU?wKem@fq5R)M>^TWYnawKMcI6};L7+(DjH;Z`) zhK?l9hC8h>&%)e=-gq`NeYmCOB^dgm=JVm;1XF^Tig2-*HxTmx%z|(~n`wsL8haRK zVVH6;^_Ro6zBc9$GKg6eR>kC!x}O9VwQ$m#T3GPja2W1wPGHC z`5tCjSSMyCOdZVfFqUomXFkjyFjZkgF|WXcU*V1Vu!)#uVpfJ}Vm^X76fy6HZNzLA zQysPw^A*eyhAs)F$2Y{4P*W7m|h376#MeJuq7M2=bnL7>%(zuqUQx0 z!{UUPZix9LEK4wbU^a#G6U-o(En%A+Dyt|)zonwp!fjzYG4xw1S}oibc4jjnMsLAg zk5t>k?raKUx1ffj*z{vlYKmaS!t4k~*?i1Q82Zxe&ai?_m3{?cSGeaADn0tn!0s?3 z*BbXVi7&&Ums;b#Jg_IMV>8YCAF}R0uCKBG1NezP=UnHU>q7`(XoL`AA=3y$2(ceF zLI|M|VsVF3O9-VcA!LRjw=gsAY_XOQLMHB^k!i#o#FJaVo>S?lBTXHiUp^){phG7`Um<=>E(AV0@XolP;7)_Shbf8rC))8c%N zcajk^8ehk<3xv)ozr+tIX|N82&_Fwk00R}v!?eS@f$eiOq4~lpnt?$=Tpu#;$jG$PdCO3B~{{P2ptbM z#wT*j{SZ3Vjm4+4JPe_^+_Cs97PC_NpYc;UAG1>WpYeGti;#-maN86=i)9&vo@8x` zFVy)2tMF}(?@-bmM{8Eo@n>`V)C;K2T6)kMo8u>37|Mr`@%UyXRTjNTx*GD|cu_zx zRTix}{uSh}_&z1!`OAt7DrpphNVN_zR%DoEB#==S`XxafGsZ$sX0=!sQCW@Rk06y` z+4>6;lfbflAW1B{1(M7{zeuQaPGxcKFp|!a8l=k9VjT_{QLQLu$zq9%w8g~yhM27) zLrNN~(>Z4ANYcgBim-p;Bls`=x+51LW;0T4Db^483LuCnM2vtqTgbK$cMI7O;%^}n zAln2|!ewp0g-}^L1abqHwc{2-W$nC$P+7ZdAyn3cKq|PbRRMw;|gvvU63!$Kl2ZeD^MB-%|B>(hN5%r_Q{zxS2T4I$r$z>q ztaD9Sr$t6tOj)Nzut+S%>N?kyby_5W#guhgB$>sOby_4{NrUkJt=~30EmEXo;>?&o zEm9UE)Q7o|S{5_r&xo|d2=!rJq%B6M56_Nt#0d4_j7Xo78jJEd5HdS5$T4Ow$d8Q1 z2$g<*#41!RjWc_}g^|P$Cy3k*2rLtQ0cct zMp?|BQW=TARQCo6m0lG|j1ek*UL++(sPx)MrjiIMA~_sm_MQ78vtoowua6Y5 zn0@E|NO_D<>GLCXF+!y`MOtEnN`ElYuB67Ie5mwCBArSatz?WtI)=AK;xAK2W9vYc z$0LbK!o6T&B#FiB1q&k+Sj=9qFp|t-_JW0x6c)1=ER3XT3C8@wNLq|g+ny}gmr z7@@M>kCd^P(feVfJVvOjk0KQ@LS=mtsg4mUYjvcS#f;T2B6TrBW&Jx+&tk^vmy!7~ zLS=m&X^s&pYi*<@MyRZzNUIV(GU=LRII>tt_}%UH2=&Hqk?AaE^lpq4#t4-)7Aa>jqjyuJHb$td@km>Y zP+5OP`eTI3inFaNbbZX|jo1k>LS@-@DvKGt!p?{hD$BEH#R!!p?TQ$ovbMF`Sj_0% z!S09=Dl5_MXECF9CwnkPsH`MA{z_eEilMT0wbNpR%G%wY#bQS9M7t1KG>1gr9UqRI54XFN)QEF24(TrGD7#llrMMJAd%;om8jdM}(0kOA?NOF;2wgQz zwvjFVx}$eN=$q@wcKp>;R+VT8Vv<;14f085c?&}CV^6lzl*|+FLukeIqwVP|-$Q7n zwWIBPC6(fL2(3hSv|X%ZzSw$=UN0`ou251fc7@O{T4vd`oa$f*y``LGH!Eon$8)MF zb{ofB&Z(x@ol2T4nm;@aJvPP8xrW+RW8I1vs!z6Et)$y(gq)6;Y&)?;^}O{EgnHvR z?w^&;Q;@R}bDZ6!V&++|L1_KM<2j})vK%rSF(;T_jl2iBa0^)jDT16B#E@JMIXRFY zA?1)$?Br{yKI`I4KBw7jEGD1R?ZoSJjLGLrdpe8B=PY}^k}B)J$hitRPqW9AR9ZWH zsqb^A+hy0Q{t4cRCQ&#oPsChAnQ;F=j@3 zrd`Bx6qkOEoqQw3=RF;zv^DJbRoz5}?@-k$0&|^iA*CFQyax3Ib$a#T0 z3h9C52STYngq$D9>yXuu3j*nddk{sv)E*u=7}c zg8ZOlmXft`n;}%^i|kUCQ@_%6zSwSOc>+RpzQh)DsejhSjX|i+g?0+dv0v*tUuqY! z+zz2SUuHKe3Fme$w_BBj?@(QC53`tes4llhS2VjwrGd%BVh#;-^4T zS#};YG1)9f1Tu?dW*{Xj*920_a&I85N}9wIkYCWQB6~5*a>zy{?MlM_xx(&cG5vF; zJ;q}C=PEn*W;HT{F<)#?R}wyFEVlDm%yY(KyNJbn=R3zP))G8toMY$xgK`evV87b# zD&MlKYwTVndh7g!R$ODJ+@ewit9)N;r?HsQueCFk)QHc~cJU+bckFB>mEvc}HcE0i zm8s$NcAl1?hS%HEZ`-nlrM9RfskF9Ui?b*4xxvn6*$%Qlq%7Dk4#yexNXX4bqWdF; z&P2Bcax8?-M4`;!nA?JwD>){V+c>5oh-v1S3VV&JPq=PsrJZ_voa*OCTlL)X?RJrp zaIdVgOO)t-rai98uF$E1ey+A_Sxi4y+w)mWAI`IzwFG@Q&z?}FOE*uGYwS@ax~x;s zKX=&K)hZ?^>rOj|#guiYUBF_>y2~z9(hxk$zRNDwF+u5f*{SokEd6e~y@sUHdU36O znp0GgIVi~0Ja-k!x`>RfLZDybB2qAa?WXs}Cl zOi;rHdseN=IaqPxemm(dk_PKzq?&`$8|`IEDy8mZ1T>N$QlWTBnBfFzt3eZnqMqPOWMh?%o00ENtZ<_HYYo>$o;EM_n0wnw!D(+Syuyvfj13SWH>(*%eQ1 z+0tISR*NV^=})i5Q#`v_i&X-lCqBLQFw0F4dS~E$d+O6FAM19=spy{%?Tp1*>LK*B z{UdvT|g79n-<`iCw_b3!yg+`t25$0hUkgekGOG51eYXUHI<@zBY{vVki zBXkD&%AYa(STEw3yi_Sz}+M_IyA$=zL(jI3qPximEczu58ZBn?&x$gB|K@5%OP#%HMStgWMA@s!XH@jcu ztnZFLK+YTNq!+2IweClVp^>oBPG(8`PUpPQPGz|YLOE}=(^)zo>RF_nrDUCJzUv>e zrz#1*>mRf8IF(s>;7@y&lIma_{%IGmm{$C07qOUD{Ari6n6_`S%UR49VVmq~CE-{6 zo9sFz;TQUw?0O~P@o}W?386mR zY;R!6h0w^{Y~v@K(9e~kfMdpO!BWaG<94EwaMboP|~&`UUd09seq&3eTRFQ>4YBH$%n{V>!!| zggqATjA>Cl=KX{xkB+sB@~IJ#@AYVjcM@1kAI3XLET#|RofH$psUl9A7HblOj?WRN zNJ-c~wzG!C^pE2dyhf$34f@A%s##3`IL@$=uzwsU>vh$3wHDJ(XocfU)e_vp3a6N3 z=*=1G4dHYs34232<645=kWT!+wyckI(pgM>q%&Vh*e>aevY2*7omm}Q)-dW6XbEb# zjZ@1priR-%14_agZtrY}5gM7>JMs<6xkjAGJ->sK%rXr^d-o1bHp@j28sUjf4$Jir z$|up8&N6}X+0n^YQYq$fsvVs|mU}tXj!ub^ua1D2JGLor+aj{)W)+FDEG5ISP-<)kPH zTd|jeZ1L9}$wJJj$aycPP{o8>aBrtvi&$B!x5eI0HA^3aw#D8~JqxXlOWP~OX=ZsG zLNO`MA|+wz`#8N?fu%&s*8s;jEi8{gu0UDGI;Fi76Xuic zEYc!gLk#_bQnu5^vKm6app@+_WBCn2*FVQOok}W&yIx=a9Ov|M%$^X6Io|2#n4>x7 zcxO;ac%(hSS@b^DXKkE0vYp_xd_WTJ-6uHleOk=kJ=Muk(qNr~oT*(?ojjH+AlE@o zbe3odj&&zHYdD5}afbHylbvxTVQ-w~qI<8A>WeJ)}%YHpe^xIT8Jn z>*TP!0ij-N|G58FH7BMJ$mYaGmg3oOOoNrleBr0--yFGn{1{ zV~&t#I-N?wK0MP|gL8UpAD-!qVsDM@!!w;(IC{ihE$2BcN^~DKp+0%eGA%)mo#hO2 zjOnqn91Hb~9X~T1p(LC&n&FhNn9)1aY5#wz&T)E`=sk{(E$296Iz}8sy)l3pX$L<% zM`eklA#~L=%c0+UB{>DsiaO7B5?N+Ko>G#`atX(r>!h;G;h1xs43@bZbDopMQq3{v zIXNs19FyN6W6pO+SbpM| z3!P?`KRKqrX=Sm0)NLI=tJ7;ZrqD@cso-O8gUoU2l!WJkYn_%Dp|)S^^eWNgkm_@t)6YWVkYcWL23cqv zQq1+vFbj=Cin-pQ--n{{OyiJZN}X{Q8iy29>WHs(42?rN+T7qIu+TW9qsLzLiyb2Y+#|W`Vo3#t~1U;V|9%ZF{sO;u}b-rISDK@RwDduJ;lZD1A#oX-BD(lpC8mkoZ4=0y}#wx}9!=Y8yDMpT1)-Y;V z?kr}Z=P5rcNy42z#nAJV-;`9dm}BNGPMs1x4*x{VEe@?|jB7SQ?J1Q&uZNWR8P9@nK$i zbC1)hMKmF18^qk>^sqb+NmSC$Vy?{Zb=I($EAxAuVU{kW+6}4hb4FR-homSOSF+AE z^Ahz={P(IAuDLg_cO;9sqpx=oSS94~W&Sft&qY}e zIt3~w?D-a_REyY%m1!%|2UOO z;q)uPnodYXN2E8MHA*T)6NHXPZ#u(DR{GCy%v($<2a_v$x_lJ@*(sk&MK!iMh-+v zyPeh;QD3z<%d}WUoT|qeiIGW2^^TK0My+VFu13t!koTNomf{=rcR=quOSGu7`BcPw z;B>OkQIw?5=~WUQML%{1Sj^S?C(fXfMr$t0Is>Ub;XP%ga~tFwNPi%8kn@#H|5MlS zA;_hWPo4D5TAqPi1NqFU9VcnDNN$3B?kxJRmKBiOAzwJCHS3L&Uq_g*;MCsaVF=8Sj1v-_C$h1G5W~1 zEy|LjR!L1TtCk?@l~f9I?oJRbO2YMfw-cR8*12ZY*6l7i&1i ztj)W<7*^8lnzea%5F?z*tj)WF*ubgYMoTB4&N~Q8sFnu5FrFxcl5l0kVdVn}uu6O`yJ zcp6IILzE~9pOqwwG9}@&l4McMF{Ymt65_T7i49iK0bG z*v}KiA|+uzPZUd7%o@lOMTe5G=O>CzC1KA`6unwhKhHqBCW?U=xe&6qnC@@c&-;jc z7SqrBh$5C5YxTaouP9-;5<+L{eMPwzRn`^Ac|XyjWS#rOV_5G3cZ&yzMVu-FJx|;8 z0MWy;Kj(aa=wmsSb3Q<)Xj&^A3<^s%f!>2wUw5(6wBLMSFn46%F-p?77c zh!K{bAZ@766fveGtn)FVZCh1mYcpbAM9eV)yCnX)BGKQpWCyZ8CeNb0`;a%!xtFH5_xI$V{Lb>SIDTNp&_!D5ai=ZYQ{S_PJlQRj(1 z7WWT*lsHeUVL1$9;a)6XBqXY>BTf!vD$4~B>al#0%TflRI_Ha7O0dc$$DA+bvn=A6 z^TmW6Dd$SD6hgDs7l>RX;ofwC$X8Njy^k1r4ts%UXITrOCs`MYPL|CO4|Tp!wC+SX zH(1+k)GIF)h*2e#)qtA}>acL#pdUv6kSde!VDV zF-P_5MFopFs+Wpd7IRcD74x;I{>eekH;67J;i@=uML&yq!+)+AVlnr6WnzPpm0OuR zyD}jsP`g%cW$x_C!~`XcRxf%Z4`tmXrnAsmwzDBOixQTvAvA|}i&)HJR#CfE^s@Yo zm?EUQO;qeoWi?s}V>k;#Za2r($i9#&NL3&ikb5EX#0Hg0A8Bcu)`;nQP(C%{RK(DB zzeD6JsTAi!DCQ1P%rPa91<0pXl(JMo9#&GJq*^pV=v#(6MJ?y^IAkGW?i9@&L#tRn z1G!7Iaty6v{eqHqj-fSi=}U^c#WI%V5PFB|ZZV()??^+arF9}VnOe~uXIgr%=uy%Y z*M}JTYU4gJ!18a%(b#wHb6`amLk zBGq!_bH7Oy$$-$_-55wNWN%!HZYisfs!>dzNUhLY=Y7b0(HkS5L7GfHK@FQl>Ryy; zooi~?EYev_4Vy)lk}5G9rPG=Q4~o3KDb+kdYX#G_@q?UmSM;(VW|oQxuZe~s zqO2BCoD%lx50FPhkCJt+Dg7}q$YRQROpLOa`aBlY(3BpEDIKy8l~pC4Md@@#YZVDf zs>S<|4Jf@;B(YG>)0IrCNL8{f&eXY8R4A#mzTs9p9+dtUgyx?Y1`^$*=bsmfc~bdeL|Eg=?>1+Pl`GgQ|Bi|i;{J&$@wXanp zH=*>WMYEC`F#$Ds9I(W<0Uq(UfWv1p4)(saSRx8pOm8d^JuId-UJ(Nx znWH52P%TR#rI1ykm*r!~%}R<6(=k6oDk0rMPSO%Lu4jq6#bPBjqWNCE@4PJrSQbHO zM7=FWbt)?nsq%1q?h#2Dluws65poA|?h(UU;!+{BSH2?>4_7g9$3yOgyep?;EiV+t2p79mP zM`E01+MD{@TR62&% zA6p}mm4r`5z7$0)=4$yX(ad7rbNEUOE2*+*RY3X*;43i}BOjxzuSI7Tm9=u~9Z|yp z$e=wyR^yUx-;Jx|Gz2 zlaLSf*s$nTQYp@Z&`1~-0~}*!W!H;AjwwNmjpu;t#fTEDk_w4Jeh`_b>l!YA&@AYW zB3nt5^)h5f#Eb~*42o&AUWe=n`B{{)yaU+}GAi=U)G=Q`XpP?uqEkt@H~lVpl!SBd zzl*j!T{^8qN2UKRI$3BXI+8y`KMSoyN3u~2v(QR(Bx7P+Nt0Ty=?K*4Pa)2toV8>r zNm3HlXOlV7M%JUwbR8bbW(a);9m+O;VNEdPvpGn$C*)MfxJXtxcU$QY+E4#0GFXm* zoQ0UbMArW+{cn*MBQp{6w-}0%3n5#%^UtPM=sI5kiMZ+0NGdH_)#N&ea8ss}bX%qs zQ8%B(v?A&@YZ0fSKD2jlL~638MY_$sPN9}~85*Kj_j?c2H;Gjv&|?FsG@C0*9d z$cOGGwsVJ+R9aP#O4M*Ww|r*U3X0j$ZHbWv#O&yH#>j(^o!t#F(h5m(r=LUlG^r=5 ziy^zZ(`SV_)7SUAxdpRBc>ysK+@2VD1+u$479+1i_HeV$RXM9CyelAkx;Zh@4M}zj zW8{6vM7NmbKD4wSvX|S!@-Rz^n{=Me`B}&yV)k`2Vq_SS>So6X<#T|W$MOnNjY87g z;uxWrgWYnLH@U2IH$7jMMM9|#bBkEsXUT9&S-xO7!mUu!Aci5EkSfz{(J|I2#M(eI z{d|?P66%e~ZlRJIYZGET#2oD=T|hBfXe(#AsVwn->+?mHTfq{AY==}??vfbU2{OgC zF4Xz#h#1;l$GDPZ0?V;(QcTQlNR{oDuIy*+`*U_k{mbjBAw6C$eH9+H<{&BmRvWDWhToRZWc>1OP-sn1S`Zs zCLy1*-B~PjCdz_LbBki+ILLHYUQDG|T6Z87_47=(NJ))lR<)h!HY*9=p_=LTvY2z+ zOm~3A%p=WolP=Lc-+-J?Mp@^$DJ%qp^8BV;;%b$Fr*A}p=(`A_0jViRC<9clyt=%i9$O&i`@(@aU>LTiJNg5<xI*N-0CE+_bjMucqkhzc-AlJGTD(41_7pzSSxz6pmT=)FFkWNUc+f$_F zQI;FsiYrLMI+wY%O7u4x?;=&1JM~J6=@w>{m2$UOi9YA9MohVzd6mwY-roNXQt1w} zw4J zS+Qiko2DcjKl9zO5{hZCXzkgF$Y;K5U8{xGo~3Jv1#Th>tvyRIP3{C1T6>ma9&poH zXzf{wX?8PNXzf{wdC<*ep_OJS<{@`F3#~>=F%P>%O7y6sx#bpjv63obp2t1vwzHV$ zagVwkEarLKV{R9Vc^>ze+ovR){cd$LuG4);{k%Ww)9QA`$l;KMZuRvPQ>EVTJpuBR z8d2!g$WQ2bx?^4Jrj}AnC2nAGG(yZ`H}MADhjdL#?Rv&dRif`os9n#xc}l|iw7F}P zbXg|nHdow8`Gljc&CQOH^HEltTc|{j!$QdOZt+}7)g*R9eXfVR;1-pse1!SZ{{^>1 zNtG~PE5G2DbBvjpY`B%yNfyI6x<8b*C;Q#%UCi{)=enuMYogXWXNqwdRZPo zsv5{kZoiT$adaKVo{}M!bCIe=$%qoX*A01E$r#7{h3m0baE1S}D{i88Rf;Hbei<<@ zyJbphtalHkqt@=eAesm~SE5LRPuS zx08gURx*sYxx_UgeX zz29xuB7WtZSG&tt{>wS9cDs~x;qFjBfB(!)snI!`vOagqmFRZSdoo|RwMy2yC*m!O zQ!!T8xb-aaAXAhyD_Q57r}k^yRu=QrevRA4V&=ZSbeFK0r}kgEoh;_5{a0=ei+O7Q zmD{gG*O1Njql7Ikk<&*;B(OJanM zbwh5QlCY)g-1#h~rR&^Q7Sq!2-Nh`XrQf?tSWHWY-3}Jh(qXqp3GX}D%In?aTHR7} z^c!(gSswqQ{45twJgbyQ&85=ZoL+3 z3S^p+#5+~#)^wKtxM@l%t*cl@-S!yCN2*`=EYlsOx7@FQYzTzjl)GjNsX#tALVgco znjthR5{h{;5{j8O4#mt`hq4&?P)kFh-~FTcu~2BHv>c`X5tQDCnA>9|G6bRT$buLp z^p4O*lPdBjVo3fBBpR<}b07ym=$YMr133~x$DhC4=DVq%^?8uqyZ+0~sv}wFnm*jh zo62JPa4Rp5#q{CUUKfk$!>zquC3wS)>Vsb0+8f{))2s2`Ajg=us^Yy7jxqfl@x(p4 zKBk`|UN(#A=ZKfXV){AaO=mIvYlm{Iquyc` zvjw;H`dG{sOz;Mk=nw~JS&1ixDW`4Ta^ zc>OHDLN-D6^oAEuKKPZ2h)y-p%YQ%%%}CR#K@+_-N*b&^5VP$@l5v&;S@!ZKG*hYu ztb&bqGZC}5m&`H~vO6TjOJOO6&^yxmc4`iJH-S zV34zU`#Ka_pZ|2E3dM}oQ0_um(_&*H%@BGkCWwi&v80)@BJV)x-JXL2`RaefJh={I zNa)FRDC0;)&+!iq@*$y^K%(0_xWC7>`XOGw>Q#LPnTtH zm%w6rBi&17F};!QrLmaaNcYlNOzG)fhn6_gKk42Gi|L<3y$KJg`ox+3Im}C8G5vFx zm&RiH=P)lPMyTzFc|9zqew8=A#}bt!jmkf50CT`l~fAzyz)pdnPbcmGSf@t81wuz)63u(dQM${t#g!@ z#WD1pnre8Im%}mi2E}EFne63p%n7Iu)p@d)uSEa;MKNNI_L3i=I(G+KIm=67FtHe4{aCL*MrgYq>s7Z>ss?mm;QumX|M%P@-kRVeNOT+SxkLS^0HXW z7CgzzW-(jvBriuvCB8GjTnoxN$(ycYf_?C0FQ3J1i<7-V7PBv(?9FE}+cd}PVlmt6 z6mKv_Xj`1(6)aNiiZk2mRIfZnDCSgkWQ(02JB>xpk3E1opB@O!k39-GBM>t`c9u7; zat`Ml&h|2%q|&uKhg4^K*-G^J>m|rEFZpSTX%gR{e>x#Eyi^vNg?LZNkdm5U7Gj1s z!eXw&XLu79tFnZ-4xj0zD8b4nd>ua1o6a$tQPxMu`5Z5wWgCGfz)Ff(CPKb~%<@WD zCPCIKna^^{U3xZSwzr6dW-5M1%xtfX#mrR9_LeBA5+@=bI@ZnhdRff8#B6U3%f*PX z#wcb;Nu{`nQYjf#QZ4EsG((tqk0k_!=YnK$x+7W#c@ zy1%&GD{l{_2r-v??JS=n=2}RR*Zd;IgtH=7c#D-ZTE8KNu86MiHn42#;`?u;y3$K} ziBjR0bP#iklKz*q(6i%vA;n(yDu8> zp7m%cVo438f+a7IW|oTsX=k}MkRFzbKn7Xb0vTiJ3nbxRx)nbMlFG8fwx)*JEc*sB zi{+F+N?5K8q?YBrKw4Rz2xJ*cPau6PUk5VGA`(n}tPWl0y#q;NnH)$u%VmM&urviy z!17WcWh|=#sb~2%ki{%pZ)fV$$&wn#0L#okMp>>3M7*I}F)xs0mgfV>WceVFJeHpW zDPl?5-qfdp<3CndW{s<(MW$ztKeX?0j z31k+_oIpxg9uK6JWkn#ZET0FmOpEmkWFgK4rC!+zs*k=(Sq8b$YgMA(m_wk zjFuiqnOC5s(TYpN)dl1xZyAeVx!Fs2Q?*pZe1({QcpXY=#1pUSccja`F)h|aq*{-d zaxd>KN)^6&b&FTcV&1&E)tk>^o=V^94Jm1`CLtesmUOE(!jjE$o40}Gbe0NlTubl{ zRi)Ryib~g4%O_*Sl}az6JCsq>u*!>nn`E79<_hL{QVC|3kTcDF&GV8t#>_C(c*z`N zzO=3J(v(z*i;-$Ga=ydM;F#+n@qdy`RkAj&8bY%WwO($F&@4o)*P|r-M)gjwkL3fT zqTaa68&IO37}A~Q-Ja;7R@8`(a1}?-yX(9JmLDMWRYILNfo1Evb<90p3d;lt#oXhi zE2*-+Kv~Ye6 zjJext_Ifyme#0>p{nPCAbBwwFdeB?LG4#&uA&7a<8|D~uNA{4nK}(#uZ+ghH-cxl} zLia=udDSfDzUg7FK1L|!VK1>)r!sRXEnW(XxsPk{GFZ%gT#HxAV(#M}@s=pj`_~bu z^P^t;`;>E)I1{}=@0hiEDO%L8icCdJtJk8W!MX@BbPcf3+n}VsEM|-?^paVw##2`s8&7ztEO$X@{5;`hu=GRdTaQIv z7R&FDbCu+<>~xR*^_C~SJeI>C^y@88digA8K&Y&zyh4_%Ayn2=UJ1*+9P_kS#_~^& zdD^RH`G8{7a?E0{ndK>N*E3!#%NyLTXS_BR!S7K&>n&kP<@czc^*UK{IOaL8 zhoyvLp7Z*Zg!^Edw}!>+gKgfh7OQ+meASAr{JfXYM_Z@Ts)L*l`KOo8vXJEkFJFt= z2MZC??u{u4zqMcLSs$rw&hhB(HYQ{M1KIL4e)-tfkitaaxg70q=o_u@aH z8a4`=2cUV0a*ON#X@hvk#u^6O2TvZTizgxId`x0Mp?|c zd!;wrPo=MmGc)Zgy|hn5p>y0yuR{rbArUjukD#nBFLSl3v-K=mu?Vutt7qwkbU@zm zT4Urh$Om4#k}7L0V$?eA-U!RD5IX06>WwLBu%bKT2_9s%x9Bq}tHC-PG7kC7%ln+9 z(mEYN`F!r>D`~WfAoeCa-S+xf?uP6D`L|d9g|74CkUb%5yuyEnas=dSFJ+A`YZ+or zg{<}Rztr+2r~1}g^i?R7YMs~1;w0e;t%4R3qj;UOvm0kY>m)UNOs`kmn)4dZjEo?xM@u z;FYr+2kAu2?_Mp-97sQ8qu0suAmn$*m^aR{3PRU5e|qt2bt`^>P%Achl4Y-5b}8N`{Pq~R7Lwq1ve4HkH$%4f`&g!7 zer)o$*h2oGlJLB|voF8hvhv*)z4>XhcrR<_pP6(hU?;JR(2ueK)?NGlC^OM zpy%&_9OMtN%z<3-Ii6|yN&lgk2J1P=d*my zlHo6A`4RF8QXTHgUv#R-?r|1<^>d`(_p6pfNC#pv{oLP3!mT{npROca6>zd&|2xGr zSbHN?7g9~}J6X&;ZMNU1B^W=)`C=ob(#ICMzc|iMixFBq?|8p0M(B=ps=q8os1+yr z1!I&?qsTz%w8x$77qLu(&>nZPU!tT+m?Kh-U#29y7tZl(Ip#W~qO06f{CbY5htO5- zDSivb{F7r&^*1Qd-(>ZpKBxNfPpXfWHIUQ%6eZ#HMy}t%Vy-t%_j_5)^~UM`n36{8 zJ(NW=?Wg;Rn^a4c3?b(;{A?xRN(g8A%`9dmgfsoj&6KLaTFv?7`PDH(`JCnVv#dkR z50JC{oN=9s7B=sfWMhZ=KI^knJEB`Pq0oJa%kc?3c#~jg3qE0WBgIspyXEQh!iMCDu{UcdVEC zBOFuAF_-xpl!V*jGQT8_$_l?GxZJN`G27yDzg9`3bqn&LZE?B3K}p#2MgACz>G>jm z!d8@XgH?-E)MHoprCNf$;7Y$viGFhZPmI+o{bnUKV(An5Yq(;+m1QM__JU%+jm50E zHOF6~Mcr}y3uVpm2V;bOxAbaXZcX*U_ot}OEF2}S@e^5IfKaMy{A49v>X*DeMNEl5 z&N6o~j>eE{{l0k0r%TN_tb$zUZ%`5*{jT$^2*s?6qoW@k*{=69VuX%|rT!8YIv&!o z?nZw&M(7AR*H06aPove18t#Izag$%6q`~?Dk_@@oA7`PX*8Y%x_^qyLX)u#>i@#V& zcz(adAC8GR6sd0UbGsaJ`=D$g@ zrS2b+Qy?{dIm-;l$w*b}cf?38ZFytmBNl99^O4j>Vqd%Wz2MD!vzCWNu?_cGEm<{vgE|dx@PvRFS z9>msZ@)MO*ib?Hw`w=lsezKDA_t75kb6L!EX@yMKgH;M(9hph*XMbB0dX5j zf5=~^M4#hmp7vosaW{(LD{9Cieua`6k%~IsiBymJ)hzW->+cyK_3KzVAat&L)Nf`n zM~TP$Ru*%Vc+78O+4gyzPpiL#Wlsp@)9QD!&~Ieqqc%-qF7f0$!v&ip>K;t7A0V_t3GH(ND|96fuyr6 z2qcH)=|Botx&kR<`6Q5fmY)JytRy^FKIM065g9M&BmYx=56ejqI`Ti|_p|sD^%3c5 ze+|n%5Q=%)A7(MzVzEEUVz$L%e_TnpO`q`-_6WCyKZx&K{0UmbvB>#JY_B#yg=H4x zIVI^@tS0O`FF~I73s}}J#hN^jcE2u0dLb|SNy(}#>jk7*4SB_{pGeXqu0_tYb(Z=g zN*b+d$k&Kj>QCKEZ7-`4G7MSfm&eE^$ZLLWj70v6wVnNCEIVOrYzOJ^Tlc1X!ZEho zU#27+W6S+sEy0*y?)NJR?{k;?gB-I6^`R?}75*^Cyau8DYlXjoV`y7kglou7f1G1z zTU@S0q)>gT#0Q+un|^{4y{9Ch&Tsm;N*dL7>k}bw`SJT~*@~5Zs}en;4nWLGzdc4W zAglb;eJPcWIS$g}XT``FkoWvCCHkAA3m_l*%l1>L#4u`jIIbl=^gESQioYR8E9vE! zo%X`&Xh_xP_p|H|xl+j>%dHq2*Frw>H?WxZ`9JcY)L7FXwDQuY{%DNQG5k~C+F!NQ zx)3qj4`Ei#PmGZo-e&PW-XNq|o^0_Y# z)KZUpo`rnj55&mJkT3oAG#%51n14aO_G=Fcr3*6XXCJKP@)z;N6XY9zdW?Lkq>SYq z0@aOWLSyb-*-iw zfAfnosLnOwdA#XO*R+55rAjJA2ZYWbfA|#~^Ahr*n2mld$8*6LO z=5dv(da~}rsgT7GDeIKz8omID$}TNxmWD>cwzB{K#cV4FImXm^JDGB{uA!OR*-jR- zT!6A(L(bdDawWPxE0m;VsZ{F9vm3I#%+w;TM5;bWqU>au3!zb$D0^8JK&Xa^GJc9K z{mCFEk7Y%WPZ`TlAgwH7KT}o@%OQb`vYZB?ZILK*kD;=#Dh`C+g-DcxN~)~6kS|nB zLN>)TSoIKk?y#dwV)+-#PBNM0JC>bgD$Dk%I#rTPXUTxj(~4bWCd;Xi5tOy7%u=Ga zAdTJ$vMWZ$5VN}+h!MIX+Cz?N5e3NSZ^Y~=6OW@hS79AH-OqcWyTh1mmh+V~TF+VLev&L#f;XM;jo69ECqwqJ+=YB-%xB0AEX@!)(q>3`s;=Qv5ZVh4m+34oLue}> zE=O4C%R7oWLMEK1Q_+`q6mx`JtfbrRM5;WLex&SW8Gy`GGQ=_pIUkZKMXqkwUyw_b zB(ul^aGeP`N={|j2~wgYUrG2*#bjB*V&18kESou1GE&iV^P^=u%OMbY{(iLVRT6%S zmnHjI%(r-1a!^UNI0mWaqVy>;{&cEywKxkxy*foEDQU89fY2Ps6q&B1#wv%sjt*2)v>Zi$tv{@IlUi#tek!Zl^$M?Wy@-o*EpZ! zWUZ2F^`3bp>U_Mk&Qz%^v+msSGBZ!-)5|qHLFTZ0A4n<7W(d7~bb^dOOXuSsi1QAv zk*3NlEpa`vLvm&A42o&6+96Lt&XgH5Nh+<6Ak?dQ zGM{A#@&aPclFL~Bg3$IlTP`|Br%FiE+kKiGRT3U;rb#i2V!|WRG?}1eoqI4+(cV2x z=CT~aGF{fPoCTr%Yla+PITu1>V}?wct#THlcy2{8Gi4UbpAd?fDf3t^;e5`KMJy$p z&pEQ3ze;sJUyiUi2Vo}c zC%kPS6VB81*$qO!{CI&(WjTanE|j?}*&K7BEMz&0V+v#~%cUGsAX`~(;+TtM7t6gI zbCF!b@&w0REUkQ9pI12MVwuG9Hpg5dvsk|5m`mhzmftw0P?oXS2kUkf%6gVvAk_9t zIIObB>%W@pYTqZ|ZW^l}9Qk<`Ac+d}ej9o6%Sm+lvX^dSi3s|l|DjGjUvYO>~ z2yKfZ*`j1^+{2I+*n(Hc#VqeZ=*V`JY*(^M9iwO;yh^5CK&6LkV;0L?7IQ?JBMVu? zAy{7%InR+j7phco+d`~cImR~q#uH3+~Rl2TE znasRI*C!D|^(m93Ec-%eyWb>hS&o6wcE3rsu*~FqZkFvVmvcTh%Py8Oj`@ciV5#Mp zf5;J*W{xSBR-vv>8^@H(M3znn)#nzO%F+*^`rIP3ScW;DTV)>0M$YF}S;%4^s@r~> zEMwUPLT$fI*0H2(ATEasS5En7KN7gEs}nvgz~vVrYh+c=Gw1Trn8u9zgk(Q#X26TXwSV2qlGK1v}$V9|EA&ZqXSf4`EEON;mf?V=uADyOr24Warhm9;ECLM}o-zbcop z#2t>ay^=nbogvg?%cNDNx5WVv>ak@qiN#!@y(V*5%oW;evOr0Aet%si+(h|wS>|m1 zFS$mEo^hobcF6Rbby-um^fzRt68!cwm;Q#F$}#6dsHMwgF2`I6p?sFhe2y_IA*_&v zEM_Hy6|zK0m6(fESEKEnvW)YogWRN~R;RKahs=Y#DcfU&-n)29=KO=|tXuIt?gv-O zW+gSk)Nqw-RZ=NT4Ohu_jxk?SbjxKNW4>+gmOVNq*vfCqAx^af^{GRB-j>Pby2svT z>5=&?UqYG@^Nwt0`47vxvY#dX2t3P0%zHB77M;)TEWI+91nZYujV?LCrx9ONCIHphLvMlA8K3Tx> z4us~qKayoEt06Sk{gIr{@-2kM^T%=-%LWLI=Z|F{OXNu0gP^6K$PFwzKvpP`6;z*Y zcOqmJq+ceo90hq#NwSg}aTerb$ft5DO95m+Nj}Rp5US5=S;2A(gzB?eHY=$VcSES3 zKa*`Nj|I}nV#e5Ka)f0`5R*_zb*>a|L1^oICR3Dzvk(I^T}fA*nNRp!_ObLK)z_%= z7c%K~%BL%CEo2?!-!h-&7YL2{HFBAj;7t9MOsrC=f;0ZtvVz5&@xPV>N*XMYiE}P; z9+ZjIs?OF8zLga$H$v#@;#*mMhmLs|@+b27R!*qZ z@&e>wDSG@;A${T*i`g6wb?tSuZ{p_X8`P^Ka!5&y$a~qcc0j71(Jqz) zS)6Fn0v&TKiyNKJG7~~?<@wPfCE;0EMoYAaV#Hj5vShT4EX99+eZ_Xbj9t47#h#pNBgt{b9&oH$63tzbcbmCgSyA|L#i9l z_QYtN5(=$N@vbTJEksYJ)jouW%vjzK;YvvahA>TaU5}cco zq5~XLf|x3ll@uLgnFqO3N!~+L!|;joF3|!d;q}ih(LyER_0KNRIu>*Nvum_RNjNV$ zAv&xi90|Ke$Fu~q`nyLn9@bmg%J*gM+7(#Db!9bhqY@B2i@SzHTEX%Ogw7!QMVnd7vw+lS2a9Is#A2R< z93CBK`3@tY9(&vo(fEbBK2{d)nKt6tO*DbUJY706n$BXLE*%-oQc|scg^E`9%8X8B zF{^uJM)P#4;Hk$^(Q+1AIY+Gt7Oh)ErH6L`M@6%qR1!Qvm>gZkV(#CMjwU>%W6b?~ zR9j)H)M&x8s?OqWNE5c;)F_hRuPfRLp|i}?Xo-rc6t6>Q&z%~b&+;XN_S~t_ zHYGKdSrO>OXulFX_Mf8jIVrk^

C!txk##E9r`x!!ajE#s9JQHsDoMSKIKObLJ%H zgv<;fu_bM)P}53mR8k{?#ugL=G$Lq3(5OVC0!9Qy1&vBHqS&aQsX|2sr7dW*plJoA z7BsccMj?s{HYzA8XjG`N0!IDrwf9>4Bm-%*^?je`{jOfQa_zP6z5e$9-^`qc$)5)2 zI_4SbO*V)wXS%5w=1tQ`wYmd5wC^77Eog_#M=nnAT3OG7;Gr4qL@%dKYqm4miQZgB zm7?j~FSL^-l8oJZccR+Zy3jXrxL#16#CW9N{%H@-|yP*(>}VNmZ#f zAao*qvNw>C%%9=5c{lEfypbA7&MBk3aT-b9?~L;1Ga~mpr+6EURJ;&+sJ>41b}(`Z z5GvWj_KqX!YBXS2+;?-(oW?XhIr+Ld6k)6wF-g-vlUS_nnixIh(8SV91 zMz&_g?LCnNWoa6PZH@3Dg&pF;OM)okzIIn_{_|Hw9j`Qjn`3?}O z_cCuIBL^{0nHT@P(cGVT&h_#cIg@$L^-3AJmU+(eW-v03dCv2eGE&bx<=zHHHZV`Q z=l;RiYGt1Dy*`Y%1C7t;dt(^M0zy7t;8im6Q|7tAt7Bv&^IYhyXXGO0xzJNj7+W)e z(1JjYb;cG9F&! zEzroE`1inb1@;9OdFwTjypy`fYi305q%QWh8a;OWx!7xCM8=;Qb*iBXTEosaLL%Ds>2art$DnFaK$hN{%*{dW8mw z%Sq0q-egAPB8DqE)r?46o#riOMB3^!ZzChpHl}+mj7Zy>h}3(f=QbD~srPHV{68B#bSknOK40sVGeV~#e*$uyH(w)FYA$R&2V{oV!pIXq zUI22vw~LY2*`I1}1(wuy|29HH9SA(rSuQAo0uD)-SypMsDSN{nD#tJ@P)|FTFNK#MUpp zk&PW~-Q~^KNYd6_UcEu$^Vrs0ZzUru*w$RHf%S;3xnBPBMzh$O>&;+9%5a|7sF9?t zdEQoo#Ghqb_joOgtYcgEc&)5QY~ACPzR=OuJ>F7A#MXSTO(RKL^S!KfBsDX>iEZ8I zmA!2ePe2UL_;>K&Z_x@~T;nl;I+;g%Po} z$Q$@#M_a%4YBZ9x^=ogDLE^`-t>1cej0|C0zxC=_kJ$RHm-CX*EVh2@O=d*$wb)y! zk)*A~-UfrjNi+53hrDJ+MzO7jysfN9Y(3-^Z|G?2A#VXAV(VeAMI%XD4}0#*BsDWW zmTf)ar86>}Z9U>;X(U-+k9d`gNWLEN)-xiu9`$lw(VA`Bc+@L2NPH&STIv-s@>{mG z)Elgkq^+f19V23Esi$5wITc&Wykd(?H%Rv3-?>ya{i+-qh; zY(4Jv-PqAqy;rFbV`~R$r{0@ykoc!;>j`fWBay+T9X{dJG148#9!Ndm)oUb~()}QqHY9wjvNpCJAV(Uq-g%Pp! zl-K|79c?}3jWkG{G?T4AdSe(lhHd@P8>f+^tv`Be7!g~4^m3Xzmg>{qc#R}$@M&*` zLE=N%)++C2M$TnhtGwB)M{01Dw~G<6waP1gy`!zw-dv3sTkm6*S?w)0Nc;-6^^CWa zr9|^H-Y!N&^D|!GH#%y5)+^UYrn(V&zC!st>&<55P9WVPxQp}_FmhdmQayn*di9Kq zy9mF~3S^zv{3dD6RMVK}MQ?{j%o+7T;Cb2Gr4f@0S{uLOsm&y1kk{WPB+DT22Vnhk z@Vx33hIn4}hB436%(KxO-;RegZ}cYbg-qKEnb8h86drE$Y7G*91)7flvdOD&$3yF= zP2L*jc?UeS)_Tp`){ckPQLlNe?GTdsyBFW0b84UbZ1(yX#GbS_dwusp`fKDaMI}#f zpf`Kt+96qg$NOmB&5TgV6VIDoT|0z$Hhb$Cq52}8x4g~m5aM~;+tCg=8hL-mQ*V*a zcPWw@1ms<>J0lZV&o-}DJB0LX_xdvOG0KPZeBcdihmf8YZzLmMf@c_zkG!dj#D?Hp zM1_ zH@8EG=X0^D zt2GZB2dNvOC&eGf$YqSA`V|IIvw+M2Pu!o&i1f;If3ZgHj6c9q8NPatG~XHjBO^Wh zks6t!{to0`=*jdKZzG;LDssH(-97z{j2r;uVetIGFMnV2*mtRV`Li`*`e{9Qdil!@ z5+8vZOzH)>{zgU$pvNG)82LGnRglW{dwxKgXU0zkLcdp%>-T5md?2(d$@Rw=WZ)Da z)R%Mpa^|VDJk`u|ljWJsJad2;TT2=F6%gakdPaU@ksXXAeeT|(J+!?t*UxE(Jg0Lp zP$TABOrN1`=1uJJA_K?P=B#O)GSDCgsnsU^+u0# zKajV99On1=Nc-a)4iBG)=EMBHjEK*N`8y1fcpFkwhKKpPm`8j*%vT>9J>v6W{$PV7 z#OK5OVvQtyKFqJsNR|50Fq8Mb{(RPRIFJwEVPC&h5caUI-^Pe|*wd$AMtl@YM2Ic%yzg{C|W^|(wb-2GxBkwxLltZcWT4-@Ra>{32l+h>qCN!A!;l)}=ZAQX^$VG2zZ3AZ_!hiV z<4+Fp9OqAC9?92n{>_X?z6Sd%LsCQh2Ii4`4e>WJBKbPrPyf`EnB;4yKa3H{*D(KP zgV=lx_h&PYuM_-jA)XWc9n5nu^1dA9bE3bCk)c2ufE4@je|9X@ z5q@`rD3KcB_hdw*PWJnRq(=FDnWr3@Pu_;x8h@}xOzT|-Tc`LH8hO{DU!#5v$f+3YXRwG-Shk;N}8SS?)BIDR-zm*XgC4hWJ`P!0r8&b3j811(i#Euf9 zeRr4Uab%Pj?awfX9mhudvo(?&B}V&8HBzOrPc-A$>Hc~~4zkFOc2d-LPWN{iL>&Ph zYKN!$>AO3Y{1`vWAgUBRZ=rm~`1v88v3?=*NcoKQ2Zwmh@Qay8Y@Okc3-O%kk7pkG z?)NIJTh8=ngm_B*o0*4xb@wUol=_Pq>GKbRoaHx!q|WvmnMX9A?Qae7oa47J&$Y= z=7s)LMxtYo{RnEAw3uS8$x;}`8z^- zF7f+(*|Fp&`+W_fw!;>EH-54|FvK&(AI3aif`@wC6u&&gbE#j!Jl{Xb@LcLI*T@#9 zKaf4Boy+{fuXKIcRnujD5hF6%T;?}8t{!cE4Jp?psYZj?I=#%_z=+i8Wqww~NJ*Vu z=I3Z6S*Nh2kt)@FgsIc1eyKrp?WDohRDY^QZipWMo|j(7&6!_mc;bfx*`$%1nP(^v zTGw6a&(+AC>TDpH&~v3<$B2us%w=mNJxU(lpsrhB*8J1_a*Y@dsYOlmD-5D8gdXb4 z)BKwmnFoYQe!9Pik-sr=mA^iu=W2f=^LzoGUa)?(zbnL3>7#Jr&rH?*WMiw+&t>FL zAY|(rzmSoWfY9$DUh5Awh;7f;`NbhU*ZGq}dS>`DLVBwF*&0D#hUNlzc)h=k5t)gu z_jd>n?*gv(hozcYeg{%VYpIb2v2Ejee+(niHm>*Qvy`-r>-|LEEB~1X4#P+VE@TH&pGs)WrN_)EQ`=@mYojdc7LnZoP39Fwx1Q(C9lhn zex-D_Ki(kmiLg#B>JERhMyldh0iiRHJN!!KxrKS|^sAX?0rTAH&(_Fu&L4n`gY{a! zSAuLk=lluCcp$&@mm5UMxz=62o2Ge`tXJ>$vow-ynRoj+22n3S&n3`vx8FC!GuQ9W zJa2>N3h>PJOEiM7{sOrM$UMJ}5vk>Qemx^H0?hMEyO~B(BIh19)%iAHXS7l7wMAou&F8mWpO1LRSSjAtJDee<#Jyn?JCVkV=gtYiFTfZ4fmadY*)yh5n)t&jWrP^NePm2mFQ*&x3wrNY8_QOFN!< zpWwX+f3TkeHNDEe znWZ+c)GB}R{zlJcMxOC&4=~7fAg{w#gJ0RpAUhd(&R@{mAhhOx4?Ju9sXsKxF7RxF zKY#Tb8R>qiK^pz;2O6GiAfG_$1%E0dKLqjxkoEp9Mh*oMk44mre#4KA)X#wI_yoE2 zYYsBVFh*YS2lg?@sX$2cMt>0_)DrfCp4a@6Ji~JycyfWf<@Y_@xzRsSAbBD`_%8wNDC0^ai97*j6_PzlUM)r^EHyJ_ka3@dm%*z(ZAY! zI&A&ZFAed0=9e>1CNvYzXa2Mh&n|xk^Ymh#UH*a)&u)J)^UyCulb+rFnh?((e?9Yv ztv&u$jcjrHLG#&=`rMz^mr7%cU7>yM&tOEx=gPgOTU*vR5A3>82+W-H^lRm-=BHTVV(mVvFd}v8206zVDXCL8$kj-) zPTgRzMygaDG*f-Wf^tTlvPgA1DZ^7^5S#Z{urb7w5^QE3$$LuB|7YY+vQ$%pfd)~3 zg)N%jQ-f(Co_H`L#1jvehj26(xrjf|W_B)qutOtN@f=7Ij~}!#&p|+F1seqJ zV3MkeAHh69&|M>VVv2dX2R)gmn0dMfxy;knU~FXs`OI?~^JE15ndcnV(<2zjJQd8- zBPiBL@>V)CSk8#7dozQ=A>?85d8DkMRwHxNbm*aXsj`Cj@x+r{z3&(F)rcuW%KLu7 zIE~y8zn%U0PB300Rq;ja&v$~UhDU#Enr=D28#K4mLv6liu+<=H1*E90_6*cevYu?u z*+JYOY8~@r2RRzylWnxR?*(lJiN6CLx)u6CP&|zE+z{UZglgvpL5W7H;$HxvT>Kyy zr;+4aNc#tqjg;DRule%H{z1-gtw*JeF|Fl*V2wtS?;ITvv>G10yLkrw^a^&J(9!x2 z19c)HN$Woh(lwH_eqfNJksDNZ*dh-P4C)yX>$$;#V&l){*dbCG<_66gN&1r;#7`og zWDWi($k#}+RDTo{8bo~$w*CsAe-sRB$I}Gl$H6p>BwJLUU~W4evfd|Hzg-`8qtcCe6v4zQSObMz%O3#^Oy%*eVPbFd`ln28$UH4-12w zF~-9OAw^%yEDUlDVm&Mj@);2i3xmllB_0+A(=?LwurQdbkt+31Xr^9pM6ibSxM$$2 zitzA=px0P!-L5K+2>LK09v%@aFi2t~q;j>?V&>T&_oqhlQbxqXBZ7LC5)Y3ER%#^a z;SoVIOZ^I(4~FJ`!N4;*`qM8M#)$aSFK9W-lvvuCI7|5q_k%&JL2QZj3)&bFfBFT3 z&o)xxPrsm8BT0Yy1r-`eu5ynIYK)X49v&I&U_|Ql$Y2*E;^C1&<2fBYJTll|5bNQQ zK{F%b;gLbFaUDH8GU%g`q=!ca!!%N*rXlZC^8JJH8Zom>Aa zn~S3Yw@llz^?p>4&WPmVs9@xI9dmJ1FvcJ@7e@u-7?E5Y6)a*YDd(etI*lZAaa7Q# zkz~s}I%v^|(sL6%jc|0(y_~F@d>xH^4GacqKT!I4GK!nC(ZbMJ)WBe1>-f6oSOy(6&f)sh-XN!)gbW|;Gr+y4haTcKt9imueQi+M)F@b>#-rh zMuXTB;32^-=1J-qcA?Rel$vdjc2bM>LbAqdsdhXHr>H|O$4K017*Qv8NROy9Lh%m{ zhd54h$6P|8=)<`~2i&!C6SaIqUCw$$E*ysWE*W9;hxsJ_;*U)FbzSH+`NfST``cM4 z`l?xard0c8BTP*}t9IULsN z5Z^lE_!15u;cx|~KdZy2@+X;c?TF*|T(y0ihllu^SkGI>8@Y`fm+*Dwzc|yROMIKg zqpDShu4>a^Or>5)^_-$Ib%<}Ue#7>6Aj=)eq1ZF_qw1&={~bS4Ras!0&~RNch-+T-N6_#^rxE_&v5klQ<-;e1Qn zl#8*SET?2#^xvoTM^qi#k@59O#-9t>f05%GL!r#me`j3A#c=pKr$5B~Q2dZ`k#R0O zer;ws6DHRU`;Oyz_ICW#Zls-UWn9ATI*upDL--z!n{aP=!9|boOI*Uv^qYL*7Zj&a z`;973hoCv^p+iZ>SAaUill&d=Fkd*{ncRPloB0UOy=XsOn;-Gd)Nj&`)VJh29Pdo7 zGdzdOCu~RfO?s63Z_+>0E^zjwqK6Z zk7T*b<8^;n{_Dog_?aA^%y^iLr}Q-C+ZA6|>8+vhTH-SPUZe9FQ8k=jNiXB^YA&Z= z%;WlW#utUkXEDcDb`ox6{OgoY_wKkY{|5Xt-gl-qTz|qB#>4Rszhlau%Bg$z!o%RE+_F*@Ng*UorU3iOL<5+nfk?gAAatu-Ts{GYordN z+z(uJ`^g>o$8xzFK0Kkr@vy()xcFi4h`JbZxL;P&b?7Rp7xK&afnOQpc6hDUA5pik z9T|6|pLA9pUEz1J-p=%NmfjgI_QL5>UXtEfxai;XXL(3Y;?f>EvnROlOF2lqD|zAj zrgHzOU6KE$<@^_v6ZK>9SMp~y{rC8?VHM#`Ynx*$9JM9oIml0 z#sTX05|@5YA?ZDp^WWb#vY#GV*kj0;+Oh< zLEACqPWh&F1I-^Y9#T5_PjRX@8IPsDC{Fs`)_U-rns)qD9$o2|^7>fI;k@N)WB-Q; zlk&J{(sAsk8JGOZI!E+KJ(&EO`XoK4u-s{^N6M*;aVyW~GQxMEPLJwwUMW{iWqy%6 zdaCIsh96%>52XvAgfi}%a{#G_i5^A5jl8}y>oVFKL8xi6uH`^Xf zyTtvDPREydd4Ctqhmprqt6Dx9l9%?K)Fb(nP|8c<-!zo^I!B+6;aOSUC&+v!_@z2s z_7AR|4?D9r{NRrD+Zo^2#f^R0*F?Lt|8@2LyL@s#*2?w2hwJ&xUMAn+^mTmxm|EF! zz6`gAeYGnZPt&zra{lhadSqT15{k?C+7*5h>y`TMtUR{%Hu*APM4iR|d99{C?qSGVF^oQj00IiIF#q!~}*fr-}Qr;02wwrPdjW5adjl?~T z;|q>_t|DRY4miFt!SQ2R5BW{&)Z!3M=QI1lPXk|jd>reM^Zs!B!ch8@P`r}kM$S>; zxZo0gakZ(R8?>Cm?HA_;yv{WDeaZMOtp85t?--A&Uvzc{*0Z{k_!>@s zv6J+$yqvpBd-=L?>CeqA&W=2%N9* ze(Rgzt}@RL?7i-hdXn)*LK$bn@y_hVwf}h5UHh9HSLB{t?8rV+?y-%Xj2uHnR)u_uXCi`$hx(wdz_(qUd3~Qmr;2~)d(GT)!97XcC{`P`SUe@ zR83|%S$DS{MtU9lTuP-*kEl7!C-HkjaibUK7R(=xhvjSXjh)W;JIdqBvTRRq2_IuT z9EyHfpD)(yRQzHs+Z9|wDYtO?*Olu`KCHjvxP-48a(Rhe(Ia7)U*@Bi^?p36cIhy= zt}!@%rTkDTUwOVLs@7^du6mivOZ0aYhW!frBj@B@@rm3myw5Zto^Rv&5I=-ZLQ{Up zbF4p3HtoiQ$#&Th$2}JFh0i0TzX`rIR34vlT%OAkKTSTP*59v-n|-CraxoR1LF*#? z_B^jsMQ=wwyf+?tp1osvB=5^*e<&N^hx650J(~9D zs2{ODiT{M-g)A?j;S>I3D02G_BWeWeG3gSIs%+gK_TJx%zj7WedtcRpT7{zT6O zUsL{@@=svBVgDsA`lOyZ^ZQEHBlFrdI-Y#r@HS32IKG?4ap^~5Pr|P337>>r@&BJr ze}MBN{zxe8OWL8};ZVx?A=dM_4)JU49Pi5iu)c6StpA(pGyI+R>#)85H2xCj|5eU^ zI4=2lo%yyg-=`dQmA}uK??3gkGx@N;;kfu8ZvS2R9ky4~&#XVp{2f*CDl_ke`NDB? zu8ez$lgvCXadUpq^}422pCg<5LVAubvlF|W@g1c3BWm%b#{SYP+K2e2nbsfW`$+uG zG4l&<%FR`M*=`Ys?d{RJ{n&lr+<&5w4%azz} z&CeI?Th3AY#=F)h>z6aMJv{%VpC5FUdETk(@jLx!GoBbZe6>(NzlHmM_TQ|3BTDW! z!tGYtzl0ZQIe88&X*+6{e0J26Y|oPK8a;pRo&QsgGW}p9`$yws`|(lAcMIElSBJ^x zZ>0P_X8B#rC*#H!j7z@KZ=i84qH=VY9QP09xajLD>`c!wtjDA$^E-s`EIqEtc%Iyc zN_k8B75ia1!KMGoJ%p71zSEO_bjB}oVLjov@P)&ZIe%U056gw)qDSUcV_(iolIImN zPfB^ob6a73|888~x0d`%DCc`}ekbv-dwv*xzEqw+9V6|J!!n8Ud02SfH0|3_vaXQl z>m)SKm*IIn))S74{u!KZ&O7iW^^jdDKfz_bG5b%<&)l9RK9u9f;{7`6XZL7*QFWgV z@mvDy|1*cOkL@g6&wLv>e1pReIo!ozq}r@kzOTcG`k@Y^DwlENH@wd!tnZ`_VGt<4DD@Q%%XNB0jc2}a+}Mq%3Qm`}=eq(7XWaJ;kf5r6;Pbg9>y*dG%{)U6!Ez z@yza_n};6D?9*Tb*$4Pw0_(n5c$+-7T&g5KO z=2Hn}ybs$8*ng2T=l;ocM%W*T)BA9AUm)|TgeD)dE{m#5hf)2z%B-VeYQMe|cX)r) zHJ^;fqQ95+7r(5j?MKyt?Em46%X}Zsr}*7j*wsEo?3*yT-s?;*%qQ}l@rV8Dicj=O zKFxhe=k;dR&3GSMx1;3xD{NQV*}g+O@2AT-s!rr`56jE<^1}PauHv#jey5DuNBFz| z{kM~SN7#Ni{-63I=L*Jtl+Q6-KF5fu*?gW6_S>w(Tvf{D)RmqIT2G4AcMi8_$+wKZ z5>8;f5>{|r-q$}wk8cq*iE&w9%DzSRnGy;vp`71Hx`dK0p|nHc50`&uap4!e5{h04 z1-JWzP&<(F3GW+3PD0TqVR$|??;9rHGc@mkMfaNj{@w9X%0b$J>}&UZ9wz5m5{COj z7?-%i<6?4Lp3L=czV9QrdB2&)VcDO_IC~BAhsRTCcM?i|Zr1z}W%l*>g(8;!P@jXz z`2l_%YlfLGB%IHDa$h0sQ|75~DDz4k%Sl}Hh(F;_>N~9ON!AnQ@3v$|@H=8LJ# zI!sYJIw{X@>SvqQgYSCHH0>oEmv$oMC-a7@`Q_X-%6{SdB*AHSBP<56CJxXc&Z zi_i4aDD&gHu=@OI@BD`E`D7dk`z?GO?`<4q;t^gaN%5^v&c%J{ijW ziwW^dL%hE1?4IVkTpuP(@^_}^aOOXmL+O8=@mDaPgq`{EP4QW*H{1@T{m8k`w|)-9 z=RIM&vL2Utv#aO0%)SHXFFGH|b=yh&9m}x(aJ=LD$M~KEzu#!=hvPCo;Mae-+#c0o zL_N;-pYDL;c_5C<_te&KT-uY^d5Li|-|T%4D*aRX-OwvdJC|`t^qCOzO~_6d50`_) zWxkV8#*_B?+n-yv$7#N#INh&(s_jQr8&} zfc2RW;~AHOFx6&a-F^3d<5&2=RHNAoZH*5L;I2T(pfu7;%46_{1Qf#w2NWd zK7PqfuUj2e5{ipI;qWZxyO8~#9E#6myrW!1-KKH8U)mvE?xp2@Emv*rZQ7yq*WWO| z`OcuDrtUxxS_KM%4SP-^8(RVSG2^=6RRS`-^+C>2I&<_tPCE`wn@ZFf){X0LNv$ zBK!x3_+(wvRVaE)m|Q;{q4g!duYDZHWt}7UJ*J+p9_8^~%4^^0t{TdEWc>NM_3=N& zC++oA_FLv>X}^NY`JUt}92Y&3E}`tFYWVy>_{{ex(r z&O%ep_?1vzSIpvio2|pBx|{3oJ`SZ`9^kn6VZw-df^pd&uj06rOE~OIJ}lQ6Uszu_ z9xnG|^mqR|AGbw*E&DCMTVUjp@5>6`|F%%ZEeR#R^1ZrOb-p4>*2hvl67~*#|9Ttv zXOWM2Gkx=YOT*B}?8;)NQs;{p6lXfBc#jg3T zN%DI>qR0G>*50`Jem%}N__<`^pRWDEcih-7!Oi!UBKG@af}8IzMeOf!2yVW|w6|TE z5AF%+H~R%Szevuf;r)i_H|Mi>Z-C$L65O2E;yr_qeseA>=j%!R@|{kzUWuxeAvrnM zll6|+G4Y5x@?tD?5oP?8xPK_{Hut&PTYN{Cj$1>L$*| z*VVsoKOH5wv_n%au9_dx|7gg6!xyvV68=6_IDT~K_u?cjq0FQ5-MB+1nf@96zFYYG zFC3TiX&E;qG~*_I=Yac9_;*3%J9Oszg7RK@G88!pyONi4L=#5r_bWTY#lHNWN%;8+ zxxbb2lDM1;NnAqtj+m5(go4X+{r_$#euzE^#g2qs;qv_g@muaOMgJdkyNjqB`Mq}O zcM^*KGTuGQ?N;h1oGyHw;bJ%Z{D$$X^Y04$>+~2u@0haJ^B#?yzm4p-Po)gU&<$xv={Mv z0P7966GEXDv|8O{*`6WCl6c=3jgFL?`q4Wm{Phk@AvI@UFsze10tZEa8`Rk*r%@)aByx@AxIx z=W<^o`IPSpOGxb`u1>*!nd+nFsDtrepjN4$;{R~92LG#6p}NH>RCnS3KKz%dBh;;` zpL){iryj-s9iYopfA9?e{{VzV&~Xg@2dXwT2>-{bH=JX^GemWFhN_;5xggY zw^-#n#i|kE8vL(PC#(L>D9D_G|I_h5Mm-cc13YIS{S2g^1?+q^-Z>xG`M}NxHUaSo zh)+O#0^$`2D-d3+mO2-Mz8Lf*@Js^FB*Z5nehJbp0euPR$w-@ww8@B1M*LF5FGc)P z#4kmBs#>Wo$Nv@hpQfsv>r^ZLcR5w~zXAW%$k$Bd=_d8Z$jxe5WESXKRBq%JgtsBQ z4dLx7D>4TMjdS4t9f;qF^0^x}?uL!KVPl>e7r7Vldr=nm0=pO3eF*PEct7y_)wIa{ zh~JO+0)z_?E>trj3z4=E@r8&#peiE|fbRiSjsF?=&vza`+5<>iq-r8dVB;a!UW#z3 zD#d?3=rw97(wC|7$THxM;s0^`*CSq!a0U2Rs>hJ?J&~2_6wqbrSrw1s7we;c#{U}R z{cmctyG|8G*Qx%|Cj7q$nV0bYGJJU%zPt=yUWTogVe4hsdIe?hD$+ONe-r*+hmJQ8 zzKQ>LRfBpLJnyNw(f2^V2YQ>@jQ>??JHqV<-$(d9!jF*t5yDT@$Y?A6KZD*qNZSMK zbA+EGY{TD|YI*ca@O}yGOJEVFO{F+pO*R;N&}jvqlBLGMq;I zufhK+mFaB7{~G+SQr|)N9fUodl4wt7TBN5_jsF?=&v$x)uP4%bB7J{ns@uz{bbI6f zhfX#AE8PPT9*8j4slk6W{wv*s5FUiEk24?t)%dS;f8soi|C-35PMv!w=tDsdLhBjg zjB$rR{}AXOg4!60_)x@$B7UONCw7uEF=dof6dUCXjFlif9sgq?cb3yXHqLp{9S1#S zz{(N70RI;{Gw}bUdm-@gPGNMs(?2@VSrEAh<#93or+~f|@-v+mQg3$NNUd=macdC2 z)p_2%)oH^2%kErY_X4}$sfsNCz5w_F;Em2`)#%)c|2gUf=OO%;;s2xP3&36gw$6DJ z|7G|;H+3Dbb--S7?!bSU+U(qwcnkDfpx<(yao$4uTS(vGjBs{<-U0eE=P~y)q<`l8 z0pYC(=cq57f4W})`@-3S@K%I#RC?seSbC%k;nN6jML0(t5E-3v0I&lhFC-2Cb^x%v z$l0+xV0n=Ylewa2C*ic}@B70JY0UH+iaoR9o!+;HsJd`pV*zm}~X~TgH z2X+Fm6M&rn>;zyZ04oMo46GPfF|cA_r@@EQba<;us4s3%YVk|>)eUu+tJH|+hNNJ;y-L0LvZM0UD`z^Y7^w+$E>fRHYC=t6DqUR*YMaK0dJa^c z+6IY}-X|L`0{awLy7~*Kk2K#cpw?;ZEl{t48lXKWfsGvN=_+sBMGCbLfxg|)SBlhJ zoqBt#qpDQ2)KTXH%TsBft^t+bF107HnZT;l0ifoCnq@VYsmESXY6-9jntBvekxk80 z2SMWZz!s|G?@;Q|4GvOk+0((6Z;8711Eto0Z;2{^L<-8PK%KI{l-d$?9I*9BEl?+c zn)s>%KB|Sspl^wq!?JnmOr-u@Yncd&tPQr-inRpgx71Qq>MHQP4T*A#RamOhQq`6! z(bP4s;TbS>?y-*gz`@f;7Mp6Z6&j;fQlMtQ#xrOoO%`iX+t4Cb{hhF#paRtI7Mr?7 z&4k1rc(q;K3n~qzu~YpH)K|djE#D?}`$p9kodv{gqN4QX6b) zqop=js!ol&PpNm2k7l(8zEIw>oeE%73%#8m-(^~RiaGm{Tn;Kl9oA1vU(y5cbP$RKM#WdpNKGI=@G2>NQ}4Kn-%<0hJ05 zMmZmX8VbyHCPKCr`pTSt0viFWKz$C1JY8r@w?JWHQKyj>l?G}fBns34pw0lcQ2iKG zIjB6<57b0Z({;`#Yw9>)(?HF#WojtuGlqH(`V94%rY^oyDWXHcjQfjeLM=(h|SY)M%vshi4&>@r}LHb)DcyMa9ctlGA^8r$le z2(`p#kXmc8MC8|yAg?kazhhqt^a%3RW{ky=XF0Xfv3()Z1gsHSdPm*?^&+Ue$endc zy#cBq@-eWjpay8_eNgq*mpW^AROCzWeTvkL-R|s--ra_$b)5r|Un+z7I!Cv+I%+~h zddd__HR@C1R92i=!Pl-vjl1P>DzpsF$E`R)ogWJYcgT?+iBiooDsU zi3|td;YeK)nYIq&&>JY%$mzgdMSFH4C-uWDf>bAR0kEHg+G=yOP~F+A^n6sHrXcl1 zq%MnG1L}3iu8mN8840Y(T5F2jhSbr(=BQtSqS{~U+zaX~V5=kkmr9)rYE$GPVEeDd z$Q5~vsqK+`l+XmEu63xbO#!t~+qfFkRND@mD3#h%XmwL{y}gezXt8Cw+W7)4n|l0e z=P775)C-`fU#@ok4vI!<)51*ZX2yC)J_c2#tvTo53zVRGN7F&og369k+kH@DhXH#C z)PU%*pdJUc+8G1tNR-QJX96f{b%UZ)LD5=Zc=UQuPl9hyvSItXPC4#Ms7JNhGHA2Z*yxMkqx|lU zYy?I5ouKs*Ruw(}muAE)(-@5cRnhms_tT9y|Bl|ssner-fSmxWD*6tvV?Yg3iE(C> zYKr85`V_v*iBcbY9=>GjzCf*Wo-Q>i`-Rbiz*mgEFxJj9V;!3JZ^Ya<*6EMbHfWik zCENtHgJXbo1GPl^cP;n~)dSdy=y0S`Ij?n2Wokl{X4o90F0;8@ttpaN8$B0%l*_fz zv@xb!s-ok8ov!nC6)5thDOv+6*J^nirB-E2GRL;|-CFa(;M;DkZI8}|EJ zmTF+iXrX?d6L}LD)klsV!wR6UBqFnENknGng!>-&jz(&R`!T4Ypb~Bx`V3(?5oxgt z_54P&+Hkc48)Yh?kZ|L{N*Y=J{50QG|K` ztxE>DDP^#U)?TDXGg@;sMKXX*f$ZAo{-E~53Tn992h>%-M!8a#%c8VqrG7Nr9e~uC zNUe*U0E*guoz_P-rnsjAqp``1&)d)@r@J(o&4I*p_dKLhE1B-@hqC$*Ia;afoNB93 zQ#5+7jL2-&7?IML?p}`mVPq#kOWh7?+0^RhL363i`39TwoX8JQgQoUHU%s_brP2;m zY9VB&I5VK{aZuZ}7V2eH>K0&60UK;3nk}^|_Q`ss*1wCH&N=GGj(Q$^M&d*(={H0Rp6r`+--H7{}N;K2{x#wg%E1!^Q}aFdla)=0}NXT%ex z-7m8q%+mTOb(xhg6ph(a^g4`EYpvb-=se`@dH7csl`*#5q49-Q&1QUg9&K&4yBfYw zi#4Oq>nO>2dK@CnYopI|shQD-+OBEER6?txn~+MQ&syy%dC+8iZm_;IM4y7)cc6KL zF3Fvsuv>)e(9cjaF0BB*0M-zdRn<;+H&SV|ZP31u&pX|(7)v;`LrYD=Y;SF}SgK7^ z)W%D-FEpC1v^Cfmm9fc*x#v2{hnC%L4^TAbY}GxUthH(_B-`2!lb+IIu~L`D2%5!B zOWaR;^(L@hpj_<%`BJ5FVIv<{mFfp-2&nN+9{2`o*`dJB0hVqhDlJuQsa#7HS*l7= zPa(~NEw)w9LNu@9JP)JZMcVFYwo#yHpF9Ovo;nK{<-Em8%(q&KEmd!+23N`;%au_t zN2gM$<-046H9O6GcOEDjuX5a587pyVg-2szvzC|+4_3u!+{kzbW$#{x*_2KV>hvf; zWxCaM7b}(Z2K=*>@xB_e&F(~ae~Z@g0Bdn$G>(&Ox~8s!Y^y7yXsh;syvmNzjXb>sk)i;EetJoYfB z4r(W{3fQ@j7_KoILCRyZ7%PuW2Sw}R^4QI&x8<-_9y=e{1vJLS9s))yc(WrNhW&4O z>@mj5V^@M&Mya}Wwjt-`v3pp{fY|R)8qsc;VPj8%N(Z$n_Ac7}J(wXX9a=}w?qpQ# zS)^tmwL<&%Jy2#vb|@&L`9no30NK;c(>?K6sEFy9Z@(1SB@8P0;rjjM)ii z{Kx34z_MfS0~@9(YHKHhYSrzTT3w~pvMTl+_?HU*s$()UZLlq|&9-OL7fPXJgZn8o zQ!Q+;?R2E`2%bzn8Y`aGcB#_Fm#DwAnYp6P_MR3?RjHe&C_SnasMPcDE*)$bYc%^A zirPVq_L*AtbXQi$1?p;)>6MTe74slVWm=_MVkM~B7>z2F-}zdW#>oPe4L)k^^J6k5 zF0z^{?cB3OwKW)@D;*i{^W4+WD`@`6b1Rst)3W4gz130|I~X?B0jrDAYMoY_D|PRo zQfrFHIh@(a(W-uBOnTIOE74#j8fS zXa;*05?NY;+D4T+A6nJ{%T1B8&rgxr)J>5-n4cmgJ}s?yw^9dE+qI);Q*`zz_%%mp zX^K`rpP?o*wZ!JAO!ugF!DlFH8`-fr$73b{mK~c4iI-5iW^GG3DsyS{rqb>0{_ZK$ z!g{-l(bi}`*xOyst**Cj<0G~bmhxw%*Dt-@AA>U3VN9)#iI&wd(Xu)wT2{xXr;x_wH-Js9&1)_Yag>Z})9rX)mMPp1{c3DEDAcGSq{tbqga;r=~oPr{TK2NHskPsg#dR>RM3LcFm|vGj@?)AJBTE z#rBWtWJ}Z|I*m_xzEC4@e+7?c^!XvF+3utLi> z*it2yDz{W3<#EVTk58ohktnpp0`&~2{h_5muh9<#)mux@X+ZB3+FRuT8x(B>AMO1N zMp}BO$j)$3^d+Po3cfroTd1kGfl)aZSbYU4p8y+#)Pj^YP(!rll=F>O=5&U%jMb-1 zCxY4@@sN5dr~z6F=`$Fe_6*Q7_Sr}^Ug>g4=>Z9IbTmWo%itHta zr{p44w-Squve;PXP^6l^aFnHnf}-7Lz1Bx|>r-gdqdKp*BUiRt0zT?*+3q=@s8*-D zat<=xJshVO@Tt6*%pdkd&3D7ESC1E8)1mF+$W>RL^`460hE#^x&Z z9!8LCcL%Uv=+x8;(bsh9{-DUy>25zz#)A={=4!t4K;5UQX`p_ssTxoZYuN>$9@ErP zP|G#73e=x8^(v@8gUWV40!6i-?FQpbPsw)sf-=}Bi^-qJz6sPooyg7`NG6#2LB@kRCq`%aa$o;g=0PxD+^@#ML(`p4?P?hAtyRj@4yLxI%DN;^eF==l zmps*dqTySXk_YM>sx5sVdV!{n21a}nl*~92)Dq;VLZ=cn6;z%Y#(Xu}18O-nae5x` zSgcTL;`B@HhN9nUKM`21<*T)PwU)0op5$9ojFV5S0BYkeS?Uc?bkDxkwzU?Ux0X~{ zqgSNb(>zNJS7SK8yA|zH%~JZz0UqMmXkFpY@QeFT?>w{5NcB~_J zMP<>qkV^U3lJY1{#i^#Zq^!2oOO|@aQoER{(zo0X!S0rnvw?lSon(np?-NxH>L-@c z&q8R7&P7dXj;1DCS)z>WbwSelD^^ z8QIxZmM9}jl#wOM$j%34>=I>U9{^?S5@lqGGO|RGtdsiDM4U9D)Dn6Gp|xHjbr&!y z`$THuBB8!(sXk0)Xo=;J&9+oV>XAtO6RM zw0qyAZ<2^_taCkNU;PW_+Q?0yXjQ+&-jig>`} z(Yqo3JMg{r97$xpZg%gDcBE;H)0fanF#0sazi3wK2GmDmd^^UH@9cI|vmHCD6rC{d zfzK=BavHxiPBRmo#<#?2W}=hXmbmQRS6UlwR!e$<=7n+a-qjSXT3X{W3*{u_WTG`L ztDsh!kKBYkHAu)jn4b`9W$t|_7wY?kR!dPrP9=B6d`m5|)YL>X_$~uqWr!NDvA-ep98fh{g4Rt1YB{{} ze7Ud91T`i0EU=!SRz%l>qOoa-y*nA}(5{VgzB%QQjY|Ev1yp?FXG)FTN#iM%IE|C$ zo|En>&DrMu&{v^PipXxIUIo#e!$S2dct!d)B;Wx?3&PVoRvimeAk? zwZB)P*-f)+0ZmcuuZsN)tJ0r9Uv8SLZgSG3R$F5-%A3W%YbGA|^YNtmPZ;C*hI zw3o4|n@}!&ffZV7Mb=t=n$&rIn)HfdYq!{HDbW&S&758y1%2kpq+>yqq)9I;Nt4;M z#Of=`lf0v zbY@v?%c|N+)YyD9sJCv%6C}7FoSG)L3iEB==36a`td>Pq%Y3UPJ4W;VFytJkDJb!g zpz2(ynJM}_`y9fwW;!paOOxAzI-MhZrmD5jU0YL())p5)Vq>@J-e|EHStmH#QEzlN zVQfr7>I&UrX(wVRnhgf2o#6WcX464fW|`l^YZL74=Jtp_e}+DD_er%nNc{k^ z^lVw1Ee*Guv<om`IQqtUEUYbL7MQX6br z%k3s@e2Mc@_;L&MO;4rTr#@YvXy;W6Y>7k9ss0L7RjSx%vHA+TN#EKXISyKAmfRgV z0n{Q$?2e2ERR?NTDz&i3K+V%L9p$62n~b7G)|Yvy<&anozM^i@{^q4l1okIjt=8@Y z=PF>&0b7zf0~Fa^m|6qsd0@*@$*Y$@t*|*7tgX>_T5PSECnd<2Jhzz7BDY!_yLIi; z`Bho!-Ox3Sv4=REuzk9$<{6VH7XZ%5OPF5yZWS(?v&c>+Sb(X zd*I8Ct$=2l#k2Kl_(Nc8bsbU5ncz@6_!L-E>a*aZ=ZErKIjvoyp9=d@TYCYiv@374 zUNzb_*=TEegDs&#o8Jw#rWZ>xN^)yAnN3@4*|%EFMG28G^-KMC zfb$0Yiv?H>>$X9=lP!8DLMy?h)c29v4XN90>h^Z2z1x(!=^w$AlOHe*~ zyWL@zYBkS2j_bETZBSk2SZlkj2RZ37(l~aFl(1Az zy3BML@k3yPo`jxbWzDl1)O*Y-lBjGeYbf%0PAWakOlMFF)m2}bF>HHeW<7c+O3kb& zeu8ngx0WS|JWI`q9f6hko=-4Z*nBiAncu1uJ+Wn;Iw*pFL=~mWEIv5hj&PCTNTqc| zzOE1ITUZSPqtp0eTQ2$5MzJlIVp|5owO2GAjIvaTl`Yd4m2*k@Inca6YN652ex=r{ za_d!vwK2fC91=f*#00&@q}Dkhej_j{(+P2!p_jp?@Bu_)Z5f_+Z$^wpP7Yd1(0t0bfcAMOqVgc)wcE= zPuh6Crbsr|Vq0wq6?#%{MV{2#U{6|SjwfZ>VkL@g>YS*|Ou62DD2)P?My@BTmQtkA zt+qk!Z;_QPbLm|QI(;j1>)<`L(;8bsH8z(up3JqI)E~e{ZFi;ajmIHxbylLmmSny4 zrO|3JYr+wbz>N;H(0S)dTfZyq$=%9SnU9)c^wip!kf=_Vk+nMAj=~OVP0ICJ4=Eh_vC^wLC*A1ks+(1TA30RSpC<^GC&Gd9uQ7{M+A0xHcN|acM0nTvv zw;NuqPAvuX6{x(#cd)06;rr6{daj^1eafw@dEST4cuK9cQk#!bn~#-to-r%cbm&{1 zD$i3_Xjz(ZDuUuG@m2~vt+e_ogO%`}uo{ciw8Lg2N3?3L)u~hl=82S^uwiz0y+AE- zE=G>}fSRJm;zL1APrVu#jpNmNWTiQ!&f2KbV=T?nbv8$J0X+>wJ$aF})@UUfEnlPM zTjJ2W6tqKYuo6>JZ-HIfr8eo^=dLg5X^f@?cygFNYnuZZkwzu% zhAfRpqY_6!f~czKuYpnDU+w&!Q(LT8O{vdu>hP48K^=jdH|ez=<)bO}O_pd%ZDDF& zj9PXP_{tJA!hQG^@pb!&qgU5?iBG^c2&r2GSv5~dbf1hT)Tm4oKL#~IQ-^~ZZ86I4 z1icEU{x%^o1gS*zc25R%Huz@g9Tk;9c5L%0XlKACB+f)C-IeDhE(BEpthZYQ>T*zX zw8Yh#Pxi#CQ*TA;^}x2L(*BKXOiz$6l_*o%r4C5Y`;tx2GC_M! zt<&5ayb5fmt-&e!tcqF$o}d1QX-%tB|GCq&u%^^wxsIAr5Y5>4~!#o1VA`6y?0UyUc!0RNktcWxcP}HmI#tbeAz_s--F|wL0}G z=%W&EN*(!AQyO`RU$Bk5#QmUX1X-vxQ+v)!{2o{vs5xotKoK_2+MSoy`&d(w^U_{N zs;Pacw`yB1HI_2(?U1L-(msX+owbtrqf)JH?cunDHUG-R9(>OXBS z%^8zeUvoy~x1g_8YoYesnsM8=pfA10eD*KB$1~r8zT6%!v%cIOZQp{vq8{IyXzHV= z#~@JuX?>LTC}n-6JuYE=r9Ex{Rrd`>hVmXVf|U1=5oBMZMR^YyK`MLP$#yGy{EqGZ zC*x49)4iIa#6VKs`yC^_Mtk&%Qlg4~+J@EA096&d3^It7x9d zES`k-CNLA{WYYIxx1k1eGW&zt0V+LH&M0y+`v7|rSn|!&T%CF}?i_M5Wo}&Q$`g|L z_D#JK``qE+O!^jU#1$mO5^z!KyRm*}Mv!4?1_O&XlM0sx#&3yGol{vk!?HD^ar#i9y|- zM;-kQbu_3Oz2Ea9sG7uqd_r22$mbK%?fQA2jYuu_f6G|0Ka=^&{Xbc1GpDxN^XEmj ztS0DHDYdW(&dac?-_q4L?pvU_PS-S@ZT3n(A7>Q(aYj+EvD;f|<<<-dT4|Zn%l9E+ zo=w>SYE+EI9BQ${^-AkAV0r2tNPG#ZSwBxhy=+PJBVe@GZMM(2uC+UY6_zs3>C>rX zy?vXgUcV(o_W=z$M|2<1m?^ga=6zynO^undcWKC!Q^b1voM3Y%eTk83zj+_EwKY>t z-}3EkM)Ga#3fr0rqhg~lDjt|~sni}gfy|T>xn!G6w#2L~=?hs|(igI_q%UM;$r)Kz z7X4-ios4B=NnbGMYjoa}m30X6QH(Y4fW((vGg(;!fRV(C)U?ZaJV=#y*vxHx2K<9& zmd(m4VTr7)b1Zccs11!|_e#rG4T^egR#vU07TVNDK~b3waI;`nw=2E#r&aU9)B}Kh zPurEAmzyQ0eub85O3edbE=C&j{#!3dl-O2Wk|jO9#h#muva9;s%s22oOY$!_lfFzj z8|9LoDfdz7nR4QqYx_cOrrd`nYbHHYcBx~vX7awwQWFdXucl~<+S+tY(N3hwQnNHg zdxJTeA}#YQw$M^bEVay1D=f9zQfn>MWT{P>(kD-r+HO;KYKpwtZ81lmfs#Z*Q%t!teQc?RWO~2d~Gx-k;BR zzB49Hy_MRo#BUg4#t2?_ZJG<*7dz2c<9=T33+|PGO zC!qVK@u)$v=h7%e>7JF&Mr9rPmiGY3o-`Sd$54mt_wdR(k8-&5|M!die(bTGM=9@A z$L+O8uITJemu7PYXLWX!o!Z@PGyfK2KLYRWHjM9|{=i4&vvOWKxZ|tY#+*KUZT~9g z(wI|%?2&yvE(>;i71e*<;0X@oXeCUXO42LQ?DH7tWl14 zzEDnZeo#(wvIg1XPH~1Qr#Z(eW6sIS>CRN;#m@E0OP!mQGo5>tS37Sj=QzJ8=Q(}+ z_IPo}ubl6kpj_ZgQ{LwMQ@PMtrd;eiuUz76P(J8$LuQ002(IOQhiT;*oxKIMl_O1Z^pQ}S=D%CvLnV7q^( zGf}zAsZ)OIq?A86KPq=S{vmeV9%r(0uk*0d@qMc7>f5Ev_Vqi^uIuSLUfI`It<3k` zt1R}tt}OBGR1WcdryT10MLEp(w{nE9cd0$jk-o!}qkNN;V|;U!A>R_^Sl_G4alY-! z@xH8s?7j)Uo+O`7eEoHKif;g!&5sTaRnGJss=V5FgmRAW809?Q7-ig7uAJ{XQMteu zQQqd8pj_xXL%G;@wsMK@JmrJF>B^+9n&j>2yIi@&_o{Nc@5rIHce+$4yLP!vncd|n zGMnEh`kF5H?eeBFzsvJww!gYdWVp>aT_z~!bvc9V?JVqawsLWo8uc@??olqw`bfDv zYpZfa))ypyEjg<~m&bP9sT|j}O*y{n_sR)fe^yTFx<@&^>z~StyLLHD_g~k2m3_Na zDf7EstSs(!8QGiPdvTR6KiKU$<(h6cDA#tYRi?TvP_FNGyK+OfyUE_X?)^Sp&fX_~ zgzkrZ`YHSFGf^)&3;oE%x=-VJbR<^gzU{^Z)Z~WWRAnfwd^^{tF!MTdAww= zRj$ZxR<6u`L%BM8BiY+olf7BFDfF?oGUcx9X(W%!oXeDbbFNb6=Ul5S z&Y7ny$*EELb8aDfJ415nm1A<&E2rmtp`4eqSGh2!Xrx`YIA^SKd(M^0bk1AK-8o+= z_vFmrw^#Ib_U7zVI^Aa;WiNN_-uGyGzjf>0Q;(nQ?ny55ai@F1F*f^lzd@Pb{Uc>@ z_s_{}eq#I&<)uT{qI-Ack=^@{eEjI1Pv-Jn|NS_AuJe5NLS4`H?uV%V ztb2c5PItdX>vwj4Qn{;pTKR4FHsuf9|5EPm-sf0*+&$g>%DvqWS2{h$khy%$_3LhVr>n8o6YrBl_IBp?>8;Cq`kbcR+h>x} z>3bH*&#w19SJ}63OnrXe^Oa-!UZj3f-%H6{=jOiq@$n$nxvOuX@}a){_3>f;ewQ=v z?JU@DoASZ^c9Gf6^8J2O=I8#UzBo6_wd+c9dn^69hbxEVj#duMJwZ7vccyYgZbErv z?uW`zxqmCiD)JzJ99r!?#lgK*)y+=%y#)@P8OnP^IW}(tna%gOKGo%m^FCKzn&&^s?u+LgP+@a^UWIaHUQD?cyhoLr^WIi|n72#0C67P2z`E^u!<6Z~a^=pviOOAh=PAF< zTS#_se#m=Xmv`sANM<{G^42K#=Dnic$$w3kyXL=1c5$-vH>vNL|BkY6{tjh+{x8bn z`~lrW}?(M>#3~c5)wQO8#zLo|gZsGL}E^6nmWM`Nt?P z&OcLmY5sM}nfdoBug-s7IVb-^<-GhqmGS((r`rAV^AA%l$RDS?E&nX#!u+e1i}UYM zF3Epf`C$G_%4Gfq<+A)wmCN&YDOcqGNM<`L^M6;a&i`Ben*6S(+52a0{z1xAewlK8 z{vjl9xBNquoAQS%H|HNm^0><%qui2TuH2q~qB5NyQSQv2pxl*zhVt9|vz0&OpQqfN zKb`FDI0et!DY%Z1y?9T1y?G^7R(}hJL3vwE5{csQBEj$RynC)E6Llt z;49^{f?dj3!8gk31>ck0zXd-kR~P)ETvPCea&3V#(H=il(2dM?))(aK@`i$bB;S85 z7^BOZ3ydy*STI$Ww-lU1^7t;eRJpg{O7%|RHM-oj@NJUEcj5cWo`oN3-nZ~$Wq#o& zB%jv`x9D<7;b%&J;pfUBh0&-zuc3txD~A<6sT@(bUU_8UC(2QUzbMBP=1j8dLxlsC zV+)T{jw>9m9A9{Wazf!8<)p&fl~W2IR!%EirCd_DUio0*cgkd8$r<*z%LiH`yL%ci|A_p2DzlZ{a0Mr|4#7*P;iN*+tJNdltQ=>|68=$#+DH z_9}~u{!*3{@ht&*e^D2b=dVRwl|zfVDTfv9LuNZ8ih3xIEb6NqRaBrHQ?$P_R5VCA zwrGfQTv3^Fe9>^_grboo&yR{mDX%V?tDIBR<1E|HD;lPZ7e$owi=I|4DEe7>ThZ{d z?Yf0Uu5xkFrDV3Vq^ME(VA0d+R}`&Mt}HrWs$IXjXpwSF(GSYCMQ2UZ+pFj`lE-<` zdXkSLMJ>urMPDj67k#7ru;_Q?mZBc#*mc{Bj51v`L%FkPxpG(0tIBVSeo_8V)azWk zes|Fj<({HrlzWTDDV^dz0zOY|2%s; zh7_Mn^7T~lc#`iM6`!sgQGBlQ$l|5SQN`~l#}xmj3>BBg?E10ABbDQdFIJ8(E~&I1 zMy^`rzf{JG4?N#q|McP!WN+u<;v?$`E zk5z6iu26nhe5!Iqzo>F$zbVSq{mxOY>363%IaNx7ipR^@Fa zpDGuY6kcrSi%Tk%OG^Hwe6Zw4WwK;UwVf|3`KNMu$p+<$k{*}Xer3st%GD+JDA$yH ztz26&a)zC!O0H3^FL_nDp``Dnw%=4zsr<0y8|4=M7>@0?myA@VODz(1Aq2HvKO54=k`f8f1jZ)e4zgmUGeWy;lqo>8tD zv`M*k(2vU0pe~o&_3H-}C^rlmq1-g+SmowHQukR(aE0>Qz`vD01o~WW``v+RAObgbJLyrxrkcIuf!!Umbu4M50mheXCC*|->mR7*gWTHblrAOhnO!tjWqx9ln9W+-I zbn3c0Gu?oN88vq5)Vng>|2lR5-I>lT%4l_`hA+-^OFK2}o=o>hr;fNc(>>NH|9zS6 zt4^J>B-3TxpV1SYn)pDb>z2sqxlS#4Fw>2CD5HxX&gh;;GHOm{w51`V^rIQ=U7FF@ zWf?u$se>Qu=oSUv?Ns;2Gu_xu#XI$Kr+(?wh$lLByuaX5Psf?rsN8X!u$hZ0(AEWU zRH^P}#HTsBTM_RVth*EOkfB?Qc%V2DbHAskc?@y$ST|s~kYwW)f=FG=^Hx zRC57(3q{N=o}%V%)T(tap*F4iH)_|qt)8OhYvl9UYdf;hak9|px?@p5or?ym8;i=& zRC6*4t2+x-s5=kwqeYzQ48%*>oJ4Sir>zU}xDi#_QH-j!V<5T&MNAorqpb^$L3Nsr zLAPoeK}k)|LXDc9i~gnQ^(dw30@SAI?Wi3^&1%F;+c@X15kJ~O*ZWCs5gJ{06e`p7 zICQY47oxDHt5JofFQbz+{RG9()&(c7;1+3J1XXL@>F5%zy9C9xZWpT6y6;e(*8Plb zMG@nBszXuJ2PL)R9Mq_F=cAOmnW#nGY?MY}b1T|`M%Uem+BCffIazj^L^)`xc?|hc zm05+#)E)3NYtZPr$*2O&Fz0xhYR*S7?YIk7X`S;7w^Hl&@if)+Ky`Fe&2cEH9Wm6X z?p?GF%`&Z?M%VoZwP^YsYD06)AD*U~>sNBlUG4E2(O^_-UiK6=uX?IC>rt83b$gbx zm-0N#HOHcAbx)#NG`j8uRHtq&N}{a`K0}S_zC{FZs7&j2c$#Z^u6CS|c8o(|G`j8- zRH1cI6w`D8s#bS9imOYYT9hzJRHx}LUqz^ zv=oi5%YC^+i%c2lO2J%nQ&F8X1+}3W z=6p|6%|*zUV;>t2pd2*AJmP7pS%%8!o-}WHnrc2r73#XL?a)*+5LMGnH4#s9%{8cw zZmxOG(^T_4YSg-ZuXJdxsX#62ZuT_SJdet{+vEL+Dx}7-StS=v9v=PjuQ`Fh$NyHG$n zt(niY(hI0k8t@v&ljfra=^NB6OosK$k*F;2cv*=7^;+xL{%tZ zjzu-<3~G?V$k)g29ftzaDX3hUh$^MYs79KGYEe_L5;ds15VcA((2l;2)8EYWln7pf zeET`hM)L*ALjBDyPl@37sFf~kCcnZ#Uzj+*oBQFfqKX&3Sp*zP+NkbXi{Xp#BV z(+8&b4el$tgmF=;){RBJLc6yD1*B6^xfDf}(iBu9or4;r^U*pqy6z&h1J#?$JcZ5E zo@&i1a{e4#lJw zQKhsN)kw|A{%w#iOW!~Z>NcWgX){`f66Pb+qIFwQtEOL|Hg!8uPCt8;(hYoGK#R-; zo<`T*g=*-+<~~%b>4Tm|*R4Sfn*JL#OY2apv;plviQwC)4Yik!Y2o(nZ;v+?Wl0sD z>dmR1YR#P}py^^X7$t)DqjGiGZ*gx(y-n5T)byHBIRE1ikRj5sR4Gk`__t1N&47HbLZRGgshNB8~K~#kj=2BFx?n+dP znu4FBI(0ixqjb_Hu1&fY)eW#meiSuI8&ER}n_p0yx<8OJ&~^vD&07$)mmZA#>L#Ip zbQTIp=c00{3dN+0QKfVlsz&XlSD_kp_oF&>52FTkUEblW)a{E>h-V(CSg?|-uR>Mk8&Cbs z@$YqXiQqU?&9uGrdsL$xzoA;x-~8oibY0i?JGw-$yQeC%64hz%z8`QawKo?vNJVHV z8f;2D?Jy^zM(sEarL^vB)GVEc)}j7px~FffS|l>YR_bMe0VPMs*8O zGYXp~)GDP=)?juy99>Yhe1ln8$2Y3qVfpYYbA z+qxj=X>{H3s9HP5p&Ar6D^M+J3O6LIHJ~QKj?| zic4Ejjr0X-kanVGsSUMC-y`3F_Q*e@fV2mdOMjwDsmm6}iA(#U8mT9$MOp5Co_e?j zB{iLj8l)IXNf)4I=@Qf`U4eF>tqZP3zEXQG*P(!P11dv_U@aRv?6(pt0wEi%o>H`JcXUnn4DZROF9M%QI~N(6hOA#~f!B`Aav z!7EU?c5FoJ&?2)L?bNz1+qjiw_Q?Apztj^2r2SC2RER32{-{RsqXy|fv>t6U2P5CX z_L=WtD1gFd6dHoInII}xcRZ?;PC_-(cr;(@PDe>~XQBpaDq4ybnHXwB>&(L_rRfu> zMcoRtL+hSLJJB}t4jO!jy{|q%VN`EE^;B#2-`>%M%^)T$%QApkWs6rb0IcFd> zpy^sS;tQ@9h0Rf@7HwTH8YQ*PMN6f3&^k?zNq1;;-5AuW>G7R<6YZqiW+t|B)ZzAa zOh%O`Z04XE=^rSG62Y60?=U<48D*hbv&U1t`O{O_m@m0^wJwb8Pf+r89;!locg9mw zFp6q4oq`&qbI?+>$efRw)m@9yXzPM`s8wAJ+9BQIsn*ncsy7RfZ-l+x_fQrZUH7r4 zrr>sDe_p%Rw0a7guRYb9Z%{4Mrl5TVr0;Nhl*3UDYA-z+1=LMLr?$4-> zX?tn6uX$`}$57ND9f}$?J;GBW7)2>fUqsE)T9lTWQLFR@az@&7-iUnCW|W0S*L~!v zhr7+wVE21ZvrO0jbgavAyQ3U-w3i;Yi;t%|$_*$W)uJ*@7od>3Cs4Vx0)-Ku_fbsU z3#bZZxlNw>yMLpU*7a`V?ScBcd7kpz0iLqlgHYCyb~@Qpo?GcD%bkG+Go5Ab_jHK+ zh^H*~F;vAg5!`{6qOh6T&b3J~v_rZ8wQ1cYDC;P@?iZAU+DrdH0d@O-!?j6+P`NY& zg{3l7DGf(e(nwT|+Dk{F8g-LVtuzhQp+v9}HK_XzEtP&k>!e@N4rwoHL+z!$Z#mPW z?U^2g21~7Eq(kRp*1<_LJ zc$7kk;7O=i-5Rt`dIhzh_R`l-tGZUSL;4!EY5EQF9b<3D!0)+5(qNQ>62YM;pl&r9 zY&-Lkr?B}q3TwI!RiO{e22Ug1|DtL-zQX-4w?oqdJdJcKIyDI`)ztp}a;uTMTd+BzxgXssR|Bu|FQC34djdUX@tnNHdBi&n272Qbp z0Z$*8r%?@E*nEU)HQnmz1M@v<(DYZd6n$X!qGom7e&U?fbw{o0@{sRXd%R*4kOrU- zN(2u;>aX>5XdC6`@+G1l4I8Kn>~+M)nm7VRIO2mX1X0q+?O5 zWY7*NjC`Z*j&Ud;oq`5S6H&P|8HJ^3D2BE!s6>_OE<|y4Gf<7XnWz?xuA7aLn$ATH zn#R#m>1LGD^j6fY?oPB$T8z?~-j7<vHwsIeQB2d1P^G%9s7m?*#WmfDYSgu%TIqX~)bwZ6pl%OZD*cI4 zns(XE?NzrgS|{~HX-)S-t?CNV4yiwK#@O5IM?S=Nagbl#!6=~aFf>>?5`{E97L}_r zC@h7MeMQFB1>;bqx>Hbb4qqMpk zQLDQ7XopmXd_jAQ?m$`6A{3C8puy5Zs9bs!g{3D@rL+Q7NzbBM=>@b@YC`Lz6xt!Z zj0K0(K15;ZQ#2NBGoPcFx*e!W+J)lMcc@nS2_>ap(NbwIN=d%|aW2w6 zC@u9sJEXqIaqV>%AiuOf8Y~S$Ll9qUps>0!R3!~ZwbDqmR2qfWp+qod@m7YYta@(y$0qJ=(7$t%)qp-R@zj0(K zAJt0zPy^a%2BM|v4nob+FtkoO9Hr6L1xKS+b;qF{C=m=H=Xg6!ARh{wB+8N=Lw-&F zg#zlHK_PXkQCQtes7m@bic9NIjkE#PN^hg2^gc>SpP;m~9koiW$O+qX`5O79Z%{z` z0fnUhp>pYW6qf!*F{$hCoRyS=;!@(Ql$H)hJEWtL zGuEEzaVSd)A-{A28Z4cR!qRD|N}7Zkq_a@7bS_$l62U6es%{P1A-#fpC)jIy4P{Ah zqJXps4VK!edqt27bq zkR~JFID5QlC`+nD0qH_CSek*t(o9q(%|^A-^(ZObh?Yw8QA(;q>!dqST3Up5NK26Y zQKztZ2xUo+BER$m8Z50qA?aBZmR>+HsR_lU6snb8M@i`|)F8c!QqqU0S^5;ErO#0- zYA@Y^oRjTY{ek?FvzIfFx}h4WJF1oXpav-)HB0?at27YV*J6duU=%>@r9;tR#K#vD zmR6z)$^R#}4Ta53s7l>GQC!`xs7Bh0YBlx!#Tlr(5-nACO{cy_&6>J@^Y+kmENVsV zrK?fdczUx5*;i@tOchnA+lngH?Le*4F62AKuKNxJq@Pd)N(6tk(^KvALWkcnEX_b6 zX(lR{W}}#NJ&H>=q8e#FN=kL8LAnDqON)^IG0UwDdpQoo>6|QAqk5#iXuT zoQsr$l2UKfirP!_kTcQlHOME0kzX2z0@5j{T$+d~rOBuowUxlJUR0^>byThHEmWiKN7Nwwf*Ljb1EtiR(T%f`&PJ`$dB}H$J(uaI z47Hb5qY9J=ZbpsjM(@L3t($_<(mAMAIv@GYv`4uJ1*A(+xpXC}l&(QF(p=Oa#Zj|# zGs>B4&)`;1iQwa?j4lxzv~P#_H#t5YA?MJHLF{JTBT=^?;Lx) z7f?WILgi8l#iZ9!TzU)DNbjPg^dV}HK1C_%bJQ&DKxt_gYL&i2ZHW7-Q)(tD^{ z`WwZy?vOs5y)**VX?j$rs!&qXM^S_H1Zvc}6)2_dEz~T%i_+4E$X994`BM~-K1b!! z4pb@aLN(HNs1EUXK@I8#_T}2t4Mr(-6H$x0$(<_QkL%U+f2dXZ9r@0;XYe=jOI>q0 z7bypYq~54p%0m^Xy|lPfRVb$E)2LEfg{rk~4T`I~C6BXLSC7)_?#%b`#KfM#V&s$V zM}FyH6p)spGL#4|_ry;&6m)dl8z`i8>k2tjX#=X1-bU4^z4U!lqi+8q?muY|YSeTH zYF76nYEkzKYE`$gnDd)%&-8i3pH<*oUPb|RBl>X$(ov{f8jWI-iz=nDC@xi?8tGJ& zl%gmlO+jht9OPVJulIc9mo7p9=~7fKU5P5CYfz0e7p0{*axSz-xf%JTTTw{56O~Jg zQBt}erKE>Zv$PbYrRAtqdI~ug*&{!PeA0`^FReu(sTq|^Z=jg85mic?QC#{6)ks@W z=wf^1FHlU{Y1c_@C@Fo9Qqs>TE$y+>YPNcYabsu%A zdwIRD&8(d+9AGrS2uv zEd3j`Xu1xi)%}E8rC(8-rhAd^3VSZclyEN67!;7oQ5kA4JrRY}%|YeTKTw6HH=&ri zXHccI8dYoh5{j$)64glmK`okoi`t~T0i4TBdoE*84r(tgM*(%0qB33)<#O~Hpzv$~}yt!_DLRreHfuCd2^4*8@PQ9xRY%B5yhDZPPeq>XlZt=+rX zPNk3RRN9Ifq%Tmjv=i0MvG12{c8bF0C)B9!SG!J~*QLe5;fBZz#`@yIWogaXodR4$#4lG2$dB~3+XDTbVR_IMZA zPP)W)|FGQ^$S+-uLeh1p`35_^0kulC$akad7NCH1J1Up%MwQZis787aHAoF85Vw0D zN9EF!s8w2td^L9Zyj>@~Y}ZMzq6TR_YL;41T6zbyN*^HSCVP}E$R~YE)7OC(omF? z4n+;p5vW-@2DM6KkaM#=N;&dLCnCQTK>=w33Q1?6a_MXolg>kx(sWcKRig&!a?~u% zLTQu;&Oxo}@($p7Z?R`ki~`aCR4yHWVki+j2vw@P3DrpdL=Dnys9CxTwMzFQ-#_h< z6UdJe!6XW(`vZkgm2n1hZR*ZMmC{sHBgIgIbOCCXE1UdPoaAYF&br5jL8 zszq^W0ZO7o@OIR!ZUbtS-bTJUd%X8i040K-pmNC_!ud&0plYelft;yyU8nY-26eI0 zj6OpZx7y>Ka1cj98_jE|THQueqi)<#&I*Oi>8MpY6Zz_GHx>D%7z#-jprmvOYDDd& zSD=)-pHW)cgIc9Ok#n0pUY9bCEbWW@Qco0;_Craj5H(2sQ6p+E^`mBW%TbHEr%;=; z1?Ajs*X?sK_aq9NLs6N!BT$XHdr=))XA-DE-7?gut`VixJ%^k->``7sA!#j&NzJJF zPCI=AwMrY2Z=vlrqa3u(e1rn(K1b!!4pb@aLTy_29m=`O?)U{YN`IpkDfTY}F z{gAWBsu0B&TlGgt$&XUffha82)+K^( zbt*cnqnql!<0%nrI<%vUy2FQesLDOkQ^bt%6gA^K&2ayLnswxxPz##swtJf4esWkx z7d6{GC4%`QI=V!#zEk@g?yYmL^Hk;D=qX}uMs4<1x_4z{?(;OuEjprO8Zl=e=RSL{ zRiPXdbuac5F_&jLGtbj3cLOT3>r9W4p4?MB&2pojBIXVh(vcrT7246@smbhfWJeb< zJv~L;ViePkfvDQ(yS9*$=<)}?ZUY(Kqv8O6`yQhfx68VRbR6xFeAu6vfJs5#$L#4OBoZW1-JF6ut+DPmS+ zIC6wPLdQGdSWoUfo@TiT zPZ9GKis=mgLX}e1XzpD!%gy!_bth(Irg(~&MikeM*H9gbx^HG=-u5)h?SEXyG-575 zN$t1+HQF7f)>FiMoax;EdYa|_52duj9m88eJH}?@F7m{0VDL1{eGav;ZkD^(Q`9{% z*wIDJcux`YILdjzp7X02nb$qdatlqzG-6_?jCC{I>pWGtH+Y)r&i52GSGpbRqV8r- ziQvbcBBmn5TfttNIX@$}!BfOM;i<`_P>gkaE<=^lMiiGeqZ;WWREMhEt)8OhyNq0a zdB?QgE%g*J!%&0vjzNtmYRWTmuk{o$|L|1h-tMX1O`vA&Z9pxE`_B{qp64m*jyS$! z8Z}3Is&cRNRPQcEX&vPO)G9rK+ECP8mXZ0Fr-wQX1LR(s-A5T2r@EhBgISl(`|Yce5EQFCHO?jxQe<}p;kx`JIXh2p*W}%p;y6W|yZbcaNufcfg6f1?^rlI3xEKPZ4vQ zrz-bBPxbD*s8KsU@)R)#oYc`ZnIk+!-BGATx5Idcbth$H&h}L0-jCXJJD$kM zJmo23wtA{^+db90e<0^U`!@28z135bS%_lVaWATr5~vzAnWU$v zc|0Sx@5vq0h$%#I?I=Yx(jll0C4wV5^-`yfkMNOD>o%eWX)|g>QS(to?tt+fUBnFb zROOEJRPUaMQrbHnHA|$)P^GFJx@{d1@b*)-+~96 z!duYFJ;+nkJro5r9f``&RCko88ScTSa^Guu7^*<4%#o;4-3%0$W}-SY)t&8WhI`Rz z+%KA5iW*TOcx9(Hd79z66FR0--Lak`=J3-yx~S`-l#X%&YL-q$Eohc|ny09_&Ql`z zil>MfF|lJ^)HNury<<@uN(3uBHJP=ZqV8*+B4$ITGasXzhwXhjA=;rPb1rJ5i<;@4 zBJMpInTPGVN9>Ljo}%VuPgQQ-q>kw-6GeX3g-snQLs4^wr-(^;s&d~!A+7rmRiH%h zQ%_M-aYjcMF|$2YxwW1W!MaWjI+MpZd#l{}o}%VfPh1l#p$ zyr+n1Ln*EM6}9Pjdp*r^yHD-tqGmMe+F*bB^D>l!BIYVjGu*hRsJYqGRJX|!|FSo& zV@K3I;vCLYdq;WVGgwA$EebK^@q#K4kC%+x5$ASvJikXVts9HtQUyv%r=k`VaigdW zRk_nV@p$&cEA%@x^t_IBiQv*smBu={sC&Psh zZqMl*(*O|`z?P-=f z=>i^C+VL=2kG7emsKxFz%RNQRo=oTNcVWkr_Y{=Y-b&PFceod3WG?j-F|T-<<$jEE zmf9oxFY@GG?rD~LwI{wCfXeJT_Y+SM^I4`dzj&JER$R<|&pO`oJk4@fc#4`|GICF- z=HAuuBAz1V^h{?i@ifa_kLq-Oy)W_Pp66+ndx58jc?LCV-3Cv5M{|bPxes`%a+98T zZi`y9<5f?*^)sDYbZN)5$qYbg*6}ljs7*VDdWx9aGo738)MOfvv&`;z0)?a%C?-9N zs!`N^!Bf~>>uHwz8k)~^oB0#fA)X;$)}dK$Ur$jJ&B%QORXk?jf{%Hsau2$^ql=hB zJw@H)P_

mV2slPx2Hor(~w)98{-uH+pI^H)lFi?%NqkniOV@XOdiE3 z>K0~XN<8s-&{LDCMSkt5LuGb{xg#U@-=3=6^`0VT8wzR1S7` zs&|i_(=n}bT~877Fly0RJ?*K=-S@hVE@BSz#It5k_3jC%O*z+K9v)8()C%)eIlyEQd6gBUoH0!o5D4*9MUQdkL=<40)Jw@FnPgQQSr-<2-nVMb5 zY1C2v!EHl4zsksc&r_56#1o(WP#NnY?l&lo62aZ5(e8B*yTOw=$`j9}JVnfPs6{*K zJVni3PgC8Z8#|^m+^+EsMco`v5z`0lWbZaJ2(=-ey?Wvm|DK{|WkzmJO~*R+qMU!( z`@X-Ys2f1jpR~t22z6ayH4HT)UXzYmrK6GkeVDx31O=oJDwj?`^AV2?G~{Wk(@-l4 zn@Py`jMZ5vAf1cKr7Bb@U5sj^%g{2k&0K}XuC%%qRXl6&=Xt1F`Ub5>+sxTFaXX%~ zIuFHBQ*b&;q6ELSIHS){O4IXddAxM2L(VF@qZ;|8%RN<@Stz6~fnrh;#ihqkQu-H4 zNzb5W6gI0-THQ;iRo%bQPPEOeL%!8^-3Anp-bUrp`>0a-1l35}QG?WqQm85THCm6h znQu^9-4Dol-cJ9AY7jp?i<0X8Mh)t^&gUrVa!~vQyQ4RnkG7dSlvG!2*GU6VS~>tZ zFWMak*-jc}yEV2u9QmcAQAj!tjYZo`2qo2>fKt-QC@r0a_@mw&WfJmBXQ7aEE{aK2 zC@o!#oR{s6%TQOuBL{_0*j$TZ(mWKGYEV+T1*N2Vl$I8vSd-m*52}(MsTXs2uKj;B#lT7^>58kCk^LC!07-D}7%y@_II>w--vF1?4Ap>5`4JN>uavCU4U zG)hWep_J5)($asC^Qzsk8~LT*PzY^Z@E4knwwbJ(d0%a|%0?lS2==mi&91uv#Sy=I zr&9xN$#i$4q^94Y6bhS(|Ktp$$!I6qW~L!$ot;)9zjPrANi$GPnu+4lY?PF)M-9@A zC?(BDX{io5>+O;6K=yY=@-uvB8QNx+Am8h@dk6)jN0IY}?Vdn>X$1;N&!U+00*Xsb zC@G~-N_rhNqmAY*lveivvcErYquGL-H|=$_A|KjlzD9m^|3v|HyHQBppQv12mj#@G zx*n)fU0)Pe*ALaG8;FwX4nhs;hM|Z(wUx{Fa#-Ib_8-8Cqs z?nczCZazw@yB)QvyBqo5w&#*S0kqUzhC(Q88c|Go8pWkmC@HN$Da7|hQP=JEeWu^7 zd}NRYqV=EIZZK+1+v5#Iv7J_jqPTPf@_%K!V^ByMW2aI%N=hf9v=l+k*LKGQRQ?~U zGf<^;ww<=wk3Q$27~-`?C@xi_8tHPBlxCp@X%0%Y+a3QvY3U{u_{MhsMCHVn{ulYB-6)3m3kE3kqn%z> zPbXc4LO;a%%B50NDIJ2Er4cCkhuv`$vabvco6#sOxyZhz zlh>=EfK-9(D=)+5RNF~W6q2T(m~;+`OXs6BY6@P2oWHCtMSkf@l=|Bq?;5*Knu|h? zk1md4(#^K>+3r@`Nq3^Sv=}9&`%y}I7^S79w(DZ|E=Nw5)l(=gJ%^Igi&kCjbS+9t z%_!B)c5fhOAFGXaowV6brH|}%Upw83{L&Y8D(ytE96N18ap`-Mlzz7Bq&>*#ZrA;Z zLQdf;!;nPl=eeusSt&F*uDLczn7KYcG7_;CLN68(qSkm9f?xXv8Wj(f(Erp zPat1!+x5MJ$B=X#N+DibkDNYM-yk32>r3QUckZ36ld4cNN(3)PX>}i1^|gDqpyYm5 zpP`iWrJYLuK~AonevAClk0>Plf@0DiC@wh*IiA!FrKIjCE%iZ8o;_YZ@=N_tNE(P@ z(qI&qhN7f&C`w63ptN)ha`Nr*#vs2`jzZFjC{R8j4cVp(rgKft(V%;}{f^#-O-Vj*Gtf>O zkzab+YLLDER-rWF`}cRV&TlmU`K1F;NID3`q+uwD62Ze!O5OV?Eq#Lg0eh6~C?vI_ znDjM@OW&ZR^aDys|3hh%2>$NrN%!(anQj(x4)8fox?g%q1pkBl>LxDkP$D=Ph3FE& z*HBEVx`%6%y537S*xo~rp(JVw{>xJ$_zX(XC4vL*>rhkhc9hn-yOA@*?zj*6r3X>y zKzn-|P)vFp#ib`vQd)^p((|?}wL4z6o%AZQKhv5Bu19Ia z7^S2EC@md;oP+JUgOFbuhGNp;C@vk1l84xJ$Dx!ILTTv) zcEwh{ubaN~`Sj1lz4aA?X#n zPI}F*liozJlkB=pb}GGRr_#qLC2h0o#@TggyH5JbcBj}gXh&(p`^Q6^{i#;-kRLti z)}WAd3yMkgC@w8TN$DPxmL5Q%)9l_yJSBq5I(7KN97WRx6qg=H$qDv)pG3~-Rx6QT zdLD(Omr+c56(yzhC_d5dXtAC24oXQMptQ8bYMRek<$i|zmG-UwB??LZL2<n^tIMkZM&jY1(Qh+@+5C@!6ZlG1pT zl1@iy=}fz>+8%GJT_?rtI_UztPPzoeF0t#bKym466q;eX>+Dpz!A_-GWd9AAS3seZ zbUR8*cO(C$c6uKQNe`l!)PUmB<0vgXiJZ&qj+MwSJ&!`t%P1zjisI6GJH68GXt7i2 z9h8(lKq+YpN=u(1=PJA7OB9p-gW}S+C?)-f($X);Kils31BE1~fxS{U6qmZAq|^tc zqYKT!*w6rLVVVFmxH~=2{(!{L&F9 zBprid(ijw%%284}5v8OEN=p-vGtVCH4CKGT>TJ7CI?t|?rd!=;r`3or`OxLa{#(g5 zGYh3|vfUiJPWp#ct?h0?&U~wXqMc})xedi{wzu~#l)S}Ge?%$i7nDYc;2(B+x1ApS z7*pvul$Js$#xuIGIRV9`lTlJS4W*<>C@r0Z9G>Nc&ABKhRiU_aF-l37p|o@ra_+G^ zu0?)no?R!^*mcq^cHO;pUAaV$vEE zmtH|h={1y+-b86>6LR=W$@gE7U-}q@q-`iBrBPh^3MHj>l#>37($a3^B<%5iLw@Nm z6q2$Y=Xg>!ic7svQp!assR*T|66El?i@z~~{8A~hpJl`55EPR}pty7tN=lN>`$kbPY;NbCLZV!uLjy zU%D9$LEFr&D5UOAWIxU(f{RhS!S47QC8e%UaAedJ%t2|XH*$FYZwlri`!S&@Sd2o_ z02GrBKym3Hl$3^{lyo>sOGhL7QH1C1$S;LZNIC(2|u(?l{vmfk?lOSao+^|IAw( z#|4b%Vne;55<~r=QbU8}`$p+5m(S2}sLaqcP`RP8kn^q5O@ImvO;)U-n-u$j=Qow|8dPBDO{mDwJ5aHq%}|M&g zX-eLs*lVAmWJBYiVnf$MC5EO#j^~l?W~ji>EX5kS6Dl<{4=RV|HoIRwUv%NK_zb-O zIXUt*;Yv_o=xL}lS0y)OHZL=DGUV(l-)T^Rp(3cbit@G+Ra5N!P>G=hN_U{=EH8XS zK0}W~rG}n{$_y=s$_?o%Qgo1VtbvLRy$+QaS`U>PdKYr4E8PcBfuWC~B14}+#fH9y z$_(v*$_@PlIR`86Zm7V}f1wgX?sE2FCoxR zMTaQw0I1l|V5r2G@Ypi)B*L1l&(L*<4ZgNkb_?^95Tq35AeLo1;&LoY)G1xmLTDl+sIRBUJ?RAT6T zsNB$2$f=_o+n@qNUqMBNzJp2){RovA`V}fSv;M%JyJgA+A+0X#4HcX6hJ>_b$|$JB_^u17 zQQ@?ZwoJJfDmD9fAfzo*o(*Yr;R>kCWdBvY0H$lP=WCs8Pb+1jiDmrJ2j*&Q`$hq_!W*KO>Dj;q;-X#KxM>k zEc_fQH?$qnPt&h1{63_0g?mDp*xX?yTwr4TkR~?YKcsbq)uAF{Hx?cO6&tDpl|YOh zsMOFgP#Ltk@C3*?TGUKFXk+2o@*N}UBsx}fE>r|9FYEyo8@dQ8HPjC(Gjs`5aGcUz z1{E2)5-Kq?5-K$`1}Zl+9&(OXjvJsNL(`yQL$^YuhHit(4BZ7e4V2?vsKC$zO4nGv zMM`JrQKdUszGX^h=vk=P&0(RHb_rDl_y3JbcIR{ zoez~6>IIb>>I)UOSGs{viJ>7-si9#|nW3wpazmpbr-O2oC|yU@Ws=evx>2#6d@p#no~6>F#?RBouNVtXsy`B0IeUQmglzEG*5fl#@j zA&^t79K)a@Lsvt^hDJlBhDx9^Lz5tEsRBmWK5{UVzFCy#y8XQ{GpgB17w-5<_o8rG_>^<%YIEPJiY2MClBD zu5^aBE1jY5m2QC2?ShI7{RR~q+6#G3GsojeM2=G{Imd)GT0ODGY=>cwFzgeC<69}6 zQfP2d7GX!i62eY|WrUpxPtVt2;oFXEpF@~O*wx$0>U$N>J3b}6W`pZ|N%$?c6Z0EuCDhu!J5K{z6IOZMb=na&;~7H_!nN$T z58)chx|C4+8AhmQ5F-hvU?-60R>C{6`?1BCwx7gQAJs$QX6mBjcnN+LdlUPZxOWI` zn)l)D_&z552HS}p%03nUGptbdJKTh_Du#dIPyHu|+lNs3KP0{EK(-auAap6S38C&y zT45cruGr<+aBK`V9#i@o2yen>VA}Tsgp068!|i2+s^hbSwoH}xMi{?=P}{QXc)MSF zObV4}H?|F4OqmK*c3&*T-Hx`EZXa0X*)nYTb;C4wWaWL7bhZr}5q~;%2G$yDk9EOx zoGSNH_zG+UraX54*M{5jje{p)H)5)j&TU28#JN#<@^69XlTPP<5uyCu;bpMx0O>BeZqW_Q}Nk#C~<0 z@)xpwR%qI84=azXTbNdUrLkeZEWgUSob9WyQDK_v2&Z8>-r0mB*zdiB4`L5vuY|0; zyRmg_pZtz%>h(6PKDifDyV$yXiC^hu_L!7scbHe@==gM8vMRMavwZ;JS@?(3j*8bY zD3l!;#+^f`^Vgm5ILfr~HtdgIbskKped;`nhD$J=L)j!)^`1khy4*v!2Fqnmu;=M@ zwzYrNUwKrPw%^5Xjs>6UseQ@5!Ebq2RvP)L9_l$KQFg_2*?A5kjrOCys{T`(ZM#p^ zt0mj&KdP7NYU4WKzaG1gJTkSX`tekFI{s~JtKK@lik}(!ZYNY3c|5DNbIiT?3Q6-I z;iK5o*ky0I&I^PuV=Bk`Du!!`&!?XDyx6g%{eDT@&d`1))NyJ%+rNkH%JSN=R=svG z)->J<;3k;r{w4KQczU>fCZUeYhW2>R!ao+99Hvt{l~Z4}&#m}oV|QT{eLCg`!#wH> zkA|#q@C^JW_71i=^s6rA@UPgO3Vx@6YYaY>X~qiMx(*$Z?X}J+o`RXUPz$$Mxp|va}YjpU5-iHwb-6QyzKAN97USn=p#04z;+v~J*M-ecD2{= zZ>WzQV_k?>nHs;^*F|h=Ov^VB*4$8WUb+dt=82hv16d0w?Oa&(y_ZmB$!D)SOYrI1 zFOyGmi29b=z_x=z*dZc-2$q`eIo7*E!U>X&Zb6KDB{Z{%hD)Uz$jGKc+sk zfKYu$eM0sK+iNQLUT53JZ-teoVt@J#pU&4ee1@ga+W*+D8(asfhhZ(k6ES!0%P#HTvySbv7?zHO*|iWSy7+%tA0;oa=>c*2vgrkL7O){^6F$+oWJ>J#U| zJu#iD;xOICghQ}l*hp*)rtz&cmX1ZoI6d^u3ezav-I&I!^2!!sI`6hEbv!aVZ>Vp) zNgCBj=Xw*Yb0M>Hw_R&|PMp&0BGh_8{2Qz_<6gpaJ=W^X?>eS^VQs7Y0>XM>+|h*R zVKqpjzNT_)pEDtCV7Ggct`Bx`n8*4nZjT|pG4rX$-H))Y*MAafANHEmoO5Hxn9ij& zol{-ov=&Gl5v)zB5^Da@I;A#j)7B5;j|+V|2lo18+v>zHt}pvmKFtvdo8f;2-UjQK zDsG>Z6>rxG_IMTkpW^NOGn{gCF11fPH;%%0CpHgLS@&o00$Arp=@s`f+iSygZxQaq zY(H11bN@3wm8Jf!_LI-$sj7}^2*+sGaC!LD7wkE(bN`X}wU6e6T1QyF&DSQ(Cx7QK zt7wG7_KaEt78y+d3xMG+1_Pm_~Dqz2CF_YYuVQ_Y^9_)>-W$d!975 z-`acD)%X;rxmW#9{b4=6?=ks)BlLKhtNA9MQ0K+=ld5e0C$!pxCu3?$)%7$uyZ%LN z>-^ceD2*MH?TG7x*}hV7+orpiG`9b%zhA+&u2IKOZ>{^TWn1N|jv5OJC*jk$saW@E z__fZr)-}L>r?xw4vPC0(^|~N*?rh^m*Tng zzF0M^CZ_rp5H`nJC=Abuj>V2)rLp%$b}XMo+HaCN6l#v`Kz`XawzJb{&Xd_W zz=qX$j&J9m8nC^$SKfj!&c@4k6u!OT`o{Ltlkn-jT=!uu;Ips}S-!ro>Z5WLXE}TQ zl+6Q4GcGh+rt;eS3a=+#aVp!!**tdJrnmdk_Jd)*M+ujOta7xSy(VADw(Yw*ZjFb^ ze0FYso%AYS`^vVB;XZUu?cDVdKFwR%)gw?D~q-LJKO4iGNqAe9+Bnq zNsR5A^4oj9gYmCoJG=j=-`W0c!$zc2Kepq^&I>kdN4$-*V{HJwVb~Z!ECq#U@nnPiFfz?5+y_ zd)Zzcn(hzZgmt`nR{9RC`E4`dN0_b~UxZ}Z^*|1pl3H3vqj~96rZeLwcF^RfX-k9ILDVR(^3k*gj{r>rHzuk0nn1#E!p{+1CE$ z)0~^#XS2EDy_v4rJ!iURso&ZC>e#_JCWUWbtQw}{ zQ9bSTydFMXdyXM|oAcZ-48_)GLpvty_Nk<8iM7R4H{1UIx5JL?-`;1a{Ztnnr`kke zU*dJoVb^Gvu&s5f=I_~@H_dGd?KScm;T?dPyeiMm>D}?E z99>fsUdp!STcsNg+xb}a%ASj-5vR{VR8LzUZO_H8&l2@{qmKV*!baFy{BL2Z-$ugs zv5&D`nA%x&vUNK;yymGrep*a+gX`-kQ1wLy0JY_@ZS4JT2SZ41@oCblnQ zzcUH%#O&JH`sd->MmoFC1#I6>o4!D(d@4inGL^dq|GF@Z?SD$6JYV78f&GLjz0)|@ zXPQv`L*qcEv^Gw8mG<~BO>g34Hl4jkR65mPX7kuJhYjtuwijhxN!|Mqs%(2K^*JA^ z$FOi;)^GFuUHl}{Ps1vfXY<`k-0hfcTYK%b@pF|oY)ji_cHM2a?J+5oDgB3GKAUzY z+p53LgUz?k$-z47Ji-B(@+yrjN1;t?yT*@+>6*gXZ!1a@T*QrZ{v;&eRd90 zncGOC{VAP78)yA($)oF}p2x~;S(;NU4FB}W)f;2_Ym6iyAZBe zPkVfChH&ur^NB9Qv#>de_MXQcw+(F{w#VL)yjs6}K-*sk>pCNr*>iq1erpo#AW$3e2?Q14J?OQCH$F@TGbS+fb?FqFldyM$EuwQ5&ZC5N$c{dZk6VtuK zZz2Cls5PPulcxsT^4aTzjoXK~F&wx0i01Bt*w+#G6gD7iOCFtXnS7d8RnIet)B08U zY~C)RPwQ0c%g(1hF^n`Lu`!s+(fF7E+kMKno^&!>*V~ELzV8l0rI`;e!fblGu6_)k z?T@SB9;^q}hN0@DaVdKbpFZc2=@_@Mt$Rw_-@j&C>lc|FlZn%Ub%FM2=lDE)YWw{N z_1T1;R~`o2b%{-9!=s4PI!<;XT!nq+^Xx$9x3YcO`kX@AZR}TlEBpH29KY5TnvYah zJMU;*YVB#qd4JLk#%w+8*s|L;97-D9PpCfG$1xJWj%h66t)XqA-P9I3e%WpKFQN{* zhUl8Hi0x&V#)#6Dklv0R`K(|2lG*dUmOM%?pTf7Ot{R3X5jMkGV*~MPytfPEIuq(1t4A1$?RRW!eJ;<6t1O-E17k_2yb}p! z_k?EW=I7X6!v0qhE+kw-xDK=7+we!2(kT8@_yxl62wx$z=g5Y;@vHx;?R8wX9*Jhb zx?W>T?U!LYJHBdGyzMXBNT;+i%XLVnIkrAwV@&O@ZOxUoU)p|T`^TxIYln5lx`lcA za;`6c2ZkoU_A`Xg_5<55v~T&YCC;+8C$K#oy94`zW0mPU-U=TIL#2B(D_+~rvAq&| zIm@p+Z?pXk;k$&|k4)EG#eIzL(=5M@&wf_@HSs%0Yr`FEkECDPI_=8JuQF8^?eEVl zzdb(rbDIbC5zF=ox2uI=#qEQ#(%WluO?R|mkH{$EE zd^WDKbasr`emRqT^Rb24f7ze<+YFy+-cOssa+I!tBl z#BvIm(=qKs=~Zu8#m^M%_&J!g8Xt!eHV*SCuQhudg~Zviv|pL-W!r{+-Op-U_qONZ z(>yeQP}dppV0cuRR^`|-bS(1Q{agoMk4?pH$L_@*!1P((V}!D&uxF^_azfo_YtEAC zx}j$_y02DUY<|tRHqDph`40Or4E0>#4|qM-X;}kI>oClw^+}IWG58`=R(h` zl>bz=_1Q-eq2^Az-_C67I8~=&SaqmL`2%3xyX)ALZy4JuU-PBT=e2B?VD?$$Bv|cg z&J*$W`h9!o*LDHrDqfs@jn8J=#@W7wl%YIoFNM#r{X*!o=TPTIaWY+lRadp?2c-KF z+ll>*$#2&xV!J;Z?sG}MBBt2WOzmEVf=9kFw<8QASubB7>p5k5|xpT?GB53nsO&q}Mh+x4X_+irhL zx@MH)x8(UHRtu|(*|A{5?E8Rhwx69GNgj$%e)SkH8ZD&(3YpW0y*+X^fDOh@T858CH2_J1U1k*6j7TWzA}2x8s$>m1rN z_PaClNvm_HwA#sP`(nASKluQhGT zIch?vwo-fQ-az*S+Sa{+e5Vs{?+wm`Rd1DT=g_n8b;P=2>TB6)?0rlR;(BBKvBB6- zOl8Qff;E4LN5eYiRas{DGl4kuXVvW%SZ$}e%Cet{%?;D340}#(8TS(>zuLn-^RfF{ zniZ#bJ^xXilun^NM>e$QY9;wT3eTnPMa6msr24%}ob_#m^*xpyggRI9E6hG8KM_}z zzTvj{e}BKkwq*`+dj6*G1ndLb&yY@qJ@qTXwwTJuer74Z_J1y+oY)t|g`T9>nbZrfolk_FA}<_}^&1rwH}EE$v%vD$};?wXh83(_EzTw!yk* zv;R9`pW|;Lt*#A9tMKpsujUid>9Zw$uJk>81jq9;;W30KVD?(#okibgzLI5g2LFP? z0@Hq~vwb|KKCkZ(E4{u$tnUG9yAg4!liEh-@>I54V_mSGSbt1;uOuvF|4O5CGLmhN za4g|e>}E{g>zx&b;&L&v8*QB`c7pXLhZxW zL*J#e){r=T$5inOPiI@-e{Dr*&&}CzckDt;?W#4A9mjp}*>V-yac%PsBz_n+1)G8C ze{}95RR7vW`t0$b{Hlk&{@XcjA?fwJSl6K^;ny&&N95CbRu=WFE&q-lv|@4F-0s)r5F4YySf?e{{qb*y%sB!9&+#*tA{`Q_V08uR~|gdhHc{Ysq7Yv(!pVAV1E zoVOM{fH^dK?Rzvn)lX~DhVVk_+a&Z|!ntY=--E9c;T*zqv$oZb`i0vzyqs;V->)LP zi2O=38lHlQwZ7HbYC7B5-}$!R_nQ@_wZ~zf!$)g%;#FVuv2BD)sFSVteZ=Y59wpSX zY?&>`_7NM}zW)qq*J5vF*+$s*TicKAKHeuz_a54RIjsHdAp9NE+$Q@o+*UoU<+kVf zcWAoK6v6E=v3m>wEMSd&Lhu-Sf9|w5X$Zd?Fqscur=7bnEvng146AkJ`Q~z zKE>_C^5H)S4wmWYAkq|I_B<%ej;|NSY0RjdY#S(SNZhHR6%w9@ z={dYi<3pC+4i^!x|GiY+0a>haZF+@DW7l8`wQjciRa*J9ZQIp`lfp9ZC42zeMw*8S zmts$1w*Jq-+K1Aqob2x^+P<=yIN8UT)@(ZoThgxf-2Ke9)?~US%l>H`EAG!Qz1F>Y zKCQVzV@UIZ`e3z=!9A$zBfrM$q4?~0wPUhkXg~8jmb4nHx+j&{`q(~qN>=&WhxTtj z6FQ4H`PA<<2F_!<7iQbl?lamZPW_?cIkNFr5Puz}@iT=`WoMhtgH3D4w4EDfgy~b% z7L`Z6Ddn_BWXN zj~!dP*w)yx^ICSAKZ&!?F>*V_eN8^ihx_5vy|4I?EIu-ePs-w=EN-90=Vx*MEWRR( z$7J!8ES{akrCIz)7C)cGuVnE%S^ROxI)`7wzlOGlP(GRF8!W6b|R#+3Z zrh9v>k!1z=RYp@nTW%{@YhPQowr!k3`+UK^J3{YVXh$0LA&n~=ulF!i=I>0}CbgN% z2rtC?U<0usSa$mC&quQTwtTyP8(vNRF_^w9IG#}T(Rb#uKXcW05j7uV*Yg3=>YhN? zS%vyO;N$r0wtN~}`mWLoVYw>X_G86mmuJ5N^9pH|M)Sa%AuH`hSf9b`GiQ4&_Vc3; zh_j!0=yMO5-Bu{GpMQKuT75<&lmE9cuT8JdOO#(>ZkPCTE?aJPe0AcrZS&eR3XdZ$ zd)u5x$;}fE>m1en!k%%9PUfyDNV)wX78)w=YGq{YwMiNWnrCc+-nuKbsU@V zZN(I7pX&3r-eQ^3*<-dorBS)rX7k(q*)%HKTIQT!%&I)Q9~&MN#@T&Zzrs4i**q%$ zD7LfXE92~XH2D|lRYrE6*5vuS^Hp(w+4(BQWtZDKJPzBYHm#2N@=EGB0-tTW?9jH6 z%F$<;3Kg%~lIh@4ZAG`wU0vS7G+MX0H>c|4&w#?}ofJ4DI(gcd)HIs*}zC3qCz}()NEt-mfd) z$H5N66leEwB-6Q_G7`RqBc;acLd+fDoa zr?{he+tjfx|9jvjo#}4cx!KKg?sPNGTz6mR9=8fV3s8+;K|H{@&ppt2)vfNVbr0rU zQ#BLjr}Lb;gn#zosLw^t))f^(8H z(P`{VaZYxoI!&FMD1AC_51YwvR?cECvz^w?-R$Xp=PZ7PzOA#^Ionz4v~wPF+B;7; z9h~J(N8SzAiJv>}?7T(|);bqBZ%~8v)ZlHW*m=k4>uhxTJMU4O_o>aN)aEni66XtN zkn^=Om>(~_)cMgF;{4=X=Io-DyPcuV9_I?@FXu`p>0afe-4RYz_iE=LccgQOdksIP zH_9n+M>~hRB~E>JymOp8!D-;$;52e4JB{5b&MEFxelF`q=QMY^)7-t;Y3a^z+PE{F zv)ozE+3p=qXZKF$9Cwb>)xFC(*PZKhbMJO8cIP=m+eKyIlz0t zIoMm_9OkX$)tF_@vEED0iQX!wnYWtPFuv@Z<*niUYHN9C+8a)9Z@p9Oz3uezHaLU5 zcbrSTjm~A>Cg%!ovoqX#-x=Y3;9TQ<=#2J0cE)(0IM;dQygT|+XS}z~x!(KIxxxF& znd*J*%=ET9w|n0>cX{7BbG;qTz1~iz)ce7?-`nLp;Qiq|=D@gKKV;!wACqPBZ@qQE^OQO7+tahQ8TqORK{akzU*qMmzt;t01{qQ2WaairTK zag^IWakSehaje@p(ZKDNIKeGWG)cb{8bNxC;~KxQ`~z zb(bZ&xz8uMyDJkt+?Nvw^{OH zw{7wgw_S3u+c7!B?Vh~c?U@|v_DWvi_D){u7AJ?heUn$Y{gWfy0m+f>;N&&#kmM-$ z>g2WVwaL-$=;T;;O!7LnBstEVoE+~?Pfm1aB`3Lak~g?_Cnvl2C#SgclT+P?k~g}K zC2w+{NKSWGCU15(CTFc zFLnF*kGTW<$K8Sc6Yd~?nR}`KqH~QP$oBSW#oBiGHt^RNBOng@}BbB zde8W0d(Zjpz2$y4Z-rm%t@QhNtC-KXOyjL>`+LmvJD}_T1-Uo5&Qz1GDm2}YekXXQ zp$5<$hMGcm8!CeCGt?S-$WUi!v7sxWpp>Z*Jrt3CRrg7g?v02xLeCoCSI`PW`t93Q zhTQ4AAI?x!=#41ddxj3f_o1QYP_W+%Bf1g__SU?}aXvNa#^d|a(2dZyhUP)P7*Y-X zFtiBYUxu{bbTzfR8Q*IWZH0op?SZPB*h6l1omz$(LP4zdahUOGAN37s z9}Nw4Cf#X<;=T2a@?IO!bf}d{S6N*iCN^k|RZ)(QBl;tvYPZ;0HHauaj;@ifClr)- zRYX&x*m)5>8POXNeFOzP?2CwgfP&tsU+E3nC2_0Whkl1Q*xMmc(9R7aY5}z~M}AI3 zeIgnW(Nw6jNp}ZyzM%)8pf2&TEyCBgLhMp}L9L#L2AbH{q00=t16^t8vxxp1(ZMrp z?9mZ*il`rSwaI%WG{(?nU0CH9nv5@~->nhd7tv$T6q8OPYNnxQ@ZDkPMd*G*uSYqy zKnsoUi-^95mKfi!&@w}Nq2~oFgtJ&O3`zf?CakI-2qxgo1NaneQ=T&o${*Ko?ZVu>oJP z@oj~IBl-%e*bl1SX7|w%3i`nWD9Eed$qVxS7Yh1DWhJ+{-E}TDd+PvQYN%J_8wdsC zcN7$yxA76pgn}G*N4~gS{%yMZ$UDsJSHJH(+E6^+;?eU`w2wET@h06?XtJSSq2M^; zwolw)=Z)BRAif~oA<%S_w<$EskYa8eI!A@1#Q?6jx` z*HyBQ*->n1M5^B+Q`7hieip^XZ57wAvR3=P&>qq5C~sGb4|6E>tZ1MSs_Z#Pp zYY@*7aT`=+zrhuv0~E|=6QJPC?7h;~R7W28Zi!;`8`r@(S`blX<^A*VR+b|^qPU&o z+Q+@*Dfat>IUkyHo;9=?n2~^tLG_9?5b2=11wChJvvb zuYKb7dxh9drj*t_R!5y^t@lY_gSGMXqnb=^} z*D0cFBDy`Ig%PccNWV53G+5SMl?O5CnDM!QF5NmyMIJYpx_Ru4U|4mE1nA@ zx;mm8p(-XeUO~mz(8{iy^T{#Atfk^BXM8n{uc7NncaSOh6DVlicpsIm&El0?W!K+$ z`T9l_m#kk95BBTcYpEj? zlzdm@+X@9E;K)*&Ze&E2)xNSi$H%MRl@5=W-X5IaHzHp=whlbh&JpoQiN`|fK325m z%p3$&oCS1d4mGjIM6oAFbOsdMp|ypAx||zPZzvekLnDgo7tb%1jl4KE&M_`3IqnA642AfRed>>&}=kLcKl z^n5qSq362+HI8ESi_5`Lc8I8FM1vx_CZhj+j>+T=))D{vy#M170L&ca;vGq=TI;+d=CYC`!gb?yW6DOcd6ZP zoTEery2yL8U&;o1augA z*P9&rEMb$OxDAdcc8l@F=jaT4`t4xHiThRDo8lf8_r$n|wI=U&leZTX9Qg<+sLS;c z-3A5o?t&=YOA);vrTZqL+{bMx2SY*0b)lcl-cF2S|Ick2)I}{B(7$cTxP{_7(yh@Q zU)&o1eD@jOuePAhf0)`2x!Qil*B)QcC;x4E@jY>6CCB%*@jl}DH2y5%>N9K&;(0f& zi`Eg&LFy6u-TI*Ib&hh3uP?rU;=J)Eyd5~Upq;NIU2xrspXQCh7xs;aROftCa$LW- zP2>CDo1+|GMHJuv#`nbWeR8uW?B3Lyf_9FNawf6Cu{{IrZ))&bL?1?Ze~joaD413D zUuMgTTe7kisvV^}9y-MAqZxFVA>IETX{aT>Uu-D)K*2d51O?;c@`y%2LEpGG@=cB?o^5C23;Ou| z5xocnC9jEmao>0kU$D0x(Ww0v-(XX#ozNAA{(!DFlzPh6C0?^uHueu8-58T2UVX*= zS>K8XuJH{?H^HRS_Y|fW(zg?487d<79z*eG!p(~uXOZ!BAvX9->Eeh+Mx;-EmYQ_4 zBHxmTmPb_Cv;TjduPQsI5Y1-%Z*Q0oHd4a;#+4Z@w7dw@o0=k zK-|ZxkS-`sJ#mA{TN~fz|DQ{4z&^H`eYAptSyc1*XU2Ey{(O>dD89aRCtc7_9jB45vl&s9edkW!_3L3`<8SW8-vo@m zRd*+)RGi`d?aZ~5yuqp<-beiH!1z0X|MvTT@%IU<-C}E1**5{>HmGctUqP*cnLj>` zc#XM<*#4$nzKwvO`3pBf2-D z%JRM%#cqx0$A~g7+mhq&XdZztXrYrLioex)CcdBzIzd6NI}ZxJIocC?#2nGZ&=ZD6 zL(du-2L)qr3iP7!&4ykxbRQIamn0s^>f^!Q;=FOcf1Dien7q$H?;BbL1-1GJ3i5s( z`TmU3)m~$B6h_oHqHCd`em6kDz12O?HnWe1ptT10ardL*LfBYGnu{g+u#%C`}{6FueJgD*G^eFjwB z)L_3??GgPaq9Y?}6j4z`9igCU=v^o%`OApnw)!zj z_g6$!UbD52&-CGu?`SAEt4*MwDrRPNuxd#^A!J zlz6P_Yy~C%-|hGD3hHTU)y>p7o>k&I&3KN8=Z!eso8%4dLqCUlno@p&f>z7CZjbF~ zDDcJeMtoM|nIWD*;@%$jzj&rOfE7yc*KIYn2EFjjG@thjf%=#hit8L7M_hxrG_zb>Nk5!8)@BE>TGt$tw5nPEY_!eGceXZ)+bfczP-)&Hk_k}3$ zmt(B2<#je)`AF;Q6Zzu();Y}9Wo}enr|~v#S18zrD5&4dr`x(Ty21K>ZeV?#BHzNO zydjbAf(f>~6{Bt5Upv~oFOXx5X@e`zvb7pI+Qy248Z_x-eZLO3zAyS%-_O@t-(uQ6 z_};_nh&Dsx%|5n4!8wZiv%b?2_`Z%}e}X2P9DhQ=Q>Ojiu)Xf!h-yPYy2GKMlw%`` z%R2?%bW`5lQ1BlftD|(W&wY~~TOr+f_<|#fSEW7i1?>{&osRF$3VFS^_|KdQzCrkc z?;4DPf;!&>Ev%64uP8RN-lnSsJz62%t(Vg-#;2#N!Dko`eZSC4=G*p(SA1-h`Qm5cqsb8*$E1kjZ@k?Y`DR7*02It1iz8o5m9_4Zq}x!T zrpXOAB&!L!3S-M{teKY}Wr={#nJVAY&>$F86CosOUl;#liT@n6%t z7m5Fy<_&lJCHSxP&Ur~ZT~OZg$$zt_oOAMW@N`9aCnNvio^odFo5C{_jg-zl4)2;kQ_dax?u-9UlwUmI|KfQ+9-4CI?7JWS zyHMUX#GX^m+xza1X9LPR&iIdc{tFRJIk{C1z@I{SHzWT+&zb{GIVDvN!apA6z2W@7 zJRns*}KjeXv(?1%75@rLOth9{_CC<3z~A)RyhR!>nQK$acbfD zvdW=&zCw8mq*I%et13J>PYFn6H5rHQk_lM0ky z@8S&bJtEZO4FG4r!%*JZMoaVVGn8MIrbYR@2<2@>v?9+oP=0xvmg9RrC~s||wRqxy z@&++li2o=?d22rJDPRUi`Bh$8i1$9D{Gx!<6`q9hrbMS3JQd|l!L*a>Ohb7~1#QFJ zi}GeuT7~!ZqWsznE#W#dP~PIfI}iAs8I-rt(;oa^Bg&gZX%GJM2<1&3ya$2zP@*31 zRTv1*LwRc)ZNodzQO_x*ZTJsml((JIHvIPx${SN?8{Tb;dd@?%jq5Bxd21vs#B(2% zx1Z5M{3kQYn=WY~{^tedjf~DH_;Hk9DxjVCE(^+A_Gl;GH;D3B$PK+(N6r2Gs;``oXPMjsOP*&n{hXe@ zc4GEJ`9)*iF2TF2P~PN5oAGTD)Z;x7cfgxb-bhND@%}`Vx2Dr(JU2mk8!>Ih=R&CG zl+$LO^C_*xo8oCFeoqVK*B)pm-ur{{%c!&yci1RzV4BRkP|!}i6B*?f(`YB& zW>1ish*9t{{C5%DWrgmGHhO@7Z%- zg7-t272Vb7{_YyIn)@nxfV&nw#9fCT;l7DBa@UjoB$RiUx*On=QQm9jZiG)kndRI~ z@Tn;8v2{1Yr=z@!-TeS=j`BWU_e1n7cPpN@sOOyReuB1hKgH7?<#%t~&*1Y=-bw3z z0iTcZE7 z9Jea^vRe&ZwcA>oI$E^kbg7U6Aw>G>R<@~yJ;NMZs zuUi-Oyn1M!S06pVJBru?QQjKp9RpWK`Lz)5IJgGN70qh^*F-skUPHJR${XLjMsRJ^ za|*o1a2=F41bI!+CSFrKr=Xli?=<*Sl=J8{gHJ~}k6t0%9OXQEXTU`$ztiBgKwEjO z@U%v`c6e>zvrw)VUR(HVl(X!$gWIEA7rYK|N0eVZ^*X_wQLYPK7x)~Mp5S$b&qL`6 zUN^L-*B#G=DCgblfnMbGM0Fdc5ak6g&pym(#t`@O3D^^zMy?OHkg# z=Z!-rc;nHD-bD0zZxTAmn~YBOrjl|B$~&mNY3PmKbUf2g=5X&8csk0w?ahE^p!8U8 z7JLuN8%Dj`;8K*gD0z3l_oMt$vo{BR0p$%z-dyxWZyuhNDDO)4?uFk*c~`J^ANrm* zAKl_Th<@TNK+C;F=%?Od^b2nZ`lYuN{n~pR-R>=;gl|yhEAJ`zJCwJAdC$P#qrBD9 zdk+2qoGnn@(>Lk|U zaZ%n%lvoG*D8DX~coWV=d7D*YJ(@{uK=TtD@$ZB3M##h_xC+XuFtHh}n)m?E{wQ-@ z;zRfVl+l#fidIj2g6CkAw`V0jh5v&xjuM}thbF$jQyXQ}B))>{qMmbjVmn+9WwuOw z3)e?I=g7nk_$ZX$M@a01k3)I4dE!U3L1Gu46HtCRA@K`*BFgNV*bSeIGAa|l!>6E( z%ETV{RFqMf*bASIG7=Mi!9^$|G2wcw{Spa}wI9lQFX6+jP~MTA$c5XW%({s*+Afj7 z(;j6!Cia0lqKwBx6}U6XcuZ79yCtfj=OqqAyC

dp^pXoTvd`fHF1{HQ@_U#%7`x zd=bjnOw@*pQRd`C9k?&byQUL$(TfxH(1D5i_%A{E{fER+@L-hjn>Yp@f--Uw$Du>{ zd3Z){q9OiaC?hw~2p*0yaubc=5h%ZDmuLcyL>a}2rtq~WqnIBeWE7)}Q-17?RTj!P zO%%eDP*z!qGvKKxBQ((ho`y0)6RqIsD66bQ8~7HK5t?X=-jisD-ka!vzZ7MalIVm! zm*|2%pXiD%Pjo|HNOVV6BzmAPCVHYP6TQ%~L~rz^L?3ijq93|CF#uhk7>K@|7(~e% zP{wcKQgn0TGW7k#Q2ZaDyumOr4E`8pTqlOZ6QFy*a8QqD| z@HZ%{h{Ra*&%`+Nuf%xNNlqlzMY$d&C&3An@tB+p`>5ySCa1zFlwYz>PDAsO)A3|b zMpp6`v}SS!oi8ICd*k~`25$(`uc$sf^?$zA9*$zMn_3gxaO zxf>mq{2fmT%JnO`2cCd({YvhIuSdClCI5nNK)H$~Sspo4P_AOh1bidPFAgMq_$HKJ z8%*ZHH=~|&OEQh#n#|ytfqKrY-bK0oCY!?Vp^V?;Y4H0f?*&gbgFivJ7AFhgPfxAjzhWr`s3jSD8IqwPlOwy{ARL032ub)gvXx@ zH%57?<4;AK_|x#5f^sePr^BbBT#Nl%(9``HXfuBn+T6bl?cm>mcJ$|vvJ=Wo;?G69 z`18Vzh_91iiptiuUv$M=$i3p}qX4(2M+M z(BA%YXtBQ>?c=XN`}!-2|C>W6urv-3?1QrfnM!@g^u*Mqu2P~qNDsB z=(YY%bhQ5?I>z6Hj`e>*uk&}K{adb3|0y~VGA-s;yxXZW?ynSO0_mR|?m;@3q# z^y?-0{V0@cs9zub%s&eK+&>2Y7bqjnKMwv1WyJXn;O!`*#&3xJ*KdUG^&6vq`c2Tk z{HCara~kUAG()|dLNt+c2Aa%iK?y!eZ_jB3S4X*<%V`7GKvFoo=b-eBoE~sLl)jPE6CQxlH*$Kx z15x@$PH%V+O5e!o17C{LH*)&Hm!X{ToB`<7IRnv=IfKw^axO(j)L;ss|FS$~@5|B(mg}J|=kL2#gvjk-YoBKPw8s*tY?jH2D+`V|#qC9`g{R@37*Yz23xe1?DE6S=h z*N4kd?nZNS;cX~u)Z8@u4ayy8ZU+7i<&H9UAN1GUD(LRqs`!6HIs3WQ&^@^aqW{gU zj(;!8+0U&3|AjI(Q#DaHRSWe}wecrV#%8Jx>Zj_W=~O*5FIAt|49c}Ebrif0$~|W4 z7`O_`XiXi5)=V`(4@ot|UkhclrW&C~r5dA+QcdumgmSN!Y6_o>a(zjihMtmYhNmg& zIYp^Lv|Z{9Jnd1gDXA84N0ci_sukQ7gU6zb)>LMnIDd=JX%E_E4Pin6*( z4TbMVnKx3y;0I9Vjnr`XA=Go0rAEL{qWnrtY9#zL%CGIFM#0ab+>50~!_TAKi>1cG zFQD9urN+T8qTGw6#=~VO_hKooLe46bd$H6c_+^x*e5uLsD=5#FQ&Z8`Qq%CPMd{nA z>F9^4Tkw2@(!*0T;Ez#ycxo10j?%+Zx1rlocc7o8=HUMv1WWU>F3Z>)63D*(ksx@(<{+t>6g&v>D6dqdJS5Xeic0%@%D71X1&>2nnWWtu?u<}YCg}t` z1!Xmo_TigQMol^wz8PiIq|@-ND5EBwfoGzOj`Tk8ohYLtT?M`iWpt#g!gr&Lh;%i$ z6y;i(J`i1yu8uBD*TBCB<%*fE2`@&OjnlQ@B`89C7k#30pMU=6VZUmR1jGc62bbY!B zp0`oY*^q9EzMnn~&j%>0uXHo`LzG!PT?l`N@?0@}2K+tBbH#KE_y?5dis@GHPbkk7 z({13NQD*yeTXavl9iIQ9tg`Ytpvk;Wczl%clGg>z&FhM$^17kvyzc0}c|Fi7c|Fnn z@_M0F^LmqOf0W;a$?Jn2l-Ccfo;LtJIBy`aHBjdKyg_Kqyi3tT@-9Pb=M5#c0A)Rv zHw>g9i*3TP>9+fu=|IsMxioDVAaVYDGys>D5ym9CWdE@anL>akx z6X8ZEBR6jn+!*EBkvAD`iZW*NrlP0iO~Z3K%9zcY4mU>`vw63`MJQu7Zw7oO$}^L^ zS#V2~=lOZJp{?`oK-=ZbLEGoeMLXopLp$c(i=LZzAL+ZHjM=>TaCekDm%Inz9w>J% zc?;m4DA%UEMQ|^aJBz%<=+L|+c&)_HAt+}pvkyEJ<$f?z1s;ZS)-qMm;hAdaHJJnPk3yM0Gu6@2 znHuPrOigrbrWSf#rZze*Q-_o#DEEDty6A*VJ@m#*ef-lKmuK3cFJwBPYcieCS2JDE*D_tvwV7_{>zVH8x=auBjZ9B; zbEX%2d>`ev<}GUL$yX2zp?GZWE2Gn3H2 zGLuQ^jv+`d;+vcxE&(2?iw#$DN zZJ)mu?U26??U?^2+9`iM+Bts%+9iJ@dQSc(v}^um^xXUp&~Eu3qUYsrMZ4#Jf}WrM zDcU3dGxUP|FVLR(U!fP~Z%2FOe~Vs}zXR=^zY{Ia{}JtzzYFb~{|nkLe>d7c|95mi z{vPz={JrSF{J+pk^4%0;Fh79~&iBzv^K;Q5`DygB{0w^e|I^-iKu1w7e1FQOk=>cu zED#cU8X^WFp(-te76>hL5(q6oAS9544gyA{DoVMC3J55?V4=ws5v~P!5kxwKCLIy! z9RxDp@0r~!tM|M2obNm5J?A^$xtsI*&3~SGW_EUV$}_W@S-S)0*mXSI?!+VPE}UyG zh4bv8INu(IN7~EcQTFn9w7nu8W3Pb+vCse9VuCZ*;?(L$m=lQ60vt7Z@_H7_HN{jnC;iz zgZvd{`?aT%zs798_Fm+zn9p47>Ev%PpSjrk;$8Osc%MCk^8J`AxAsBggP7|K_Du3& z%ykC)P;w!rC1W2(K89(@*mKAyFy8>Nk0Aeoxvp!^BcH}x*R_u%pT%tB_R-|?m~GrX zmV6O&{nkF7dA+$12?2@d@tX_zdSb z)=+aeX03LtBj;k)YR3k0K4z_UY{WAiUs5s)bBu6&g%>!!rsQ2rE84LYf8h9rl0}#` z%JCifbIi9m9NWliG3%0JJ9z_UU2^QeI~+SH`4Q8Cb^L_)Iew;OKW5!<>?I$>tQ(H~ zurhsnn<>xQF{d;+r$IF8}7juVue!|dlBzu*gw)A*v}EdJGT9$#`? z#J@Q%;meN8_;<$@eARJ{aj#+43dard4a{2MxJAB&St}fO@Lk6}O73A=$c_hC(H>Ev zV%o;qW3nHnZLB>d2VmO9nu!ff4&sQQsX?@aF<0p|KXOS-t4RyMrL`a&ss&SC2J^YO z<{*b-T0WYN<25HGwJ_(HnhV#_O5wU%D6Xf4;l^57+(au+%>>MTUaN=`waU1e7Kxi{ z(YU2ng*vS;dw8uXxiw}FuT>)_W7bA3mfQ}rHflA<9WZO7_98h2v#-|T$-OZ9YOOXo z9kZ|2>XQ3n_R?B?JV1LHXJ`%aK&>$zq$S|NS|ZNUn&WJ(CC<^3@NlgS&ePiBe62km zsddDov`%=m)&-Bzy5X@}4?Ipw#pAVJc!HLWr)quiG_5~=U&~;AKEUihwLy5XmPyGH z%s270q2#5QZ{lgg$jdR;RJ9!P$C$mVHiEnovv<|<$g42tiP}i=Cz$g@Z8Z5a%>Gsz zOJ0N7-)iIWI&C68piQFuAZDG{rjQR~)_JXfT!>lcHO_{mW0-Ybn@T=`*&k}t$-iLs zhuTc?Y0S2uy-7Zc*&k}N$>%ZKg7yyiB4%6A=8`XAwgqiI`7&l(&=!!dV73TtA^93+ zi_qRD-@t4U+9L8T%od?7A>YAl7ur(tJxqH^TTXs}X)kFXlOJKu4fU0{guaTBV9a$t z{S&eSbIz!LM%FP~ioS;I#I&9Cbz~Q&?WAuYm%?l*`bKgnrtPGENe;ubo%FBBWif3h z{cCc0OxsD{O0I~x!mocru8cXO)W0J~V$LY_ZRBXo*^0iMTm^I0THisgiuv4J-$|~9 zIa|?xBFAF(_WIA{8koJkzL)$WW}DUbljAY%AN?S?3ua%fA0~Ih?5p)cat}-kM?XgH zgV{#(6Xb!IZAAZtJQ&lG(NB|yU|KTzS#lO;OVQ7hM_}45`bBacW~-8vQbP zG-eyouaGBTS}FQ9@++9OhkgT3)o)QU4fCmxeuq2*bBxgMk!N9!5&8r2TbT0*{SoNY=qCAZm?MiWm*B{PIkM;~`8~`Qs{7#&^Z>j_55kM}V1_Qi zTtCqrf(dL;P{W}Vlg$@ehpyk3R;0JF~PRmqPq#|XU|`7x$# zpvRJ*V$K)z8e|i5&D?mAEMtx)Mm$-?98HYcWIxQ&#HdRSz#L7C`s5(Y)?~a)4#sRv zMnkd#vo#rw$vS3hG7`v6%+_Qil3kds$!Jb4h1m*>mgGpxR$wHNqcK~7(S}?FvlSR^ zaaE%|e%|Pas~Mdb`U2+oVss%VVva9HH*#~#d4$n}+!AvhVWg6iFy|3QFLE2qd4!Qp zZi_jOF#3|)W6mRt{^X9B^9Un@+zGQC8H31OFx!!lN$!T(j*Ow?9+>k8V;DIVb8Iql z$h|PfCSwFS9dm3l^2mKL=Mlz8a(~Pb${0<~z#O5BvE)IRBa|_ooQXM)FeZ|RVvbqH zB=RuKk;|Au&cSStMge&QW_vVV$9cw7TwqMcuNgBL`Z{KdGu|Xm#T=)M+2rY%Gk4=1 z@=VN`yD=BPY0SrO84K`iV8dwpEY*kUyYyeCF5s&)!2)#8T;{V;~>6c9L5igLj1@$hW{{5VAJ>o zOU~2S&v_R6JI~`_=S6IHUcyf2WnA8Q1y^)l!%@x~IL3JkS9RXO9i8`Zit_>P4xHoE@kpl=k8!$ifwL5T z%^8ZYb=XIXsMSsovCR>U`)mGNz7B);#A4rY&mdDYG;*b!0{8zI$jSV$~G!!g$Z zLTZr9VYb1L7jdd4{3>4g(TrmL)zfAA#E9J9i~+u(w@8l)2a{YNZyE9b3!_izr>s^ zhIAo+g*g)p=|=tzv*v{Kz&k@yDcOZ-|A+J<@5ihOA?f&LNMHOYq(6QVl7SW1AnfPL z#KEqiSaS`-E>{jN?HYm0x$w^?SuHlkXvn!)5$O;c)*kxSan4T*3bpzhP1{{|5fU zq!#{-{IjL*)XA25QYTwVW2|hcH#M`RKGe+NTLBIHbND_$Bmd!i;y=o7xHOrX!=+cL zIb3>;n!}|xsF^Fxqa;`Q8+CG}cd3&ry~og8=>vx5^XY#JHJ{J@Td5k#r!i13na(f{z3yTAhfxGd^z|NH1 z4{WC{lVXCDpk>l?K{ot+kUxGQC=k~S(r~RH1J?-(!S#Yl;+KL-;|4)xaHF82z-4^$ zC6Sv3h2v&H<#3Cj3b<8JCEPkFB4`z#?@S0>CCv+ZC2%dDXiUI2$?GJk#00FA5ZP8@ zGWIX=YT$Z4gP4FrDBr;62orDw`3tW0Pr!AoT#x!+aGn3vz^}M^`MGTi*Y_UiTe$xA z2uIipgZ9#T|3KR-t=AUgFSHNw-?e3UllBqbtgX=Y(|TWqk5aOq7W)eA677WF^-Hu6 zuHuLKb^M2Z6H7+2dWoZUJM}k?x%+U8aX`Jy(Q_YeLH?a1-9Frv{D*Xk{0Do~11kSx z;oOI9&I4+ZwAeYvD3U&;q)1vui7vkvvfJjA4}^5)H#|GIiUP~XDK2gXA$N8K>Sg4v zt`fMrOTs-}3QluXVrXwy1n%Rifcv?^@c>sjJkVvM&S00n-dtW=x`o;{rAYi zpmTE1$m!ZSInBzwBNs^LV#}pT1VXov@6Nfv@7kXX;(T#-J&Fgns%i# zHSJ1QYF1Q!j|wm@?7*nN}i8CA;&4n)QnTwQ8P~IK+QNMg_?0nXKKbNU8xzTbf;#b zawt03NK}qcGf_E8%|zvRw1bk9)J#-PQ8Q6FL(LY-)o9&lp9 zsM$&>NzGPD>6kD|%22bF5>CxlN;zsKDV1W{>PbojHItMmY9=W$G3_aNj+#lz^VCdI zUZ7@cr6x67E48TETB$?L)=E8UwpL!EW^1JZHCroIQuv8z#amm=DWgJru$f zh+tw>Ar9(7b7%`)pcf1T{v}%)1^n~BGy}wQa|=a&r(5Fpxg}`@d=B5kP7uS-(!B&X zfG-(JP6&qxs0Q)yG9*GWbcQq-0Ha_M9AY}t=)Mi_!$+_NHo<>GA)JBBa2sS*l7gTl zl!G`ZWEy{^5#{2S!aGAB$bxZD0JC5ztcFeS9UKHPjpKCB!S8Sz#Opi`PsqVGNh$@A z5DT@TAvA}!FbG8b9J=G-HBY}7|1I(YSPH9PBW#78a2U?OZFmBH{5q}%4WT_`!d%z{ z-@s)k#V?^pLv3gTNzem6g40l$Uo2k-HCcfYAQOheXqWKC^0zbgda0J9_ zIZgKx+=Lo?-CVlkVIF)7f09WB2M6#n0ufH1Icz79-K)gp?J>A}PGhqabg(>hh zybmj2Eqnz(z#cdQm*F770`Ps_ zkLmvcw!lwt4z7b=DM=~|HK7sog^}=I@BEhQn|H zu7U}H{5Eh1l!a)h0gXV+TU$?8>>s+3hrmQn+3R%Qfkm(a4uTlxgr|F+?iIKLPrxsX zeL9qf7^n@cp*!?}aZms=VF|2;EwBUbfL}P{Lj{P3){p`d;SHD#@4`}84eQ|qoQHex z1WNGRpcNnn8bK1IKq_RyWDxrbalD#Fo&)dslr8hgpZes#`{ZwZ@-Clz$S0rj$-nvJ z+dlb;PxdeOY`zSie4hCXr$5H0th!IG=aZXyaxz`t^-ko@l%@KV_a|q8SQhzoC%|i- z{#kVAdGZHzSHgPO>?!-6?k+gs=|4{Q9Q+P<;0cr{&pHQU`r&jVJXtLF7d%-EtL4cJ zJl$q=lc6)D!2rktnqShd)c1Yw#Cs*$aiYB@+9P6^Z+k|x=|q`m*A>6k8$Q!`v8=`N7wef=zr=bambF;s#mBWy)a~V|FOGX+eJgI8Wq8Vm(H#w9 z{S)h*Sl`5YCf2Vho;u=v5$}(9PsDp6mcMu}#5yL{EwS!R_tX{hE!MGQ5ZjGd7Gk}r zHP|LK_kRhu^nVYx@(<6n(ONr>Tl>E>#3r@z-;9&}#|^bfZT*kqcK$uHZ2Z?r_%Iv) zb<%aLjsH3+#3}x^$sBRG_YV7m8oY5*K64|w;z8rs`WW@YldNe#5^l; zPtRRb3{$K44lAC5dpzA|*t1%a^a10o;M;M*S)hj_krKI0WHJ26xYD``A?KA9y-1JinZ&ak7dXTyA- zPmDLvXPVDyxnFzDvd>CWqB%Df_mElhLwwXpgI_Hp+Ovii>VbN9Vt^(`3a?%QVdZ5ZnAdusJ{8Sd_Tev+7G zM6SE9x7Bwu-`zLY>Z>u@-M823Q^&gdY?H-!cc;4h;;gO0rL-KW1QrkTtMvKaP~)fe5z-IrOvNd^T}uz{a)SMpcxO92q5m{O1uD3^d>r3BZqO2`hSjI1f;WL>Es8%ibF$$eKs zzy&3tlu}174WUp5!nmtSIFyBQP#!8kMedJM2`WQ`(pip#C?!pfh8XT}Qboy-pM$FK zJXC`hlp%5~ROjv{H6RXNRI=on5D&GWHupBE19hPu_cN&vFTu;ufcuy;BrDk!xX%<(K-jv%YZ*iSyw%k_vRBi|Dp#yY;6zBw< zl}%hBIw*Hlj>_GXlX7?EzT87mm7b6aY0wLLD>fxviB|eRU+4$@L9C79K5p)=xciqo ziTi!IAA==MIjl8uFn39FKeD_-M|p>ik}6mO4en6o9@pUBQ^ix6CyS|w$KO23Chb@5 zd7l5EHy!q-LT@^u6j}8+n^23V*IJEYT4FnCt;UPV@<>*jVo{dtEo-NC@RYSvhmpji zgDQ4hqFx7exhUX~qOQlHEJfWW3V3u@4`5N&S$!x9cyv|y_Y|wFtM@s2s?|JYJ=OZ6 zI*&B9y{9ZqP4krXwvy=Stq${)^-;%p>h)1Y8%#XW3XrFV70(gHpEI|j3MfLPg#~KuCa--EcFLZS+@F% zm2A>`-X*@mo4)m?AH3;;H~s2OzloD!>oLYw{JxFjehKbp8^=8p+(RdLh8o-jp}5{O zZ<^svtGy{cxVT<@Z+h9A^1NxZH;whC@xfxQ#Ooa&T)aNN=`DNHTQ)a1P<7XvYYi3i z`kA-hXWn{iyk%>=Wu5HB^EX~EPCH!gWJsnrg_SHW8x~qzufUt8ded@mTIo$Eyy>(z z1(zwFitbH4yvY?-{A`JyB+fC5$C&CJ8W3JwFT;~;(u1oPqIldqZyM=M6TNAQmEt1A-YAy4 zAPU#O@!Xk^^K8qp(l_LEX}2}>lx4Anr%Ph%j^+MsqJDW?+j3k)WAX-xA7`PCa4bh$ zuHHpFu>2HPCvbV+!+mFEQSBG0w*0?VOtD(6z6@+e%O)Zkigm@527S>bd^xT2bZD_d@0 z4UM)u*Qy`Of0>J#+i%9dmK|6Q(Rsj)cBa=O%>94n>b>56!z z^@4?8vOH0>a~2oNXTM?@#^VK6o!Z@WoE@Qboj^!J^!X0pJzCp}Yq<|T?qFRV~fALtG z@T;MZagoc(Ro8eW2JZ|IKCa~A0&8i6sbXozawk;bWjNkiKC#>pifdK6n8R`UW>K#E zh<64E$16vyEd1Xtu?~;2){U{Ym)VrZ1Pe!7Qyyy@W0eTEv6lJ$vi@96y>D$z_sfbo zyl-tyvjg4lyLiS>c|3K}rT6hfbt&E;ZN;(DHaylQwma2wtaOT!cQq*CTQ0;QVWR$$fV<=+ z0j0U-x->|5x#gBNu^gV16^>SiQ{F&zFB#!5E6)kuLiwm*cOCI8(W-csFjc%es;wN? zRyRn(4OHQHNz}Y=P4jD2)Mtz48tO##Im-@rsdt1D{)9omlANSG|2LD9IuGA zYiEFPm@1ZDm@1autD#~|3sc3?3sc1si;Fl#{goxe>y3-JLyn7hgcm6FxN3SpX^Eed z74x$|SwoHw7CxYCwEQ(La(!pz9hQH_>Fl?}{FLUp=|r^=E>PZQ9#)r2Ay-y1E$8ES zWiAd=g`=(I5N&1u@P$^nSTgMS$+e|lak~9^uA|0Ey>V?R4_8(;Ti$MYA5NEk$Fb54 z9Ix2878IrmS5{oOdl@lrd+oK!@k)OjtqR90BQSeroGytqR<((JZ%b?I;0~@Vs|D5? zwYr>*t3IDvUJ@X38{K*b756*~2XTkd65!xIts3ZHfD@W>-={=q20f&A)t-hck2*_o4p0u62_ipE&wA;CJ?{@A-yIq>RhK=0w z_#62PpZ?-<(VgZkPfyIrZI+eQwr^&(G%T-wPHsj<^#NH~R%J8#i!~j*qdgmkb^VhX z?Zp6AB<@EnNk^I9(RU0frBky`A!FLDdo(LOX~DoK^`)X=8`+si&0b3Dl9!R2m)19X zK;PW#oU}oi`Dp`k^0PDYbB1SRXAVf~mzkY5D!zK{wA_rWjJ|mpX(O{U2WDmrNNbjp z-!3D+J+%@><`1qud_X^@_n*iAPfI}MIxC+-@}UTuBKOSZrrLC;(WT?_5LXE$smcGQ zTvXa5^rr`F9#_ML|BL!@&n{JZ#&Ta9`tV=W?@aw4zcski-LofQp4rwVsS@ztqS*a# z(NYlJu9!K>Jn;QSbJv$E%~3s?nQdy6HNX4#E%UQC z2AT85WSF;(?=Tll$~1>0R=*?0pV_UEIk?I5=C>>6m_>g)FwLir&B9&ZnvZT@wermV z&CDzNHk%i=E;b+jT1eRw^T^uy=EQcjtmmK5Ex|myV}mIkmww)44s01`wv7unZ=U?g zD*NKqp60_tUz$ZXFPcwJ?=Xw5{$k$W`LX$KdZRmYQxk4{zj~on@4>G}dA(K4iEZnc z0~%K`Z+XVwFuA+=@W^JX&ds&2m_^r4oA-9DGM8i|-hQu7(;G*>U1JS9x91<`qz-W` zrx(rqq*(KgXZ)2DdzqJ(4K=T<9&N4|+R(iG`77pyrNhjb-5TC}uTS%9M?aoqUcGeA zd~ols`P19|%{ggx&1qe0nimiLU`=sz(ZH7G_6cpx^Yc^9>mLm&rjQrx@S6{rFD% zwUqki+BxIR%Ll$QdpD_O&Pz@F>%5D8G44NYzm!??RnW2it)We;-Jj8=!Oh~bzjRL) z?+5;GyG^zm63ru@huBvc?0UprN9>XKe+uf<5<61Qqn28W)K%(48>cIG_D>-tahLvf z^e5pKWbxQ)yHO;j<0n4ts$msbYV3((cPI9{zK>?~aF1)LuawJlGWorM45pb)TOh}( z7A1+XIy1B{rFjhROIszAq1m3vthLQ!qWrH3<+%*W=6?PEJf-1Qoj9rZua?x0EWVMa zGj4JHW;}ZyzXKqqGyG4_(~M`#=e1_w_6*D5c@k(b<@3u4;!#hs`%I@R!*iL^v-ymd zs?+wY&U04hHyLWujhE_L&+lS9@rv`Uak6=RSv*f)eo-KU;s5S=t4jl@>uzDS;tDVS z|H(LmtSKZizr*=80r5%(F^~C7>z~Uiai9H4{E7LA<27)tmEYvx|9L#)iKQv#r+E2@ zzW=lNYGN(l4ookHxgE)}6-%*rD*yiVF+2QvL{;YJ&*T4f=?>ugm2pg6bnCJNYVu1Y zby(W{SjP2vu73PtNiANTc#ZC5UyIbA^8VBizl9M`zxXwb4E|mePfOcCyq^iYhk29@ vqiz;Uvl46SpWoSk^}bpY`H%kRm%xVx?-buGD&EQb&p+dTp5gzYCGfuhS$*TZ diff --git a/src/SimpleSocialAuth.Core/bin/Debug/DotNetOpenAuth.xml b/src/SimpleSocialAuth.Core/bin/Debug/DotNetOpenAuth.xml deleted file mode 100644 index 32e5229..0000000 --- a/src/SimpleSocialAuth.Core/bin/Debug/DotNetOpenAuth.xml +++ /dev/null @@ -1,39026 +0,0 @@ - - - - DotNetOpenAuth - - - -

- A design-time helper to give a Uri property an auto-complete functionality - listing the URIs in the class. - - - - - A type that generates suggested strings for Intellisense, - but doesn't actually convert between strings and other types. - - - - - A design-time helper to allow Intellisense to aid typing - ClaimType URIs. - - The strong-type of the property this class is affixed to. - - - - A cache of the standard claim types known to the application. - - - - - Initializes a new instance of the ConverterBase class. - - - - - Returns whether this object supports a standard set of values that can be picked from a list, using the specified context. - - An that provides a format context. - - true if should be called to find a common set of values the object supports; otherwise, false. - - - - - Returns a collection of standard values for the data type this type converter is designed for when provided with a format context. - - An that provides a format context that can be used to extract additional information about the environment from which this converter is invoked. This parameter or properties of this parameter can be null. - - A that holds a standard set of valid values, or null if the data type does not support a standard set of values. - - - - - Returns whether the collection of standard values returned from is an exclusive list of possible values, using the specified context. - - An that provides a format context. - - true if the returned from is an exhaustive list of possible values; false if other values are possible. - - - - - Returns whether this converter can convert an object of the given type to the type of this converter, using the specified context. - - An that provides a format context. - A that represents the type you want to convert from. - - true if this converter can perform the conversion; otherwise, false. - - - - - Returns whether this converter can convert the object to the specified type, using the specified context. - - An that provides a format context. - A that represents the type you want to convert to. - - true if this converter can perform the conversion; otherwise, false. - - - - - Converts the given object to the type of this converter, using the specified context and culture information. - - An that provides a format context. - The to use as the current culture. - The to convert. - - An that represents the converted value. - - - The conversion cannot be performed. - - - - - Converts the given value object to the specified type, using the specified context and culture information. - - An that provides a format context. - A . If null is passed, the current culture is assumed. - The to convert. - The to convert the parameter to. - - An that represents the converted value. - - - The parameter is null. - - - The conversion cannot be performed. - - - - - Creates an instance, protecting against the LinkDemand. - - The member info. - The arguments. - A , or null if sufficient permissions are unavailable. - - - - Gets the standard values to suggest with Intellisense in the designer. - - A collection of the standard values. - - Contract.Result<ICollection>() != null - - - - Converts a value from its string representation to its strongly-typed object. - - The value. - The strongly-typed object. - - - - - Creates the reflection instructions for recreating an instance later. - - The value to recreate later. - The description of how to recreate an instance. - - - - - Converts the strongly-typed value to a string. - - The value to convert. - The string representation of the object. - - - - - Creates an instance, protecting against the LinkDemand. - - The member info. - The arguments. - A . - - - - Gets a cache of the standard values to suggest. - - - - - Initializes a new instance of the class. - - - - - Gets the values of public static fields and properties on a given type. - - The type to reflect over. - A collection of values. - type != null - type == null - Contract.Result<ICollection>() != null - - - - Converts a value from its string representation to its strongly-typed object. - - The value. - The strongly-typed object. - - - - - Creates the reflection instructions for recreating an instance later. - - The value to recreate later. - - The description of how to recreate an instance. - - - - - - Converts the strongly-typed value to a string. - - The value to convert. - The string representation of the object. - - - - - Gets the standard values to suggest with Intellisense in the designer. - - A collection of the standard values. - - Contract.Result<ICollection>() != null - - - - Gets the type to reflect over for the well known values. - - - Contract.Result<Type>() != null - - - - - Initializes a new instance of the class. - - - - - Gets the type to reflect over to extract the well known values. - - - Contract.Result<Type>() != null - - - - - Contract class for the class. - - - - - Gets the type to reflect over for the well known values. - - - - - A design-time helper to give a Uri property an auto-complete functionality - listing the URIs in the class. - - - - - Initializes a new instance of the class. - - - - - Gets the type to reflect over to extract the well known values. - - - Contract.Result<Type>() != null - - - - - A design-time helper to give an OpenID Identifier property an auto-complete functionality - listing the OP Identifiers in the class. - - - - - Initializes a new instance of the class. - - - - - Converts a value from its string representation to its strongly-typed object. - - The value. - The strongly-typed object. - - - - Creates the reflection instructions for recreating an instance later. - - The value to recreate later. - - The description of how to recreate an instance. - - - - - Converts the strongly-typed value to a string. - - The value to convert. - The string representation of the object. - - - - Gets the standard values to suggest with Intellisense in the designer. - - A collection of the standard values. - Contract.Result<ICollection>() != null - - - - A design-time helper to allow controls to have properties - of type . - - - - - Initializes a new instance of the UriConverter class. - - - - - Returns whether the given value object is valid for this type and for the specified context. - - An that provides a format context. - The to test for validity. - - true if the specified value is valid for this object; otherwise, false. - - - - - Converts a value from its string representation to its strongly-typed object. - - The value. - The strongly-typed object. - - - - - Creates the reflection instructions for recreating an instance later. - - The value to recreate later. - - The description of how to recreate an instance. - - - - - - Converts the strongly-typed value to a string. - - The value to convert. - The string representation of the object. - - - - - Gets the standard claim type URIs known to the library. - - An array of the standard claim types. - - Contract.Result<ICollection>() != null - - - - Gets the type to reflect over to extract the well known values. - - - - - Describes a collection of association type sub-elements in a .config file. - - - - - Initializes a new instance of the class. - - - - - Returns an enumerator that iterates through the collection. - - - A that can be used to iterate through the collection. - - Contract.Result<IEnumerator<T>>() != null - Contract.Result<IEnumerator<T>>().Model == ((IEnumerable)this).Model - - - - When overridden in a derived class, creates a new . - - - A new . - - Contract.Result<ConfigurationElement>() != null - - - - Gets the element key for a specified configuration element when overridden in a derived class. - - The to return the key for. - - An that acts as the key for the specified . - - element != null - Contract.Result<object>() != null - - - - Describes an association type and its maximum lifetime as an element - in a .config file. - - - - - The name of the attribute that stores the association type. - - - - - The name of the attribute that stores the association's maximum lifetime. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the protocol name of the association. - - - - - Gets or sets the maximum time a shared association should live. - - The default value is 14 days. - - - - Represents the section in the host's .config file that configures - this library's settings. - - - - - The name of the section under which this library's settings must be found. - - - - - The name of the <messaging> sub-element. - - - - - The name of the <openid> sub-element. - - - - - The name of the <oauth> sub-element. - - - - - The name of the <reporting> sub-element. - - - - - The name of the <webResourceUrlProvider> sub-element. - - - - - Initializes a new instance of the class. - - - - - Gets the configuration section from the .config file. - - - Contract.Result<DotNetOpenAuthSection>() != null - - - - - Gets or sets the configuration for the messaging framework. - - - Contract.Result<MessagingElement>() != null - - - - - Gets or sets the configuration for OpenID. - - - Contract.Result<OpenIdElement>() != null - - - - - Gets or sets the configuration for OAuth. - - - Contract.Result<OAuthElement>() != null - - - - - Gets or sets the configuration for reporting. - - - Contract.Result<ReportingElement>() != null - - - - - Gets or sets the type to use for obtaining URLs that fetch embedded resource streams. - - - - - Represents the <messaging> element in the host's .config file. - - - - - The name of the <untrustedWebRequest> sub-element. - - - - - The name of the attribute that stores the association's maximum lifetime. - - - - - The name of the attribute that stores the maximum allowable clock skew. - - - - - The name of the attribute that indicates whether to disable SSL requirements across the library. - - - - - The name of the attribute that controls whether messaging rules are strictly followed. - - - - - Gets the actual maximum message lifetime that a program should allow. - - The sum of the and - property values. - - - - Gets or sets the time between a message's creation and its receipt - before it is considered expired. - - - The default value value is 3 minutes. - - - Smaller timespans mean lower tolerance for delays in message delivery. - Larger timespans mean more nonces must be stored to provide replay protection. - The maximum age a message implementing the - interface can be before - being discarded as too old. - This time limit should NOT take into account expected - time skew for servers across the Internet. Time skew is added to - this value and is controlled by the property. - - - - - Gets or sets the maximum clock skew. - - The default value is 10 minutes. - - Smaller timespans mean lower tolerance for - time variance due to server clocks not being synchronized. - Larger timespans mean greater chance for replay attacks and - larger nonce caches. - For example, if a server could conceivably have its - clock d = 5 minutes off UTC time, then any two servers could have - their clocks disagree by as much as 2*d = 10 minutes. - - - - - Gets or sets a value indicating whether SSL requirements within the library are disabled/relaxed. - Use for TESTING ONLY. - - - - - Gets or sets a value indicating whether messaging rules are strictly - adhered to. - - - true by default. - - Strict will require that remote parties adhere strictly to the specifications, - even when a loose interpretation would not compromise security. - true is a good default because it shakes out interoperability bugs in remote services - so they can be identified and corrected. But some web sites want things to Just Work - more than they want to file bugs against others, so false is the setting for them. - - - - - Gets or sets the configuration for the class. - - The untrusted web request. - - - - Represents the <oauth/consumer> element in the host's .config file. - - - - - Gets the name of the security sub-element. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the security settings. - - - - - Security settings that are applicable to consumers. - - - - - Initializes a new instance of the class. - - - - - Initializes a programmatically manipulatable bag of these security settings with the settings from the config file. - - The newly created security settings object. - - - - Represents the <oauth> element in the host's .config file. - - - - - The name of the <consumer> sub-element. - - - - - The name of the <serviceProvider> sub-element. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the configuration specific for Consumers. - - - - - Gets or sets the configuration specific for Service Providers. - - - - - Represents the <oauth/serviceProvider> element in the host's .config file. - - - - - The name of the custom store sub-element. - - - - - Gets the name of the security sub-element. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the type to use for storing application state. - - - - - Gets or sets the security settings. - - - - - Security settings that are applicable to service providers. - - - - - Gets the name of the @minimumRequiredOAuthVersion attribute. - - - - - Gets the name of the @maxAuthorizationTime attribute. - - - - - Initializes a new instance of the class. - - - - - Initializes a programmatically manipulatable bag of these security settings with the settings from the config file. - - The newly created security settings object. - - - - Gets or sets the minimum OAuth version a Consumer is required to support in order for this library to interoperate with it. - - - Although the earliest versions of OAuth are supported, for security reasons it may be desirable to require the - remote party to support a later version of OAuth. - - - - - Gets or sets the maximum time a user can take to complete authorization. - - - This time limit serves as a security mitigation against brute force attacks to - compromise (unauthorized or authorized) request tokens. - Longer time limits is more friendly to slow users or consumers, while shorter - time limits provide better security. - - - - - Represents the <openid> element in the host's .config file. - - - - - The name of the <relyingParty> sub-element. - - - - - The name of the <provider> sub-element. - - - - - The name of the <extensions> sub-element. - - - - - The name of the <xriResolver> sub-element. - - - - - The name of the @maxAuthenticationTime attribute. - - - - - The name of the @cacheDiscovery attribute. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the maximum time a user can take to complete authentication. - - - This time limit allows the library to decide how long to cache certain values - necessary to complete authentication. The lower the time, the less demand on - the server. But too short a time can frustrate the user. - - - Contract.Result<TimeSpan>() > TimeSpan.Zero - - - value > TimeSpan.Zero - - value <= TimeSpan.Zero - - - - Gets or sets a value indicating whether the results of Identifier discovery - should be cached. - - - Use true to allow identifier discovery to immediately return cached results when available; - otherwise, use false.to force fresh results every time at the cost of slightly slower logins. - The default value is true. - - - When enabled, caching is done according to HTTP standards. - - - - - Gets or sets the configuration specific for Relying Parties. - - - - - Gets or sets the configuration specific for Providers. - - - - - Gets or sets the registered OpenID extension factories. - - - - - Gets or sets the configuration for the XRI resolver. - - - - - The section in the .config file that allows customization of OpenID Provider behaviors. - - - - - The name of the security sub-element. - - - - - Gets the name of the <behaviors> sub-element. - - - - - The name of the custom store sub-element. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the security settings. - - - - - Gets or sets the special behaviors to apply. - - - - - Gets or sets the type to use for storing application state. - - - - - Represents the .config file element that allows for setting the security policies of the Provider. - - - - - Gets the name of the @protectDownlevelReplayAttacks attribute. - - - - - Gets the name of the @minimumHashBitLength attribute. - - - - - Gets the name of the @maximumHashBitLength attribute. - - - - - The name of the associations collection sub-element. - - - - - Gets the name of the @requireSsl attribute. - - - - - Gets the name of the @unsolicitedAssertionVerification attribute. - - - - - Initializes a new instance of the class. - - - - - Initializes a programmatically manipulatable bag of these security settings with the settings from the config file. - - The newly created security settings object. - - - - Gets or sets a value indicating whether all discovery and authentication should require SSL security. - - - - - Gets or sets the minimum length of the hash that protects the protocol from hijackers. - - - - - Gets or sets the maximum length of the hash that protects the protocol from hijackers. - - - - - Gets or sets a value indicating whether the Provider should take special care - to protect OpenID 1.x relying parties against replay attacks. - - - - - Gets or sets the level of verification a Provider performs on an identifier before - sending an unsolicited assertion for it. - - The default value is . - - - - Gets or sets the configured lifetimes of the various association types. - - - Contract.Result<AssociationTypeCollection>() != null - - - - - The section in the .config file that allows customization of OpenID Relying Party behaviors. - - - - - The name of the custom store sub-element. - - - - - The name of the attribute that specifies whether dnoa.userSuppliedIdentifier is tacked onto the openid.return_to URL. - - - - - Gets the name of the security sub-element. - - - - - The name of the <behaviors> sub-element. - - - - - The name of the <discoveryServices> sub-element. - - - - - The built-in set of identifier discovery services. - - - - - Initializes a new instance of the class. - - - - - Gets or sets a value indicating whether "dnoa.userSuppliedIdentifier" is tacked onto the openid.return_to URL in order to preserve what the user typed into the OpenID box. - - - The default value is true. - - - - - Gets or sets the security settings. - - - - - Gets or sets the special behaviors to apply. - - - - - Gets or sets the type to use for storing application state. - - - - - Gets or sets the services to use for discovering service endpoints for identifiers. - - - If no discovery services are defined in the (web) application's .config file, - the default set of discovery services built into the library are used. - - - - - Represents the .config file element that allows for setting the security policies of the Relying Party. - - - - - Gets the name of the @minimumRequiredOpenIdVersion attribute. - - - - - Gets the name of the @minimumHashBitLength attribute. - - - - - Gets the name of the @maximumHashBitLength attribute. - - - - - Gets the name of the @requireSsl attribute. - - - - - Gets the name of the @requireDirectedIdentity attribute. - - - - - Gets the name of the @requireAssociation attribute. - - - - - Gets the name of the @rejectUnsolicitedAssertions attribute. - - - - - Gets the name of the @rejectDelegatedIdentifiers attribute. - - - - - Gets the name of the @ignoreUnsignedExtensions attribute. - - - - - Gets the name of the @privateSecretMaximumAge attribute. - - - - - Gets the name of the @allowDualPurposeIdentifiers attribute. - - - - - Gets the name of the @allowApproximateIdentifierDiscovery attribute. - - - - - Gets the name of the @protectDownlevelReplayAttacks attribute. - - - - - Initializes a new instance of the class. - - - - - Initializes a programmatically manipulatable bag of these security settings with the settings from the config file. - - The newly created security settings object. - Contract.Result<RelyingPartySecuritySettings>() != null - - - - Gets or sets a value indicating whether all discovery and authentication should require SSL security. - - - - - Gets or sets a value indicating whether only OP Identifiers will be discoverable - when creating authentication requests. - - - - - Gets or sets a value indicating whether authentication requests - will only be created where an association with the Provider can be established. - - - - - Gets or sets the minimum OpenID version a Provider is required to support in order for this library to interoperate with it. - - - Although the earliest versions of OpenID are supported, for security reasons it may be desirable to require the - remote party to support a later version of OpenID. - - - - - Gets or sets the minimum length of the hash that protects the protocol from hijackers. - - - - - Gets or sets the maximum length of the hash that protects the protocol from hijackers. - - - - - Gets or sets the maximum allowable age of the secret a Relying Party - uses to its return_to URLs and nonces with 1.0 Providers. - - The default value is 7 days. - - - - Gets or sets a value indicating whether all unsolicited assertions should be ignored. - - The default value is false. - - - - Gets or sets a value indicating whether delegating identifiers are refused for authentication. - - The default value is false. - - When set to true, login attempts that start at the RP or arrive via unsolicited - assertions will be rejected if discovery on the identifier shows that OpenID delegation - is used for the identifier. This is useful for an RP that should only accept identifiers - directly issued by the Provider that is sending the assertion. - - - - - Gets or sets a value indicating whether unsigned extensions in authentication responses should be ignored. - - The default value is false. - - When set to true, the methods - will not return any extension that was not signed by the Provider. - - - - - Gets or sets a value indicating whether identifiers that are both OP Identifiers and Claimed Identifiers - should ever be recognized as claimed identifiers. - - - The default value is false, per the OpenID 2.0 spec. - - - - - Gets or sets a value indicating whether certain Claimed Identifiers that exploit - features that .NET does not have the ability to send exact HTTP requests for will - still be allowed by using an approximate HTTP request. - - - The default value is true. - - - - - Gets or sets a value indicating whether the Relying Party should take special care - to protect users against replay attacks when interoperating with OpenID 1.1 Providers. - - - - - Represents the <reporting> element in the host's .config file. - - - - - The name of the @enabled attribute. - - - - - The name of the @minimumReportingInterval attribute. - - - - - The name of the @minimumFlushInterval attribute. - - - - - The name of the @includeFeatureUsage attribute. - - - - - The name of the @includeEventStatistics attribute. - - - - - The name of the @includeLocalRequestUris attribute. - - - - - The name of the @includeCultures attribute. - - - - - The default value for the @minimumFlushInterval attribute. - - - - - Initializes a new instance of the class. - - - - - Gets or sets a value indicating whether this reporting is enabled. - - - true if enabled; otherwise, false. - - - - Gets or sets the maximum frequency that reports will be published. - - - - - Gets or sets the maximum frequency the set can be flushed to disk. - - - - - Gets or sets a value indicating whether to include a list of library features used in the report. - - - true to include a report of features used; otherwise, false. - - - - Gets or sets a value indicating whether to include statistics of certain events such as - authentication success and failure counting, and can include remote endpoint URIs. - - - true to include event counters in the report; otherwise, false. - - - - - Gets or sets a value indicating whether to include a few URLs to pages on the hosting - web site that host DotNetOpenAuth components. - - - - - Gets or sets a value indicating whether to include the cultures requested by the user agent - on pages that host DotNetOpenAuth components. - - - - - A collection of . - - The type that all types specified in the elements must derive from. - - - - Initializes a new instance of the TypeConfigurationCollection class. - - - - - Initializes a new instance of the TypeConfigurationCollection class. - - The elements that should be added to the collection initially. - elements != null - elements == null - - - - Creates instances of all the types listed in the collection. - - if set to true then internal types may be instantiated. - A sequence of instances generated from types in this collection. May be empty, but never null. - Contract.Result<IEnumerable<T>>() != null - - - - When overridden in a derived class, creates a new . - - - A new . - - Contract.Result<ConfigurationElement>() != null - - - - Gets the element key for a specified configuration element when overridden in a derived class. - - The to return the key for. - - An that acts as the key for the specified . - - element != null - Contract.Result<object>() != null - - - - Represents an element in a .config file that allows the user to provide a @type attribute specifying - the full type that provides some service used by this library. - - A constraint on the type the user may provide. - - - - The name of the attribute whose value is the full name of the type the user is specifying. - - - - - The name of the attribute whose value is the path to the XAML file to deserialize to obtain the type. - - - - - Initializes a new instance of the TypeConfigurationElement class. - - - - - Creates an instance of the type described in the .config file. - - The value to return if no type is given in the .config file. - The newly instantiated type. - Contract.Result<T>() != null || Contract.Result<T>() == defaultValue - - - - Creates an instance of the type described in the .config file. - - The value to return if no type is given in the .config file. - if set to true then internal types may be instantiated. - The newly instantiated type. - Contract.Result<T>() != null || Contract.Result<T>() == defaultValue - - - - Creates the instance from xaml. - - The stream of xaml to deserialize. - The deserialized object. - - This exists as its own method to prevent the CLR's JIT compiler from failing - to compile the CreateInstance method just because the PresentationFramework.dll - may be missing (which it is on some shared web hosts). This way, if the - XamlSource attribute is never used, the PresentationFramework.dll never need - be present. - - Contract.Result<T>() != null - - - - Gets or sets the full name of the type. - - The full name of the type, such as: "ConsumerPortal.Code.CustomStore, ConsumerPortal". - - - - Gets or sets the path to the XAML file to deserialize to obtain the instance. - - - - - Gets the type described in the .config file. - - - - - Gets a value indicating whether this type has no meaningful type to instantiate. - - - - - Represents the section of a .config file where security policies regarding web requests - to user-provided, untrusted servers is controlled. - - - - - Gets the name of the @timeout attribute. - - - - - Gets the name of the @readWriteTimeout attribute. - - - - - Gets the name of the @maximumBytesToRead attribute. - - - - - Gets the name of the @maximumRedirections attribute. - - - - - Gets the name of the @whitelistHosts attribute. - - - - - Gets the name of the @whitelistHostsRegex attribute. - - - - - Gets the name of the @blacklistHosts attribute. - - - - - Gets the name of the @blacklistHostsRegex attribute. - - - - - Gets or sets the read/write timeout after which an HTTP request will fail. - - - - - Gets or sets the timeout after which an HTTP request will fail. - - - - - Gets or sets the maximum bytes to read from an untrusted web server. - - - - - Gets or sets the maximum redirections that will be followed before an HTTP request fails. - - - - - Gets or sets the collection of hosts on the whitelist. - - - - - Gets or sets the collection of hosts on the blacklist. - - - - - Gets or sets the collection of regular expressions that describe hosts on the whitelist. - - - - - Gets or sets the collection of regular expressions that describe hosts on the blacklist. - - - - - Represents a collection of child elements that describe host names either as literal host names or regex patterns. - - - - - Initializes a new instance of the class. - - - - - Creates a new child host name element. - - - A new . - - Contract.Result<ConfigurationElement>() != null - - - - Gets the element key for a specified configuration element. - - The to return the key for. - - An that acts as the key for the specified . - - element != null - Contract.Result<object>() != null - - - - Gets all the members of the collection assuming they are all literal host names. - - - - - Gets all the members of the collection assuming they are all host names regex patterns. - - - - - Represents the name of a single host or a regex pattern for host names. - - - - - Gets the name of the @name attribute. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The default value of the property. - - - - Gets or sets the name of the host on the white or black list. - - - - - Represents the <xriResolver> element in the host's .config file. - - - - - Gets the name of the @enabled attribute. - - - - - The default value for . - - - - - The name of the <proxy> sub-element. - - - - - The default XRI proxy resolver to use. - - - - - Initializes a new instance of the class. - - - - - Gets or sets a value indicating whether this XRI resolution is enabled. - - The default value is true. - - - - Gets or sets the proxy to use for resolving XRIs. - - The default value is "xri.net". - - - - An interface that provides URLs from which embedded resources can be obtained. - - - - - Gets the URL from which the given manifest resource may be downloaded by the user agent. - - Some type in the assembly containing the desired resource. - Manifest name of the desired resource. - An absolute URL. - - - - Description of a claim that is requested or required in a submitted Information Card. - - - - - Initializes a new instance of the class. - - - - - Returns a that represents the current . - - - A that represents the current . - - Contract.Result<string>() != null - - - - Gets or sets the URI of a requested claim. - - - For a list of well-known claim type URIs, see the class. - - - - - Gets or sets a value indicating whether this claim is optional. - - - true if this instance is optional; otherwise, false. - - - - - A set of sizes for which standard InfoCard icons are available. - - - - - A standard InfoCard icon with size 14x10 - - - - - A standard InfoCard icon with size 23x16 - - - - - A standard InfoCard icon with size 34x24 - - - - - A standard InfoCard icon with size 41x29 - - - - - A standard InfoCard icon with size 50x35 - - - - - A standard InfoCard icon with size 60x42 - - - - - A standard InfoCard icon with size 71x50 - - - - - A standard InfoCard icon with size 92x64 - - - - - A standard InfoCard icon with size 114x80 - - - - - A standard InfoCard icon with size 164x108 - - - - - A standard InfoCard icon with size 214x50 - - - - - A standard InfoCard icon with size 300x210 - - - - - A standard InfoCard icon with size 365x256 - - - - - Assists in selecting the InfoCard image to display in the user agent. - - - - - The default size of the InfoCard icon to use. - - - - - The format to use when generating the image manifest resource stream name. - - - - - Gets the name of the image manifest resource stream for an InfoCard image of the given size. - - The size of the desired InfoCard image. - The manifest resource stream name. - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to The token is invalid: The audience restrictions does not match the Relying Party.. - - - - - Looks up a localized string similar to The list of claims requested for inclusion in the InfoCard must be non-empty.. - - - - - Looks up a localized string similar to Failed to find the encryptionAlgorithm.. - - - - - Looks up a localized string similar to This operation requires the PPID claim to be included in the InfoCard token.. - - - - - Looks up a localized string similar to The PrivacyVersion property must be set whenever the PrivacyUrl property is set.. - - - - - Looks up a localized string similar to Click here to select your Information Card.. - - - - - An exception class for Information Cards. - - - - - An exception to represent errors in the local or remote implementation of the protocol. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - A message describing the specific error the occurred or was detected. - - - - Initializes a new instance of the class. - - A message describing the specific error the occurred or was detected. - The inner exception to include. - - - - Initializes a new instance of the class - such that it can be sent as a protocol message response to a remote caller. - - The human-readable exception message. - The message that was the cause of the exception. Must not be null. - faultedMessage != null - faultedMessage == null - - - - Initializes a new instance of the class. - - The - that holds the serialized object data about the exception being thrown. - The System.Runtime.Serialization.StreamingContext - that contains contextual information about the source or destination. - - - - When overridden in a derived class, sets the with information about the exception. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - - The parameter is a null reference (Nothing in Visual Basic). - - - - - - - - - Gets the message that caused the exception. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class with a specified - error message. - - The error message. - - - - Initializes a new instance of the class - with a specified error message and a reference to the inner exception that is - the cause of this exception. - - The error message that explains the reason for the exception. - - The exception that is the cause of the current exception, or a null reference - (Nothing in Visual Basic) if no inner exception is specified. - - - - - Initializes a new instance of the class - with serialized data. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - - The parameter is null. - - - The class name is null or is zero (0). - - - - - The decrypted token that was submitted as an Information Card. - - this.AuthorizationContext != null - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - Xml token, which may be encrypted. - The audience. May be null to avoid audience checking. - The decryptor to use to decrypt the token, if necessary.. - Thrown for any problem decoding or decrypting the token. - !String.IsNullOrEmpty(tokenXml) - String.IsNullOrEmpty(tokenXml) - decryptor != null || !IsEncrypted(tokenXml) - decryptor == null && IsEncrypted(tokenXml) - this.AuthorizationContext != null - - - - Deserializes an XML document into a token. - - The token XML. - The deserialized token. - !String.IsNullOrEmpty(tokenXml) - String.IsNullOrEmpty(tokenXml) - - - - Deserializes an XML document into a token. - - The token XML. - The URI that this token must have been crafted to be sent to. Use null to accept any intended audience. - The deserialized token. - !String.IsNullOrEmpty(tokenXml) - String.IsNullOrEmpty(tokenXml) - - - - Deserializes an XML document into a token. - - The token XML. - Any X.509 certificates that may be used to decrypt the token, if necessary. - The deserialized token. - !String.IsNullOrEmpty(tokenXml) - String.IsNullOrEmpty(tokenXml) - decryptionTokens != null - decryptionTokens == null - - - - Deserializes an XML document into a token. - - The token XML. - The URI that this token must have been crafted to be sent to. Use null to accept any intended audience. - Any X.509 certificates that may be used to decrypt the token, if necessary. - The deserialized token. - !String.IsNullOrEmpty(tokenXml) - String.IsNullOrEmpty(tokenXml) - decryptionTokens != null - decryptionTokens == null - Contract.Result<Token>() != null - - - - Determines whether the specified token XML is encrypted. - - The token XML. - - true if the specified token XML is encrypted; otherwise, false. - - - tokenXml != null - tokenXml == null - - - - Determines whether the specified token XML is encrypted. - - The token XML. - - true if the specified token XML is encrypted; otherwise, false. - - tokenXmlReader != null - tokenXmlReader == null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Flattens the claims into a dictionary - - A dictionary of claim type URIs and claim values. - - - - - Gets the AuthorizationContext behind this token. - - - - - Gets the the decrypted token XML. - - - - - Gets the UniqueID of this token, usable as a stable username that the user - has already verified belongs to him/her. - - - By default, this uses the PPID and the Issuer's Public Key and hashes them - together to generate a UniqueID. - - - - - Gets the hash of the card issuer's public key. - - - - - Gets the Site Specific ID that the user sees in the Identity Selector. - - - this.Claims.ContainsKey(ClaimTypes.PPID) && !string.IsNullOrEmpty(this.Claims[ClaimTypes.PPID]) - - !(this.Claims.ContainsKey(ClaimTypes.PPID)) || string.IsNullOrEmpty(this.Claims[ClaimTypes.PPID]) - - - - Gets the claims in all the claimsets as a dictionary of strings. - - - - - Tools for reading InfoCard tokens. - - - - - Token Authentication. Translates the decrypted data into a AuthContext. - - The token XML reader. - The audience that the token must be scoped for. - Use null to indicate any audience is acceptable. - - The authorization context carried by the token. - - Contract.Result<AuthorizationContext>() != null - - - - Translates claims to strings - - Claim to translate to a string - The string representation of a claim's value. - - - - Generates a UniqueID based off the Issuer's key - - the Authorization Context - the hash of the internal key of the issuer - - - - Generates a UniqueID based off the Issuer's key and the PPID. - - The Authorization Context - A unique ID for this user at this web site. - authzContext != null - authzContext == null - - - - Generates the Site Specific ID to match the one in the Identity Selector. - - The ID displayed by the Identity Selector. - The personal private identifier. - A string containing the XXX-XXXX-XXX cosmetic value. - ppid != null - ppid == null - !string.IsNullOrEmpty(Contract.Result<string>()) - - - - Gets the Unique RSA Claim from the SAML token. - - the claimset which contains the claim - a RSA claim - cs != null - cs == null - - - - Does the actual calculation of a combined ID from a value and an RSA key. - - The key of the issuer of the token - the claim value to hash with. - A base64 representation of the combined ID. - issuerKey != null - issuerKey == null - claimValue != null - claimValue == null - Contract.Result<string>() != null - - - - Gets the maximum amount the token can be out of sync with time. - - - - - A utility class for decrypting InfoCard tokens. - - this.Tokens != null - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - - - - Adds a certificate to the list of certificates to decrypt with. - - The x509 cert to use for decryption - - - - Adds a certificate to the list of certificates to decrypt with. - - store name of the certificate - store location - thumbprint of the cert to use - - - - Adds a store of certificates to the list of certificates to decrypt with. - - store name of the certificates - store location - - - - Decrpyts a security token from an XML EncryptedData - - The encrypted token XML reader. - A byte array of the contents of the encrypted token - reader != null - reader == null - Contract.Result<byte[]>() != null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Adds a store of certificates to the list of certificates to decrypt with. - - store name of the certificates - store location - A filter to on the certificates to add. - - - - Gets a list of possible decryption certificates, from the store/location set - - - Defaults to localmachine:my (same place SSL certs are) - - - - - A set of strings used in parsing the XML token. - - - - - The "http://www.w3.org/2001/04/xmlenc#" value. - - - - - The "EncryptionMethod" value. - - - - - The "CipherValue" value. - - - - - The "Algorithm" value. - - - - - The "EncryptedData" value. - - - - - The "CipherData" value. - - - - - Common InfoCard issuers. - - - - - The Issuer URI to use for self-issued cards. - - - - - Prevents a default instance of the class from being created. - - - - - Cached details on the response from a direct web request to a remote party. - - - - - Details on the incoming response from a direct web request to a remote party. - - - - - The encoding to use in reading a response that does not declare its own content encoding. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The original request URI. - The response to initialize from. The network stream is used by this class directly. - requestUri != null - requestUri == null - response != null - response == null - - - - Initializes a new instance of the class. - - The request URI. - The final URI to respond to the request. - The headers. - The status code. - Type of the content. - The content encoding. - requestUri != null - requestUri == null - - - - Returns a that represents the current . - - - A that represents the current . - - Contract.Result<string>() != null - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Creates a text reader for the response stream. - - The text reader, initialized for the proper encoding. - Contract.Result<StreamReader>() != null - - - - Gets an offline snapshot version of this instance. - - The maximum bytes from the response stream to cache. - A snapshot version of this instance. - - If this instance is a creating a snapshot - will automatically close and dispose of the underlying response stream. - If this instance is a , the result will - be the self same instance. - - maximumBytesToCache >= 0 - maximumBytesToCache < 0 - this.RequestUri != null - this.RequestUri == null - Contract.Result<CachedDirectWebResponse>() != null - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets the type of the content. - - - - - Gets the content encoding. - - - - - Gets the URI of the initial request. - - - - - Gets the URI that finally responded to the request. - - - This can be different from the in cases of - redirection during the request. - - - - - Gets the headers that must be included in the response to the user agent. - - - The headers in this collection are not meant to be a comprehensive list - of exactly what should be sent, but are meant to augment whatever headers - are generally included in a typical response. - - - - - Gets the HTTP status code to use in the HTTP response. - - - - - Gets the body of the HTTP response. - - - - - A seekable, repeatable response stream. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The request URI. - The response. - The maximum bytes to read. - requestUri != null - requestUri == null - response != null - response == null - - - - Initializes a new instance of the class. - - The request URI. - The final URI to respond to the request. - The headers. - The status code. - Type of the content. - The content encoding. - The response stream. - requestUri != null - requestUri == null - responseStream != null - responseStream == null - - - - Creates a text reader for the response stream. - - The text reader, initialized for the proper encoding. - Contract.Result<StreamReader>() != null - - - - Gets the body of the response as a string. - - The entire body of the response. - - - - Gets an offline snapshot version of this instance. - - The maximum bytes from the response stream to cache. - A snapshot version of this instance. - - If this instance is a creating a snapshot - will automatically close and dispose of the underlying response stream. - If this instance is a , the result will - be the self same instance. - - maximumBytesToCache >= 0 - maximumBytesToCache < 0 - this.RequestUri != null - this.RequestUri == null - Contract.Result<CachedDirectWebResponse>() != null - - - - Sets the response to some string, encoded as UTF-8. - - The string to set the response to. - - - - Caches the network stream and closes it if it is open. - - The response whose stream is to be cloned. - The maximum bytes to cache. - The seekable Stream instance that contains a copy of what was returned in the HTTP response. - response != null - response == null - Contract.Result<MemoryStream>() != null - - - - Gets a value indicating whether the cached response stream was - truncated to a maximum allowable length. - - - - - Gets the body of the HTTP response. - - - - - Gets or sets the cached response stream. - - - - - Code contract for the class. - - - - - Manages sending direct messages to a remote party and receiving responses. - - this.MessageDescriptions != null - - - - The content-type used on HTTP POST requests where the POST entity is a - URL-encoded series of key=value pairs. - - - - - The content-type used for JSON serialized objects. - - - - - The content-type for plain text. - - - - - The maximum allowable size for a 301 Redirect response before we send - a 200 OK response with a scripted form POST with the parameters instead - in order to ensure successfully sending a large payload to another server - that might have a maximum allowable size restriction on its GET request. - - - - - The HTML that should be returned to the user agent as part of a 301 Redirect. - - A string that should be used as the first argument to String.Format, where the {0} should be replaced with the URL to redirect to. - - - - The template for indirect messages that require form POST to forward through the user agent. - - - We are intentionally using " instead of the html single quote ' below because - the HtmlEncode'd values that we inject will only escape the double quote, so - only the double-quote used around these values is safe. - - - - - The encoding to use when writing out POST entity strings. - - - - - The content-type used on HTTP POST requests where the POST entity is a - URL-encoded series of key=value pairs. - This includes the character encoding. - - - - - A list of binding elements in the order they must be applied to outgoing messages. - - - - - A list of binding elements in the order they must be applied to incoming messages. - - - - - The default cache of message descriptions to use unless they are customized. - - - This is a perf optimization, so that we don't reflect over every message type - every time a channel is constructed. - - - - - A cache of reflected message types that may be sent or received on this channel. - - - - - A tool that can figure out what kind of message is being received - so it can be deserialized. - - - - - Backing store for the property. - - - - - Initializes a new instance of the class. - - - A class prepared to analyze incoming messages and indicate what concrete - message types can deserialize from it. - - The binding elements to use in sending and receiving messages. - messageTypeProvider != null - messageTypeProvider == null - - - - Sends an indirect message (either a request or response) - or direct message response for transmission to a remote party - and ends execution on the current page or handler. - - The one-way message to send - Thrown by ASP.NET in order to prevent additional data from the page being sent to the client and corrupting the response. - - Requires an HttpContext.Current context. - - HttpContext.Current != null - HttpContext.Current == null - message != null - message == null - - - - Prepares an indirect message (either a request or response) - or direct message response for transmission to a remote party. - - The one-way message to send - The pending user agent redirect based message to be sent as an HttpResponse. - message != null - message == null - Contract.Result<OutgoingWebResponse>() != null - - - - Gets the protocol message embedded in the given HTTP request, if present. - - The deserialized message, if one is found. Null otherwise. - - Requires an HttpContext.Current context. - - Thrown when is null. - - - - Gets the protocol message embedded in the given HTTP request, if present. - - The expected type of the message to be received. - The deserialized message, if one is found. Null otherwise. - True if the expected message was recognized and deserialized. False otherwise. - - Requires an HttpContext.Current context. - - Thrown when is null. - Thrown when a request message of an unexpected type is received. - - - - Gets the protocol message embedded in the given HTTP request, if present. - - The expected type of the message to be received. - The request to search for an embedded message. - The deserialized message, if one is found. Null otherwise. - True if the expected message was recognized and deserialized. False otherwise. - Thrown when is null. - Thrown when a request message of an unexpected type is received. - httpRequest != null - httpRequest == null - Contract.Result<bool>() == (Contract.ValueAtReturn<TRequest>(out request) != null) - - - - Gets the protocol message embedded in the current HTTP request. - - The expected type of the message to be received. - The deserialized message. Never null. - - Requires an HttpContext.Current context. - - Thrown when is null. - Thrown if the expected message was not recognized in the response. - - - - Gets the protocol message embedded in the given HTTP request. - - The expected type of the message to be received. - The request to search for an embedded message. - The deserialized message. Never null. - Thrown if the expected message was not recognized in the response. - httpRequest != null - httpRequest == null - - - - Gets the protocol message that may be embedded in the given HTTP request. - - The request to search for an embedded message. - The deserialized message, if one is found. Null otherwise. - httpRequest != null - httpRequest == null - - - - Sends a direct message to a remote party and waits for the response. - - The expected type of the message to be received. - The message to send. - The remote party's response. - - Thrown if no message is recognized in the response - or an unexpected type of message is received. - - requestMessage != null - requestMessage == null - Contract.Result<TResponse>() != null - - - - Sends a direct message to a remote party and waits for the response. - - The message to send. - The remote party's response. Guaranteed to never be null. - Thrown if the response does not include a protocol message. - requestMessage != null - requestMessage == null - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Verifies the integrity and applicability of an incoming message. - - The message just received. - - Thrown when the message is somehow invalid. - This can be due to tampering, replay attack or expiration, among other things. - - - - - Prepares an HTTP request that carries a given message. - - The message to send. - The prepared to send the request. - - This method must be overridden by a derived class, unless the method - is overridden and does not require this method. - - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - The pending user agent redirect based message to be sent as an HttpResponse. - - This method implements spec OAuth V1.0 section 5.3. - - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - The deserialized message parts, if found. Null otherwise. - Thrown when the response is not valid. - - - - This method should NOT be called by derived types - except when sending ONE WAY request messages. - - - Prepares a message for transmit by applying signatures, nonces, etc. - - The message to prepare for sending. - - - - Gets the current HTTP request being processed. - - The HttpRequestInfo for the current request. - - Requires an context. - - Thrown if HttpContext.Current == null. - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - Contract.Result<HttpRequestInfo>() != null - Contract.Result<HttpRequestInfo>().Url != null - Contract.Result<HttpRequestInfo>().RawUrl != null - Contract.Result<HttpRequestInfo>().UrlBeforeRewriting != null - - - - Checks whether a given HTTP method is expected to include an entity body in its request. - - The HTTP method. - - true if the HTTP method is supposed to have an entity; false otherwise. - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Fires the event. - - The message about to be encoded and sent. - message != null - message == null - - - - Gets the direct response of a direct HTTP request. - - The web request. - The response to the web request. - Thrown on network or protocol errors. - webRequest != null - webRequest == null - - - - Submits a direct request message to some remote party and blocks waiting for an immediately reply. - - The request message. - The response message, or null if the response did not carry a message. - - Typically a deriving channel will override to customize this method's - behavior. However in non-HTTP frameworks, such as unit test mocks, it may be appropriate to override - this method to eliminate all use of an HTTP transport. - - request != null - request == null - request.Recipient != null - request.Recipient == null - - - - Called when receiving a direct response message, before deserialization begins. - - The HTTP direct response. - The newly instantiated message, prior to deserialization. - - - - Gets the protocol message that may be embedded in the given HTTP request. - - The request to search for an embedded message. - The deserialized message, if one is found. Null otherwise. - request != null - request == null - - - - Deserializes a dictionary of values into a message. - - The dictionary of values that were read from an HTTP request or response. - Information about where the message was directed. Null for direct response messages. - The deserialized message, or null if no message could be recognized in the provided data. - fields != null - fields == null - - - - Queues an indirect message for transmittal via the user agent. - - The message to send. - The pending user agent redirect based message to be sent as an HttpResponse. - message != null - message == null - message.Recipient != null - message.Recipient == null - (message.HttpMethods & (HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.PostRequest)) != 0 - !((message.HttpMethods & (HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.PostRequest)) != 0) - Contract.Result<OutgoingWebResponse>() != null - - - - Encodes an HTTP response that will instruct the user agent to forward a message to - some remote third party using a 301 Redirect GET method. - - The message to forward. - The pre-serialized fields from the message. - if set to true the redirect will contain the message payload in the #fragment portion of the URL rather than the ?querystring. - The encoded HTTP response. - - message != null - message == null - message.Recipient != null - message.Recipient == null - fields != null - fields == null - Contract.Result<OutgoingWebResponse>() != null - - - - Encodes an HTTP response that will instruct the user agent to forward a message to - some remote third party using a form POST method. - - The message to forward. - The pre-serialized fields from the message. - The encoded HTTP response. - message != null - message == null - message.Recipient != null - message.Recipient == null - fields != null - fields == null - Contract.Result<OutgoingWebResponse>() != null - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - The deserialized message parts, if found. Null otherwise. - Thrown when the response is not valid. - response != null - response == null - - - - Prepares an HTTP request that carries a given message. - - The message to send. - The prepared to send the request. - - This method must be overridden by a derived class, unless the method - is overridden and does not require this method. - - request != null - request == null - request.Recipient != null - request.Recipient == null - Contract.Result<HttpWebRequest>() != null - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - The pending user agent redirect based message to be sent as an HttpResponse. - - This method implements spec OAuth V1.0 section 5.3. - - response != null - response == null - Contract.Result<OutgoingWebResponse>() != null - - - - Serializes the given message as a JSON string. - - The message to serialize. - A JSON string. - message != null - message == null - - - - Deserializes from flat data from a JSON object. - - A JSON string. - The simple "key":"value" pairs from a JSON-encoded object. - !String.IsNullOrEmpty(json) - String.IsNullOrEmpty(json) - - - - Prepares a message for transmit by applying signatures, nonces, etc. - - The message to prepare for sending. - - This method should NOT be called by derived types - except when sending ONE WAY request messages. - - message != null - message == null - - - - Prepares to send a request to the Service Provider as the query string in a GET request. - - The message to be transmitted to the ServiceProvider. - The web request ready to send. - - This method is simply a standard HTTP Get request with the message parts serialized to the query string. - This method satisfies OAuth 1.0 section 5.2, item #3. - - requestMessage != null - requestMessage == null - requestMessage.Recipient != null - requestMessage.Recipient == null - - - - Prepares to send a request to the Service Provider as the query string in a HEAD request. - - The message to be transmitted to the ServiceProvider. - The web request ready to send. - - This method is simply a standard HTTP HEAD request with the message parts serialized to the query string. - This method satisfies OAuth 1.0 section 5.2, item #3. - - requestMessage != null - requestMessage == null - requestMessage.Recipient != null - requestMessage.Recipient == null - - - - Prepares to send a request to the Service Provider as the payload of a POST request. - - The message to be transmitted to the ServiceProvider. - The web request ready to send. - - This method is simply a standard HTTP POST request with the message parts serialized to the POST entity - with the application/x-www-form-urlencoded content type - This method satisfies OAuth 1.0 section 5.2, item #2 and OpenID 2.0 section 4.1.2. - - requestMessage != null - requestMessage == null - Contract.Result<HttpWebRequest>() != null - - - - Prepares to send a request to the Service Provider as the query string in a PUT request. - - The message to be transmitted to the ServiceProvider. - The web request ready to send. - - This method is simply a standard HTTP PUT request with the message parts serialized to the query string. - - requestMessage != null - requestMessage == null - Contract.Result<HttpWebRequest>() != null - - - - Prepares to send a request to the Service Provider as the query string in a DELETE request. - - The message to be transmitted to the ServiceProvider. - The web request ready to send. - - This method is simply a standard HTTP DELETE request with the message parts serialized to the query string. - - requestMessage != null - requestMessage == null - Contract.Result<HttpWebRequest>() != null - - - - Sends the given parameters in the entity stream of an HTTP request. - - The HTTP request. - The parameters to send. - - This method calls and closes - the request stream, but does not call . - - httpRequest != null - httpRequest == null - fields != null - fields == null - - - - Sends the given parameters in the entity stream of an HTTP request in multi-part format. - - The HTTP request. - The parameters to send. - - This method calls and closes - the request stream, but does not call . - - - - - Verifies the integrity and applicability of an incoming message. - - The message just received. - - Thrown when the message is somehow invalid. - This can be due to tampering, replay attack or expiration, among other things. - - message != null - message == null - - - - Customizes the binding element order for outgoing and incoming messages. - - The outgoing order. - The incoming order. - - No binding elements can be added or removed from the channel using this method. - Only a customized order is allowed. - - Thrown if a binding element is new or missing in one of the ordered lists. - outgoingOrder != null - outgoingOrder == null - incomingOrder != null - incomingOrder == null - - - - Ensures a consistent and secure set of binding elements and - sorts them as necessary for a valid sequence of operations. - - The binding elements provided to the channel. - The properly ordered list of elements. - Thrown when the binding elements are incomplete or inconsistent with each other. - - - - Puts binding elements in their correct outgoing message processing order. - - The first protection type to compare. - The second protection type to compare. - - -1 if should be applied to an outgoing message before . - 1 if should be applied to an outgoing message before . - 0 if it doesn't matter. - - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Verifies that all required message parts are initialized to values - prior to sending the message to a remote party. - - The message to verify. - - Thrown when any required message part does not have a value. - - message != null - message == null - - - - Determines whether a given ordered list of binding elements includes every - binding element in this channel exactly once. - - The list of binding elements to test. - - true if the given list is a valid description of a binding element ordering; otherwise, false. - - - order != null - order == null - - - - An event fired whenever a message is about to be encoded and sent. - - - - - Gets or sets an instance to a that will be used when - submitting HTTP requests and waiting for responses. - - - This defaults to a straightforward implementation, but can be set - to a mock object for testing purposes. - - - - - Gets or sets the message descriptions. - - - value != null - - value == null - - - - Gets a tool that can figure out what kind of message is being received - so it can be deserialized. - - - - - Gets the binding elements used by this channel, in no particular guaranteed order. - - - Contract.Result<ReadOnlyCollection<IChannelBindingElement>>() != null - - - - - Gets the binding elements used by this channel, in the order applied to outgoing messages. - - - - - Gets the binding elements used by this channel, in the order applied to incoming messages. - - - Contract.Result<ReadOnlyCollection<IChannelBindingElement>>().All(be => be.Channel != null) - Contract.Result<ReadOnlyCollection<IChannelBindingElement>>().All(be => be != null) - - - - - Gets or sets a value indicating whether this instance is disposed. - - - true if this instance is disposed; otherwise, false. - - - - - Gets or sets a tool that can figure out what kind of message is being received - so it can be deserialized. - - - - - Gets or sets the cache policy to use for direct message requests. - - Default is . - - value != null - - value == null - - - - Gets or sets the XML dictionary reader quotas. - - The XML dictionary reader quotas. - - - - Prevents a default instance of the ChannelContract class from being created. - - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - - The deserialized message parts, if found. Null otherwise. - - Thrown when the response is not valid. - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - - The pending user agent redirect based message to be sent as an HttpResponse. - - - This method implements spec V1.0 section 5.3. - - - - - An interface that allows indirect response messages to specify - HTTP transport specific properties. - - - - - Gets a value indicating whether the payload for the message should be included - in the redirect fragment instead of the query string or POST entity. - - - - - A set of flags that can control the behavior of an individual web request. - - - - - Indicates that default behavior is required. - - - - - Indicates that any response from the remote server, even those - with HTTP status codes that indicate errors, should not result - in a thrown exception. - - - Even with this flag set, should - be thrown when an HTTP protocol error occurs (i.e. timeouts). - - - - - Indicates that the HTTP request must be completed entirely - using SSL (including any redirects). - - - - - Extension methods for types. - - - - - Caches the results of enumerating over a given object so that subsequence enumerations - don't require interacting with the object a second time. - - The type of element found in the enumeration. - The enumerable object. - - Either a new enumerable object that caches enumerated results, or the original, - object if no caching is necessary to avoid additional CPU work. - - - This is designed for use on the results of generator methods (the ones with yield return in them) - so that only those elements in the sequence that are needed are ever generated, while not requiring - regeneration of elements that are enumerated over multiple times. - This can be a huge performance gain if enumerating multiple times over an expensive generator method. - Some enumerable types such as collections, lists, and already-cached generators do not require - any (additional) caching, and this method will simply return those objects rather than caching them - to avoid double-caching. - - sequence != null - sequence == null - - - - A wrapper for types and returns a caching - from its method. - - The type of element in the sequence. - - - - The results from enumeration of the live object that have been collected thus far. - - - - - The original generator method or other enumerable object whose contents should only be enumerated once. - - - - - The enumerator we're using over the generator method's results. - - - - - The sync object our caching enumerators use when adding a new live generator method result to the cache. - - - Although individual enumerators are not thread-safe, this should be - thread safe so that multiple enumerators can be created from it and used from different threads. - - - - - Initializes a new instance of the EnumerableCache class. - - The generator. - generator != null - generator == null - - - - Returns an enumerator that iterates through the collection. - - - A that can be used to iterate through the collection. - - Contract.Result<IEnumerator<T>>() != null - Contract.Result<IEnumerator<T>>().Model == ((IEnumerable)this).Model - - - - Returns an enumerator that iterates through a collection. - - - An object that can be used to iterate through the collection. - - Contract.Result<IEnumerator>() != null - Contract.Result<IEnumerator>().Model == this.Model - Contract.Result<IEnumerator>().CurrentIndex == -1 - - - - An enumerator that uses cached enumeration results whenever they are available, - and caches whatever results it has to pull from the original object. - - - - - The parent enumeration wrapper class that stores the cached results. - - - - - The position of this enumerator in the cached list. - - - - - Initializes a new instance of the class. - - The parent cached enumerable whose GetEnumerator method is calling this constructor. - parent != null - parent == null - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Advances the enumerator to the next element of the collection. - - - true if the enumerator was successfully advanced to the next element; false if the enumerator has passed the end of the collection. - - - The collection was modified after the enumerator was created. - - this.Model == Contract.OldValue(this.Model) - this.CurrentIndex < this.Model.Length - this.CurrentIndex >= 0 - this.CurrentIndex == Contract.OldValue(this.CurrentIndex) + 1 - - - - Sets the enumerator to its initial position, which is before the first element in the collection. - - - The collection was modified after the enumerator was created. - - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets the element in the collection at the current position of the enumerator. - - - The element in the collection at the current position of the enumerator. - - - - - Gets the element in the collection at the current position of the enumerator. - - - The element in the collection at the current position of the enumerator. - - - Contract.Result<object>() == this.Model[this.CurrentIndex] - - - - - An exception to call out a configuration or runtime failure on the part of the - (web) application that is hosting this library. - - - This exception is used rather than for those errors - that should never be caught because they indicate a major error in the app itself - or its configuration. - It is an internal exception to assist in making it uncatchable. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The message. - - - - Initializes a new instance of the class. - - The message. - The inner exception. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - - The parameter is null. - - - The class name is null or is zero (0). - - - - - An interface that allows direct response messages to specify - HTTP transport specific properties. - - - - - Gets the HTTP status code that the direct response should be sent with. - - - - - Gets the HTTP headers to add to the response. - - May be an empty collection, but must not be null. - - Contract.Result<WebHeaderCollection>() != null - - - - - An interface that extension messages must implement. - - - - - The interface that classes must implement to be serialized/deserialized - as protocol or extension messages. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<Version>() != null - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IDictionary<string, string>>() != null - - - - - Contract class for the interface. - - - - - Gets the HTTP status code that the direct response should be sent with. - - - - - - Gets the HTTP headers to add to the response. - - May be an empty collection, but must not be null. - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - - Implementations of this interface should ensure that this property never returns null. - - - - - Undirected messages that serve as direct responses to direct requests. - - - - - The interface that classes must implement to be serialized/deserialized - as protocol messages. - - - - - Gets the level of protection this message requires. - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - Gets the originating request message that caused this response to be formed. - - - - - An empty dictionary. Useful for avoiding memory allocations in creating new dictionaries to represent empty ones. - - The type of the key. - The type of the value. - - - - The singleton instance of the empty dictionary. - - - - - Prevents a default instance of the EmptyDictionary class from being created. - - - - - Adds an element with the provided key and value to the . - - The object to use as the key of the element to add. - The object to use as the value of the element to add. - - is null. - - - An element with the same key already exists in the . - - - The is read-only. - - - - - Determines whether the contains an element with the specified key. - - The key to locate in the . - - true if the contains an element with the key; otherwise, false. - - - is null. - - !Contract.Result<bool>() || @this.Count > 0 - - - - Removes the element with the specified key from the . - - The key of the element to remove. - - true if the element is successfully removed; otherwise, false. This method also returns false if was not found in the original . - - - is null. - - - The is read-only. - - - - - Gets the value associated with the specified key. - - The key whose value to get. - When this method returns, the value associated with the specified key, if the key is found; otherwise, the default value for the type of the parameter. This parameter is passed uninitialized. - - true if the object that implements contains an element with the specified key; otherwise, false. - - - is null. - - Contract.Result<bool>() == @this.ContainsKey(key) - - - - Adds an item to the . - - The object to add to the . - - The is read-only. - - - - - Removes all items from the . - - - The is read-only. - - this.Count == 0 - - - - Determines whether the contains a specific value. - - The object to locate in the . - - true if is found in the ; otherwise, false. - - - - - Copies the elements of the to an , starting at a particular index. - - The one-dimensional that is the destination of the elements copied from . The must have zero-based indexing. - The zero-based index in at which copying begins. - - is null. - - - is less than 0. - - - is multidimensional. - -or- - is equal to or greater than the length of . - -or- - The number of elements in the source is greater than the available space from to the end of the destination . - -or- - Type cannot be cast automatically to the type of the destination . - - - - - Removes the first occurrence of a specific object from the . - - The object to remove from the . - - true if was successfully removed from the ; otherwise, false. This method also returns false if is not found in the original . - - - The is read-only. - - - - - Returns an enumerator that iterates through the collection. - - - A that can be used to iterate through the collection. - - Contract.Result<IEnumerator<T>>() != null - Contract.Result<IEnumerator<T>>().Model == ((IEnumerable)this).Model - - - - Returns an enumerator that iterates through a collection. - - - An object that can be used to iterate through the collection. - - Contract.Result<IEnumerator>() != null - Contract.Result<IEnumerator>().Model == this.Model - Contract.Result<IEnumerator>().CurrentIndex == -1 - - - - Gets an containing the values in the . - - - - An containing the values in the object that implements . - - - Contract.Result<ICollection<TValue>>() != null - - - - - Gets the number of elements contained in the . - - - - The number of elements contained in the . - - - Contract.Result<int>() >= 0 - - - - - Gets a value indicating whether the is read-only. - - - true if the is read-only; otherwise, false. - - - - - Gets an containing the keys of the . - - - - An containing the keys of the object that implements . - - - Contract.Result<ICollection<TKey>>() != null - - - - - Gets or sets the value with the specified key. - - The key being read or written. - - - - An enumerator that always generates zero elements. - - - - - The singleton instance of this empty enumerator. - - - - - Prevents a default instance of the class from being created. - - - - - Advances the enumerator to the next element of the collection. - - - true if the enumerator was successfully advanced to the next element; false if the enumerator has passed the end of the collection. - - - The collection was modified after the enumerator was created. - - this.Model == Contract.OldValue(this.Model) - this.CurrentIndex < this.Model.Length - this.CurrentIndex >= 0 - this.CurrentIndex == Contract.OldValue(this.CurrentIndex) + 1 - - - - Sets the enumerator to its initial position, which is before the first element in the collection. - - - The collection was modified after the enumerator was created. - - - - - Gets the current element in the collection. - - - - The current element in the collection. - - - The enumerator is positioned before the first element of the collection or after the last element. - - - Contract.Result<object>() == this.Model[this.CurrentIndex] - - - - - An empty, read-only list. - - The type the list claims to include. - - - - The singleton instance of the empty list. - - - - - Prevents a default instance of the EmptyList class from being created. - - - - - Determines the index of a specific item in the . - - The object to locate in the . - - The index of if found in the list; otherwise, -1. - - Contract.Result<int>() >= -1 - Contract.Result<int>() < @this.Count - - - - Inserts an item to the at the specified index. - - The zero-based index at which should be inserted. - The object to insert into the . - - is not a valid index in the . - - - The is read-only. - - index >= 0 - - - - Removes the item at the specified index. - - The zero-based index of the item to remove. - - is not a valid index in the . - - - The is read-only. - - index >= 0 - index < @this.Count - @this.Count == Contract.OldValue(@this.Count) - 1 - - - - Adds an item to the . - - The object to add to the . - - The is read-only. - - - - - Removes all items from the . - - - The is read-only. - - this.Count == 0 - - - - Determines whether the contains a specific value. - - The object to locate in the . - - true if is found in the ; otherwise, false. - - - - - Copies the elements of the to an , starting at a particular index. - - The one-dimensional that is the destination of the elements copied from . The must have zero-based indexing. - The zero-based index in at which copying begins. - - is null. - - - is less than 0. - - - is multidimensional. - -or- - is equal to or greater than the length of . - -or- - The number of elements in the source is greater than the available space from to the end of the destination . - -or- - Type cannot be cast automatically to the type of the destination . - - - - - Removes the first occurrence of a specific object from the . - - The object to remove from the . - - true if was successfully removed from the ; otherwise, false. This method also returns false if is not found in the original . - - - The is read-only. - - - - - Returns an enumerator that iterates through the collection. - - - A that can be used to iterate through the collection. - - Contract.Result<IEnumerator<T>>() != null - Contract.Result<IEnumerator<T>>().Model == ((IEnumerable)this).Model - - - - Returns an enumerator that iterates through a collection. - - - An object that can be used to iterate through the collection. - - Contract.Result<IEnumerator>() != null - Contract.Result<IEnumerator>().Model == this.Model - Contract.Result<IEnumerator>().CurrentIndex == -1 - - - - Gets the number of elements contained in the . - - - - The number of elements contained in the . - - - Contract.Result<int>() >= 0 - - - - - Gets a value indicating whether the is read-only. - - - true if the is read-only; otherwise, false. - - - - - Gets or sets the at the specified index. - - The index of the element in the list to change. - - index >= 0 - index < @this.Count - - - index >= 0 - index < @this.Count - - - - - A collection of error checking and reporting methods. - - - - - Wraps an exception in a new . - - The inner exception to wrap. - The error message for the outer exception. - The string formatting arguments, if any. - The newly constructed (unthrown) exception. - - args != null - args == null - - - - Throws an internal error exception. - - The error message. - Nothing. But included here so callers can "throw" this method for C# safety. - Always thrown. - - - - - Checks a condition and throws an internal error exception if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - Thrown if evaluates to false. - - condition - !condition - !condition will be true on throw. - - - - Checks a condition and throws an internal error exception if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - The formatting arguments. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Checks a condition and throws an if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - Thrown if evaluates to false. - - condition - !condition - !condition will be true on throw. - - - - Checks a condition and throws a if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - Thrown if evaluates to false. - - condition - !condition - !condition will be true on throw. - - - - Checks a condition and throws a if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - The string formatting arguments for . - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Checks a condition and throws an if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - The formatting arguments. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Checks a condition and throws an - if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - The formatting arguments. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Throws a if some evaluates to false. - - True to do nothing; false to throw the exception. - The error message for the exception. - The string formatting arguments, if any. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Throws a if some evaluates to false. - - True to do nothing; false to throw the exception. - The message being processed that would be responsible for the exception if thrown. - The error message for the exception. - The string formatting arguments, if any. - Thrown if evaluates to false. - - args != null - args == null - faultedMessage != null - faultedMessage == null - condition - !condition - !condition will be true on throw. - - - - Throws a if some evaluates to false. - - True to do nothing; false to throw the exception. - The error message for the exception. - The string formatting arguments, if any. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Throws a . - - The message to set in the exception. - The formatting arguments of the message. - - An InternalErrorException, which may be "thrown" by the caller in order - to satisfy C# rules to show that code will never be reached, but no value - actually is ever returned because this method guarantees to throw. - - Always thrown. - - args != null - args == null - - - - Throws a . - - The message for the exception. - The string formatting arguments for . - Nothing. It's just here so the caller can throw this method for C# compilation check. - - args != null - args == null - - - - Throws a if some condition is false. - - The expression to evaluate. A value of false will cause the exception to be thrown. - The message for the exception. - The string formatting arguments for . - Thrown when is false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Verifies something about the argument supplied to a method. - - The condition that must evaluate to true to avoid an exception. - The message to use in the exception if the condition is false. - The string formatting arguments, if any. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Throws an . - - Name of the parameter. - The message to use in the exception if the condition is false. - The string formatting arguments, if any. - Never returns anything. It always throws. - - args != null - args == null - - - - Verifies something about the argument supplied to a method. - - The condition that must evaluate to true to avoid an exception. - Name of the parameter. - The message to use in the exception if the condition is false. - The string formatting arguments, if any. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Verifies that some given value is not null. - - The value to check. - Name of the parameter, which will be used in the , if thrown. - Thrown if is null. - - value != null - value == null - value == null will be true on throw. - - - - Verifies that some string is not null and has non-zero length. - - The value to check. - Name of the parameter, which will be used in the , if thrown. - Thrown if is null. - Thrown if has zero length. - - - - - Verifies that != null. - - Thrown if == null - - HttpContext.Current != null - HttpContext.Current.Request != null - - - - An interface that messages wishing to perform custom serialization/deserialization - may implement to be notified of events. - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Code contract for the class. - - - - - Creates a text reader for the response stream. - - - The text reader, initialized for the proper encoding. - - - - - Gets an offline snapshot version of this instance. - - The maximum bytes from the response stream to cache. - A snapshot version of this instance. - - If this instance is a creating a snapshot - will automatically close and dispose of the underlying response stream. - If this instance is a , the result will - be the self same instance. - - - - - Gets the body of the HTTP response. - - - - - - A protocol message that supports adding extensions to the payload for transmission. - - - - - Gets the list of extensions that are included with this message. - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IList<IExtensionMessage>>() != null - - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the list of extensions that are included with this message. - - - Implementations of this interface should ensure that this property never returns null. - - - - - Gets the level of protection this message requires. - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - Implementations of this interface should ensure that this property never returns null. - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - Implementations of this interface should ensure that this property never returns null. - - - - - An internal exception to throw if an internal error within the library requires - an abort of the operation. - - - This exception is internal to prevent clients of the library from catching what is - really an unexpected, potentially unrecoverable exception. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The message. - - - - Initializes a new instance of the class. - - The message. - The inner exception. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - - The parameter is null. - - - The class name is null or is zero (0). - - - - - A KeyedCollection whose item -> key transform is provided via a delegate - to its constructor, and null items are disallowed. - - The type of the key. - The type of the item. - - - - The delegate that returns a key for the given item. - - - - - Initializes a new instance of the KeyedCollectionDelegate class. - - The delegate that gets the key for a given item. - getKeyForItemDelegate != null - getKeyForItemDelegate == null - - - - When implemented in a derived class, extracts the key from the specified element. - - The element from which to extract the key. - The key for the specified element. - - - - Represents a single part in a HTTP multipart POST request. - - !string.IsNullOrEmpty(this.ContentDisposition) - this.PartHeaders != null - this.ContentAttributes != null - - - - The "Content-Disposition" string. - - - - - The two-character \r\n newline character sequence to use. - - - - - Initializes a new instance of the class. - - The content disposition of the part. - !string.IsNullOrEmpty(contentDisposition) - string.IsNullOrEmpty(contentDisposition) - - - - Creates a part that represents a simple form field. - - The name of the form field. - The value. - The constructed part. - !string.IsNullOrEmpty(name) - string.IsNullOrEmpty(name) - value != null - value == null - - - - Creates a part that represents a file attachment. - - The name of the form field. - The path to the file to send. - Type of the content in HTTP Content-Type format. - The constructed part. - !string.IsNullOrEmpty(name) - string.IsNullOrEmpty(name) - !string.IsNullOrEmpty(filePath) - string.IsNullOrEmpty(filePath) - !string.IsNullOrEmpty(contentType) - string.IsNullOrEmpty(contentType) - - - - Creates a part that represents a file attachment. - - The name of the form field. - Name of the file as the server should see it. - Type of the content in HTTP Content-Type format. - The content of the file. - The constructed part. - !string.IsNullOrEmpty(name) - string.IsNullOrEmpty(name) - !string.IsNullOrEmpty(fileName) - string.IsNullOrEmpty(fileName) - !string.IsNullOrEmpty(contentType) - string.IsNullOrEmpty(contentType) - content != null - content == null - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Serializes the part to a stream. - - The stream writer. - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the content disposition. - - The content disposition. - - - - Gets the key=value attributes that appear on the same line as the Content-Disposition. - - The content attributes. - - - - Gets the headers that appear on subsequent lines after the Content-Disposition. - - - - - Gets or sets the content of the part. - - - - - Gets the length of this entire part. - - Useful for calculating the ContentLength HTTP header to send before actually serializing the content. - - - - A live network HTTP response - - - - - The network response object, used to initialize this instance, that still needs - to be closed if applicable. - - - - - The incoming network response stream. - - - - - A value indicating whether a stream reader has already been - created on this instance. - - - - - Initializes a new instance of the class. - - The request URI. - The response. - requestUri != null - requestUri == null - response != null - response == null - - - - Creates a text reader for the response stream. - - The text reader, initialized for the proper encoding. - Contract.Result<StreamReader>() != null - - - - Gets an offline snapshot version of this instance. - - The maximum bytes from the response stream to cache. - A snapshot version of this instance. - - If this instance is a creating a snapshot - will automatically close and dispose of the underlying response stream. - If this instance is a , the result will - be the self same instance. - - maximumBytesToCache >= 0 - maximumBytesToCache < 0 - this.RequestUri != null - this.RequestUri == null - Contract.Result<CachedDirectWebResponse>() != null - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets the body of the HTTP response. - - - - - An ASP.NET MVC structure to represent the response to send - to the user agent when the controller has finished its work. - - - - - The outgoing web response to send when the ActionResult is executed. - - - - - Initializes a new instance of the class. - - The response. - response != null - response == null - - - - Enables processing of the result of an action method by a custom type that inherits from . - - The context in which to set the response. - - - - An interface describing how various objects can be serialized and deserialized between their object and string forms. - - - Implementations of this interface must include a default constructor and must be thread-safe. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - The in string form, ready for message transport. - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - The deserialized form of the given string. - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Code contract for the type. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - - - - A message part encoder that has a special encoding for a null value. - - - - - Gets the string representation to include in a serialized message - when the message part has a null value. - - - - - An interface describing how various objects can be serialized and deserialized between their object and string forms. - - - Implementations of this interface must include a default constructor and must be thread-safe. - - - - - Encodes the specified value as the original value that was formerly decoded. - - The value. Guaranteed to never be null. - The in string form, ready for message transport. - - - - A cache of instances. - - - - - A dictionary of reflected message types and the generated reflection information. - - - - - Initializes a new instance of the class. - - - - - Returns an enumerator that iterates through a collection. - - - An object that can be used to iterate through the collection. - - Contract.Result<IEnumerator<T>>() != null - Contract.Result<IEnumerator<T>>().Model == ((IEnumerable)this).Model - - - - Returns an enumerator that iterates through a collection. - - - An object that can be used to iterate through the collection. - - Contract.Result<IEnumerator>() != null - Contract.Result<IEnumerator>().Model == this.Model - Contract.Result<IEnumerator>().CurrentIndex == -1 - - - - Gets a instance prepared for the - given message type. - - A type that implements . - The protocol version of the message. - A instance. - - messageType != null - messageType == null - typeof(IMessage).IsAssignableFrom(messageType) - !(typeof(IMessage).IsAssignableFrom(messageType)) - messageVersion != null - messageVersion == null - Contract.Result<MessageDescription>() != null - - - - Gets a instance prepared for the - given message type. - - The message for which a should be obtained. - - A instance. - - - message != null - message == null - Contract.Result<MessageDescription>() != null - - - - Gets the dictionary that provides read/write access to a message. - - The message. - The dictionary. - - message != null - message == null - - - - Gets the dictionary that provides read/write access to a message. - - The message. - A value indicating whether this message dictionary will retrieve original values instead of normalized ones. - The dictionary. - - message != null - message == null - - - - A struct used as the key to bundle message type and version. - - - - - Backing store for the property. - - - - - Backing store for the property. - - - - - Initializes a new instance of the struct. - - Type of the message. - The message version. - messageType != null - messageType == null - messageVersion != null - messageVersion == null - - - - Implements the operator ==. - - The first object to compare. - The second object to compare. - The result of the operator. - - - - Implements the operator !=. - - The first object to compare. - The second object to compare. - The result of the operator. - - - - Indicates whether this instance and a specified object are equal. - - Another object to compare to. - - true if and this instance are the same type and represent the same value; otherwise, false. - - - - - Returns the hash code for this instance. - - - A 32-bit signed integer that is the hash code for this instance. - - - - - Gets the message type. - - - - - Gets the message version. - - - - - A set of customizations available for the scripts sent to the browser in AJAX OpenID scenarios. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the ID of the hidden field that should carry the positive assertion - until it is posted to the RP. - - - - - Gets or sets the ID of the hidden field that should be set with the parent window/frame's URL - prior to posting the form with the positive assertion. Useful for jQuery popup dialogs. - - - - - Gets or sets the index of the form in the document.forms array on the browser that should - be submitted when the user is ready to send the positive assertion to the RP. - - - - - Gets or sets the id of the form in the document.forms array on the browser that should - be submitted when the user is ready to send the positive assertion to the RP. A value - in this property takes precedence over any value in the property. - - The form id. - - - - Gets or sets the preloaded discovery results. - - - - - Gets or sets a value indicating whether to print diagnostic trace messages in the browser. - - - - - Gets or sets a value indicating whether to show all the "hidden" iframes that facilitate - asynchronous authentication of the user for diagnostic purposes. - - - - - Gets the form key to use when accessing the relevant form. - - - - - A message factory that automatically selects the message type based on the incoming data. - - - - - A tool to analyze an incoming message to figure out what concrete class - is designed to deserialize it and instantiates that class. - - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The intended or actual recipient of the request message. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - recipient != null - recipient == null - fields != null - fields == null - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - - The message that was sent as a request that resulted in the response. - - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - request != null - request == null - fields != null - fields == null - - - - The request message types and their constructors to use for instantiating the messages. - - - - - The response message types and their constructors to use for instantiating the messages. - - - The value is a dictionary, whose key is the type of the constructor's lone parameter. - - - - - Initializes a new instance of the class. - - - - - Adds message types to the set that this factory can create. - - The message types that this factory may instantiate. - messageTypes != null - messageTypes == null - messageTypes.All(msg => msg != null) - !(messageTypes.All(msg => msg != null)) - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The intended or actual recipient of the request message. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - recipient != null - recipient == null - fields != null - fields == null - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The message that was sent as a request that resulted in the response. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - request != null - request == null - fields != null - fields == null - - - - Gets the message type that best fits the given incoming request data. - - The recipient of the incoming data. Typically not used, but included just in case. - The data of the incoming message. - - The message type that matches the incoming data; or null if no match. - - May be thrown if the incoming data is ambiguous. - recipient != null - recipient == null - fields != null - fields == null - - - - Gets the message type that best fits the given incoming direct response data. - - The request message that prompted the response data. - The data of the incoming message. - - The message type that matches the incoming data; or null if no match. - - May be thrown if the incoming data is ambiguous. - request != null - request == null - fields != null - fields == null - - - - Instantiates the given request message type. - - The message description. - The recipient. - The instantiated message. Never null. - messageDescription != null - messageDescription == null - recipient != null - recipient == null - Contract.Result<IDirectedProtocolMessage>() != null - - - - Instantiates the given request message type. - - The message description. - The request that resulted in this response. - The instantiated message. Never null. - messageDescription != null - messageDescription == null - request != null - request == null - Contract.Result<IDirectResponseProtocolMessage>() != null - - - - Gets the hierarchical distance between a type and a type it derives from or implements. - - The base type or interface. - The concrete class that implements the . - The distance between the two types. 0 if the types are equivalent, 1 if the type immediately derives from or implements the base type, or progressively higher integers. - assignableType != null - assignableType == null - derivedType != null - derivedType == null - assignableType.IsAssignableFrom(derivedType) - !(assignableType.IsAssignableFrom(derivedType)) - - - - Finds constructors for response messages that take a given request message type. - - The message description. - Type of the request message. - A sequence of matching constructors. - messageDescription != null - messageDescription == null - requestType != null - requestType == null - - - - Counts how many strings are in the intersection of two collections. - - The first collection. - The second collection. - The string comparison method to use. - A non-negative integer no greater than the count of elements in the smallest collection. - collection1 != null - collection1 == null - collection2 != null - collection2 == null - Contract.Result<int>() >= 0 && Contract.Result<int>() <= Math.Min(collection1.Count, collection2.Count) - - - - A simple in-memory copy of an authorization state. - - - - - Provides access to a persistent object that tracks the state of an authorization. - - - - - Deletes this authorization, including access token and refresh token where applicable. - - - This method is invoked when an authorization attempt fails, is rejected, is revoked, or - expires and cannot be renewed. - - - - - Saves any changes made to this authorization object's properties. - - - This method is invoked after DotNetOpenAuth changes any property. - - - - - Gets or sets the callback URL used to obtain authorization. - - The callback URL. - - - - Gets or sets the long-lived token used to renew the short-lived . - - The refresh token. - - - - Gets or sets the access token. - - The access token. - - - - Gets or sets the access token issue date UTC. - - The access token issue date UTC. - - - - Gets or sets the access token UTC expiration date. - - - - - Gets the scope the token is (to be) authorized for. - - The scope. - - - - Initializes a new instance of the class. - - The scopes of access being requested or that was obtained. - - - - Deletes this authorization, including access token and refresh token where applicable. - - - This method is invoked when an authorization attempt fails, is rejected, is revoked, or - expires and cannot be renewed. - - - - - Saves any changes made to this authorization object's properties. - - - This method is invoked after DotNetOpenAuth changes any property. - - - - - Gets or sets the callback URL used to obtain authorization. - - The callback URL. - - - - Gets or sets the long-lived token used to renew the short-lived . - - The refresh token. - - - - Gets or sets the access token. - - The access token. - - - - Gets or sets the access token UTC expiration date. - - - - - - Gets or sets the access token issue date UTC. - - The access token issue date UTC. - - - - Gets the scope the token is (to be) authorized for. - - The scope. - - - - Gets or sets a value indicating whether this instance is deleted. - - - true if this instance is deleted; otherwise, false. - - - - - Decodes verification codes, refresh tokens and access tokens on incoming messages. - - - This binding element also ensures that the code/token coming in is issued to - the same client that is sending the code/token and that the authorization has - not been revoked and that an access token has not expired. - - - - - The base class for any authorization server channel binding element. - - - - - An interface that must be implemented by message transforms/validators in order - to be included in the channel stack. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets or sets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - Initializes a new instance of the class. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets or sets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - Gets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the authorization server hosting this channel. - - The authorization server. - - - - Initializes a new instance of the class. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - A short-lived token that accompanies HTTP requests to protected data to authorize the request. - - - - - A data bag that stores authorization data. - - - - - A collection of message parts that will be serialized into a single string, - to be set into a larger message. - - - - - A common message base class for OAuth messages. - - - - - Implemented by messages that have explicit recipients - (direct requests and all indirect messages). - - - - - Gets the preferred method of transport for the message. - - - For indirect messages this will likely be GET+POST, which both can be simulated in the user agent: - the GET with a simple 301 Redirect, and the POST with an HTML form in the response with javascript - to automate submission. - - - - - Gets the URL of the intended receiver of this message. - - - - - A dictionary to contain extra message data. - - - - - The originating request. - - - - - The backing field for the property. - - - - - A value indicating whether this message is a direct or indirect message. - - - - - Initializes a new instance of the class - that is used for direct response messages. - - The version. - version != null - version == null - - - - Initializes a new instance of the class. - - The originating request. - The recipient of the directed message. Null if not applicable. - request != null - request == null - - - - Initializes a new instance of the class - that is used for directed messages. - - The version. - The message transport. - The recipient. - version != null - version == null - recipient != null - recipient == null - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<Version>() != null - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IDictionary<string, string>>() != null - - - - - Gets the level of protection this message requires. - - - - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - - Gets the preferred method of transport for the message. - - - For indirect messages this will likely be GET+POST, which both can be simulated in the user agent: - the GET with a simple 301 Redirect, and the POST with an HTML form in the response with javascript - to automate submission. - - - - - Gets the URL of the intended receiver of this message. - - - - - Gets the originating request message that caused this response to be formed. - - - - - Gets or sets the preferred method of transport for the message. - - - For indirect messages this will likely be GET+POST, which both can be simulated in the user agent: - the GET with a simple 301 Redirect, and the POST with an HTML form in the response with javascript - to automate submission. - - - - - Gets the URL of the intended receiver of this message. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the nonce. - - The nonce. - - - - Gets or sets the UTC creation date of this token. - - The UTC creation date. - - - - Gets or sets the signature. - - The signature. - - - - Gets or sets the message that delivered this DataBag instance to this host. - - - - - Gets the type of this instance. - - The type of the bag. - - This ensures that one token cannot be misused as another kind of token. - - - - - Describes a delegated authorization between a resource server, a client, and a user. - - - - - Gets the identifier of the client authorized to access protected data. - - - !string.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the date this authorization was established or the token was issued. - - A date/time expressed in UTC. - - - - Gets the name on the account whose data on the resource server is accessible using this authorization. - - - !string.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the scope of operations the client is allowed to invoke. - - - Contract.Result<HashSet<string>>() != null - - - - - Initializes a new instance of the class. - - - - - Gets or sets the identifier of the client authorized to access protected data. - - - - !string.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the date this authorization was established or the token was issued. - - A date/time expressed in UTC. - - - - Gets or sets the name on the account whose data on the resource server is accessible using this authorization. - - - !string.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the scope of operations the client is allowed to invoke. - - - Contract.Result<HashSet<string>>() != null - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The authorization to be described by the access token. - The lifetime of the access token. - authorization != null - authorization == null - - - - Creates a formatter capable of serializing/deserializing an access token. - - The authorization server's private key used to asymmetrically sign the access token. - The resource server's public key used to encrypt the access token. - An access token serializer. - Contract.Result<IDataBagFormatter<AccessToken>>() != null - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets or sets the lifetime of the access token. - - The lifetime. - - - - Encodes/decodes the OAuth 2.0 grant_type argument. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Encodes/decodes the OAuth 2.0 response_type argument. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - A serializer for -derived types - - The DataBag-derived type that is to be serialized/deserialized. - - - - Serializes the specified message. - - The message to serialize. Must not be null. - A non-null, non-empty value. - message != null - message == null - !String.IsNullOrEmpty(Contract.Result<string>()) - - - - Deserializes a . - - The message that contains the serialized value. Must not be nulll. - The serialized form of the to deserialize. Must not be null or empty. - The deserialized value. Never null. - containingMessage != null - containingMessage == null - !String.IsNullOrEmpty(data) - String.IsNullOrEmpty(data) - Contract.Result<T>() != null - - - - Contract class for the IDataBagFormatter interface. - - The type of DataBag to serialize. - - - - Prevents a default instance of the class from being created. - - - - - Serializes the specified message. - - The message to serialize. Must not be null. - A non-null, non-empty value. - - - - Deserializes a . - - The message that contains the serialized value. Must not be nulll. - The serialized form of the to deserialize. Must not be null or empty. - The deserialized value. Never null. - - - - The base messaging channel used by OAuth 2.0 parties. - - - - - A channel that uses the standard message factory. - - - - - The message types receivable by this channel. - - - - - The protocol versions supported by this channel. - - - - - Initializes a new instance of the class. - - The message types that might be encountered. - All the possible message versions that might be encountered. - The binding elements to apply to the channel. - messageTypes != null - messageTypes == null - versions != null - versions == null - - - - Generates all the message descriptions for a given set of message types and versions. - - The message types. - The message versions. - The cache to use when obtaining the message descriptions. - The generated/retrieved message descriptions. - messageTypes != null - messageTypes == null - descriptionsCache != null - descriptionsCache == null - Contract.Result<IEnumerable<MessageDescription>>() != null - - - - Gets or sets a tool that can figure out what kind of message is being received - so it can be deserialized. - - - - - Gets or sets the message descriptions. - - - value != null - - value == null - - - - Gets or sets a tool that can figure out what kind of message is being received - so it can be deserialized. - - - - - The messages receivable by this channel. - - - - - The protocol versions supported by this channel. - - - - - Initializes a new instance of the class. - - The channel binding elements. - - - - The messaging channel used by OAuth 2.0 Clients. - - - - - Initializes a new instance of the class. - - - - - Prepares an HTTP request that carries a given message. - - The message to send. - - The prepared to send the request. - - - This method must be overridden by a derived class, unless the method - is overridden and does not require this method. - - request != null - request == null - request.Recipient != null - request.Recipient == null - Contract.Result<HttpWebRequest>() != null - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - - The deserialized message parts, if found. Null otherwise. - - Thrown when the response is not valid. - response != null - response == null - - - - Gets the protocol message that may be embedded in the given HTTP request. - - The request to search for an embedded message. - - The deserialized message, if one is found. Null otherwise. - - request != null - request == null - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - - The pending user agent redirect based message to be sent as an HttpResponse. - - - This method implements spec OAuth V1.0 section 5.3. - - response != null - response == null - Contract.Result<OutgoingWebResponse>() != null - - - - Encodes or decodes a set of scopes into the OAuth 2.0 scope message part. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - A serializer for -derived types - - The DataBag-derived type that is to be serialized/deserialized. - - - - The length of the nonce to include in tokens that can be decoded once only. - - - - - The message description cache to use for data bag types. - - - - - The symmetric secret used for signing/encryption of verification codes and refresh tokens. - - - - - The hashing algorithm to use while signing when using a symmetric secret. - - - - - The crypto to use for signing access tokens. - - - - - The crypto to use for encrypting access tokens. - - - - - The hashing algorithm to use for asymmetric signatures. - - - - - A value indicating whether the data in this instance will be protected against tampering. - - - - - The nonce store to use to ensure that this instance is only decoded once. - - - - - The maximum age of a token that can be decoded; useful only when is true. - - - - - A value indicating whether the data in this instance will be protected against eavesdropping. - - - - - A value indicating whether the data in this instance will be GZip'd. - - - - - Initializes a new instance of the class. - - A value indicating whether the data in this instance will be protected against tampering. - A value indicating whether the data in this instance will be protected against eavesdropping. - A value indicating whether the data in this instance will be GZip'd. - The maximum age of a token that can be decoded; useful only when is true. - The nonce store to use to ensure that this instance is only decoded once. - signed || decodeOnceOnly == null - signed || decodeOnceOnly != null - maximumAge.HasValue || decodeOnceOnly == null - maximumAge.HasValue || decodeOnceOnly != null - - - - Initializes a new instance of the class. - - The asymmetric private key to use for signing the token. - The asymmetric public key to use for encrypting the token. - A value indicating whether the data in this instance will be GZip'd. - The maximum age of a token that can be decoded; useful only when is true. - The nonce store to use to ensure that this instance is only decoded once. - - - - Initializes a new instance of the class. - - The symmetric secret to use for signing and encrypting. - A value indicating whether the data in this instance will be protected against tampering. - A value indicating whether the data in this instance will be protected against eavesdropping. - A value indicating whether the data in this instance will be GZip'd. - The maximum age of a token that can be decoded; useful only when is true. - The nonce store to use to ensure that this instance is only decoded once. - symmetricSecret != null || (!signed && !encrypted) - symmetricSecret == null && (signed && !encrypted) - - - - Serializes the specified message. - - The message to serialize. Must not be null. - A non-null, non-empty value. - message != null - message == null - !String.IsNullOrEmpty(Contract.Result<string>()) - - - - Deserializes a . - - The message that contains the serialized value. Must not be nulll. - The serialized form of the to deserialize. Must not be null or empty. - The deserialized value. Never null. - containingMessage != null - containingMessage == null - !String.IsNullOrEmpty(data) - String.IsNullOrEmpty(data) - Contract.Result<T>() != null - - - - Determines whether the signature on this instance is valid. - - The message whose signature is to be checked. - - true if the signature is valid; otherwise, false. - - message != null - message == null - - - - Calculates the signature for the data in this verification code. - - The message whose signature is to be calculated. - The calculated signature. - message != null - message == null - this.asymmetricSigning != null || this.symmetricHasher != null - this.asymmetricSigning == null && this.symmetricHasher == null - Contract.Result<byte[]>() != null - - - - Gets the bytes to sign. - - The message to be encoded as normalized bytes for signing. - A buffer of the bytes to sign. - message != null - message == null - - - - Encrypts the specified value using either the symmetric or asymmetric encryption algorithm as appropriate. - - The value. - The encrypted value. - this.asymmetricEncrypting != null || this.symmetricSecret != null - this.asymmetricEncrypting == null && this.symmetricSecret == null - - - - Decrypts the specified value using either the symmetric or asymmetric encryption algorithm as appropriate. - - The value. - The decrypted value. - this.asymmetricEncrypting != null || this.symmetricSecret != null - this.asymmetricEncrypting == null && this.symmetricSecret == null - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Gets the identifier of the client authorized to access protected data. - - - - - Gets the date this authorization was established or the token was issued. - - A date/time expressed in UTC. - - - - Gets the name on the account whose data on the resource server is accessible using this authorization. - - - - - Gets the scope of operations the client is allowed to invoke. - - - - - The various types of tokens created by the authorization server. - - - - - The code issued to the client after the user has approved authorization. - - - - - The long-lived token issued to the client that enables it to obtain - short-lived access tokens later. - - - - - A (typically) short-lived token. - - - - - A message that carries some kind of token from the client to the authorization or resource server. - - - - - Gets or sets the verification code or refresh/access token. - - The code or token. - - - - Gets the type of the code or token. - - The type of the code or token. - - - - Gets or sets the authorization that the token describes. - - - - - The channel for the OAuth protocol. - - - - - The messages receivable by this channel. - - - - - The protocol versions supported by this channel. - - - - - Initializes a new instance of the class. - - - - - Gets the protocol message that may be embedded in the given HTTP request. - - The request to search for an embedded message. - - The deserialized message, if one is found. Null otherwise. - - request != null - request == null - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - - The deserialized message parts, if found. Null otherwise. - - Thrown when the response is not valid. - response != null - response == null - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - - The pending user agent redirect based message to be sent as an HttpResponse. - - - This method implements spec OAuth V1.0 section 5.3. - - response != null - response == null - Contract.Result<OutgoingWebResponse>() != null - - - - The refresh token issued to a client by an authorization server that allows the client - to periodically obtain new short-lived access tokens. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The authorization this refresh token should describe. - authorization != null - authorization == null - - - - Creates a formatter capable of serializing/deserializing a refresh token. - - The symmetric secret used by the authorization server to sign/encrypt refresh tokens. Must not be null. - A DataBag formatter. Never null. - symmetricSecret != null - symmetricSecret == null - Contract.Result<IDataBagFormatter<RefreshToken>>() != null - - - - Translates between a and the number of seconds between it and 1/1/1970 12 AM - - - - - The reference date and time for calculating time stamps. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Represents the authorization code created when a user approves authorization that - allows the client to request an access/refresh token. - - - - - The hash algorithm used on the callback URI. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The client identifier. - The callback the client used to obtain authorization. - The authorized scopes. - The name on the account that authorized access. - !String.IsNullOrEmpty(clientIdentifier) - String.IsNullOrEmpty(clientIdentifier) - callback != null - callback == null - - - - Creates a serializer/deserializer for this type. - - The authorization server that will be serializing/deserializing this authorization code. Must not be null. - A DataBag formatter. - authorizationServer != null - authorizationServer == null - Contract.Result<IDataBagFormatter<AuthorizationCode>>() != null - - - - Verifies the the given callback URL matches the callback originally given in the authorization request. - - The callback. - - This method serves to verify that the callback URL given in the original authorization request - and the callback URL given in the access token request match. - - Thrown when the callback URLs do not match. - - - - Calculates the hash of the callback URL. - - The callback whose hash should be calculated. - - A base64 encoding of the hash of the URL. - - - - - Gets or sets the hash of the callback URL. - - - - - A binding element for OAuth 2.0 authorization servers that create/verify - issued authorization codes as part of obtaining access/refresh tokens. - - - - - Initializes a new instance of the class. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Gets the protection commonly offered (if any) by this binding element. - - Always MessageProtections.None - - This value is used to assist in sorting binding elements in the channel stack. - - - - - Gets the maximum message age from the standard expiration binding element. - - - - - A binding element that should be applied for authorization server channels regardless of which flows - are supported. - - - - - Initializes a new instance of the class. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - An interface that resource server hosts should implement if they accept access tokens - issued by non-DotNetOpenAuth authorization servers. - - - - - Reads an access token to find out what data it authorizes access to. - - The message carrying the access token. - The access token. - The user whose data is accessible with this access token. - The scope of access authorized by this access token. - A value indicating whether this access token is valid. - message != null - message == null - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - Contract.Result<bool>() == (Contract.ValueAtReturn<string>(out user) != null) - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Reads an access token to find out what data it authorizes access to. - - The message carrying the access token. - The access token. - The user whose data is accessible with this access token. - The scope of access authorized by this access token. - - A value indicating whether this access token is valid. - - - - - Provides host-specific authorization server services needed by this library. - - - - - Gets the client with a given identifier. - - The client identifier. - The client registration. Never null. - Thrown when no client with the given identifier is registered with this authorization server. - !String.IsNullOrEmpty(clientIdentifier) - String.IsNullOrEmpty(clientIdentifier) - Contract.Result<IConsumerDescription>() != null - - - - Determines whether a described authorization is (still) valid. - - The authorization. - - true if the original authorization is still valid; otherwise, false. - - - When establishing that an authorization is still valid, - it's very important to only match on recorded authorizations that - meet these criteria: - 1) The client identifier matches. - 2) The user account matches. - 3) The scope on the recorded authorization must include all scopes in the given authorization. - 4) The date the recorded authorization was issued must be no later that the date the given authorization was issued. - One possible scenario is where the user authorized a client, later revoked authorization, - and even later reinstated authorization. This subsequent recorded authorization - would not satisfy requirement #4 in the above list. This is important because the revocation - the user went through should invalidate all previously issued tokens as a matter of - security in the event the user was revoking access in order to sever authorization on a stolen - account or piece of hardware in which the tokens were stored. - authorization != null - authorization == null - - - - Gets the secret used to symmetrically encrypt and sign authorization codes and refresh tokens. - - - This secret should be kept strictly confidential in the authorization server(s) - and NOT shared with the resource server. Anyone with this secret can mint - tokens to essentially grant themselves access to anything they want. - - - Contract.Result<byte[]>() != null - - - - - Gets the asymmetric private key to use for signing access tokens. - - - The public key in the private/public key pair will be used by the resource - servers to validate that the access token is minted by a trusted authorization server. - - - - - Gets the authorization code nonce store to use to ensure that authorization codes can only be used once. - - The authorization code nonce store. - - Contract.Result<INonceStore>() != null - - - - - Code Contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Gets the client with a given identifier. - - The client identifier. - The client registration. Never null. - Thrown when no client with the given identifier is registered with this authorization server. - - - - Determines whether a described authorization is (still) valid. - - The authorization. - - true if the original authorization is still valid; otherwise, false. - - - When establishing that an authorization is still valid, - it's very important to only match on recorded authorizations that - meet these criteria: - 1) The client identifier matches. - 2) The user account matches. - 3) The scope on the recorded authorization must include all scopes in the given authorization. - 4) The date the recorded authorization was issued must be no later that the date the given authorization was issued. - One possible scenario is where the user authorized a client, later revoked authorization, - and even later reinstated authorization. This subsequent recorded authorization - would not satisfy requirement #4 in the above list. This is important because the revocation - the user went through should invalidate all previously issued tokens as a matter of - security in the event the user was revoking access in order to sever authorization on a stolen - account or piece of hardware in which the tokens were stored. - - - - Gets the secret used to symmetrically encrypt and sign authorization codes and refresh tokens. - - - - This secret should be kept strictly confidential in the authorization server(s) - and NOT shared with the resource server. Anyone with this secret can mint - tokens to essentially grant themselves access to anything they want. - - - - - Gets the asymmetric private key to use for signing access tokens. - - - - The public key in the private/public key pair will be used by the resource - servers to validate that the access token is minted by a trusted authorization server. - - - - - Gets the authorization code nonce store to use to ensure that authorization codes can only be used once. - - The authorization code nonce store. - - - - A token manager implemented by some clients to assist in tracking authorization state. - - - - - Gets the state of the authorization for a given callback URL and client state. - - The callback URL. - State of the client stored at the beginning of an authorization request. - The authorization state; may be null if no authorization state matches. - callbackUrl != null - callbackUrl == null - - - - Contract class for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Gets the state of the authorization for a given callback URL and client state. - - The callback URL. - State of the client stored at the beginning of an authorization request. - - The authorization state; may be null if no authorization state matches. - - - - - A description of a client from an Authorization Server's point of view. - - - - - Gets the client secret. - - - - - Gets the allowed callback URIs that this client has pre-registered with the service provider, if any. - - The URIs that user authorization responses may be directed to; must not be null, but may be empty. - - The first element in this list (if any) will be used as the default client redirect URL if the client sends an authorization request without a redirect URL. - If the list is empty, any callback is allowed for this client. - - - Contract.Result<List<Uri>>() != null - Contract.Result<List<Uri>>().TrueForAll(v => v != null && v.IsAbsoluteUri) - - - - - Contract class for the interface. - - - - - Gets the client secret. - - - - - - Gets the allowed callback URIs that this client has pre-registered with the service provider, if any. - - - The URIs that user authorization responses may be directed to; must not be null, but may be empty. - - - The first element in this list (if any) will be used as the default client redirect URL if the client sends an authorization request without a redirect URL. - If the list is empty, any callback is allowed for this client. - - - - - A message that accompanies an HTTP request to a resource server that provides authorization. - - - - - Initializes a new instance of the class. - - The recipient. - The version. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the type of the code or token. - - The type of the code or token. - - - - Gets or sets the verification code or refresh/access token. - - The code or token. - - - - Gets or sets the authorization that the token describes. - - - - - Gets or sets the access token. - - The access token. - - - - Gets or sets the nonce. - - The nonce. - - - - Gets or sets the timestamp. - - The timestamp. - - - - Gets or sets the signature. - - The signature. - - - - Gets or sets the algorithm. - - The algorithm. - - - - Gets a value indicating whether this request is signed. - - - - - A request from a Client to an Authorization Server to exchange some assertion for an access token. - - - - - A message sent from the client to the authorization server to exchange a previously obtained grant for an access token. - - - - - A direct message from the client to the authorization server that includes the client's credentials. - - - - - Initializes a new instance of the class. - - The Authorization Server's access token endpoint URL. - The version. - - - - Gets the client identifier previously obtained from the Authorization Server. - - The client identifier. - - - - Gets the client secret. - - The client secret. - - REQUIRED. The client secret as described in Section 2.1 (Client Credentials). OPTIONAL if no client secret was issued. - - - - - Initializes a new instance of the class. - - The Authorization Server's access token endpoint URL. - The version. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the type of the grant. - - The type of the grant. - - - - Gets the set of scopes the Client would like the access token to provide access to. - - A set of scopes. Never null. - - - - Initializes a new instance of the class. - - The Authorization Server's access token endpoint URL. - The version. - - - - Gets or sets the format of the assertion as defined by the Authorization Server. - - The assertion format. - - - - Gets or sets the assertion. - - The assertion. - - - - Gets the type of the grant. - - The type of the grant. - - - - A request from a Client to an Authorization Server to exchange an authorization code for an access token. - - - - - Initializes a new instance of the class. - - The Authorization Server's access token endpoint URL. - The version. - - - - Initializes a new instance of the class. - - The authorization server. - authorizationServer != null - authorizationServer == null - - - - Gets the type of the code or token. - - The type of the code or token. - - - - Gets or sets the verification code or refresh/access token. - - The code or token. - - - - Gets or sets the authorization that the token describes. - - - - - Gets the type of the grant. - - The type of the grant. - - - - Gets or sets the verification code previously communicated to the Client - in . - - The verification code received from the authorization server. - - - - Gets or sets the callback URL used in - - The Callback URL used to obtain the Verification Code. - - - - - A request from a Client to an Authorization Server to exchange the user's username and password for an access token. - - - - - Initializes a new instance of the class. - - The access token endpoint. - The protocol version. - - - - Gets the type of the grant. - - The type of the grant. - - - - Gets or sets the user's account username. - - The username on the user's account. - - - - Gets or sets the user's password. - - The password. - - - - A request for an access token for a client application that has its - own (non-user affiliated) client name and password. - - - This is somewhat analogous to 2-legged OAuth. - - - - - Initializes a new instance of the class. - - The authorization server. - The version. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the type of the grant. - - The type of the grant. - - - - The message sent by the Authorization Server to the Client via the user agent - to indicate that user authorization was granted, carrying only an access token, - and to return the user to the Client where they started their experience. - - - - - The message sent by the Authorization Server to the Client via the user agent - to indicate that user authorization was granted, and to return the user - to the Client where they started their experience. - - - - - A message carrying client state the authorization server should preserve on behalf of the client - during an authorization. - - - - - Gets or sets the state of the client. - - The state of the client. - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The protocol version. - version != null - version == null - clientCallback != null - clientCallback == null - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The authorization request from the user agent on behalf of the client. - clientCallback != null - clientCallback == null - request != null - request == null - - - - Gets or sets some state as provided by the client in the authorization request. - - An opaque value defined by the client. - - REQUIRED if the Client sent the value in the . - - - - - Gets the scope of the if one is given; otherwise the scope of the authorization code. - - The scope. - - - - Gets or sets the lifetime of the authorization. - - The lifetime. - - - - Gets or sets the authorizing user's account name. - - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The protocol version. - version != null - version == null - clientCallback != null - clientCallback == null - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The authorization request from the user agent on behalf of the client. - clientCallback != null - clientCallback == null - request != null - request == null - - - - Gets or sets the verification code or refresh/access token. - - The code or token. - - - - Gets the type of the code or token. - - The type of the code or token. - - - - Gets or sets the authorization that the token describes. - - - - - - Gets or sets the access token. - - The access token. - - - - The message that an Authorization Server responds to a Client with when the user denies a user authorization request. - - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The protocol version. - version != null - version == null - clientCallback != null - clientCallback == null - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The authorization request from the user agent on behalf of the client. - request != null - request == null - - - - Gets or sets the error. - - One of the values given in . - - - - Gets or sets a human readable description of the error. - - Human-readable text providing additional information, used to assist in the understanding and resolution of the error that occurred. - - - - Gets or sets the location of the web page that describes the error and possible resolution. - - A URI identifying a human-readable web page with information about the error, used to provide the end-user with additional information about the error. - - - - Gets or sets some state as provided by the client in the authorization request. - - An opaque value defined by the client. - - REQUIRED if the Client sent the value in the . - - - - - The message sent by the Authorization Server to the Client via the user agent - to indicate that user authorization was granted, carrying an authorization code and possibly an access token, - and to return the user to the Client where they started their experience. - - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The protocol version. - version != null - version == null - clientCallback != null - clientCallback == null - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The authorization request from the user agent on behalf of the client. - clientCallback != null - clientCallback == null - request != null - request == null - - - - Gets or sets the verification code or refresh/access token. - - The code or token. - - - - Gets the type of the code or token. - - The type of the code or token. - - - - Gets or sets the authorization that the token describes. - - - - - Gets or sets the authorization code. - - The authorization code. - - - - Gets or sets the access token. - - The access token. - - - - The types of authorizations that a client can use to obtain - a refresh token and/or an access token. - - - - - The client is providing the authorization code previously obtained from an end user authorization response. - - - - - The client is providing the end user's username and password to the authorization server. - - - - - The client is providing an assertion it obtained from another source. - - - - - The client is providing a refresh token. - - - - - No authorization to access a user's data has been given. The client is requesting - an access token authorized for its own private data. This fits the classic OAuth 1.0(a) "2-legged OAuth" scenario. - - - When requesting an access token using the none access grant type (no access grant is included), the client is requesting access to the protected resources under its control, or those of another resource owner which has been previously arranged with the authorization server (the method of which is beyond the scope of this specification). - - - - - A request from the client to the token endpoint for a new access token - in exchange for a refresh token that the client has previously obtained. - - - - - Initializes a new instance of the class. - - The token endpoint. - The version. - - - - Initializes a new instance of the class. - - The authorization server. - - - - Gets the type of the code or token. - - The type of the code or token. - - - - Gets or sets the verification code or refresh/access token. - - The code or token. - - - - Gets or sets the authorization that the token describes. - - - - - Gets or sets the refresh token. - - The refresh token. - - REQUIRED. The refresh token associated with the access token to be refreshed. - - - - - Gets the type of the grant. - - The type of the grant. - - - - An indication of what kind of response the client is requesting from the authorization server - after the user has granted authorized access. - - - - - An access token should be returned immediately. - - - - - An authorization code should be returned, which can later be exchanged for refresh and access tokens. - - - - - Both an access token and an authorization code should be returned. - - - - - A direct response that is simply a 401 Unauthorized with an - WWW-Authenticate: OAuth header. - - - - - Initializes a new instance of the class. - - The exception. - The protocol version. - exception != null - exception == null - - - - Initializes a new instance of the class. - - The request. - - - - Initializes a new instance of the class. - - The request. - The exception. - exception != null - exception == null - - - - Gets the HTTP status code that the direct response should be sent with. - - - - - Gets the HTTP headers to add to the response. - - May be an empty collection, but must not be null. - - Contract.Result<WebHeaderCollection>() != null - - - - - Gets or sets the error message. - - The error message. - - - - Gets or sets the realm. - - The realm. - - - - Gets or sets the scope. - - The scope. - - - - Gets or sets the algorithms. - - The algorithms. - - - - Gets or sets the user endpoint. - - The user endpoint. - - - - Gets or sets the token endpoint. - - The token endpoint. - - - - A response from the Authorization Server to the Client to indicate that a - request for an access token renewal failed, probably due to an invalid - refresh token. - - - This message type is shared by the Web App, Rich App, and Username/Password profiles. - - - - - A value indicating whether this error response is in result to a request that had invalid client credentials which were supplied in the HTTP Authorization header. - - - - - Initializes a new instance of the class. - - The faulty request. - - - - Initializes a new instance of the class. - - The faulty request. - A value indicating whether this error response is in result to a request that had invalid client credentials which were supplied in the HTTP Authorization header. - - - - Gets the HTTP status code that the direct response should be sent with. - - - - - Gets the HTTP headers to add to the response. - - May be an empty collection, but must not be null. - - Contract.Result<WebHeaderCollection>() != null - - - - - Gets or sets the error. - - One of the values given in . - - - - Gets or sets a human readable description of the error. - - Human-readable text providing additional information, used to assist in the understanding and resolution of the error that occurred. - - - - Gets or sets the location of the web page that describes the error and possible resolution. - - A URI identifying a human-readable web page with information about the error, used to provide the end-user with additional information about the error. - - - - A response from the Authorization Server to the Client containing a delegation code - that the Client should use to obtain an access token. - - - This message type is shared by the Web App, Rich App, and Username/Password profiles. - - - - - Initializes a new instance of the class. - - The request. - - - - Gets the HTTP status code that the direct response should be sent with. - - Always HttpStatusCode.OK - - - - Gets the HTTP headers to add to the response. - - May be an empty collection, but must not be null. - - Contract.Result<WebHeaderCollection>() != null - - - - - Gets or sets the access token. - - The access token. - - - - Gets or sets the lifetime of the access token. - - The lifetime. - - - - Gets or sets the refresh token. - - The refresh token. - - OPTIONAL. The refresh token used to obtain new access tokens using the same end-user access grant as described in Section 6 (Refreshing an Access Token). - - - - - Gets the scope of access being requested. - - The scope of the access request expressed as a list of space-delimited strings. The value of the scope parameter is defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope. - - - - Provides services for validating OAuth access tokens. - - - - - Initializes a new instance of the class. - - The access token analyzer. - accessTokenAnalyzer != null - accessTokenAnalyzer == null - - - - Discovers what access the client should have considering the access token in the current request. - - The name on the account the client has access to. - The set of operations the client is authorized for. - An error to return to the client if access is not authorized; null if access is granted. - - - - Discovers what access the client should have considering the access token in the current request. - - The HTTP request info. - The name on the account the client has access to. - The set of operations the client is authorized for. - - An error to return to the client if access is not authorized; null if access is granted. - - httpRequestInfo != null - httpRequestInfo == null - - - - Discovers what access the client should have considering the access token in the current request. - - The HTTP request info. - The principal that contains the user and roles that the access token is authorized for. - - An error to return to the client if access is not authorized; null if access is granted. - - - - - Discovers what access the client should have considering the access token in the current request. - - HTTP details from an incoming WCF message. - The URI of the WCF service endpoint. - The principal that contains the user and roles that the access token is authorized for. - - An error to return to the client if access is not authorized; null if access is granted. - - request != null - request == null - requestUri != null - requestUri == null - - - - Gets the access token analyzer. - - The access token analyzer. - - - - Gets the channel. - - The channel. - - - - An access token reader that understands DotNetOpenAuth authorization server issued tokens. - - - - - Initializes a new instance of the class. - - The authorization server public signing key. - The resource server private encryption key. - - - - Reads an access token to find out what data it authorizes access to. - - The message carrying the access token. - The access token. - The user whose data is accessible with this access token. - The scope of access authorized by this access token. - - A value indicating whether this access token is valid. - - - This method also responsible to throw a or return - false when the access token is expired, invalid, or from an untrusted authorization server. - - message != null - message == null - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - Contract.Result<bool>() == (Contract.ValueAtReturn<string>(out user) != null) - - - - Gets the authorization server public signing key. - - The authorization server public signing key. - - - - Gets the resource server private encryption key. - - The resource server private encryption key. - - - - The OAuth client for the user-agent flow, providing services for installed apps - and in-browser Javascript widgets. - - - - - A base class for common OAuth Client behaviors. - - - - - Initializes a new instance of the class. - - The token issuer. - The client identifier. - The client secret. - authorizationServer != null - authorizationServer == null - - - - Adds the necessary HTTP Authorization header to an HTTP request for protected resources - so that the Service Provider will allow the request through. - - The request for protected resources from the service provider. - The access token previously obtained from the Authorization Server. - request != null - request == null - !string.IsNullOrEmpty(accessToken) - string.IsNullOrEmpty(accessToken) - - - - Adds the OAuth authorization token to an outgoing HTTP request, renewing a - (nearly) expired access token if necessary. - - The request for protected resources from the service provider. - The authorization for this request previously obtained via OAuth. - request != null - request == null - authorization != null - authorization == null - !string.IsNullOrEmpty(authorization.AccessToken) - string.IsNullOrEmpty(authorization.AccessToken) - - - - Refreshes a short-lived access token using a longer-lived refresh token. - - The authorization to update. - If given, the access token will not be refreshed if its remaining lifetime exceeds this value. - A value indicating whether the access token was actually renewed; true if it was renewed, or false if it still had useful life remaining. - authorization != null - authorization == null - !string.IsNullOrEmpty(authorization.RefreshToken) - string.IsNullOrEmpty(authorization.RefreshToken) - - - - Updates the authorization state maintained by the client with the content of an outgoing response. - - The authorization state maintained by the client. - The access token containing response message. - authorizationState != null - authorizationState == null - accessTokenSuccess != null - accessTokenSuccess == null - - - - Updates the authorization state maintained by the client with the content of an outgoing response. - - The authorization state maintained by the client. - The access token containing response message. - authorizationState != null - authorizationState == null - accessTokenSuccess != null - accessTokenSuccess == null - - - - Updates authorization state with a success response from the Authorization Server. - - The authorization state to update. - The authorization success message obtained from the authorization server. - authorizationState != null - authorizationState == null - authorizationSuccess != null - authorizationSuccess == null - - - - Calculates the fraction of life remaining in an access token. - - The authorization to measure. - A fractional number no greater than 1. Could be negative if the access token has already expired. - authorization != null - authorization == null - authorization.AccessTokenIssueDateUtc.HasValue - !(authorization.AccessTokenIssueDateUtc.HasValue) - authorization.AccessTokenExpirationUtc.HasValue - !(authorization.AccessTokenExpirationUtc.HasValue) - - - - Gets the token issuer. - - The token issuer. - - - - Gets the OAuth channel. - - The channel. - - - - Gets or sets the identifier by which this client is known to the Authorization Server. - - - - - Gets or sets the client secret shared with the Authorization Server. - - - - - Initializes a new instance of the class. - - The token issuer. - The client identifier. - The client secret. - - - - Initializes a new instance of the class. - - The authorization endpoint. - authorizationEndpoint != null - authorizationEndpoint == null - - - - Generates a URL that the user's browser can be directed to in order to authorize - this client to access protected data at some resource server. - - The scope of authorized access requested. - A fully-qualified URL suitable to initiate the authorization flow. - - - - Generates a URL that the user's browser can be directed to in order to authorize - this client to access protected data at some resource server. - - The authorization state that is tracking this particular request. Optional. - A fully-qualified URL suitable to initiate the authorization flow. - authorization != null - authorization == null - !string.IsNullOrEmpty(this.ClientIdentifier) - string.IsNullOrEmpty(this.ClientIdentifier) - - - - Scans the incoming request for an authorization response message. - - The actual URL of the incoming HTTP request. - The authorization. - The granted authorization, or null if the incoming HTTP request did not contain an authorization server response or authorization was rejected. - actualRedirectUrl != null - actualRedirectUrl == null - - - - Authorization Server supporting the web server flow. - - - - - Initializes a new instance of the class. - - The authorization server. - authorizationServer != null - authorizationServer == null - - - - Reads in a client's request for the Authorization Server to obtain permission from - the user to authorize the Client's access of some protected resource(s). - - The HTTP request to read from. - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - - - Approves an authorization request and sends an HTTP response to the user agent to redirect the user back to the Client. - - The authorization request to approve. - The username of the account that approved the request (or whose data will be accessed by the client). - The scope of access the client should be granted. If null, all scopes in the original request will be granted. - The Client callback URL to use when formulating the redirect to send the user agent back to the Client. - authorizationRequest != null - authorizationRequest == null - - - - Rejects an authorization request and sends an HTTP response to the user agent to redirect the user back to the Client. - - The authorization request to disapprove. - The Client callback URL to use when formulating the redirect to send the user agent back to the Client. - authorizationRequest != null - authorizationRequest == null - - - - Checks the incoming HTTP request for an access token request and prepares a response if the request message was found. - - The formulated response, or null if the request was not found.. - A value indicating whether any access token request was found in the HTTP request. - - This method assumes that the authorization server and the resource server are the same and that they share a single - asymmetric key for signing and encrypting the access token. If this is not true, use the method instead. - - - - - Checks the incoming HTTP request for an access token request and prepares a response if the request message was found. - - The HTTP request info. - The formulated response, or null if the request was not found.. - A value indicating whether any access token request was found in the HTTP request. - - This method assumes that the authorization server and the resource server are the same and that they share a single - asymmetric key for signing and encrypting the access token. If this is not true, use the method instead. - - httpRequestInfo != null - httpRequestInfo == null - Contract.Result<bool>() == (Contract.ValueAtReturn<IDirectResponseProtocolMessage>(out response) != null) - - - - Reads the access token request. - - The request info. - The Client's request for an access token; or null if no such message was found in the request. - - - - Prepares a response to inform the Client that the user has rejected the Client's authorization request. - - The authorization request. - The Client callback URL to use when formulating the redirect to send the user agent back to the Client. - The authorization response message to send to the Client. - authorizationRequest != null - authorizationRequest == null - Contract.Result<EndUserAuthorizationFailedResponse>() != null - - - - Approves an authorization request. - - The authorization request to approve. - The username of the account that approved the request (or whose data will be accessed by the client). - The scope of access the client should be granted. If null, all scopes in the original request will be granted. - The Client callback URL to use when formulating the redirect to send the user agent back to the Client. - The authorization response message to send to the Client. - authorizationRequest != null - authorizationRequest == null - !String.IsNullOrEmpty(username) - String.IsNullOrEmpty(username) - Contract.Result<EndUserAuthorizationSuccessResponseBase>() != null - - - - Prepares the response to an access token request. - - The request for an access token. - The public key to encrypt the access token to, such that the resource server will be able to decrypt it. - The access token's lifetime. - If set to true, the response will include a long-lived refresh token. - The response message to send to the client. - request != null - request == null - - - - Gets the redirect URL to use for a particular authorization request. - - The authorization request. - The URL to redirect to. Never null. - Thrown if no callback URL could be determined. - authorizationRequest != null - authorizationRequest == null - Contract.Result<Uri>() != null - - - - Gets the channel. - - The channel. - - - - Gets the authorization server. - - The authorization server. - - - - Gets the channel. - - - - - Some common utility methods for OAuth 2.0. - - - - - The instance to use when comparing scope equivalence. - - - - - The delimiter between scope elements. - - - - - The characters that may appear in an access token that is included in an HTTP Authorization header. - - - This is defined in OAuth 2.0 DRAFT 10, section 5.1.1. (http://tools.ietf.org/id/draft-ietf-oauth-v2-10.html#authz-header) - - - - - Determines whether one given scope is a subset of another scope. - - The requested scope, which may be a subset of . - The granted scope, the suspected superset. - - true if all the elements that appear in also appear in ; - false otherwise. - - - - - Identifies individual scope elements - - The space-delimited list of scopes. - A set of individual scopes, with any duplicates removed. - - - - Serializes a set of scopes as a space-delimited list. - - The scopes to serialize. - A space-delimited list. - scopes != null - scopes == null - - - - Authorizes an HTTP request using an OAuth 2.0 access token in an HTTP Authorization header. - - The request to authorize. - The access token previously obtained from the Authorization Server. - request != null - request == null - !string.IsNullOrEmpty(accessToken) - string.IsNullOrEmpty(accessToken) - - - - Gets information about the client with a given identifier. - - The authorization server. - The client identifier. - The client information. Never null. - !String.IsNullOrEmpty(clientIdentifier) - String.IsNullOrEmpty(clientIdentifier) - Contract.Result<IConsumerDescription>() != null - - - - An interface that providers that play a dual role as OpenID Provider - and OAuth Service Provider should implement on their token manager classes. - - - This interface should be implemented by the same class that implements - in order to enable the OpenID+OAuth extension. - - - - - Additional methods an implementing class - may implement to support the OpenID+OAuth extension. - - - - - Stores a new request token obtained over an OpenID request. - - The consumer key. - The authorization message carrying the request token and authorized access scope. - - The token secret is the empty string. - Tokens stored by this method should be short-lived to mitigate - possible security threats. Their lifetime should be sufficient for the - relying party to receive the positive authentication assertion and immediately - send a follow-up request for the access token. - - - - - An interface OAuth hosts must implement for persistent storage - and recall of tokens and secrets for an individual OAuth consumer - or service provider. - - - - - Gets the Token Secret given a request or access token. - - The request or access token. - The secret associated with the given token. - Thrown if the secret cannot be found for the given token. - !String.IsNullOrEmpty(token) - String.IsNullOrEmpty(token) - Contract.Result<string>() != null - - - - Stores a newly generated unauthorized request token, secret, and optional - application-specific parameters for later recall. - - The request message that resulted in the generation of a new unauthorized request token. - The response message that includes the unauthorized request token. - Thrown if the consumer key is not registered, or a required parameter was not found in the parameters collection. - - Request tokens stored by this method SHOULD NOT associate any user account with this token. - It usually opens up security holes in your application to do so. Instead, you associate a user - account with access tokens (not request tokens) in the - method. - - request != null - request == null - response != null - response == null - - - - Deletes a request token and its associated secret and stores a new access token and secret. - - The Consumer that is exchanging its request token for an access token. - The Consumer's request token that should be deleted/expired. - The new access token that is being issued to the Consumer. - The secret associated with the newly issued access token. - - - Any scope of granted privileges associated with the request token from the - original call to should be carried over - to the new Access Token. - - - To associate a user account with the new access token, - HttpContext.Current.User may be - useful in an ASP.NET web application within the implementation of this method. - Alternatively you may store the access token here without associating with a user account, - and wait until or - return the access - token to associate the access token with a user account at that point. - - - !String.IsNullOrEmpty(consumerKey) - String.IsNullOrEmpty(consumerKey) - !String.IsNullOrEmpty(requestToken) - String.IsNullOrEmpty(requestToken) - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - accessTokenSecret != null - accessTokenSecret == null - - - - Classifies a token as a request token or an access token. - - The token to classify. - Request or Access token, or invalid if the token is not recognized. - !String.IsNullOrEmpty(token) - String.IsNullOrEmpty(token) - - - - Gets the OAuth consumer key for a given OpenID relying party realm. - - The relying party's OpenID realm. - The OAuth consumer key for a given OpenID realm. - This is a security-critical function. Since OpenID requests - and OAuth extensions for those requests can be formulated by ANYONE - (no signing is required by the relying party), and since the response to - the authentication will include access the user is granted to the - relying party who CLAIMS to be from some realm, it is of paramount - importance that the realm is recognized as belonging to the consumer - key by the host service provider in order to protect against phishers. - - - - A description of a consumer from a Service Provider's point of view. - - - - - Gets the Consumer key. - - - - - Gets the consumer secret. - - - - - Gets the certificate that can be used to verify the signature of an incoming - message from a Consumer. - - The public key from the Consumer's X.509 Certificate, if one can be found; otherwise null. - - This property must be implemented only if the RSA-SHA1 algorithm is supported by the Service Provider. - - - - - Gets the callback URI that this consumer has pre-registered with the service provider, if any. - - A URI that user authorization responses should be directed to; or null if no preregistered callback was arranged. - - - - Gets the verification code format that is most appropriate for this consumer - when a callback URI is not available. - - A set of characters that can be easily keyed in by the user given the Consumer's - application type and form factor. - - The value should NEVER be returned - since this property is only used in no callback scenarios anyway. - - - - - Gets the length of the verification code to issue for this Consumer. - - A positive number, generally at least 4. - - - - A token manager for use by a web site in its role as a consumer of - an individual ServiceProvider. - - - - - Gets the consumer key. - - The consumer key. - - - - Gets the consumer secret. - - The consumer secret. - - - - A description of an access token and its metadata as required by a Service Provider. - - - - - Gets the token itself. - - - - - Gets the expiration date (local time) for the access token. - - The expiration date, or null if there is no expiration date. - - - - Gets the username of the principal that will be impersonated by this access token. - - - The name of the user who authorized the OAuth request token originally. - - - - - Gets the roles that the OAuth principal should belong to. - - - The roles that the user belongs to, or a subset of these according to the rights - granted when the user authorized the request token. - - - - - A token manager for use by a web site in its role as a - service provider. - - - - - Gets the Consumer description for a given a Consumer Key. - - The Consumer Key. - A description of the consumer. Never null. - Thrown if the consumer key cannot be found. - !String.IsNullOrEmpty(consumerKey) - String.IsNullOrEmpty(consumerKey) - Contract.Result<IConsumerDescription>() != null - - - - Checks whether a given request token has already been authorized - by some user for use by the Consumer that requested it. - - The Consumer's request token. - - True if the request token has already been fully authorized by the user - who owns the relevant protected resources. False if the token has not yet - been authorized, has expired or does not exist. - - !String.IsNullOrEmpty(requestToken) - String.IsNullOrEmpty(requestToken) - - - - Gets details on the named request token. - - The request token. - A description of the token. Never null. - Thrown if the token cannot be found. - - It is acceptable for implementations to find the token, see that it has expired, - delete it from the database and then throw , - or alternatively it can return the expired token anyway and the OAuth channel will - log and throw the appropriate error. - - !String.IsNullOrEmpty(token) - String.IsNullOrEmpty(token) - Contract.Result<IServiceProviderRequestToken>() != null - - - - Gets details on the named access token. - - The access token. - A description of the token. Never null. - Thrown if the token cannot be found. - - It is acceptable for implementations to find the token, see that it has expired, - delete it from the database and then throw , - or alternatively it can return the expired token anyway and the OAuth channel will - log and throw the appropriate error. - - !String.IsNullOrEmpty(token) - String.IsNullOrEmpty(token) - Contract.Result<IServiceProviderAccessToken>() != null - - - - Persists any changes made to the token. - - The token whose properties have been changed. - - This library will invoke this method after making a set - of changes to the token as part of a web request to give the host - the opportunity to persist those changes to a database. - Depending on the object persistence framework the host site uses, - this method MAY not need to do anything (if changes made to the token - will automatically be saved without any extra handling). - - token != null - token == null - - - - Code contract class for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Gets the Consumer description for a given a Consumer Key. - - The Consumer Key. - - A description of the consumer. Never null. - - Thrown if the consumer key cannot be found. - - - - Checks whether a given request token has already been authorized - by some user for use by the Consumer that requested it. - - The Consumer's request token. - - True if the request token has already been fully authorized by the user - who owns the relevant protected resources. False if the token has not yet - been authorized, has expired or does not exist. - - - - - Gets details on the named request token. - - The request token. - A description of the token. Never null. - Thrown if the token cannot be found. - - It is acceptable for implementations to find the token, see that it has expired, - delete it from the database and then throw , - or alternatively it can return the expired token anyway and the OAuth channel will - log and throw the appropriate error. - - - - - Gets details on the named access token. - - The access token. - A description of the token. Never null. - Thrown if the token cannot be found. - - It is acceptable for implementations to find the token, see that it has expired, - delete it from the database and then throw , - or alternatively it can return the expired token anyway and the OAuth channel will - log and throw the appropriate error. - - - - - Persists any changes made to the token. - - The token whose properties have been changed. - - This library will invoke this method after making a set - of changes to the token as part of a web request to give the host - the opportunity to persist those changes to a database. - Depending on the object persistence framework the host site uses, - this method MAY not need to do anything (if changes made to the token - will automatically be saved without any extra handling). - - - - - Gets the Token Secret given a request or access token. - - The request or access token. - - The secret associated with the given token. - - Thrown if the secret cannot be found for the given token. - - - - Stores a newly generated unauthorized request token, secret, and optional - application-specific parameters for later recall. - - The request message that resulted in the generation of a new unauthorized request token. - The response message that includes the unauthorized request token. - Thrown if the consumer key is not registered, or a required parameter was not found in the parameters collection. - - Request tokens stored by this method SHOULD NOT associate any user account with this token. - It usually opens up security holes in your application to do so. Instead, you associate a user - account with access tokens (not request tokens) in the - method. - - - - - Deletes a request token and its associated secret and stores a new access token and secret. - - The Consumer that is exchanging its request token for an access token. - The Consumer's request token that should be deleted/expired. - The new access token that is being issued to the Consumer. - The secret associated with the newly issued access token. - - - Any scope of granted privileges associated with the request token from the - original call to should be carried over - to the new Access Token. - - - To associate a user account with the new access token, - HttpContext.Current.User may be - useful in an ASP.NET web application within the implementation of this method. - Alternatively you may store the access token here without associating with a user account, - and wait until or - return the access - token to associate the access token with a user account at that point. - - - - - - Classifies a token as a request token or an access token. - - The token to classify. - - Request or Access token, or invalid if the token is not recognized. - - - - - An OAuth-protocol specific implementation of the - interface. - - - - - Initializes a new instance of the class. - - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The intended or actual recipient of the request message. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - - The request messages are: - UserAuthorizationResponse - - recipient != null - recipient == null - fields != null - fields == null - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - - The message that was sent as a request that resulted in the response. - Null on a Consumer site that is receiving an indirect message from the Service Provider. - - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - - The response messages are: - UnauthorizedTokenResponse - AuthorizedTokenResponse - - request != null - request == null - fields != null - fields == null - - - - An interface allowing OAuth hosts to inject their own algorithm for generating tokens and secrets. - - - - - Generates a new token to represent a not-yet-authorized request to access protected resources. - - The consumer that requested this token. - The newly generated token. - - This method should not store the newly generated token in any persistent store. - This will be done in . - - - - - Generates a new token to represent an authorized request to access protected resources. - - The consumer that requested this token. - The newly generated token. - - This method should not store the newly generated token in any persistent store. - This will be done in . - - - - - Returns a cryptographically strong random string for use as a token secret. - - The generated string. - - - - The code contract class for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Gets the Token Secret given a request or access token. - - The request or access token. - - The secret associated with the given token. - - Thrown if the secret cannot be found for the given token. - - - - Stores a newly generated unauthorized request token, secret, and optional - application-specific parameters for later recall. - - The request message that resulted in the generation of a new unauthorized request token. - The response message that includes the unauthorized request token. - Thrown if the consumer key is not registered, or a required parameter was not found in the parameters collection. - - Request tokens stored by this method SHOULD NOT associate any user account with this token. - It usually opens up security holes in your application to do so. Instead, you associate a user - account with access tokens (not request tokens) in the - method. - - - - - Deletes a request token and its associated secret and stores a new access token and secret. - - The Consumer that is exchanging its request token for an access token. - The Consumer's request token that should be deleted/expired. - The new access token that is being issued to the Consumer. - The secret associated with the newly issued access token. - - - Any scope of granted privileges associated with the request token from the - original call to should be carried over - to the new Access Token. - - - To associate a user account with the new access token, - HttpContext.Current.User may be - useful in an ASP.NET web application within the implementation of this method. - Alternatively you may store the access token here without associating with a user account, - and wait until or - return the access - token to associate the access token with a user account at that point. - - - - - - Classifies a token as a request token or an access token. - - The token to classify. - - Request or Access token, or invalid if the token is not recognized. - - - - - Sets the HTTP Method property on a signed message before the signing module gets to it. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - True if the applied to this binding element - and the operation was successful. False otherwise. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - True if the applied to this binding element - and the operation was successful. False if the operation did not apply to this message. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets the protection offered (if any) by this binding element. - - - - - Gets or sets the channel that this binding element belongs to. - - - - - Represents an OAuth consumer that is impersonating a known user on the system. - - - - - Initializes a new instance of the class. - - The username. - !String.IsNullOrEmpty(username) - String.IsNullOrEmpty(username) - - - - Gets the type of authentication used. - - The constant "OAuth" - - The type of authentication used to identify the user. - - - - - Gets a value indicating whether the user has been authenticated. - - The value true - true if the user was authenticated; otherwise, false. - - - - - Gets the name of the user who authorized the OAuth token the consumer is using for authorization. - - - The name of the user on whose behalf the code is running. - - - - - Represents an OAuth consumer that is impersonating a known user on the system. - - - - - The roles this user belongs to. - - - - - Initializes a new instance of the class. - - The username. - The roles this user belongs to. - - - - Initializes a new instance of the class. - - The access token. - token != null - token == null - - - - Initializes a new instance of the class. - - The identity. - The roles this user belongs to. - - - - Determines whether the current principal belongs to the specified role. - - The name of the role for which to check membership. - - true if the current principal is a member of the specified role; otherwise, false. - - - The role membership check uses . - - - - - Gets the access token used to create this principal. - - A non-empty string. - - - - Gets the identity of the current principal. - - - - The object associated with the current principal. - - - Contract.Result<IIdentity>() != null - - - - - A binding element that signs outgoing messages and verifies the signature on incoming messages. - - - - - A binding element that signs outgoing messages and verifies the signature on incoming messages. - - - - - An interface that must be implemented by message transforms/validators in order - to be included in the channel stack. - - - - - Clones this instance. - - The cloned instance. - Contract.Result<ITamperProtectionChannelBindingElement>() != null - - - - Gets or sets the delegate that will initialize the non-serialized properties necessary on a - signable message so that its signature can be correctly calculated or verified. - - - - - The signature method this binding element uses. - - - - - Initializes a new instance of the class. - - The OAuth signature method that the binding element uses. - - - - Creates a new object that is a copy of the current instance. - - - A new object that is a copy of this instance. - - Contract.Result<ITamperProtectionChannelBindingElement>() != null - - - - Signs the outgoing message. - - The message to sign. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Verifies the signature on an incoming message. - - The message whose signature should be verified. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - Thrown if the signature is invalid. - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Constructs the OAuth Signature Base String and returns the result. - - The message. - The message to derive the signature base string from. - The signature base string. - - This method implements OAuth 1.0 section 9.1. - - message != null - message == null - !string.IsNullOrEmpty(message.HttpMethod) - string.IsNullOrEmpty(message.HttpMethod) - messageDictionary != null - messageDictionary == null - messageDictionary.Message == message - messageDictionary.Message != message - - - - Calculates a signature for a given message. - - The message to sign. - The signature for the message. - - This method signs the message per OAuth 1.0 section 9.2. - - - - - Gets the "ConsumerSecret&TokenSecret" string, allowing either property to be empty or null. - - The message to extract the secrets from. - The concatenated string. - - - - Determines whether the signature on some message is valid. - - The message to check the signature on. - - true if the signature on the message is valid; otherwise, false. - - message != null - message == null - - - - Clones this instance. - - A new instance of the binding element. - - Implementations of this method need not clone the SignatureVerificationCallback member, as the - class does this. - - - - - Calculates a signature for a given message. - - The message to sign. - The signature for the message. - message != null - message == null - this.Channel != null - this.Channel == null - - - - Checks whether this binding element applies to this message. - - The message that needs to be signed. - True if this binding element can be used to sign the message. False otherwise. - - - - Sorts parameters according to OAuth signature base string rules. - - The first parameter to compare. - The second parameter to compare. - Negative, zero or positive. - - - - Gets the message protection provided by this binding element. - - - - - Gets or sets the channel that this binding element belongs to. - - - - - Gets or sets the delegate that will initialize the non-serialized properties necessary on a signed - message so that its signature can be correctly calculated for verification. - - - - - Initializes a new instance of the class. - - - - - Calculates a signature for a given message. - - The message to sign. - The signature for the message. - - This method signs the message according to OAuth 1.0 section 9.4.1. - - message != null - message == null - this.Channel != null - this.Channel == null - - - - Checks whether this binding element applies to this message. - - The message that needs to be signed. - True if this binding element can be used to sign the message. False otherwise. - - - - Clones this instance. - - A new instance of the binding element. - - - - A binding element that signs outgoing messages and verifies the signature on incoming messages. - - - - - Initializes a new instance of the class - - - - - Calculates a signature for a given message. - - The message to sign. - The signature for the message. - - This method signs the message per OAuth 1.0 section 9.2. - - message != null - message == null - this.Channel != null - this.Channel == null - - - - Clones this instance. - - A new instance of the binding element. - - - - A description of a request token and its metadata as required by a Service Provider - - - - - Gets the token itself. - - - - - Gets the consumer key that requested this token. - - - - - Gets the (local) date that this request token was first created on. - - - - - Gets or sets the callback associated specifically with this token, if any. - - The callback URI; or null if no callback was specifically assigned to this token. - - - - Gets or sets the verifier that the consumer must include in the - message to exchange this request token for an access token. - - The verifier code, or null if none has been assigned (yet). - - - - Gets or sets the version of the Consumer that requested this token. - - - This property is used to determine whether a must be - generated when the user authorizes the Consumer or not. - - - - - Code Contract for the class. - - - - - Prevents a default instance of the SigningBindingElementBaseContract class from being created. - - - - - Clones this instance. - - A new instance of the binding element. - - Implementations of this method need not clone the SignatureVerificationCallback member, as the - class does this. - - - - - Calculates a signature for a given message. - - The message to sign. - The signature for the message. - - - - A tamper protection applying binding element that can use any of several given - binding elements to apply the protection. - - - - - The various signing binding elements that may be applicable to a message in preferred use order. - - - - - Initializes a new instance of the class. - - - The signing binding elements that may be used for some outgoing message, - in preferred use order. - - signers != null - signers == null - signers.Length > 0 - signers.Length <= 0 - !signers.Contains(null) - signers.Contains(null) - signers.Select(s => s.Protection).Distinct().Count() == 1 - !(signers.Select(s => s.Protection).Distinct().Count() == 1) - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Creates a new object that is a copy of the current instance. - - - A new object that is a copy of this instance. - - Contract.Result<ITamperProtectionChannelBindingElement>() != null - - - - Gets or sets the delegate that will initialize the non-serialized properties necessary on a signed - message so that its signature can be correctly calculated for verification. - May be null for Consumers (who never have to verify signatures). - - - - - Gets the protection offered (if any) by this binding element. - - - - - Gets or sets the channel that this binding element belongs to. - - - - - A cryptographically strong random string generator for tokens and secrets. - - - - - Generates a new token to represent a not-yet-authorized request to access protected resources. - - The consumer that requested this token. - The newly generated token. - - This method should not store the newly generated token in any persistent store. - This will be done in . - - - - - Generates a new token to represent an authorized request to access protected resources. - - The consumer that requested this token. - The newly generated token. - - This method should not store the newly generated token in any persistent store. - This will be done in . - - - - - Returns a cryptographically strong random string for use as a token secret. - - The generated string. - - - - Returns a new random string. - - The new random string. - - - - The two types of tokens that exist in the OAuth protocol. - - - - - A token that is freely issued to any known Consumer. - It does not grant any authorization to access protected resources, - but is used as a step in obtaining that access. - - - - - A token only obtained after the owner of some protected resource(s) - has approved a Consumer's access to said resource(s). - - - - - An unrecognized, expired or invalid token. - - - - - An URI encoder that translates null references as "oob" - instead of an empty/missing argument. - - - - - The string constant "oob", used to indicate an out-of-band configuration. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Gets the string representation to include in a serialized message - when the message part has a null value. - - - - - - A binding element for Service Providers to manage the - callbacks and verification codes on applicable messages. - - - - - The token manager offered by the service provider. - - - - - Initializes a new instance of the class. - - The token manager. - tokenManager != null - tokenManager == null - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Ensures that access tokens have not yet expired. - - The incoming message carrying the access token. - message != null - message == null - - - - Ensures that short-lived request tokens included in incoming messages have not expired. - - The incoming message. - Thrown when the token in the message has expired. - - - - Gets or sets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - Base class for and types. - - - - - Initializes a new instance of the class. - - The endpoints and behavior of the Service Provider. - The host's method of storing and recalling tokens and secrets. - serviceDescription != null - serviceDescription == null - tokenManager != null - tokenManager == null - - - - Creates a web request prepared with OAuth authorization - that may be further tailored by adding parameters by the caller. - - The URL and method on the Service Provider to send the request to. - The access token that permits access to the protected resource. - The initialized WebRequest object. - endpoint != null - endpoint == null - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - - - - Creates a web request prepared with OAuth authorization - that may be further tailored by adding parameters by the caller. - - The URL and method on the Service Provider to send the request to. - The access token that permits access to the protected resource. - Extra parameters to include in the message. Must not be null, but may be empty. - The initialized WebRequest object. - endpoint != null - endpoint == null - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - extraData != null - extraData == null - - - - Prepares an authorized request that carries an HTTP multi-part POST, allowing for binary data. - - The URL and method on the Service Provider to send the request to. - The access token that permits access to the protected resource. - Extra parameters to include in the message. Must not be null, but may be empty. - The initialized WebRequest object. - endpoint != null - endpoint == null - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - binaryData != null - binaryData == null - - - - Prepares an HTTP request that has OAuth authorization already attached to it. - - The OAuth authorization message to attach to the HTTP request. - - The HttpWebRequest that can be used to send the HTTP request to the remote service provider. - - - If property on the - has the - flag set and - is set to an HTTP method - that includes an entity body, the request stream is automatically sent - if and only if the dictionary is non-empty. - - message != null - message == null - - - - Creates a web request prepared with OAuth authorization - that may be further tailored by adding parameters by the caller. - - The URL and method on the Service Provider to send the request to. - The access token that permits access to the protected resource. - The initialized WebRequest object. - Thrown if the request fails for any reason after it is sent to the Service Provider. - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Creates a web request prepared with OAuth authorization - that may be further tailored by adding parameters by the caller. - - The URL and method on the Service Provider to send the request to. - The access token that permits access to the protected resource. - The initialized WebRequest object. - endpoint != null - endpoint == null - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - - - - Prepares an OAuth message that begins an authorization request that will - redirect the user to the Service Provider to provide that authorization. - - - An optional Consumer URL that the Service Provider should redirect the - User Agent to upon successful authorization. - - Extra parameters to add to the request token message. Optional. - Extra parameters to add to the redirect to Service Provider message. Optional. - The request token that must be exchanged for an access token after the user has provided authorization. - The pending user agent redirect based message to be sent as an HttpResponse. - - - - Exchanges a given request token for access token. - - The request token that the user has authorized. - The verifier code. - - The access token assigned by the Service Provider. - - !String.IsNullOrEmpty(requestToken) - String.IsNullOrEmpty(requestToken) - Contract.Result<AuthorizedTokenResponse>() != null - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets the Consumer Key used to communicate with the Service Provider. - - - - - Gets the Service Provider that will be accessed. - - - - - Gets the persistence store for tokens and secrets. - - - - - Gets the channel to use for sending/receiving messages. - - - - - Gets the security settings for this consumer. - - - - - Gets or sets the channel to use for sending/receiving messages. - - - - - Security settings that are applicable to consumers. - - - - - Security settings that may be applicable to both consumers and service providers. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - - - - Used by a desktop application to use OAuth to access the Service Provider on behalf of the User. - - - The methods on this class are thread-safe. Provided the properties are set and not changed - afterward, a single instance of this class may be used by an entire desktop application safely. - - - - - Initializes a new instance of the class. - - The endpoints and behavior of the Service Provider. - The host's method of storing and recalling tokens and secrets. - - - - Begins an OAuth authorization request. - - Extra parameters to add to the request token message. Optional. - Extra parameters to add to the redirect to Service Provider message. Optional. - The request token that must be exchanged for an access token after the user has provided authorization. - The URL to open a browser window to allow the user to provide authorization. - - - - Exchanges a given request token for access token. - - The request token that the user has authorized. - The access token assigned by the Service Provider. - - - - Exchanges a given request token for access token. - - The request token that the user has authorized. - The verifier code typed in by the user. Must not be Null for OAuth 1.0a service providers and later. - - The access token assigned by the Service Provider. - - - - - The interface that classes must implement to be serialized/deserialized - as protocol or extension messages that uses POST multi-part data for binary content. - - - - - Gets the parts of the message that carry binary data. - - A list of parts. Never null. - - Contract.Result<IList<MultipartPostPart>>() != null - - - - - Gets a value indicating whether this message should be sent as multi-part POST. - - - - - The contract class for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the parts of the message that carry binary data. - - A list of parts. Never null. - - - - Gets a value indicating whether this message should be sent as multi-part POST. - - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - - Implementations of this interface should ensure that this property never returns null. - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - - Implementations of this interface should ensure that this property never returns null. - - - - - Gets the preferred method of transport for the message. - - - For indirect messages this will likely be GET+POST, which both can be simulated in the user agent: - the GET with a simple 301 Redirect, and the POST with an HTML form in the response with javascript - to automate submission. - - - - - Gets the URL of the intended receiver of this message. - - - - - Gets the level of protection this message requires. - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - An interface implemented by all OAuth messages that have a request or access token and secret properties. - - - - - An interface implemented by all OAuth messages that have a request or access token property. - - - - - Gets or sets the Request or Access Token. - - - - - Gets or sets the Request or Access Token secret. - - - - - The data packet sent with Channel events. - - - - - Initializes a new instance of the class. - - The message behind the fired event.. - message != null - message == null - - - - Gets the message that caused the event to fire. - - - - - Contract class for the interface. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Clones this instance. - - The cloned instance. - - - - Gets or sets the delegate that will initialize the non-serialized properties necessary on a - signable message so that its signature can be correctly calculated or verified. - - - - - Gets or sets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to Cannot send access token to Consumer for request token '{0}' before it has been authorized.. - - - - - Looks up a localized string similar to The access token '{0}' is invalid or expired.. - - - - - Looks up a localized string similar to Failure looking up secret for consumer or token.. - - - - - Looks up a localized string similar to oauth_verifier argument was incorrect.. - - - - - Looks up a localized string similar to An invalid OAuth message received and discarded.. - - - - - Looks up a localized string similar to The {0} message included extra data which is not allowed.. - - - - - Looks up a localized string similar to This OAuth service provider requires OAuth consumers to implement OAuth {0}, but this consumer appears to only support {1}.. - - - - - Looks up a localized string similar to Cannot send OAuth message as multipart POST without an authorization HTTP header because sensitive data would not be signed.. - - - - - Looks up a localized string similar to Use of the OpenID+OAuth extension requires that the token manager in use implement the {0} interface.. - - - - - Looks up a localized string similar to The OpenID Relying Party's realm is not recognized as belonging to the OAuth Consumer identified by the consumer key given.. - - - - - Looks up a localized string similar to The request URL query MUST NOT contain any OAuth Protocol Parameters.. - - - - - Looks up a localized string similar to The signing element already has been associated with a channel.. - - - - - Looks up a localized string similar to All signing elements must offer the same message protection.. - - - - - Looks up a localized string similar to A token in the message was not recognized by the service provider.. - - - - - Looks up a localized string similar to The RSA-SHA1 signing binding element has not been set with a certificate for signing.. - - - - - A description of the endpoints on a Service Provider. - - - - - The field used to store the value of the property. - - - - - Initializes a new instance of the class. - - - - - Creates a signing element that includes all the signing elements this service provider supports. - - The created signing element. - this.TamperProtectionElements != null - - - - Gets or sets the OAuth version supported by the Service Provider. - - - - - Gets or sets the URL used to obtain an unauthorized Request Token, - described in Section 6.1 (Obtaining an Unauthorized Request Token). - - - The request URL query MUST NOT contain any OAuth Protocol Parameters. - This is the URL that messages are directed to. - - Thrown if this property is set to a URI with OAuth protocol parameters. - - - - Gets or sets the URL used to obtain User authorization for Consumer access, - described in Section 6.2 (Obtaining User Authorization). - - - This is the URL that messages are - indirectly (via the user agent) sent to. - - - - - Gets or sets the URL used to exchange the User-authorized Request Token - for an Access Token, described in Section 6.3 (Obtaining an Access Token). - - - This is the URL that messages are directed to. - - - - - Gets or sets the signing policies that apply to this Service Provider. - - - - - Gets the OAuth version supported by the Service Provider. - - - - - A base class for all signed OAuth messages. - - - - - A base class for all OAuth messages. - - - - - A store for extra name/value data pairs that are attached to this message. - - - - - Gets a value indicating whether signing this message is required. - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - The URI to the remote endpoint to send this message to. - - - - - Backing store for the properties. - - - - - Backing store for the properties. - - - - - Initializes a new instance of the class for direct response messages. - - The level of protection the message requires. - The request that asked for this direct response. - The OAuth version. - originatingRequest != null - originatingRequest == null - version != null - version == null - - - - Initializes a new instance of the class for direct requests or indirect messages. - - The level of protection the message requires. - A value indicating whether this message requires a direct or indirect transport. - The URI that a directed message will be delivered to. - The OAuth version. - recipient != null - recipient == null - version != null - version == null - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - - - Returns a human-friendly string describing the message and all serializable properties. - - The channel that will carry this message. - - The string representation of this object. - - channel != null - channel == null - - - - Sets a flag indicating that this message is received (as opposed to sent). - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - - - Gets the version of the protocol this message is prepared to implement. - - - Contract.Result<Version>() != null - - - - - Gets the level of protection this message requires. - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - Gets the dictionary of additional name/value fields tacked on to this message. - - - Contract.Result<IDictionary<string, string>>() != null - - - - - Gets the URI to the Service Provider endpoint to send this message to. - - - - - Gets the preferred method of transport for the message. - - - - - Gets the originating request message that caused this response to be formed. - - - - - Gets or sets a value indicating whether security sensitive strings are - emitted from the ToString() method. - - - - - Gets a value indicating whether this message was deserialized as an incoming message. - - - - - Gets the version of the protocol this message is prepared to implement. - - - - - Gets the level of protection this message requires. - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - Gets the dictionary of additional name/value fields tacked on to this message. - - - - - Gets the preferred method of transport for the message. - - - - - Gets or sets the URI to the Service Provider endpoint to send this message to. - - - - - Gets the originating request message that caused this response to be formed. - - - - - An interface that OAuth messages implement to support signing. - - - - - The contract a message that is signed must implement. - - - This type might have appeared in the DotNetOpenAuth.Messaging.Bindings namespace since - it is only used by types in that namespace, but all those types are internal and this - is the only one that was public. - - - - - Gets or sets the message signature. - - - - - Gets or sets the method used to sign the message. - - - - - Gets or sets the Token Secret used to sign the message. - - - - - Gets or sets the Consumer key. - - - - - Gets or sets the Consumer Secret used to sign the message. - - - - - Gets or sets the HTTP method that will be used to transmit the message. - - - - - Gets or sets the URL of the intended receiver of this message. - - - - - The contract a message that has an allowable time window for processing must implement. - - - All expiring messages must also be signed to prevent tampering with the creation date. - - - - - Gets or sets the UTC date/time the message was originally sent onto the network. - - - The property setter should ensure a UTC date/time, - and throw an exception if this is not possible. - - - Thrown when a DateTime that cannot be converted to UTC is set. - - - - - The contract a message that has an allowable time window for processing must implement. - - - All replay-protected messages must also be set to expire so the nonces do not have - to be stored indefinitely. - - - - - Gets the context within which the nonce must be unique. - - - The value of this property must be a value assigned by the nonce consumer - to represent the entity that generated the nonce. The value must never be - null but may be the empty string. - This value is treated as case-sensitive. - - - - - Gets or sets the nonce that will protect the message from replay attacks. - - - - - The reference date and time for calculating time stamps. - - - - - The number of seconds since 1/1/1970, consistent with the OAuth timestamp requirement. - - - - - Initializes a new instance of the class. - - A value indicating whether this message requires a direct or indirect transport. - The URI that a directed message will be delivered to. - The OAuth version. - - - - Gets or sets the signature method used to sign the request. - - - - - Gets or sets the Token Secret used to sign the message. - - - - - Gets or sets the Consumer key. - - - - - Gets or sets the Consumer Secret used to sign the message. - - - - - Gets or sets the HTTP method that will be used to transmit the message. - - - - - Gets or sets the URI to the Service Provider endpoint to send this message to. - - - - - Gets or sets the message signature. - - - - - Gets or sets the OAuth timestamp of the message. - - - - - Gets the context within which the nonce must be unique. - - The consumer key. - - - - Gets or sets the message nonce used for replay detection. - - - - - Gets or sets the signature method used to sign the request. - - - - - Gets or sets the Token Secret used to sign the message. - - - - - Gets or sets the Consumer Secret used to sign the message. - - - - - Gets or sets the HTTP method that will be used to transmit the message. - - - - - Gets or sets the message signature. - - - - - Gets or sets the version of the protocol this message was created with. - - - - - An in-memory nonce store. Useful for single-server web applications. - NOT for web farms. - - - - - Describes the contract a nonce store must fulfill. - - - - - Stores a given nonce and timestamp. - - The context, or namespace, within which the - must be unique. - The context SHOULD be treated as case-sensitive. - The value will never be null but may be the empty string. - A series of random characters. - The UTC timestamp that together with the nonce string make it unique - within the given . - The timestamp may also be used by the data store to clear out old nonces. - - True if the context+nonce+timestamp (combination) was not previously in the database. - False if the nonce was stored previously with the same timestamp and context. - - - The nonce must be stored for no less than the maximum time window a message may - be processed within before being discarded as an expired message. - This maximum message age can be looked up via the - - property, accessible via the - property. - - - - - How frequently we should take time to clear out old nonces. - - - - - The maximum age a message can be before it is discarded. - - - This is useful for knowing how long used nonces must be retained. - - - - - A list of the consumed nonces. - - - - - A lock object used around accesses to the field. - - - - - Where we're currently at in our periodic nonce cleaning cycle. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The maximum age a message can be before it is discarded. - - - - Stores a given nonce and timestamp. - - The context, or namespace, within which the must be unique. - A series of random characters. - The timestamp that together with the nonce string make it unique. - The timestamp may also be used by the data store to clear out old nonces. - - True if the nonce+timestamp (combination) was not previously in the database. - False if the nonce was stored previously with the same timestamp. - - - The nonce must be stored for no less than the maximum time window a message may - be processed within before being discarded as an expired message. - If the binding element is applicable to your channel, this expiration window - is retrieved or set using the - property. - - - - - Clears consumed nonces from the cache that are so old they would be - rejected if replayed because it is expired. - - - - - Security settings that are applicable to service providers. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the minimum required version of OAuth that must be implemented by a Consumer. - - - - - The different formats a user authorization verifier code can take - in order to be as secure as possible while being compatible with - the type of OAuth Consumer requesting access. - - - Some Consumers may be set-top boxes, video games, mobile devies, etc. - with very limited character entry support and no ability to receive - a callback URI. OAuth 1.0a requires that these devices operators - must manually key in a verifier code, so in these cases it better - be possible to do so given the input options on that device. - - - - - The strongest verification code. - The best option for web consumers since a callback is usually an option. - - - - - A combination of upper and lowercase letters and numbers may be used, - allowing a computer operator to easily read from the screen and key - in the verification code. - - - Some letters and numbers will be skipped where they are visually similar - enough that they can be difficult to distinguish when displayed with most fonts. - - - - - Only uppercase letters will be used in the verification code. - Verification codes are case-sensitive, so consumers with fixed - keyboards with only one character case option may require this option. - - - - - Only lowercase letters will be used in the verification code. - Verification codes are case-sensitive, so consumers with fixed - keyboards with only one character case option may require this option. - - - - - Only the numbers 0-9 will be used in the verification code. - Must useful for consumers running on mobile phone devices. - - - - - A website or application that uses OAuth to access the Service Provider on behalf of the User. - - - The methods on this class are thread-safe. Provided the properties are set and not changed - afterward, a single instance of this class may be used by an entire web application safely. - - - - - Initializes a new instance of the class. - - The endpoints and behavior of the Service Provider. - The host's method of storing and recalling tokens and secrets. - - - - Begins an OAuth authorization request and redirects the user to the Service Provider - to provide that authorization. Upon successful authorization, the user is redirected - back to the current page. - - The pending user agent redirect based message to be sent as an HttpResponse. - - Requires HttpContext.Current. - - - - - Prepares an OAuth message that begins an authorization request that will - redirect the user to the Service Provider to provide that authorization. - - - An optional Consumer URL that the Service Provider should redirect the - User Agent to upon successful authorization. - - Extra parameters to add to the request token message. Optional. - Extra parameters to add to the redirect to Service Provider message. Optional. - The pending user agent redirect based message to be sent as an HttpResponse. - - - - Processes an incoming authorization-granted message from an SP and obtains an access token. - - The access token, or null if no incoming authorization message was recognized. - - Requires HttpContext.Current. - - - - - Attaches an OAuth authorization request to an outgoing OpenID authentication request. - - The OpenID authentication request. - The scope of access that is requested of the service provider. - openIdAuthenticationRequest != null - openIdAuthenticationRequest == null - - - - Processes an incoming authorization-granted message from an SP and obtains an access token. - - The OpenID authentication response that may be carrying an authorized request token. - - The access token, or null if OAuth authorization was denied by the user or service provider. - - - The access token, if granted, is automatically stored in the . - The token manager instance must implement . - - openIdAuthenticationResponse != null - openIdAuthenticationResponse == null - this.TokenManager is IOpenIdOAuthTokenManager - !(this.TokenManager is IOpenIdOAuthTokenManager) - - - - Processes an incoming authorization-granted message from an SP and obtains an access token. - - The incoming HTTP request. - The access token, or null if no incoming authorization message was recognized. - request != null - request == null - - - - A contract for handling. - - - Implementations of this interface must be thread safe. - - - - - Determines whether this instance can support the specified options. - - The set of options that might be given in a subsequent web request. - - true if this instance can support the specified options; otherwise, false. - - - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - - The stream the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Callers must close and dispose of the request stream when they are done - writing to it to avoid taking up the connection too long and causing long waits on - subsequent requests. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - request != null - request == null - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - The options to apply to this web request. - - The stream the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Callers must close and dispose of the request stream when they are done - writing to it to avoid taking up the connection too long and causing long waits on - subsequent requests. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - request != null - request == null - ((IDirectWebRequestHandler)this).CanSupport(options) - !(((IDirectWebRequestHandler)this).CanSupport(options)) - - - - Processes an and converts the - to a instance. - - The to handle. - An instance of describing the response. - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - request != null - request == null - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Processes an and converts the - to a instance. - - The to handle. - The options to apply to this web request. - An instance of describing the response. - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - request != null - request == null - ((IDirectWebRequestHandler)this).CanSupport(options) - !(((IDirectWebRequestHandler)this).CanSupport(options)) - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Code contract for the type. - - - - - Determines whether this instance can support the specified options. - - The set of options that might be given in a subsequent web request. - - true if this instance can support the specified options; otherwise, false. - - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - - The stream the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Callers must close and dispose of the request stream when they are done - writing to it to avoid taking up the connection too long and causing long waits on - subsequent requests. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - The options to apply to this web request. - - The stream the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Callers must close and dispose of the request stream when they are done - writing to it to avoid taking up the connection too long and causing long waits on - subsequent requests. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - - - - Processes an and converts the - to a instance. - - The to handle. - - An instance of describing the response. - - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - - - - Processes an and converts the - to a instance. - - The to handle. - The options to apply to this web request. - - An instance of describing the response. - - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - - - - A direct message sent by the Consumer to exchange an authorized Request Token - for an Access Token and Token Secret. - - - The class is sealed because the OAuth spec forbids adding parameters to this message. - - - - - Initializes a new instance of the class. - - The URI of the Service Provider endpoint to send this message to. - The OAuth version. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - - - Gets or sets the Token. - - - - - Gets or sets the verification code received by the Consumer from the Service Provider - in the property. - - - - - Gets or sets the authorized Request Token used to obtain authorization. - - - - - A binding element that checks/verifies a nonce message part. - - - - - These are the characters that may be chosen from when forming a random nonce. - - - - - The persistent store for nonces received. - - - - - The length of generated nonces. - - - - - Initializes a new instance of the class. - - The store where nonces will be persisted and checked. - - - - Initializes a new instance of the class. - - The store where nonces will be persisted and checked. - A value indicating whether zero-length nonces will be allowed. - nonceStore != null - nonceStore == null - - - - Applies a nonce to the message. - - The message to apply replay protection to. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Verifies that the nonce in an incoming message has not been seen before. - - The incoming message. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - Thrown when the nonce check revealed a replayed message. - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Generates a string of random characters for use as a nonce. - - The nonce string. - - - - Gets the protection that this binding element provides messages. - - - - - Gets or sets the channel that this binding element belongs to. - - - - - Gets or sets the strength of the nonce, which is measured by the number of - nonces that could theoretically be generated. - - - The strength of the nonce is equal to the number of characters that might appear - in the nonce to the power of the length of the nonce. - - - - - Gets or sets a value indicating whether empty nonces are allowed. - - Default is false. - - - - Applied to fields and properties that form a key/value in a protocol message. - - - - - The overridden name to use as the serialized name for the property. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - - A special name to give the value of this member in the serialized message. - When null or empty, the name of the member will be used in the serialized message. - - - - - Gets the name of the serialized form of this member in the message. - - - - - Gets or sets the level of protection required by this member in the serialized message. - - - Message part protection must be provided and verified by the channel binding element(s) - that provide security. - - - - - Gets or sets a value indicating whether this member is a required part of the serialized message. - - - - - Gets or sets a value indicating whether the string value is allowed to be empty in the serialized message. - - Default is true. - - - - Gets or sets an IMessagePartEncoder custom encoder to use - to translate the applied member to and from a string. - - - - - Gets or sets the minimum version of the protocol this attribute applies to - and overrides any attributes with lower values for this property. - - Defaults to 0.0. - - - - Gets or sets the maximum version of the protocol this attribute applies to. - - Defaults to int.MaxValue for the major version number. - - Specifying on another attribute on the same member - automatically turns this attribute off. This property should only be set when - a property is totally dropped from a newer version of the protocol. - - - - - Gets or sets the minimum version of the protocol this attribute applies to - and overrides any attributes with lower values for this property. - - Defaults to 0.0. - - - - Gets or sets the maximum version of the protocol this attribute applies to. - - Defaults to int.MaxValue for the major version number. - - Specifying on another attribute on the same member - automatically turns this attribute off. This property should only be set when - a property is totally dropped from a newer version of the protocol. - - - - - Categorizes the various types of channel binding elements so they can be properly ordered. - - - The order of these enum values is significant. - Each successive value requires the protection offered by all the previous values - in order to be reliable. For example, message expiration is meaningless without - tamper protection to prevent a user from changing the timestamp on a message. - - - - - No protection. - - - - - A binding element that signs a message before sending and validates its signature upon receiving. - - - - - A binding element that enforces a maximum message age between sending and processing on the receiving side. - - - - - A binding element that prepares messages for replay detection and detects replayed messages on the receiving side. - - - - - All forms of protection together. - - - - - Code Contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Gets or sets the channel that this binding element belongs to. - - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - An exception thrown when a message is received for the second time, signalling a possible - replay attack. - - - - - Initializes a new instance of the class. - - The replayed message. - - - - Initializes a new instance of the class. - - The - that holds the serialized object data about the exception being thrown. - The System.Runtime.Serialization.StreamingContext - that contains contextual information about the source or destination. - - - - An exception thrown when a message is received that exceeds the maximum message age limit. - - - - - Initializes a new instance of the class. - - The date the message expired. - The expired message. - utcExpirationDate.Kind == DateTimeKind.Utc - utcExpirationDate.Kind != DateTimeKind.Utc - faultedMessage != null - faultedMessage == null - - - - Initializes a new instance of the class. - - The - that holds the serialized object data about the exception being thrown. - The System.Runtime.Serialization.StreamingContext - that contains contextual information about the source or destination. - - - - An exception thrown when a signed message does not pass signature validation. - - - - - Initializes a new instance of the class. - - The message with the invalid signature. - - - - Initializes a new instance of the class. - - The - that holds the serialized object data about the exception being thrown. - The System.Runtime.Serialization.StreamingContext - that contains contextual information about the source or destination. - - - - A message attached to a request for protected resources that provides the necessary - credentials to be granted access to those resources. - - - - - A store for the binary data that is carried in the message. - - - - - Initializes a new instance of the class. - - The URI of the Service Provider endpoint to send this message to. - The OAuth version. - - - - Gets or sets the Token. - - - - - Gets or sets the Access Token. - - - In addition to just allowing OAuth to verify a valid message, - this property is useful on the Service Provider to verify that the access token - has proper authorization for the resource being requested, and to know the - context around which user provided the authorization. - - - - - Gets the parts of the message that carry binary data. - - A list of parts. Never null. - - Contract.Result<IList<MultipartPostPart>>() != null - - - - - Gets a value indicating whether this message should be sent as multi-part POST. - - - - - A direct message sent from Service Provider to Consumer in response to - a Consumer's request. - - - - - Initializes a new instance of the class. - - The originating request. - - - - Gets or sets the Access Token assigned by the Service Provider. - - - - - Gets or sets the Request or Access Token. - - - - - Gets or sets the Request or Access Token secret. - - - - - Gets the extra, non-OAuth parameters that will be included in the message. - - - - - Gets or sets the Token Secret. - - - - - A message used to redirect the user from a Service Provider to a Consumer's web site. - - - The class is sealed because extra parameters are determined by the callback URI provided by the Consumer. - - - - - Initializes a new instance of the class. - - The URI of the Consumer endpoint to send this message to. - The OAuth version. - - - - Gets or sets the Request or Access Token. - - - - - Gets or sets the verification code that must accompany the request to exchange the - authorized request token for an access token. - - An unguessable value passed to the Consumer via the User and REQUIRED to complete the process. - - If the Consumer did not provide a callback URL, the Service Provider SHOULD display the value of the - verification code, and instruct the User to manually inform the Consumer that authorization is - completed. If the Service Provider knows a Consumer to be running on a mobile device or set-top box, - the Service Provider SHOULD ensure that the verifier value is suitable for manual entry. - - - - - Gets or sets the Request Token. - - - - - A message used to redirect the user from a Consumer to a Service Provider's web site - so the Service Provider can ask the user to authorize the Consumer's access to some - protected resource(s). - - - - - Initializes a new instance of the class. - - The URI of the Service Provider endpoint to send this message to. - The request token. - The OAuth version. - - - - Initializes a new instance of the class. - - The URI of the Service Provider endpoint to send this message to. - The OAuth version. - - - - Gets or sets the Request or Access Token. - - - - - Gets the extra, non-OAuth parameters that will be included in the message. - - - - - Gets a value indicating whether this is a safe OAuth authorization request. - - - true if the Consumer is using OAuth 1.0a or later; otherwise, false. - - - - Gets or sets the Request Token obtained in the previous step. - - - The Service Provider MAY declare this parameter as REQUIRED, or - accept requests to the User Authorization URL without it, in which - case it will prompt the User to enter it manually. - - - - - Gets or sets a URL the Service Provider will use to redirect the User back - to the Consumer when Obtaining User Authorization is complete. Optional. - - - - - A direct message sent from Service Provider to Consumer in response to - a Consumer's request. - - - - - Initializes a new instance of the class. - - The unauthorized request token message that this message is being generated in response to. - The request token. - The token secret. - - This constructor is used by the Service Provider to send the message. - - requestToken != null - requestToken == null - tokenSecret != null - tokenSecret == null - - - - Initializes a new instance of the class. - - The originating request. - The OAuth version. - This constructor is used by the consumer to deserialize the message. - - - - Gets or sets the Request or Access Token. - - - - - Gets or sets the Request or Access Token secret. - - - - - Gets the extra, non-OAuth parameters that will be included in the message. - - - - - Gets or sets the Request Token. - - - - - Gets the original request for an unauthorized token. - - - - - Gets or sets the Token Secret. - - - - - Gets a value indicating whether the Service Provider recognized the callback parameter in the request. - - - - - A property store of details of an incoming HTTP request. - - - This serves a very similar purpose to , except that - ASP.NET does not let us fully initialize that class, so we have to write one - of our one. - - - - - The key/value pairs found in the entity of a POST request. - - - - - The key/value pairs found in the querystring of the incoming request. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - The ASP.NET structure to copy from. - request != null - request == null - this.HttpMethod == request.HttpMethod - this.Url == request.Url - this.RawUrl == request.RawUrl - this.UrlBeforeRewriting != null - this.Headers != null - this.InputStream == request.InputStream - this.form == request.Form - this.queryString == request.QueryString - - - - Initializes a new instance of the class. - - The HTTP method (i.e. GET or POST) of the incoming request. - The URL being requested. - The raw URL that appears immediately following the HTTP verb in the request, - before any URL rewriting takes place. - Headers in the HTTP request. - The entity stream, if any. (POST requests typically have these). Use null for GET requests. - !string.IsNullOrEmpty(httpMethod) - string.IsNullOrEmpty(httpMethod) - requestUrl != null - requestUrl == null - rawUrl != null - rawUrl == null - headers != null - headers == null - - - - Initializes a new instance of the class. - - Details on the incoming HTTP request. - listenerRequest != null - listenerRequest == null - - - - Initializes a new instance of the class. - - The WCF incoming request structure to get the HTTP information from. - The URI of the service endpoint. - request != null - request == null - requestUri != null - requestUri == null - - - - Initializes a new instance of the class. - - this.HttpMethod == "GET" - this.Headers != null - - - - Initializes a new instance of the class. - - The HttpWebRequest (that was never used) to copy from. - request != null - request == null - - - - Initializes a new instance of the class. - - The message being passed in through a mock transport. May be null. - The HTTP method that the incoming request came in on, whether or not is null. - - - - Gets the public facing URL for the given incoming HTTP request. - - The request. - The server variables to consider part of the request. - - The URI that the outside world used to create this request. - - - Although the value can be obtained from - , it's useful to be able to pass them - in so we can simulate injected values from our unit tests since the actual property - is a read-only kind of . - - request != null - request == null - serverVariables != null - serverVariables == null - - - - Gets the query or form data from the original request (before any URL rewriting has occurred.) - - A set of name=value pairs. - - - - Gets the public facing URL for the given incoming HTTP request. - - The request. - The URI that the outside world used to create this request. - request != null - request == null - - - - Makes up a reasonable guess at the raw URL from the possibly rewritten URL. - - A full URL. - A raw URL that might have come in on the HTTP verb. - url != null - url == null - - - - Converts a NameValueCollection to a WebHeaderCollection. - - The collection a HTTP headers. - A new collection of the given headers. - pairs != null - pairs == null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets or sets the message that is being sent over a mock transport (for testing). - - - - - Gets or sets the verb in the request (i.e. GET, POST, etc.) - - - - - Gets or sets the entire URL of the request, after any URL rewriting. - - - - - Gets or sets the raw URL that appears immediately following the HTTP verb in the request, - before any URL rewriting takes place. - - - - - Gets or sets the full public URL used by the remote client to initiate this request, - before any URL rewriting and before any changes made by web farm load distributors. - - - - - Gets the query part of the URL (The ? and everything after it), after URL rewriting. - - - - - Gets or sets the collection of headers that came in with the request. - - - - - Gets or sets the entity, or body of the request, if any. - - - - - Gets the key/value pairs found in the entity of a POST request. - - - Contract.Result<NameValueCollection>() != null - - - - - Gets the key/value pairs found in the querystring of the incoming request. - - - - - Gets the query data from the original request (before any URL rewriting has occurred.) - - A containing all the parameters in the query string. - - - - Gets a value indicating whether the request's URL was rewritten by ASP.NET - or some other module. - - - true if this request's URL was rewritten; otherwise, false. - - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The intended or actual recipient of the request message. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The message that was sent as a request that resulted in the response. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - - - - Serializes/deserializes OAuth messages for/from transit. - - this.messageType != null - - - - The specific -derived type - that will be serialized and deserialized using this class. - - - - - Initializes a new instance of the MessageSerializer class. - - The specific -derived type - that will be serialized and deserialized using this class. - messageType != null - messageType == null - typeof(IMessage).IsAssignableFrom(messageType) - !(typeof(IMessage).IsAssignableFrom(messageType)) - this.messageType != null - - - - Creates or reuses a message serializer for a given message type. - - The type of message that will be serialized/deserialized. - A message serializer for the given message type. - messageType != null - messageType == null - typeof(IMessage).IsAssignableFrom(messageType) - !(typeof(IMessage).IsAssignableFrom(messageType)) - - - - Reads JSON as a flat dictionary into a message. - - The message dictionary to fill with the JSON-deserialized data. - The JSON reader. - messageDictionary != null - messageDictionary == null - reader != null - reader == null - - - - Reads the data from a message instance and returns a series of name=value pairs for the fields that must be included in the message. - - The message to be serialized. - The dictionary of values to send for the message. - - messageDictionary != null - messageDictionary == null - Contract.Result<IDictionary<string, string>>() != null - - - - Reads the data from a message instance and writes a XML/JSON encoding of it. - - The message to be serialized. - The writer to use for the serialized form. - - Use - to create the instance capable of emitting JSON. - - - messageDictionary != null - messageDictionary == null - writer != null - writer == null - - - - Reads name=value pairs into a message. - - The name=value pairs that were read in from the transport. - The message to deserialize into. - Thrown when protocol rules are broken by the incoming message. - fields != null - fields == null - messageDictionary != null - messageDictionary == null - - - - Reads XML/JSON into a message dictionary. - - The message to deserialize into. - The XML/JSON to read into the message. - Thrown when protocol rules are broken by the incoming message. - - Use - to create the instance capable of reading JSON. - - messageDictionary != null - messageDictionary == null - reader != null - reader == null - - - - Determines whether the specified type is numeric. - - The type to test. - - true if the specified type is numeric; otherwise, false. - - - - - Verifies conditions that should be true for any valid state of this object. - - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to Argument's {0}.{1} property is required but is empty or null.. - - - - - Looks up a localized string similar to Unable to send all message data because some of it requires multi-part POST, but IMessageWithBinaryData.SendAsMultipart was false.. - - - - - Looks up a localized string similar to HttpContext.Current is null. There must be an ASP.NET request in process for this operation to succeed.. - - - - - Looks up a localized string similar to DataContractSerializer could not be initialized on message type {0}. Is it missing a [DataContract] attribute?. - - - - - Looks up a localized string similar to DataContractSerializer could not be initialized on message type {0} because the DataContractAttribute.Namespace property is not set.. - - - - - Looks up a localized string similar to An instance of type {0} was expected, but received unexpected derived type {1}.. - - - - - Looks up a localized string similar to The directed message's Recipient property must not be null.. - - - - - Looks up a localized string similar to The given set of options is not supported by this web request handler.. - - - - - Looks up a localized string similar to Unable to instantiate the message part encoder/decoder type {0}.. - - - - - Looks up a localized string similar to Error while deserializing message {0}.. - - - - - Looks up a localized string similar to Error occurred while sending a direct message or getting the response.. - - - - - Looks up a localized string similar to This exception was not constructed with a root request message that caused it.. - - - - - Looks up a localized string similar to This exception must be instantiated with a recipient that will receive the error message, or a direct request message instance that this exception will respond to.. - - - - - Looks up a localized string similar to Expected {0} message but received no recognizable message.. - - - - - Looks up a localized string similar to The message expired at {0} and it is now {1}.. - - - - - Looks up a localized string similar to Failed to add extra parameter '{0}' with value '{1}'.. - - - - - Looks up a localized string similar to At least one of GET or POST flags must be present.. - - - - - Looks up a localized string similar to This method requires a current HttpContext. Alternatively, use an overload of this method that allows you to pass in information without an HttpContext.. - - - - - Looks up a localized string similar to Messages that indicate indirect transport must implement the {0} interface.. - - - - - Looks up a localized string similar to Insecure web request for '{0}' aborted due to security requirements demanding HTTPS.. - - - - - Looks up a localized string similar to The {0} message required protections {{{1}}} but the channel could only apply {{{2}}}.. - - - - - Looks up a localized string similar to The customized binding element ordering is invalid.. - - - - - Looks up a localized string similar to Some part(s) of the message have invalid values: {0}. - - - - - Looks up a localized string similar to The incoming message had an invalid or missing nonce.. - - - - - Looks up a localized string similar to An item with the same key has already been added.. - - - - - Looks up a localized string similar to The {0} message does not support extensions.. - - - - - Looks up a localized string similar to The value for {0}.{1} on member {1} was expected to derive from {2} but was {3}.. - - - - - Looks up a localized string similar to Error while reading message '{0}' parameter '{1}' with value '{2}'.. - - - - - Looks up a localized string similar to Message parameter '{0}' with value '{1}' failed to base64 decode.. - - - - - Looks up a localized string similar to Error while preparing message '{0}' parameter '{1}' for sending.. - - - - - Looks up a localized string similar to This message has a timestamp of {0}, which is beyond the allowable clock skew for in the future.. - - - - - Looks up a localized string similar to A non-empty string was expected.. - - - - - Looks up a localized string similar to A message response is already queued for sending in the response stream.. - - - - - Looks up a localized string similar to This message has already been processed. This could indicate a replay attack in progress.. - - - - - Looks up a localized string similar to This channel does not support replay protection.. - - - - - Looks up a localized string similar to The following message parts had constant value requirements that were unsatisfied: {0}. - - - - - Looks up a localized string similar to The following required non-empty parameters were empty in the {0} message: {1}. - - - - - Looks up a localized string similar to The following required parameters were missing from the {0} message: {1}. - - - - - Looks up a localized string similar to The binding element offering the {0} protection requires other protection that is not provided.. - - - - - Looks up a localized string similar to The list is empty.. - - - - - Looks up a localized string similar to The list contains a null element.. - - - - - Looks up a localized string similar to An HttpContext.Current.Session object is required.. - - - - - Looks up a localized string similar to Message signature was incorrect.. - - - - - Looks up a localized string similar to This channel does not support signing messages. To support signing messages, a derived Channel type must override the Sign and IsSignatureValid methods.. - - - - - Looks up a localized string similar to This message factory does not support message type(s): {0}. - - - - - Looks up a localized string similar to The stream must have a known length.. - - - - - Looks up a localized string similar to The stream's CanRead property returned false.. - - - - - Looks up a localized string similar to The stream's CanWrite property returned false.. - - - - - Looks up a localized string similar to Expected at most 1 binding element to apply the {0} protection, but more than one applied.. - - - - - Looks up a localized string similar to The maximum allowable number of redirects were exceeded while requesting '{0}'.. - - - - - Looks up a localized string similar to The array must not be empty.. - - - - - Looks up a localized string similar to The empty string is not allowed.. - - - - - Looks up a localized string similar to Expected direct response to use HTTP status code {0} but was {1} instead.. - - - - - Looks up a localized string similar to Message parameter '{0}' had unexpected value '{1}'.. - - - - - Looks up a localized string similar to Expected message {0} parameter '{1}' to have value '{2}' but had '{3}' instead.. - - - - - Looks up a localized string similar to Expected message {0} but received {1} instead.. - - - - - Looks up a localized string similar to Unexpected message type received.. - - - - - Looks up a localized string similar to A null key was included and is not allowed.. - - - - - Looks up a localized string similar to A null or empty key was included and is not allowed.. - - - - - Looks up a localized string similar to A null value was included for key '{0}' and is not allowed.. - - - - - Looks up a localized string similar to The type {0} or a derived type was expected, but {1} was given.. - - - - - Looks up a localized string similar to {0} property has unrecognized value {1}.. - - - - - Looks up a localized string similar to The URL '{0}' is rated unsafe and cannot be requested this way.. - - - - - Looks up a localized string similar to This blob is not a recognized encryption format.. - - - - - Looks up a localized string similar to The HTTP verb '{0}' is unrecognized and unsupported.. - - - - - Looks up a localized string similar to '{0}' messages cannot be received with HTTP verb '{1}'.. - - - - - Looks up a localized string similar to Redirects on POST requests that are to untrusted servers is not supported.. - - - - - Looks up a localized string similar to Web request to '{0}' failed.. - - - - - A grab-bag of utility methods useful for the channel stack of the protocol. - - - - - The uppercase alphabet. - - - - - The lowercase alphabet. - - - - - The set of base 10 digits. - - - - - The set of digits, and alphabetic letters (upper and lowercase) that are clearly - visually distinguishable. - - - - - The cryptographically strong random data generator used for creating secrets. - - The random number generator is thread-safe. - - - - A pseudo-random data generator (NOT cryptographically strong random data) - - - - - A character array containing just the = character. - - - - - A character array containing just the , character. - - - - - A character array containing just the " character. - - - - - The set of characters that are unreserved in RFC 2396 but are NOT unreserved in RFC 3986. - - - - - A set of escaping mappings that help secure a string from javscript execution. - - - The characters to escape here are inspired by - http://code.google.com/p/doctype/wiki/ArticleXSSInJavaScript - - - - - Transforms an OutgoingWebResponse to an MVC-friendly ActionResult. - - The response to send to the user agent. - The instance to be returned by the Controller's action method. - response != null - response == null - - - - Gets the original request URL, as seen from the browser before any URL rewrites on the server if any. - Cookieless session directory (if applicable) is also included. - - The URL in the user agent's Location bar. - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - - - - Strips any and all URI query parameters that start with some prefix. - - The URI that may have a query with parameters to remove. - The prefix for parameters to remove. A period is NOT automatically appended. - Either a new Uri with the parameters removed if there were any to remove, or the same Uri instance if no parameters needed to be removed. - uri != null - uri == null - !String.IsNullOrEmpty(prefix) - String.IsNullOrEmpty(prefix) - - - - Sends a multipart HTTP POST request (useful for posting files). - - The HTTP request. - The request handler. - The parts to include in the POST entity. - The HTTP response. - request != null - request == null - requestHandler != null - requestHandler == null - parts != null - parts == null - - - - Assembles a message comprised of the message on a given exception and all inner exceptions. - - The exception. - The assembled message. - - - - Flattens the specified sequence of sequences. - - The type of element contained in the sequence. - The sequence of sequences to flatten. - A sequence of the contained items. - - - - Cuts off precision beyond a second on a DateTime value. - - The value. - A DateTime with a 0 millisecond component. - - - - Adds a name-value pair to the end of a given URL - as part of the querystring piece. Prefixes a ? or & before - first element as necessary. - - The UriBuilder to add arguments to. - The name of the parameter to add. - The value of the argument. - - If the parameters to add match names of parameters that already are defined - in the query string, the existing ones are not replaced. - - - - - Adds a set of values to a collection. - - The type of value kept in the collection. - The collection to add to. - The values to add to the collection. - collection != null - collection == null - values != null - values == null - - - - Clears any existing elements in a collection and fills the collection with a given set of values. - - The type of value kept in the collection. - The collection to modify. - The new values to fill the collection. - collection != null - collection == null - - - - Strips any and all URI query parameters that serve as parts of a message. - - The URI that may contain query parameters to remove. - The message description whose parts should be removed from the URL. - A cleaned URL. - uri != null - uri == null - messageDescription != null - messageDescription == null - - - - Sends a multipart HTTP POST request (useful for posting files) but doesn't call GetResponse on it. - - The HTTP request. - The request handler. - The parts to include in the POST entity. - request != null - request == null - requestHandler != null - requestHandler == null - parts != null - parts == null - - - - Assembles the content of the HTTP Authorization or WWW-Authenticate header. - - The scheme. - The fields to include. - A value prepared for an HTTP header. - !String.IsNullOrEmpty(scheme) - String.IsNullOrEmpty(scheme) - fields != null - fields == null - - - - Parses the authorization header. - - The scheme. Must not be null or empty. - The authorization header. May be null or empty. - A sequence of key=value pairs discovered in the header. Never null, but may be empty. - !String.IsNullOrEmpty(scheme) - String.IsNullOrEmpty(scheme) - Contract.Result<IEnumerable<KeyValuePair<string, string>>>() != null - - - - Gets a buffer of random data (not cryptographically strong). - - The length of the sequence to generate. - The generated values, which may contain zeros. - - - - Gets a cryptographically strong random sequence of values. - - The length of the sequence to generate. - The generated values, which may contain zeros. - - - - Gets a cryptographically strong random sequence of values. - - The length of the byte sequence to generate. - A base64 encoding of the generated random data, - whose length in characters will likely be greater than . - - - - Gets a random string made up of a given set of allowable characters. - - The length of the desired random string. - The allowable characters. - A random string. - length >= 0 - length < 0 - allowableCharacters != null && allowableCharacters.Length >= 2 - allowableCharacters == null || allowableCharacters.Length < 2 - - - - Computes the hash of a string. - - The hash algorithm to use. - The value to hash. - The encoding to use when converting the string to a byte array. - A base64 encoded string. - algorithm != null - algorithm == null - value != null - value == null - Contract.Result<string>() != null - - - - Computes the hash of a sequence of key=value pairs. - - The hash algorithm to use. - The data to hash. - The encoding to use when converting the string to a byte array. - A base64 encoded string. - algorithm != null - algorithm == null - data != null - data == null - Contract.Result<string>() != null - - - - Computes the hash of a sequence of key=value pairs. - - The hash algorithm to use. - The data to hash. - The encoding to use when converting the string to a byte array. - A base64 encoded string. - algorithm != null - algorithm == null - sortedData != null - sortedData == null - Contract.Result<string>() != null - - - - Encrypts a byte buffer. - - The buffer to encrypt. - The symmetric secret to use to encrypt the buffer. Allowed values are 128, 192, or 256 bytes in length. - The encrypted buffer - - - - Decrypts a byte buffer. - - The buffer to decrypt. - The symmetric secret to use to decrypt the buffer. Allowed values are 128, 192, and 256. - The encrypted buffer - - - - Encrypts a string. - - The text to encrypt. - The symmetric secret to use to encrypt the buffer. Allowed values are 128, 192, and 256. - The encrypted buffer - - - - Decrypts a string previously encrypted with . - - The text to decrypt. - The symmetric secret to use to decrypt the buffer. Allowed values are 128, 192, and 256. - The encrypted buffer - - - - Performs asymmetric encryption of a given buffer. - - The asymmetric encryption provider to use for encryption. - The buffer to encrypt. - The encrypted data. - crypto != null - crypto == null - buffer != null - buffer == null - - - - Performs asymmetric decryption of a given buffer. - - The asymmetric encryption provider to use for decryption. - The buffer to decrypt. - The decrypted data. - crypto != null - crypto == null - buffer != null - buffer == null - - - - Compresses a given buffer. - - The buffer to compress. - The compressed data. - - - - Decompresses a given buffer. - - The buffer to decompress. - The decompressed data. - - - - Compares to string values for ordinal equality in such a way that its execution time does not depend on how much of the value matches. - - The first value. - The second value. - A value indicating whether the two strings share ordinal equality. - - In signature equality checks, a difference in execution time based on how many initial characters match MAY - be used as an attack to figure out the expected signature. It is therefore important to make a signature - equality check's execution time independent of how many characters match the expected value. - See http://codahale.com/a-lesson-in-timing-attacks/ for more information. - - - - - Adds a set of HTTP headers to an instance, - taking care to set some headers to the appropriate properties of - - The headers to add. - The instance to set the appropriate values to. - headers != null - headers == null - response != null - response == null - - - - Adds a set of HTTP headers to an instance, - taking care to set some headers to the appropriate properties of - - The headers to add. - The instance to set the appropriate values to. - headers != null - headers == null - response != null - response == null - - - - Copies the contents of one stream to another. - - The stream to copy from, at the position where copying should begin. - The stream to copy to, at the position where bytes should be written. - The total number of bytes copied. - - Copying begins at the streams' current positions. - The positions are NOT reset after copying is complete. - - copyFrom != null - copyFrom == null - copyTo != null - copyTo == null - copyFrom.CanRead - !(copyFrom.CanRead) - copyTo.CanWrite - !(copyTo.CanWrite) - - - - Copies the contents of one stream to another. - - The stream to copy from, at the position where copying should begin. - The stream to copy to, at the position where bytes should be written. - The maximum bytes to copy. - The total number of bytes copied. - - Copying begins at the streams' current positions. - The positions are NOT reset after copying is complete. - - copyFrom != null - copyFrom == null - copyTo != null - copyTo == null - copyFrom.CanRead - !(copyFrom.CanRead) - copyTo.CanWrite - !(copyTo.CanWrite) - - - - Creates a snapshot of some stream so it is seekable, and the original can be closed. - - The stream to copy bytes from. - A seekable stream with the same contents as the original. - copyFrom != null - copyFrom == null - copyFrom.CanRead - !(copyFrom.CanRead) - - - - Clones an in order to send it again. - - The request to clone. - The newly created instance. - request != null - request == null - request.RequestUri != null - request.RequestUri == null - - - - Clones an in order to send it again. - - The request to clone. - The new recipient of the request. - The newly created instance. - request != null - request == null - newRequestUri != null - newRequestUri == null - - - - Tests whether two arrays are equal in contents and ordering. - - The type of elements in the arrays. - The first array in the comparison. May not be null. - The second array in the comparison. May not be null. - True if the arrays equal; false otherwise. - first != null - first == null - second != null - second == null - - - - Tests whether two arrays are equal in contents and ordering, - guaranteeing roughly equivalent execution time regardless of where a signature mismatch may exist. - - The first array in the comparison. May not be null. - The second array in the comparison. May not be null. - True if the arrays equal; false otherwise. - - Guaranteeing equal execution time is useful in mitigating against timing attacks on a signature - or other secret. - - first != null - first == null - second != null - second == null - - - - Tests two sequences for same contents and ordering. - - The type of elements in the arrays. - The first sequence in the comparison. May not be null. - The second sequence in the comparison. May not be null. - True if the arrays equal; false otherwise. - - - - Tests two unordered collections for same contents. - - The type of elements in the collections. - The first collection in the comparison. May not be null. - The second collection in the comparison. May not be null. - True if the collections have the same contents; false otherwise. - - - - Tests whether two dictionaries are equal in length and contents. - - The type of keys in the dictionaries. - The type of values in the dictionaries. - The first dictionary in the comparison. May not be null. - The second dictionary in the comparison. May not be null. - True if the arrays equal; false otherwise. - first != null - first == null - second != null - second == null - - - - Concatenates a list of name-value pairs as key=value&key=value, - taking care to properly encode each key and value for URL - transmission according to RFC 3986. No ? is prefixed to the string. - - The dictionary of key/values to read from. - The formulated querystring style string. - args != null - args == null - Contract.Result<string>() != null - - - - Adds a set of name-value pairs to the end of a given URL - as part of the querystring piece. Prefixes a ? or & before - first element as necessary. - - The UriBuilder to add arguments to. - - The arguments to add to the query. - If null, is not changed. - - - If the parameters to add match names of parameters that already are defined - in the query string, the existing ones are not replaced. - - builder != null - builder == null - - - - Adds a set of name-value pairs to the end of a given URL - as part of the fragment piece. Prefixes a # or & before - first element as necessary. - - The UriBuilder to add arguments to. - - The arguments to add to the query. - If null, is not changed. - - - If the parameters to add match names of parameters that already are defined - in the fragment, the existing ones are not replaced. - - builder != null - builder == null - - - - Adds parameters to a query string, replacing parameters that - match ones that already exist in the query string. - - The UriBuilder to add arguments to. - - The arguments to add to the query. - If null, is not changed. - - builder != null - builder == null - - - - Extracts the recipient from an HttpRequestInfo. - - The request to get recipient information from. - The recipient. - Thrown if the HTTP request is something we can't handle. - - - - Gets the enum value for a given HTTP verb. - - The HTTP verb. - A enum value that is within the . - Thrown if the HTTP request is something we can't handle. - - - - Gets the HTTP verb to use for a given enum value. - - The HTTP method. - An HTTP verb, such as GET, POST, PUT, or DELETE. - - - - Copies some extra parameters into a message. - - The message to copy the extra data into. - The extra data to copy into the message. May be null to do nothing. - messageDictionary != null - messageDictionary == null - - - - Collects a sequence of key=value pairs into a dictionary. - - The type of the key. - The type of the value. - The sequence. - A dictionary. - sequence != null - sequence == null - - - - Converts a to an IDictionary<string, string>. - - The NameValueCollection to convert. May be null. - The generated dictionary, or null if is null. - - If a null key is encountered, its value is ignored since - Dictionary<string, string> does not allow null keys. - - - - - Converts a to an IDictionary<string, string>. - - The NameValueCollection to convert. May be null. - - A value indicating whether a null key in the should be silently skipped since it is not a valid key in a Dictionary. - Use true to throw an exception if a null key is encountered. - Use false to silently continue converting the valid keys. - - The generated dictionary, or null if is null. - Thrown if is true and a null key is encountered. - - - - Sorts the elements of a sequence in ascending order by using a specified comparer. - - The type of the elements of source. - The type of the key returned by keySelector. - A sequence of values to order. - A function to extract a key from an element. - A comparison function to compare keys. - An System.Linq.IOrderedEnumerable<TElement> whose elements are sorted according to a key. - source != null - source == null - comparer != null - comparer == null - keySelector != null - keySelector == null - Contract.Result<IOrderedEnumerable<TSource>>() != null - - - - Determines whether the specified message is a request (indirect message or direct request). - - The message in question. - - true if the specified message is a request; otherwise, false. - - - Although an may implement the - interface, it may only be doing that for its derived classes. These objects are only requests - if their property is non-null. - - message != null - message == null - - - - Determines whether the specified message is a direct response. - - The message in question. - - true if the specified message is a direct response; otherwise, false. - - - Although an may implement the - interface, it may only be doing - that for its derived classes. These objects are only requests if their - property is non-null. - - message != null - message == null - - - - Constructs a Javascript expression that will create an object - on the user agent when assigned to a variable. - - The untrusted names and untrusted values to inject into the JSON object. - if set to true the values will NOT be escaped as if it were a pure string. - The Javascript JSON object as a string. - - - - Prepares what SHOULD be simply a string value for safe injection into Javascript - by using appropriate character escaping. - - The untrusted string value to be escaped to protected against XSS attacks. May be null. - The escaped string, surrounded by single-quotes. - - - - Escapes a string according to the URI data string rules given in RFC 3986. - - The value to escape. - The escaped value. - - The method is supposed to take on - RFC 3986 behavior if certain elements are present in a .config file. Even if this - actually worked (which in my experiments it doesn't), we can't rely on every - host actually having this configuration element present. - - value != null - value == null - - - - Ensures that UTC times are converted to local times. Unspecified kinds are unchanged. - - The date-time to convert. - The date-time in local time. - - - - Ensures that local times are converted to UTC times. Unspecified kinds are unchanged. - - The date-time to convert. - The date-time in UTC time. - - - - Creates a symmetric algorithm for use in encryption/decryption. - - The symmetric key to use for encryption/decryption. - A symmetric algorithm. - - - - A class to convert a into an . - - The type of objects being compared. - - - - The comparison method to use. - - - - - Initializes a new instance of the ComparisonHelper class. - - The comparison method to use. - comparison != null - comparison == null - - - - Compares two instances of . - - The first object to compare. - The second object to compare. - Any of -1, 0, or 1 according to standard comparison rules. - - - - A message expiration enforcing binding element that supports messages - implementing the interface. - - - - - Initializes a new instance of the class. - - - - - Sets the timestamp on an outgoing message. - - The outgoing message. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Reads the timestamp on a message and throws an exception if the message is too old. - - The incoming message. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - Thrown if the given message has already expired. - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets the protection offered by this binding element. - - - - - - - - Gets or sets the channel that this binding element belongs to. - - - - - Gets the maximum age a message implementing the - interface can be before - being discarded as too old. - - - - - A pair of conversion functions to map some type to a string and back again. - - - - - The mapping function that converts some custom type to a string. - - - - - The mapping function that converts some custom type to the original string - (possibly non-normalized) that represents it. - - - - - The mapping function that converts a string to some custom type. - - - - - Initializes a new instance of the struct. - - The mapping function that converts some custom value to a string. - The mapping function that converts some custom value to its original (non-normalized) string. May be null if the same as the function. - The mapping function that converts a string to some custom value. - toString != null - toString == null - toValue != null - toValue == null - - - - Initializes a new instance of the struct. - - The encoder. - encoder != null - encoder == null - - - - A mapping between serialized key names and instances describing - those key/values pairs. - - this.MessageType != null - this.MessageVersion != null - this.Constructors != null - - - - A mapping between the serialized key names and their - describing instances. - - - - - Initializes a new instance of the class. - - Type of the message. - The message version. - messageType != null - messageType == null - typeof(IMessage).IsAssignableFrom(messageType) - !(typeof(IMessage).IsAssignableFrom(messageType)) - messageVersion != null - messageVersion == null - - - - Returns a that represents this instance. - - - A that represents this instance. - - Contract.Result<string>() != null - - - - Gets a dictionary that provides read/write access to a message. - - The message the dictionary should provide access to. - The dictionary accessor to the message - - message != null - message == null - Contract.Result<MessageDictionary>() != null - - - - Gets a dictionary that provides read/write access to a message. - - The message the dictionary should provide access to. - A value indicating whether this message dictionary will retrieve original values instead of normalized ones. - The dictionary accessor to the message - - message != null - message == null - Contract.Result<MessageDictionary>() != null - - - - Ensures the message parts pass basic validation. - - The key/value pairs of the serialized message. - - - - Tests whether all the required message parts pass basic validation for the given data. - - The key/value pairs of the serialized message. - A value indicating whether the provided data fits the message's basic requirements. - parts != null - parts == null - - - - Verifies that a given set of keys include all the required parameters - for this message type or throws an exception. - - The names of all parameters included in a message. - if set to true an exception is thrown on failure with details. - A value indicating whether the provided data fits the message's basic requirements. - - Thrown when required parts of a message are not in - if is true. - - keys != null - keys == null - - - - Ensures the protocol message parts that must not be empty are in fact not empty. - - A dictionary of key/value pairs that make up the serialized message. - if set to true an exception is thrown on failure with details. - A value indicating whether the provided data fits the message's basic requirements. - - Thrown when required parts of a message are not in - if is true. - - partValues != null - partValues == null - - - - Checks that a bunch of message part values meet the constant value requirements of this message description. - - The part values. - if set to true, this method will throw on failure. - A value indicating whether all the requirements are met. - partValues != null - partValues == null - - - - Reflects over some -implementing type - and prepares to serialize/deserialize instances of that type. - - - - - Describes traits of this class that are always true. - - - - - Gets the mapping between the serialized key names and their describing - instances. - - - - - Gets the message version this instance was generated from. - - - - - Gets the type of message this instance was generated from. - - The type of the described message. - - - - Gets the constructors available on the message type. - - - - - Wraps an instance in a dictionary that - provides access to both well-defined message properties and "extra" - name/value pairs that have no properties associated with them. - - this.Message != null - this.Description != null - - - - The instance manipulated by this dictionary. - - - - - The instance that describes the message type. - - - - - Whether original string values should be retrieved instead of normalized ones. - - - - - Initializes a new instance of the class. - - The message instance whose values will be manipulated by this dictionary. - The message description. - A value indicating whether this message dictionary will retrieve original values instead of normalized ones. - - message != null - message == null - description != null - description == null - - - - Adds a named value to the message. - - The serialized form of the name whose value is being set. - The serialized form of the value. - - Thrown if already has a set value in this message. - - - Thrown if is null. - - - - - Checks whether some named parameter has a value set in the message. - - The serialized form of the message part's name. - True if the parameter by the given name has a set value. False otherwise. - !Contract.Result<bool>() || @this.Count > 0 - - - - Removes a name and value from the message given its name. - - The serialized form of the name to remove. - True if a message part by the given name was found and removed. False otherwise. - - - - Gets some named value if the key has a value. - - The name (in serialized form) of the value being sought. - The variable where the value will be set. - True if the key was found and was set. False otherwise. - Contract.Result<bool>() == @this.ContainsKey(key) - - - - Sets a named value in the message. - - The name-value pair to add. The name is the serialized form of the key. - - - - Removes all values in the message. - - - - - Removes all items from the . - - - The is read-only. - - - This method cannot be implemented because keys are not guaranteed to be removed - since some are inherent to the type of message that this dictionary provides - access to. - - this.Count == 0 - - - - Checks whether a named value has been set on the message. - - The name/value pair. - True if the key exists and has the given value. False otherwise. - - - - Copies all the serializable data from the message to a key/value array. - - The array to copy to. - The index in the to begin copying to. - - - - Removes a named value from the message if it exists. - - The serialized form of the name and value to remove. - True if the name/value was found and removed. False otherwise. - - - - Gets an enumerator that generates KeyValuePair<string, string> instances - for all the key/value pairs that are set in the message. - - The enumerator that can generate the name/value pairs. - Contract.Result<IEnumerator<T>>() != null - Contract.Result<IEnumerator<T>>().Model == ((IEnumerable)this).Model - - - - Gets an enumerator that generates KeyValuePair<string, string> instances - for all the key/value pairs that are set in the message. - - The enumerator that can generate the name/value pairs. - Contract.Result<IEnumerator>() != null - Contract.Result<IEnumerator>().Model == this.Model - Contract.Result<IEnumerator>().CurrentIndex == -1 - - - - Saves the data in a message to a standard dictionary. - - The generated dictionary. - - Contract.Result<IDictionary<string, string>>() != null - - - - Loads data from a dictionary into the message. - - The data to load into the message. - fields != null - fields == null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the message this dictionary provides access to. - - - Contract.Result<IMessage>() != null - - - - - Gets the description of the type of message this dictionary provides access to. - - - Contract.Result<MessageDescription>() != null - - - - - Gets the number of explicitly set values in the message. - - - Contract.Result<int>() >= 0 - - - - - Gets a value indicating whether this message is read only. - - - - - Gets all the keys that have values associated with them. - - - Contract.Result<ICollection<TKey>>() != null - - - - - Gets the set of official message part names that have non-null values associated with them. - - - - - Gets the keys that are in the message but not declared as official OAuth properties. - - - - - Gets all the values. - - - Contract.Result<ICollection<TValue>>() != null - - - - - Gets the serializer for the message this dictionary provides access to. - - - - - Gets or sets a value for some named value. - - The serialized form of a name for the value to read or write. - The named value. - - If the key matches a declared property or field on the message type, - that type member is set. Otherwise the key/value is stored in a - dictionary for extra (weakly typed) strings. - - Thrown when setting a value that is not allowed for a given . - - - - Describes an individual member of a message and assists in its serialization. - - - - - A map of converters that help serialize custom objects to string values and back again. - - - - - A map of instantiated custom encoders used to encode/decode message parts. - - - - - The string-object conversion routines to use for this individual message part. - - - - - The property that this message part is associated with, if aplicable. - - - - - The field that this message part is associated with, if aplicable. - - - - - The type of the message part. (Not the type of the message itself). - - - - - The default (uninitialized) value of the member inherent in its type. - - - - - Initializes static members of the class. - - - - - Initializes a new instance of the class. - - - A property or field of an implementing type - that has a attached to it. - - - The attribute discovered on that describes the - serialization requirements of the message part. - - member != null - member == null - member is FieldInfo || member is PropertyInfo - !(member is FieldInfo) && !(member is PropertyInfo) - attribute != null - attribute == null - - - - Sets the member of a given message to some given value. - Used in deserialization. - - The message instance containing the member whose value should be set. - The string representation of the value to set. - message != null - message == null - - - - Gets the normalized form of a value of a member of a given message. - Used in serialization. - - The message instance to read the value from. - The string representation of the member's value. - - - - Gets the value of a member of a given message. - Used in serialization. - - The message instance to read the value from. - A value indicating whether the original value should be retrieved (as opposed to a normalized form of it). - The string representation of the member's value. - - - - Gets whether the value has been set to something other than its CLR type default value. - - The message instance to check the value on. - True if the value is not the CLR default value. - - - - Figures out the CLR default value for a given type. - - The type whose default value is being sought. - Either null, or some default value like 0 or 0.0. - - - - Adds a pair of type conversion functions to the static conversion map. - - The custom type to convert to and from strings. - The function to convert the custom type to a string. - The mapping function that converts some custom value to its original (non-normalized) string. May be null if the same as the function. - The function to convert a string to the custom type. - toString != null - toString == null - toValue != null - toValue == null - - - - Checks whether a type is a nullable value type (i.e. int?) - - The type in question. - True if this is a nullable value type. - - - - Retrieves a previously instantiated encoder of a given type, or creates a new one and stores it for later retrieval as well. - - The message part encoder type. - An instance of the desired encoder. - messagePartEncoder != null - messagePartEncoder == null - Contract.Result<IMessagePartEncoder>() != null - - - - Converts a string representation of the member's value to the appropriate type. - - The string representation of the member's value. - - An instance of the appropriate type for setting the member. - - - - - Converts the member's value to its string representation. - - The value of the member. - A value indicating whether a string matching the originally decoded string should be returned (as opposed to a normalized string). - - The string representation of the member's value. - - - - - Gets the value of the message part, without converting it to/from a string. - - The message instance to read from. - The value of the member. - - - - Validates that the message part and its attribute have agreeable settings. - - - Thrown when a non-nullable value type is set as optional. - - - - - Gets or sets the name to use when serializing or deserializing this parameter in a message. - - - - - Gets or sets whether this message part must be signed. - - - - - Gets or sets a value indicating whether this message part is required for the - containing message to be valid. - - - - - Gets or sets a value indicating whether the string value is allowed to be empty in the serialized message. - - - - - Gets or sets a value indicating whether the field or property must remain its default value. - - - - - Gets or sets a value indicating whether this part is defined as a constant field and can be read without a message instance. - - - - - Gets the static constant value for this message part without a message instance. - - - this.IsConstantValueAvailableStatically - - !(this.IsConstantValueAvailableStatically) - - - - Gets the type of the declared member. - - - - - An exception thrown when messages cannot receive all the protections they require. - - - - - Initializes a new instance of the class. - - The message whose protection requirements could not be met. - The protection requirements that were fulfilled. - - - - Initializes a new instance of the class. - - The - that holds the serialized object data about the exception being thrown. - The System.Runtime.Serialization.StreamingContext - that contains contextual information about the source or destination. - - - - An OAuth-specific implementation of the class. - - - - - Initializes a new instance of the class. - - The binding element to use for signing. - The web application store to use for nonces. - The token manager instance to use. - - - - Initializes a new instance of the class. - - The binding element to use for signing. - The web application store to use for nonces. - The token manager instance to use. - - - - Initializes a new instance of the class. - - The binding element to use for signing. - The web application store to use for nonces. - The ITokenManager instance to use. - - An injected message type provider instance. - Except for mock testing, this should always be one of - or . - - tokenManager != null - tokenManager == null - signingBindingElement != null - signingBindingElement == null - signingBindingElement.SignatureCallback == null - signingBindingElement.SignatureCallback != null - - - - Uri-escapes the names and values in a dictionary per OAuth 1.0 section 5.1. - - The message with data to encode. - A dictionary of name-value pairs with their strings encoded. - - - - Initializes a web request for sending by attaching a message to it. - Use this method to prepare a protected resource request that you do NOT - expect an OAuth message response to. - - The message to attach. - The initialized web request. - request != null - request == null - - - - Searches an incoming HTTP request for data that could be used to assemble - a protocol request message. - - The HTTP request to search. - The deserialized message, if one is found. Null otherwise. - request != null - request == null - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - - The deserialized message parts, if found. Null otherwise. - - response != null - response == null - - - - Prepares an HTTP request that carries a given message. - - The message to send. - - The prepared to send the request. - - request != null - request == null - request.Recipient != null - request.Recipient == null - Contract.Result<HttpWebRequest>() != null - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - The pending user agent redirect based message to be sent as an HttpResponse. - - This method implements spec V1.0 section 5.3. - - response != null - response == null - Contract.Result<OutgoingWebResponse>() != null - - - - Initializes the binding elements for the OAuth channel. - - The signing binding element. - The nonce store. - The token manager. - An array of binding elements used to initialize the channel. - - - - Uri-escapes the names and values in a dictionary per OAuth 1.0 section 5.1. - - The dictionary with names and values to encode. - The dictionary to add the encoded pairs to. - source != null - source == null - destination != null - destination == null - - - - Gets the HTTP method to use for a message. - - The message. - "POST", "GET" or some other similar http verb. - message != null - message == null - - - - Prepares to send a request to the Service Provider via the Authorization header. - - The message to be transmitted to the ServiceProvider. - The web request ready to send. - - If the message has non-empty ExtraData in it, the request stream is sent to - the server automatically. If it is empty, the request stream must be sent by the caller. - This method implements OAuth 1.0 section 5.2, item #1 (described in section 5.4). - - - - - Fills out the secrets in a message so that signing/verification can be performed. - - The message about to be signed or whose signature is about to be verified. - - - - Gets the consumer secret for a given consumer key. - - The consumer key. - The consumer secret. - - - - Gets or sets the Consumer web application path. - - - - - Gets the token manager being used. - - - - - A protocol message (request or response) that passes from this - to a remote party via the user agent using a redirect or form - POST submission, OR a direct message response. - - - An instance of this type describes the HTTP response that must be sent - in response to the current HTTP request. - It is important that this response make up the entire HTTP response. - A hosting ASPX page should not be allowed to render its normal HTML output - after this response is sent. The normal rendered output of an ASPX page - can be canceled by calling after this message - is sent on the response stream. - - - - - The encoder to use for serializing the response body. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - based on the contents of an . - - The to clone. - The maximum bytes to read from the response stream. - response != null - response == null - - - - Creates a text reader for the response stream. - - The text reader, initialized for the proper encoding. - - - - Automatically sends the appropriate response to the user agent - and ends execution on the current page or handler. - - Typically thrown by ASP.NET in order to prevent additional data from the page being sent to the client and corrupting the response. - - Requires a current HttpContext. - - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - - - - Automatically sends the appropriate response to the user agent - and ends execution on the current page or handler. - - The context of the HTTP request whose response should be set. - Typically this is . - Typically thrown by ASP.NET in order to prevent additional data from the page being sent to the client and corrupting the response. - context != null - context == null - - - - Automatically sends the appropriate response to the user agent. - - The response to set to this message. - response != null - response == null - - - - Gets the URI that, when requested with an HTTP GET request, - would transmit the message that normally would be transmitted via a user agent redirect. - - The channel to use for encoding. - - The URL that would transmit the original message. This URL may exceed the normal 2K limit, - and should therefore be broken up manually and POSTed as form fields when it exceeds this length. - - - This is useful for desktop applications that will spawn a user agent to transmit the message - rather than cause a redirect. - - channel != null - channel == null - - - - Sets the response to some string, encoded as UTF-8. - - The string to set the response to. - Type of the content. May be null. - - - - Gets the headers that must be included in the response to the user agent. - - - The headers in this collection are not meant to be a comprehensive list - of exactly what should be sent, but are meant to augment whatever headers - are generally included in a typical response. - - - - - Gets the body of the HTTP response. - - - - - Gets a value indicating whether the response stream is incomplete due - to a length limitation imposed by the HttpWebRequest or calling method. - - - - - Gets or sets the body of the response as a string. - - - - - Gets the HTTP status code to use in the HTTP response. - - - - - Gets or sets a reference to the actual protocol message that - is being sent via the user agent. - - - - - A general logger for the entire DotNetOpenAuth library. - - - Because this logger is intended for use with non-localized strings, the - overloads that take have been removed, and - is used implicitly. - - - - - The instance that is to be used - by this static Logger for the duration of the appdomain. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Creates an additional logger on demand for a subsection of the application. - - A name that will be included in the log file. - The instance created with the given name. - !String.IsNullOrEmpty(name) - String.IsNullOrEmpty(name) - - - - Creates the main logger for the library, and emits an INFO message - that is the name and version of the library. - - A name that will be included in the log file. - The instance created with the given name. - !String.IsNullOrEmpty(name) - String.IsNullOrEmpty(name) - - - - Creates an additional logger on demand for a subsection of the application. - - A type whose full name that will be included in the log file. - The instance created with the given type name. - type != null - type == null - - - - Discovers the presence of Log4net.dll and other logging mechanisms - and returns the best available logger. - - The name of the log to initialize. - The instance of the logger to use. - - - - Gets the logger for general library logging. - - - - - Gets the logger for service discovery and selection events. - - - - - Gets the logger for Messaging events. - - - - - Gets the logger for Channel events. - - - - - Gets the logger for binding elements and binding-element related events on the channel. - - - - - Gets the logger specifically used for logging verbose text on everything about the signing process. - - - - - Gets the logger for HTTP-level events. - - - - - Gets the logger for events logged by ASP.NET controls. - - - - - Gets the logger for high-level OpenID events. - - - - - Gets the logger for high-level OAuth events. - - - - - Gets the logger for high-level InfoCard events. - - - - - The ILog interface is use by application to log messages into - the log4net framework. - - - - Use the to obtain logger instances - that implement this interface. The - static method is used to get logger instances. - - - This class contains methods for logging at different levels and also - has properties for determining if those logging levels are - enabled in the current configuration. - - - This interface can be implemented in different ways. This documentation - specifies reasonable behavior that a caller can expect from the actual - implementation, however different implementations reserve the right to - do things differently. - - - Simple example of logging messages - - ILog log = LogManager.GetLogger("application-log"); - - log.Info("Application Start"); - log.Debug("This is a debug message"); - - if (log.IsDebugEnabled) - { - log.Debug("This is another debug message"); - } - - - - Nicko Cadell - Gert Driesen - - - Log a message object with the level. - - Log a message object with the level. - - The message object to log. - - - This method first checks if this logger is DEBUG - enabled by comparing the level of this logger with the - level. If this logger is - DEBUG enabled, then it converts the message object - (passed as parameter) to a string by invoking the appropriate - . It then - proceeds to call all the registered appenders in this logger - and also higher in the hierarchy depending on the value of - the additivity flag. - - - WARNING Note that passing an - to this method will print the name of the - but no stack trace. To print a stack trace use the - form instead. - - - - - - - - Log a message object with the level including - the stack trace of the passed - as a parameter. - - The message object to log. - The exception to log, including its stack trace. - - - See the form for more detailed information. - - - - - - - Log a formatted string with the level. - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object array containing zero or more objects to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - Log a message object with the level. - - Logs a message object with the level. - - - - This method first checks if this logger is INFO - enabled by comparing the level of this logger with the - level. If this logger is - INFO enabled, then it converts the message object - (passed as parameter) to a string by invoking the appropriate - . It then - proceeds to call all the registered appenders in this logger - and also higher in the hierarchy depending on the value of the - additivity flag. - - - WARNING Note that passing an - to this method will print the name of the - but no stack trace. To print a stack trace use the - form instead. - - - The message object to log. - - - - - - Logs a message object with the INFO level including - the stack trace of the passed - as a parameter. - - The message object to log. - The exception to log, including its stack trace. - - - See the form for more detailed information. - - - - - - - Log a formatted message string with the level. - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object array containing zero or more objects to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - Log a message object with the level. - - Log a message object with the level. - - - - This method first checks if this logger is WARN - enabled by comparing the level of this logger with the - level. If this logger is - WARN enabled, then it converts the message object - (passed as parameter) to a string by invoking the appropriate - . It then - proceeds to call all the registered appenders in this logger - and also higher in the hierarchy depending on the value of the - additivity flag. - - - WARNING Note that passing an - to this method will print the name of the - but no stack trace. To print a stack trace use the - form instead. - - - The message object to log. - - - - - - Log a message object with the level including - the stack trace of the passed - as a parameter. - - The message object to log. - The exception to log, including its stack trace. - - - See the form for more detailed information. - - - - - - - Log a formatted message string with the level. - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object array containing zero or more objects to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - Log a message object with the level. - - Logs a message object with the level. - - The message object to log. - - - This method first checks if this logger is ERROR - enabled by comparing the level of this logger with the - level. If this logger is - ERROR enabled, then it converts the message object - (passed as parameter) to a string by invoking the appropriate - . It then - proceeds to call all the registered appenders in this logger - and also higher in the hierarchy depending on the value of the - additivity flag. - - - WARNING Note that passing an - to this method will print the name of the - but no stack trace. To print a stack trace use the - form instead. - - - - - - - - Log a message object with the level including - the stack trace of the passed - as a parameter. - - The message object to log. - The exception to log, including its stack trace. - - - See the form for more detailed information. - - - - - - - Log a formatted message string with the level. - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object array containing zero or more objects to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - Log a message object with the level. - - Log a message object with the level. - - - - This method first checks if this logger is FATAL - enabled by comparing the level of this logger with the - level. If this logger is - FATAL enabled, then it converts the message object - (passed as parameter) to a string by invoking the appropriate - . It then - proceeds to call all the registered appenders in this logger - and also higher in the hierarchy depending on the value of the - additivity flag. - - - WARNING Note that passing an - to this method will print the name of the - but no stack trace. To print a stack trace use the - form instead. - - - The message object to log. - - - - - - Log a message object with the level including - the stack trace of the passed - as a parameter. - - The message object to log. - The exception to log, including its stack trace. - - - See the form for more detailed information. - - - - - - - Log a formatted message string with the level. - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object array containing zero or more objects to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Checks if this logger is enabled for the level. - - - true if this logger is enabled for events, false otherwise. - - - - This function is intended to lessen the computational cost of - disabled log debug statements. - - For some ILog interface log, when you write: - - log.Debug("This is entry number: " + i ); - - - You incur the cost constructing the message, string construction and concatenation in - this case, regardless of whether the message is logged or not. - - - If you are worried about speed (who isn't), then you should write: - - - if (log.IsDebugEnabled) - { - log.Debug("This is entry number: " + i ); - } - - - This way you will not incur the cost of parameter - construction if debugging is disabled for log. On - the other hand, if the log is debug enabled, you - will incur the cost of evaluating whether the logger is debug - enabled twice. Once in and once in - the . This is an insignificant overhead - since evaluating a logger takes about 1% of the time it - takes to actually log. This is the preferred style of logging. - - Alternatively if your logger is available statically then the is debug - enabled state can be stored in a static variable like this: - - - private static readonly bool isDebugEnabled = log.IsDebugEnabled; - - - Then when you come to log you can write: - - - if (isDebugEnabled) - { - log.Debug("This is entry number: " + i ); - } - - - This way the debug enabled state is only queried once - when the class is loaded. Using a private static readonly - variable is the most efficient because it is a run time constant - and can be heavily optimized by the JIT compiler. - - - Of course if you use a static readonly variable to - hold the enabled state of the logger then you cannot - change the enabled state at runtime to vary the logging - that is produced. You have to decide if you need absolute - speed or runtime flexibility. - - - - - - - Checks if this logger is enabled for the level. - - - true if this logger is enabled for events, false otherwise. - - - For more information see . - - - - - - - Checks if this logger is enabled for the level. - - - true if this logger is enabled for events, false otherwise. - - - For more information see . - - - - - - - Checks if this logger is enabled for the level. - - - true if this logger is enabled for events, false otherwise. - - - For more information see . - - - - - - - Checks if this logger is enabled for the level. - - - true if this logger is enabled for events, false otherwise. - - - For more information see . - - - - - - - Returns a new log4net logger if it exists, or returns null if the assembly cannot be found. - - The created instance. - - - - Creates the log4net.LogManager. Call ONLY after log4net.dll is known to be present. - - The created instance. - - - - Returns a new logger that does nothing when invoked. - - The created instance. - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - Returns a new logger that uses the class - if sufficient CAS permissions are granted to use it, otherwise returns false. - - The created instance. - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - The methods available for the local party to send messages to a remote party. - - - See OAuth 1.0 spec section 5.2. - - - - - No HTTP methods are allowed. - - - - - In the HTTP Authorization header as defined in OAuth HTTP Authorization Scheme (OAuth HTTP Authorization Scheme). - - - - - As the HTTP POST request body with a content-type of application/x-www-form-urlencoded. - - - - - Added to the URLs in the query part (as defined by [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) section 3). - - - - - Added to the URLs in the query part (as defined by [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) section 3). - - - - - Added to the URLs in the query part (as defined by [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) section 3). - - - - - Added to the URLs in the query part (as defined by [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) section 3). - - - - - The flags that control HTTP verbs. - - - - - The type of transport mechanism used for a message: either direct or indirect. - - - - - A message that is sent directly from the Consumer to the Service Provider, or vice versa. - - - - - A message that is sent from one party to another via a redirect in the user agent. - - - - - An OAuth-protocol specific implementation of the - interface. - - - - - The token manager to use for discerning between request and access tokens. - - - - - Initializes a new instance of the class. - - The token manager instance to use. - tokenManager != null - tokenManager == null - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The intended or actual recipient of the request message. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - - The request messages are: - UnauthorizedTokenRequest - AuthorizedTokenRequest - UserAuthorizationRequest - AccessProtectedResourceRequest - - recipient != null - recipient == null - fields != null - fields == null - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - - The message that was sent as a request that resulted in the response. - Null on a Consumer site that is receiving an indirect message from the Service Provider. - - The name/value pairs that make up the message payload. - - The -derived concrete class that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - - The response messages are: - None. - - request != null - request == null - fields != null - fields == null - - - - Stores a secret used in signing and verifying messages. - - - OpenID associations may be shared between Provider and Relying Party (smart - associations), or be a way for a Provider to recall its own secret for later - (dumb associations). - - !string.IsNullOrEmpty(this.Handle) - this.TotalLifeLength > TimeSpan.Zero - this.SecretKey != null - - - - Initializes a new instance of the class. - - The handle. - The secret. - How long the association will be useful. - The UTC time of when this association was originally issued by the Provider. - !string.IsNullOrEmpty(handle) - string.IsNullOrEmpty(handle) - secret != null - secret == null - totalLifeLength > TimeSpan.Zero - totalLifeLength <= TimeSpan.Zero - issued.Kind == DateTimeKind.Utc - issued.Kind != DateTimeKind.Utc - issued <= DateTime.UtcNow - issued > DateTime.UtcNow - this.TotalLifeLength == totalLifeLength - - - - Re-instantiates an previously persisted in a database or some - other shared store. - - - The property of the previous instance. - - - The UTC value of the property of the previous instance. - - - The byte array returned by a call to on the previous - instance. - - - The newly dehydrated , which can be returned - from a custom association store's - method. - - !String.IsNullOrEmpty(handle) - String.IsNullOrEmpty(handle) - privateData != null - privateData == null - Contract.Result<Association>() != null - - - - Returns private data required to persist this in - permanent storage (a shared database for example) for deserialization later. - - - An opaque byte array that must be stored and returned exactly as it is provided here. - The byte array may vary in length depending on the specific type of , - but in current versions are no larger than 256 bytes. - - - Values of public properties on the base class are not included - in this byte array, as they are useful for fast database lookup and are persisted separately. - - Contract.Result<byte[]>() != null - - - - Tests equality of two objects. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - - - Returns the hash code. - - - A hash code for the current . - - - - - The string to pass as the assoc_type value in the OpenID protocol. - - The protocol version of the message that the assoc_type value will be included in. - The value that should be used for the openid.assoc_type parameter. - protocol != null - protocol == null - - - - Generates a signature from a given blob of data. - - The data to sign. This data will not be changed (the signature is the return value). - The calculated signature of the data. - data != null - data == null - - - - Returns the specific hash algorithm used for message signing. - - The hash algorithm used for message signing. - Contract.Result<HashAlgorithm>() != null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets a unique handle by which this may be stored or retrieved. - - - - - Gets the UTC time when this will expire. - - - - - Gets a value indicating whether this has already expired. - - - - - Gets the length (in bits) of the hash this association creates when signing. - - - Contract.Result<int>() > 0 - - - - - Gets a value indicating whether this instance has useful life remaining. - - - true if this instance has useful life remaining; otherwise, false. - - - - - Gets or sets the UTC time that this was first created. - - - - - Gets the number of seconds until this expires. - Never negative (counter runs to zero). - - - Contract.Result<long>() >= 0 - - - - - Gets the shared secret key between the consumer and provider. - - - - - Gets the duration a secret key used for signing dumb client requests will be good for. - - - Contract.Result<TimeSpan>() > TimeSpan.Zero - - - - - Gets the lifetime the OpenID provider permits this . - - - - - Gets the minimum lifetime an association must still be good for in order for it to be used for a future authentication. - - - Associations that are not likely to last the duration of a user login are not worth using at all. - - - Contract.Result<TimeSpan>() > TimeSpan.Zero - - - - - Gets the TimeSpan till this association expires. - - - - - Manages a set of associations in memory only (no database). - - The type of the key. - - This class should be used for low-to-medium traffic relying party sites that can afford to lose associations - if the app pool was ever restarted. High traffic relying parties and providers should write their own - implementation of that works against their own database schema - to allow for persistance and recall of associations across servers in a web farm and server restarts. - - - - - Stores s for lookup by their handle, keeping - associations separated by a given distinguishing factor (like which server the - association is with). - - - for consumers (to distinguish associations across servers) or - for providers (to distinguish dumb and smart client associations). - - - Expired associations should be periodically cleared out of an association store. - This should be done frequently enough to avoid a memory leak, but sparingly enough - to not be a performance drain. Because this balance can vary by host, it is the - responsibility of the host to initiate this cleaning. - - - - - Saves an for later recall. - - The Uri (for relying parties) or Smart/Dumb (for providers). - The association to store. - - TODO: what should implementations do on association handle conflict? - - - - - Gets the best association (the one with the longest remaining life) for a given key. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The security requirements that the returned association must meet. - - The requested association, or null if no unexpired s exist for the given key. - - - In the event that multiple associations exist for the given - , it is important for the - implementation for this method to use the - to pick the best (highest grade or longest living as the host's policy may dictate) - association that fits the security requirements. - Associations that are returned that do not meet the security requirements will be - ignored and a new association created. - - - - - Gets the association for a given key and handle. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be recalled. - The requested association, or null if no unexpired s exist for the given key and handle. - - - Removes a specified handle that may exist in the store. - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be deleted. - True if the association existed in this store previous to this call. - - No exception should be thrown if the association does not exist in the store - before this call. - - - - - How many association store requests should occur between each spring cleaning. - - - - - For Relying Parties, this maps OP Endpoints to a set of associations with that endpoint. - For Providers, this keeps smart and dumb associations in two distinct pools. - - - - - A counter to track how close we are to an expired association cleaning run. - - - - - Stores a given association for later recall. - - The distinguishing factor, either an OP Endpoint or smart/dumb mode. - The association to store. - - - - Gets the best association (the one with the longest remaining life) for a given key. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The security settings. - - The requested association, or null if no unexpired s exist for the given key. - - - - - Gets the association for a given key and handle. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be recalled. - - The requested association, or null if no unexpired s exist for the given key and handle. - - - - - Removes a specified handle that may exist in the store. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be deleted. - - True if the association existed in this store previous to this call. - - - No exception should be thrown if the association does not exist in the store - before this call. - - - - - Gets the server associations for a given OP Endpoint or dumb/smart mode. - - The distinguishing factor, either an OP Endpoint (for relying parties) or smart/dumb (for providers). - The collection of associations that fit the . - - - - Clears all expired associations from the store. - - - - - A dictionary of handle/Association pairs. - - - Each method is locked, even if it is only one line, so that they are thread safe - against each other, particularly the ones that enumerate over the list, since they - can break if the collection is changed by another thread during enumeration. - - this.associations != null - - - - The lookup table where keys are the association handles and values are the associations themselves. - - - - - Initializes a new instance of the class. - - - - - Stores an in the collection. - - The association to add to the collection. - association != null - association == null - this.Get(association.Handle) == association - - - - Returns the with the given handle. Null if not found. - - The handle to the required association. - The desired association, or null if none with the given handle could be found. - - !string.IsNullOrEmpty(handle) - string.IsNullOrEmpty(handle) - - - - Removes the with the given handle. - - The handle to the required association. - Whether an with the given handle was in the collection for removal. - !string.IsNullOrEmpty(handle) - string.IsNullOrEmpty(handle) - - - - Removes all expired associations from the collection. - - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the s ordered in order of descending issue date - (most recently issued comes first). An empty sequence if no valid associations exist. - - - This property is used by relying parties that are initiating authentication requests. - It does not apply to Providers, which always need a specific association by handle. - - - Contract.Result<IEnumerable<Association>>() != null - - - - - An Attribute Exchange and Simple Registration filter to make all incoming attribute - requests look like Simple Registration requests, and to convert the response - to the originally requested extension and format. - - - - - Applies a custom security policy to certain OpenID security settings and behaviors. - - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - securitySettings != null - securitySettings == null - - - - Called when an authentication request is about to be sent. - - The request. - - Implementations should be prepared to be called multiple times on the same outgoing message - without malfunctioning. - - request != null - request == null - - - - Called when an incoming positive assertion is received. - - The positive assertion. - assertion != null - assertion == null - - - - Applies a custom security policy to certain OpenID security settings and behaviors. - - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - securitySettings != null - securitySettings == null - - - - Called when a request is received by the Provider. - - The incoming request. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - - Implementations may set a new value to but - should not change the properties on the instance of - itself as that instance may be shared across many requests. - - request != null - request == null - - - - Called when the Provider is preparing to send a response to an authentication request. - - The request that is configured to generate the outgoing response. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - request != null - request == null - - - - Initializes static members of the class. - - - - - Initializes a new instance of the class. - - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - securitySettings != null - securitySettings == null - - - - Called when an authentication request is about to be sent. - - The request. - - Implementations should be prepared to be called multiple times on the same outgoing message - without malfunctioning. - - request != null - request == null - - - - Called when an incoming positive assertion is received. - - The positive assertion. - assertion != null - assertion == null - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - securitySettings != null - securitySettings == null - - - - Called when a request is received by the Provider. - - The incoming request. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - - Implementations may set a new value to but - should not change the properties on the instance of - itself as that instance may be shared across many requests. - - request != null - request == null - - - - Called when the Provider is preparing to send a response to an authentication request. - - The request that is configured to generate the outgoing response. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - request != null - request == null - - - - Gets or sets the AX attribute type URI formats this transform is willing to work with. - - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to The PAPE request has an incomplete set of authentication policies.. - - - - - Looks up a localized string similar to A PAPE response is missing or is missing required policies.. - - - - - Looks up a localized string similar to No personally identifiable information should be included in authentication responses when the PAPE authentication policy http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf is present.. - - - - - Looks up a localized string similar to No personally identifiable information should be requested when the http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf PAPE policy is present.. - - - - - Looks up a localized string similar to No PPID provider has been configured.. - - - - - Looks up a localized string similar to Discovery on the Realm URL MUST be performed before sending a positive assertion.. - - - - - Looks up a localized string similar to The Realm in an authentication request must be an HTTPS URL.. - - - - - Offers OpenID Providers automatic PPID Claimed Identifier generation when requested - by a PAPE request. - - - PPIDs are set on positive authentication responses when the PAPE request includes - the authentication policy. - The static member MUST - be set prior to any PPID requests come in. Typically this should be set in the - Application_Start method in the global.asax.cs file. - - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - securitySettings != null - securitySettings == null - - - - Called when a request is received by the Provider. - - The incoming request. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - - Implementations may set a new value to but - should not change the properties on the instance of - itself as that instance may be shared across many requests. - - request != null - request == null - - - - Called when the Provider is preparing to send a response to an authentication request. - - The request that is configured to generate the outgoing response. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - request != null - request == null - - - - Gets or sets the provider for generating PPID identifiers. - - - - - Provides a mechanism for Relying Parties to work with OpenID 1.0 Providers - without losing claimed_id and op_endpoint data, which OpenID 2.0 Providers - are required to send back with positive assertions. - - - - - The "dnoa.op_endpoint" callback parameter that stores the Provider Endpoint URL - to tack onto the return_to URI. - - - - - The "dnoa.claimed_id" callback parameter that stores the Claimed Identifier - to tack onto the return_to URI. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets or sets the channel that this binding element belongs to. - - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection offered (if any) by this binding element. - - - - - - - - The binding element that serializes/deserializes OpenID extensions to/from - their carrying OpenID messages. - - - - - The security settings that apply to this relying party, if it is a relying party. - - - - - Initializes a new instance of the class. - - The extension factory. - The security settings. - extensionFactory != null - extensionFactory == null - securitySettings != null - securitySettings == null - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets the extensions on a message. - - The carrier of the extensions. - If set to true only signed extensions will be available. - A optional filter that takes an extension type URI and - returns a value indicating whether that extension should be deserialized and - returned in the sequence. May be null. - A sequence of extensions in the message. - - - - Gets the dictionary of message parts that should be deserialized into extensions. - - The message. - If set to true only signed extensions will be available. - - A dictionary of message parts, including only signed parts when appropriate. - - this.Channel != null - this.Channel == null - - - - Gets or sets the channel that this binding element belongs to. - - - - This property is set by the channel when it is first constructed. - - - - - Gets the extension factory. - - - - - Gets the protection offered (if any) by this binding element. - - - - - - - - OpenID extension factory class for creating extensions based on received Type URIs. - - - OpenID extension factories must be registered with the library. This can be - done by adding a factory to - or , or by adding a snippet - such as the following to your web.config file: - - <dotNetOpenAuth> - <openid> - <extensionFactories> - <add type="DotNetOpenAuth.ApplicationBlock.CustomExtensions.Acme, DotNetOpenAuth.ApplicationBlock" /> - </extensionFactories> - </openid> - </dotNetOpenAuth> - - - - - Creates a new instance of some extension based on the received extension parameters. - - The type URI of the extension. - The parameters associated specifically with this extension. - The OpenID message carrying this extension. - A value indicating whether this extension is being received at the OpenID Provider. - - An instance of if the factory recognizes - the extension described in the input parameters; null otherwise. - - - This factory method need only initialize properties in the instantiated extension object - that are not bound using . - - - - - An interface that OAuth messages implement to support signing. - - - - - Gets or sets the association handle used to sign the message. - - The handle for the association that was used to sign this assertion. - - - - Gets or sets the association handle that the Provider wants the Relying Party to not use any more. - - If the Relying Party sent an invalid association handle with the request, it SHOULD be included here. - - - - Gets or sets the signed parameter order. - - Comma-separated list of signed fields. - "op_endpoint,identity,claimed_id,return_to,assoc_handle,response_nonce" - - This entry consists of the fields without the "openid." prefix that the signature covers. - This list MUST contain at least "op_endpoint", "return_to" "response_nonce" and "assoc_handle", - and if present in the response, "claimed_id" and "identity". - Additional keys MAY be signed as part of the message. See Generating Signatures. - - - - - A Uri encoder that serializes using - rather than the standard . - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Helps ensure compliance to some properties in the . - - - - - The security settings that are active on the relying party. - - - - - Initializes a new instance of the class. - - The security settings. - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets or sets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - This binding element adds a nonce to a Relying Party's outgoing - authentication request when working against an OpenID 1.0 Provider - in order to protect against replay attacks or on all authentication - requests to distinguish solicited from unsolicited assertions. - - - This nonce goes beyond the OpenID 1.x spec, but adds to security. - Since this library's Provider implementation also provides special nonce - protection for 1.0 messages, this security feature overlaps with that one. - This means that if an RP from this library were talking to an OP from this - library, but the Identifier being authenticated advertised the OP as a 1.x - OP, then both RP and OP might try to use a nonce for protecting the assertion. - There's no problem with that--it will still all work out. And it would be a - very rare combination of elements anyway. - - - This binding element deactivates itself for OpenID 2.0 (or later) messages - since they are automatically protected in the protocol by the Provider's - openid.response_nonce parameter. The exception to this is when - is - set to true, which will not only add a request nonce to every outgoing - authentication request but also require that it be present in positive - assertions, effectively disabling unsolicited assertions. - - In the messaging stack, this binding element looks like an ordinary - transform-type of binding element rather than a protection element, - due to its required order in the channel stack and that it exists - only on the RP side and only on some messages. - - - - - The parameter of the callback parameter we tack onto the return_to URL - to store the replay-detection nonce. - - - - - The length of the generated nonce's random part. - - - - - The nonce store that will allow us to recall which nonces we've seen before. - - - - - The security settings at the RP. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - The nonce store to use. - The security settings of the RP. - nonceStore != null - nonceStore == null - securitySettings != null - securitySettings == null - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Determines whether a request nonce should be applied the request - or should be expected in the response. - - The authentication request or the positive assertion response. - - true if the message exchanged with an OpenID 1.x provider - or if unsolicited assertions should be rejected at the RP; otherwise false. - - - - - Gets or sets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection offered (if any) by this binding element. - - - - - Gets the maximum message age from the standard expiration binding element. - - - - - A special DotNetOpenAuth-only nonce used by the RP when talking to 1.0 OPs in order - to protect against replay attacks. - - - - - The random bits generated for the nonce. - - - - - Initializes a new instance of the class. - - The creation date of the nonce. - The random bits that help make the nonce unique. - - - - Creates a new nonce. - - The newly instantiated instance. - - - - Deserializes a nonce from the return_to parameter. - - The base64-encoded value of the nonce. - The instantiated and initialized nonce. - !String.IsNullOrEmpty(value) - String.IsNullOrEmpty(value) - - - - Serializes the entire nonce for adding to the return_to URL. - - The base64-encoded string representing the nonce. - - - - Gets the creation date. - - - - - Gets the random part of the nonce as a base64 encoded string. - - - - - Signs and verifies authentication assertions. - - - - - The association store used by Relying Parties to look up the secrets needed for signing. - - - - - The association store used by Providers to look up the secrets needed for signing. - - - - - The security settings at the Provider. - Only defined when this element is instantiated to service a Provider. - - - - - Initializes a new instance of the SigningBindingElement class for use by a Relying Party. - - The association store used to look up the secrets needed for signing. May be null for dumb Relying Parties. - - - - Initializes a new instance of the SigningBindingElement class for use by a Provider. - - The association store used to look up the secrets needed for signing. - The security settings. - associationStore != null - associationStore == null - securitySettings != null - securitySettings == null - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Determines whether the relying party sending an authentication request is - vulnerable to replay attacks. - - The request message from the Relying Party. Useful, but may be null for conservative estimate results. - The response message to be signed. - - true if the relying party is vulnerable; otherwise, false. - - response != null - response == null - - - - Ensures that all message parameters that must be signed are in fact included - in the signature. - - The signed message. - - - - Calculates the signature for a given message. - - The message to sign or verify. - The association to use to sign the message. - The calculated signature of the method. - signedMessage != null - signedMessage == null - !String.IsNullOrEmpty(signedMessage.SignedParameterOrder) - String.IsNullOrEmpty(signedMessage.SignedParameterOrder) - association != null - association == null - - - - Gets the value to use for the openid.signed parameter. - - The signable message. - - A comma-delimited list of parameter names, omitting the 'openid.' prefix, that determines - the inclusion and order of message parts that will be signed. - - this.Channel != null - this.Channel == null - signedMessage != null - signedMessage == null - - - - Gets the association to use to sign or verify a message. - - The message to sign or verify. - The association to use to sign or verify the message. - signedMessage != null - signedMessage == null - - - - Gets a specific association referenced in a given message's association handle. - - The signed message whose association handle should be used to lookup the association to return. - The referenced association; or null if such an association cannot be found. - - If the association handle set in the message does not match any valid association, - the association handle property is cleared, and the - property is set to the - handle that could not be found. - - - - - Gets a private Provider association used for signing messages in "dumb" mode. - - An existing or newly created association. - - - - Gets the protection offered (if any) by this binding element. - - - - - - - - Gets or sets the channel that this binding element belongs to. - - - - - Gets a value indicating whether this binding element is on a Provider channel. - - - - - Indicates the level of strictness to require when decoding a - Key-Value Form encoded dictionary. - - - - - Be as forgiving as possible to errors made while encoding. - - - - - Allow for certain errors in encoding attributable to ambiguities - in the OpenID 1.1 spec's description of the encoding. - - - - - The strictest mode. The decoder requires the encoded dictionary - to be in strict compliance with OpenID 2.0's description of - the encoding. - - - - - Performs conversion to and from the Key-Value Form Encoding defined by - OpenID Authentication 2.0 section 4.1.1. - http://openid.net/specs/openid-authentication-2_0.html#anchor4 - - - This class is thread safe and immutable. - - - - - The newline character sequence to use. - - - - - Characters that must not appear in parameter names. - - - - - Characters that must not appaer in parameter values. - - - - - The character encoding to use. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - How strictly an incoming Key-Value Form message will be held to the spec. - - - - Encodes key/value pairs to Key-Value Form. - - - The dictionary of key/value pairs to convert to a byte stream. - - The UTF8 byte array. - - Enumerating a Dictionary<TKey, TValue> has undeterministic ordering. - If ordering of the key=value pairs is important, a deterministic enumerator must - be used. - - keysAndValues != null - keysAndValues == null - - - - Decodes bytes in Key-Value Form to key/value pairs. - - The stream of Key-Value Form encoded bytes. - The deserialized dictionary. - Thrown when the data is not in the expected format. - - - - Gets a value controlling how strictly an incoming Key-Value Form message will be held to the spec. - - - - - A channel that knows how to send and receive OpenID messages. - - - - - The HTTP Content-Type to use in Key-Value Form responses. - - - OpenID 2.0 section 5.1.2 says this SHOULD be text/plain. But this value - does not prevent free hosters like GoDaddy from tacking on their ads - to the end of the direct response, corrupting the data. So we deviate - from the spec a bit here to improve the story for free Providers. - - - - - The encoder that understands how to read and write Key-Value Form. - - - - - Initializes a new instance of the class - for use by a Relying Party. - - The association store to use. - The nonce store to use. - The security settings to apply. - securitySettings != null - securitySettings == null - - - - Initializes a new instance of the class - for use by a Provider. - - The association store to use. - The nonce store to use. - The security settings. - securitySettings != null - securitySettings == null - - - - Initializes a new instance of the class - for use by a Relying Party. - - The association store to use. - The nonce store to use. - An object that knows how to distinguish the various OpenID message types for deserialization purposes. - The security settings to apply. - A value indicating whether the channel is set up with no functional security binding elements. - messageTypeProvider != null - messageTypeProvider == null - securitySettings != null - securitySettings == null - !nonVerifying || securitySettings is RelyingPartySecuritySettings - nonVerifying || securitySettings is RelyingPartySecuritySettings - - - - Initializes a new instance of the class - for use by a Provider. - - The association store to use. - The nonce store to use. - An object that knows how to distinguish the various OpenID message types for deserialization purposes. - The security settings. - messageTypeProvider != null - messageTypeProvider == null - securitySettings != null - securitySettings == null - - - - Initializes a new instance of the class. - - A class prepared to analyze incoming messages and indicate what concrete - message types can deserialize from it. - The binding elements to use in sending and receiving messages. - messageTypeProvider != null - messageTypeProvider == null - - - - A value indicating whether the channel is set up - with no functional security binding elements. - - A new instance that will not perform verification on incoming messages or apply any security to outgoing messages. - - A value of true allows the relying party to preview incoming - messages without invalidating nonces or checking signatures. - Setting this to true poses a great security risk and is only - present to support the which needs to preview - messages, and will validate them later. - - Contract.Result<OpenIdChannel>() != null - - - - Verifies the integrity and applicability of an incoming message. - - The message just received. - - Thrown when the message is somehow invalid, except for check_authentication messages. - This can be due to tampering, replay attack or expiration, among other things. - - message != null - message == null - - - - Prepares an HTTP request that carries a given message. - - The message to send. - - The prepared to send the request. - - request != null - request == null - request.Recipient != null - request.Recipient == null - Contract.Result<HttpWebRequest>() != null - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - - The deserialized message parts, if found. Null otherwise. - - Thrown when the response is not valid. - response != null - response == null - - - - Called when receiving a direct response message, before deserialization begins. - - The HTTP direct response. - The newly instantiated message, prior to deserialization. - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - - The pending user agent redirect based message to be sent as an HttpResponse. - - - This method implements spec V1.0 section 5.3. - - response != null - response == null - Contract.Result<OutgoingWebResponse>() != null - - - - Gets the direct response of a direct HTTP request. - - The web request. - The response to the web request. - Thrown on network or protocol errors. - webRequest != null - webRequest == null - - - - Initializes the binding elements. - - The distinguishing factor used by the association store. - The association store. - The nonce store to use. - The security settings to apply. Must be an instance of either or . - A value indicating whether the channel is set up with no functional security binding elements. - - An array of binding elements which may be used to construct the channel. - - securitySettings != null - securitySettings == null - !nonVerifying || securitySettings is RelyingPartySecuritySettings - nonVerifying || securitySettings is RelyingPartySecuritySettings - - - - Distinguishes the various OpenID message types for deserialization purposes. - - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The intended or actual recipient of the request message. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - recipient != null - recipient == null - fields != null - fields == null - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The message that was sent as a request that resulted in the response. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - request != null - request == null - fields != null - fields == null - - - - This binding element signs a Relying Party's openid.return_to parameter - so that upon return, it can verify that it hasn't been tampered with. - - - Since Providers can send unsolicited assertions, not all openid.return_to - values will be signed. But those that are signed will be validated, and - any invalid or missing signatures will cause this library to not trust - the parameters in the return_to URL. - In the messaging stack, this binding element looks like an ordinary - transform-type of binding element rather than a protection element, - due to its required order in the channel stack and that it doesn't sign - anything except a particular message part. - - - - - The name of the callback parameter we'll tack onto the return_to value - to store our signature on the return_to parameter. - - - - - The name of the callback parameter we'll tack onto the return_to value - to store the handle of the association we use to sign the return_to parameter. - - - - - The hashing algorithm used to generate the private signature on the return_to parameter. - - - - - Initializes a new instance of the class. - - The secret store from which to retrieve the secret used for signing. - The security settings. - secretStore != null - secretStore == null - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets the return to signature. - - The return to. - The generated signature. - - Only the parameters in the return_to URI are signed, rather than the base URI - itself, in order that OPs that might change the return_to's implicit port :80 part - or other minor changes do not invalidate the signature. - - returnTo != null - returnTo == null - - - - Gets or sets the channel that this binding element belongs to. - - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection offered (if any) by this binding element. - - - - - - No message protection is reported because this binding element - does not protect the entire message -- only a part. - - - - - Spoofs security checks on incoming OpenID messages. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets or sets the channel that this binding element belongs to. - - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - Code contract for the class. - - - - - Prevents a default instance of the class from being created. - - - - - The string to pass as the assoc_type value in the OpenID protocol. - - The protocol version of the message that the assoc_type value will be included in. - - The value that should be used for the openid.assoc_type parameter. - - - - - Returns the specific hash algorithm used for message signing. - - - The hash algorithm used for message signing. - - - - - Gets the length (in bits) of the hash this association creates when signing. - - - - - Manages a fast, two-way mapping between type URIs and their aliases. - - - - - The format of auto-generated aliases. - - - - - Tracks extension Type URIs and aliases assigned to them. - - - - - Tracks extension aliases and Type URIs assigned to them. - - - - - Gets an alias assigned for a given Type URI. A new alias is assigned if necessary. - - The type URI. - The alias assigned to this type URI. Never null. - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Sets an alias and the value that will be returned by . - - The alias. - The type URI. - !String.IsNullOrEmpty(alias) - String.IsNullOrEmpty(alias) - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Takes a sequence of type URIs and assigns aliases for all of them. - - The type URIs to create aliases for. - An optional dictionary of URI/alias pairs that suggest preferred aliases to use if available for certain type URIs. - typeUris != null - typeUris == null - - - - Sets up aliases for any Type URIs in a dictionary that do not yet have aliases defined, - and where the given preferred alias is still available. - - A dictionary of type URI keys and alias values. - preferredTypeUriToAliases != null - preferredTypeUriToAliases == null - - - - Gets the Type Uri encoded by a given alias. - - The alias. - The Type URI. - Thrown if the given alias does not have a matching TypeURI. - !String.IsNullOrEmpty(alias) - String.IsNullOrEmpty(alias) - - - - Gets the Type Uri encoded by a given alias. - - The alias. - The Type URI for the given alias, or null if none for that alias exist. - !String.IsNullOrEmpty(alias) - String.IsNullOrEmpty(alias) - - - - Returns a value indicating whether an alias has already been assigned to a type URI. - - The alias in question. - True if the alias has already been assigned. False otherwise. - !String.IsNullOrEmpty(alias) - String.IsNullOrEmpty(alias) - - - - Determines whether a given TypeURI has an associated alias assigned to it. - - The type URI. - - true if the given type URI already has an alias assigned; false otherwise. - - typeUri != null - typeUri == null - - - - Assigns a new alias to a given Type URI. - - The type URI to assign a new alias to. - The newly generated alias. - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Gets the aliases that have been set. - - - - - An individual attribute to be requested of the OpenID Provider using - the Attribute Exchange extension. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class - with = false, = 1. - - - - - Initializes a new instance of the class - with = false, = 1. - - The unique TypeURI for that describes the attribute being sought. - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Initializes a new instance of the class - with = 1. - - The unique TypeURI for that describes the attribute being sought. - A value indicating whether the Relying Party considers this attribute to be required for registration. - - - - Initializes a new instance of the class. - - The unique TypeURI for that describes the attribute being sought. - A value indicating whether the Relying Party considers this attribute to be required for registration. - The maximum number of values for this attribute the Relying Party is prepared to receive. - - - - Used by a Provider to create a response to a request for an attribute's value(s) - using a given array of strings. - - The values for the requested attribute. - - The newly created object that should be added to - the object. - - values != null - values == null - values.Length <= this.Count - values.Length > this.Count - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Gets or sets the URI uniquely identifying the attribute being requested. - - - - - Gets or sets a value indicating whether the relying party considers this a required field. - Note that even if set to true, the Provider may not provide the value. - - - - - Gets or sets the maximum number of values for this attribute the - Relying Party wishes to receive from the OpenID Provider. - A value of int.MaxValue is considered infinity. - - - value > 0 - - value <= 0 - - - - An individual attribute's value(s) as supplied by an OpenID Provider - in response to a prior request by an OpenID Relying Party as part of - a fetch request, or by a relying party as part of a store request. - - - - - Initializes a new instance of the class. - - The TypeURI that uniquely identifies the attribute. - The values for the attribute. - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Initializes a new instance of the class. - - - This is internal because web sites should be using the - method to instantiate. - - - - - Initializes a new instance of the class. - - The TypeURI of the attribute whose values are being provided. - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Gets the URI uniquely identifying the attribute whose value is being supplied. - - - - - Gets the values supplied by the Provider. - - - - - The various Type URI formats an AX attribute may use by various remote parties. - - - - - No attribute format. - - - - - AX attributes should use the Type URI format starting with http://axschema.org/. - - - - - AX attributes should use the Type URI format starting with http://schema.openid.net/. - - - - - AX attributes should use the Type URI format starting with http://openid.net/schema/. - - - - - All known schemas. - - - - - The most common schemas. - - - - - Helper methods shared by multiple messages in the Attribute Exchange extension. - - - - - Adds a request for an attribute considering it 'required'. - - The attribute request collection. - The type URI of the required attribute. - collection != null - collection == null - - - - Adds a request for an attribute without considering it 'required'. - - The attribute request collection. - The type URI of the requested attribute. - collection != null - collection == null - - - - Adds a given attribute with one or more values to the request for storage. - Applicable to Relying Parties only. - - The collection of to add to. - The type URI of the attribute. - The attribute values. - collection != null - collection == null - - - - Serializes a set of attribute values to a dictionary of fields to send in the message. - - The dictionary to fill with serialized attributes. - The attributes. - fields != null - fields == null - attributes != null - attributes == null - - - - Deserializes attribute values from an incoming set of message data. - - The data coming in with the message. - The attribute values found in the message. - - - - Reads through the attributes included in the response to discover - the alias-TypeURI relationships. - - The data included in the extension message. - The alias manager that provides lookup between aliases and type URIs. - fields != null - fields == null - - - - Attribute Exchange constants - - - - - The TypeURI by which the AX extension is recognized in - OpenID messages and in XRDS documents. - - - - - The Attribute Exchange Fetch message, request leg. - - - - - A handy base class for built-in extensions. - - - - - The contract any OpenID extension for DotNetOpenAuth must implement. - - - Classes that implement this interface should be marked as - [] to allow serializing state servers - to cache messages, particularly responses. - - - - - Gets the TypeURI the extension uses in the OpenID protocol and in XRDS advertisements. - - - !String.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the additional TypeURIs that are supported by this extension, in preferred order. - May be empty if none other than is supported, but - should not be null. - - - Useful for reading in messages with an older version of an extension. - The value in the property is always checked before - trying this list. - If you do support multiple versions of an extension using this method, - consider adding a CreateResponse method to your request extension class - so that the response can have the context it needs to remain compatible - given the version of the extension in the request message. - The for an example. - - - Contract.Result<IEnumerable<string>>() != null - - - - - Gets or sets a value indicating whether this extension was - signed by the sender. - - - true if this instance is signed by the sender; otherwise, false. - - - - - Backing store for the property. - - - - - Backing store for the property. - - - - - Backing store for the property. - - - - - Initializes a new instance of the class. - - The version of the extension. - The type URI to use in the OpenID message. - The additional supported type URIs by which this extension might be recognized. May be null. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the TypeURI the extension uses in the OpenID protocol and in XRDS advertisements. - - - !String.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the additional TypeURIs that are supported by this extension, in preferred order. - May be empty if none other than is supported, but - should not be null. - - - Useful for reading in messages with an older version of an extension. - The value in the property is always checked before - trying this list. - If you do support multiple versions of an extension using this method, - consider adding a CreateResponse method to your request extension class - so that the response can have the context it needs to remain compatible - given the version of the extension in the request message. - The for an example. - - - Contract.Result<IEnumerable<string>>() != null - - - - - Gets or sets a value indicating whether this extension was - signed by the OpenID Provider. - - - true if this instance is signed by the provider; otherwise, false. - - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - Contract.Result<Version>() != null - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IDictionary<string, string>>() != null - - - - - Gets the TypeURI the extension uses in the OpenID protocol and in XRDS advertisements. - - - - - Gets or sets a value indicating whether this extension was - signed by the OpenID Provider. - - - true if this instance is signed by the provider; otherwise, false. - - - - - Gets the additional TypeURIs that are supported by this extension, in preferred order. - May be empty if none other than is supported, but - should not be null. - - - - Useful for reading in messages with an older version of an extension. - The value in the property is always checked before - trying this list. - If you do support multiple versions of an extension using this method, - consider adding a CreateResponse method to your request extension class - so that the response can have the context it needs to remain compatible - given the version of the extension in the request message. - The for an example. - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - - Implementations of this interface should ensure that this property never returns null. - - - - - The value for the 'mode' parameter. - - - - - The factory method that may be used in deserialization of this message. - - - - - Characters that may not appear in an attribute alias list. - - - - - Characters that may not appear in an attribute Type URI alias. - - - - - The collection of requested attributes. - - - - - Initializes a new instance of the class. - - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Splits a list of aliases by their commas. - - The comma-delimited list of aliases. May be null or empty. - The list of aliases. Never null, but may be empty. - - - - Gets a collection of the attributes whose values are - requested by the Relying Party. - - A collection where the keys are the attribute type URIs, and the value - is all the attribute request details. - - Contract.Result<KeyedCollection<string, AttributeRequest>>() != null - - - - - Gets or sets the URL that the OpenID Provider may re-post the fetch response - message to at some time after the initial response has been sent, using an - OpenID Authentication Positive Assertion to inform the relying party of updates - to the requested fields. - - - - - Gets or sets a list of aliases for optional attributes. - - A comma-delimited list of aliases. - - - - Gets or sets a list of aliases for required attributes. - - A comma-delimited list of aliases. - - - - The Attribute Exchange Fetch message, response leg. - - - - - The value of the 'mode' parameter. - - - - - The factory method that may be used in deserialization of this message. - - - - - The collection of provided attributes. This field will never be null. - - - - - Initializes a new instance of the class. - - - - - Gets the first attribute value provided for a given attribute Type URI. - - - The type URI of the attribute. - Usually a constant from . - - The first value provided for the attribute, or null if the attribute is missing or no values were provided. - - - This is meant as a helper method for the common case of just wanting one attribute value. - For greater flexibility or to retrieve more than just the first value for an attribute, - use the collection directly. - - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets a sequence of the attributes whose values are provided by the OpenID Provider. - - - Contract.Result<KeyedCollection<string, AttributeValues>>() != null - - - - - Gets a value indicating whether the OpenID Provider intends to - honor the request for updates. - - - - - Gets or sets the URL the OpenID Provider will post updates to. - Must be set if the Provider supports and will use this feature. - - - - - Gets a value indicating whether this extension is signed by the Provider. - - - true if this instance is signed by the Provider; otherwise, false. - - - - - The Attribute Exchange Store message, request leg. - - - - - The value of the 'mode' parameter. - - - - - The factory method that may be used in deserialization of this message. - - - - - The collection of provided attribute values. This field will never be null. - - - - - Initializes a new instance of the class. - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Gets the collection of all the attributes that are included in the store request. - - - - - The Attribute Exchange Store message, response leg. - - - - - The value of the mode parameter used to express a successful store operation. - - - - - The value of the mode parameter used to express a store operation failure. - - - - - The factory method that may be used in deserialization of this message. - - - - - Initializes a new instance of the class - to represent a successful store operation. - - - - - Initializes a new instance of the class - to represent a failed store operation. - - The reason for failure. - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets or sets a value indicating whether the storage request succeeded. - - Defaults to true. - - - - Gets or sets the reason for the failure, if applicable. - - - - - Gets a value indicating whether this extension is signed by the Provider. - - - true if this instance is signed by the Provider; otherwise, false. - - - - - Gets or sets the mode argument. - - One of 'store_response_success' or 'store_response_failure'. - - - - Attribute types defined at http://www.axschema.org/types/. - - - If you don't see what you need here, check that URL to see if any have been added. - You can use new ones directly without adding them to this class, and can even make - up your own if you expect the other end to understand what you make up. - - - - - Inherent attributes about a personality such as gender and bio. - - - - Gender, either "M" or "F" - "M", "F" - - - Biography (text) - "I am the very model of a modern Major General." - - - - Preferences such as language and timezone. - - - - Preferred language, as per RFC4646 - "en-US" - - - Home time zone information (as specified in zoneinfo) - "America/Pacific" - - - - The names a person goes by. - - - - Subject's alias or "screen" name - "Johnny5" - - - Full name of subject - "John Doe" - - - Honorific prefix for the subject's name - "Mr.", "Mrs.", "Dr." - - - First or given name of subject - "John" - - - Last name or surname of subject - "Smith" - - - Middle name(s) of subject - "Robert" - - - Suffix of subject's name - "III", "Jr." - - - - Business affiliation. - - - - Company name (employer) - "Springfield Power" - - - Employee title - "Engineer" - - - - Information about a person's birthdate. - - - - Date of birth. - "1979-01-01" - - - Year of birth (four digits) - "1979" - - - Month of birth (1-12) - "05" - - - Day of birth - "31" - - - - Various ways to contact a person. - - - - Internet SMTP email address as per RFC2822 - "jsmith@isp.example.com" - - - - Various types of phone numbers. - - - - Main phone number (preferred) - +1-800-555-1234 - - - Home phone number - +1-800-555-1234 - - - Business phone number - +1-800-555-1234 - - - Cellular (or mobile) phone number - +1-800-555-1234 - - - Fax number - +1-800-555-1234 - - - - The many fields that make up an address. - - - - Home postal address: street number, name and apartment number - "#42 135 East 1st Street" - - - "#42 135 East 1st Street" - "Box 67" - - - Home city name - "Vancouver" - - - Home state or province name - "BC" - - - Home country code in ISO.3166.1988 (alpha 2) format - "CA" - - - Home postal code; region specific format - "V5A 4B2" - - - - The many fields that make up an address. - - - - Business postal address: street number, name and apartment number - "#42 135 East 1st Street" - - - "#42 135 East 1st Street" - "Box 67" - - - Business city name - "Vancouver" - - - Business state or province name - "BC" - - - Business country code in ISO.3166.1988 (alpha 2) format - "CA" - - - Business postal code; region specific format - "V5A 4B2" - - - - Various handles for instant message clients. - - - - AOL instant messaging service handle - "jsmith421234" - - - ICQ instant messaging service handle - "1234567" - - - MSN instant messaging service handle - "jsmith42@hotmail.com" - - - Yahoo! instant messaging service handle - "jsmith421234" - - - Jabber instant messaging service handle - "jsmith@jabber.example.com" - - - Skype instant messaging service handle - "jsmith42" - - - - Various web addresses connected with this personality. - - - - Web site URL - "http://example.com/~jsmith/" - - - Blog home page URL - "http://example.com/jsmith_blog/" - - - LinkedIn URL - "http://www.linkedin.com/pub/1/234/56" - - - Amazon URL - "http://www.amazon.com/gp/pdp/profile/A24DLKJ825" - - - Flickr URL - "http://flickr.com/photos/jsmith42/" - - - del.icio.us URL - "http://del.icio.us/jsmith42" - - - - Audio and images of this personality. - - - - Spoken name (web URL) - "http://example.com/~jsmith/john_smith.wav" - - - Audio greeting (web URL) - "http://example.com/~jsmith/i_greet_you.wav" - - - Video greeting (web URL) - "http://example.com/~jsmith/i_greet_you.mov" - - - - Images of this personality. - - - - Image (web URL); unspecified dimension - "http://example.com/~jsmith/image.jpg" - - - Image (web URL) with equal width and height - "http://example.com/~jsmith/image.jpg" - - - Image (web URL) 4:3 aspect ratio - landscape - "http://example.com/~jsmith/image.jpg" - - - Image (web URL) 4:3 aspect ratio - landscape - "http://example.com/~jsmith/image.jpg" - - - Image (web URL); favicon format as per FAVICON-W3C. The format for the image must be 16x16 pixels or 32x32 pixels, using either 8-bit or 24-bit colors. The format of the image must be one of PNG (a W3C standard), GIF, or ICO. - "http://example.com/~jsmith/image.jpg" - - - - Manages the processing and construction of OpenID extensions parts. - - - - - This contains a set of aliases that we must be willing to implicitly - match to namespaces for backward compatibility with other OpenID libraries. - - - - - The version of OpenID that the message is using. - - - - - Whether extensions are being read or written. - - - - - The alias manager that will track Type URI to alias mappings. - - - - - A complex dictionary where the key is the Type URI of the extension, - and the value is another dictionary of the name/value args of the extension. - - - - - Prevents a default instance of the class from being created. - - - - - Creates a instance to process incoming extensions. - - The parameters in the OpenID message. - The newly created instance of . - query != null - query == null - - - - Creates a instance to prepare outgoing extensions. - - The protocol version used for the outgoing message. - - The newly created instance of . - - - - - Adds query parameters for OpenID extensions to the request directed - at the OpenID provider. - - The extension type URI. - The arguments for this extension to add to the message. - !this.ReadMode - this.ReadMode - !String.IsNullOrEmpty(extensionTypeUri) - String.IsNullOrEmpty(extensionTypeUri) - arguments != null - arguments == null - - - - Gets the actual arguments to add to a querystring or other response, - where type URI, alias, and actual key/values are all defined. - - - true if the generated parameter names should include the 'openid.' prefix. - This should be true for all but direct response messages. - - A dictionary of key=value pairs to add to the message to carry the extension. - !this.ReadMode - this.ReadMode - - - - Gets the fields carried by a given OpenId extension. - - The type URI of the extension whose fields are being queried for. - - The fields included in the given extension, or null if the extension is not present. - - !String.IsNullOrEmpty(extensionTypeUri) - String.IsNullOrEmpty(extensionTypeUri) - this.ReadMode - !(this.ReadMode) - - - - Gets whether any arguments for a given extension are present. - - The extension Type URI in question. - - true if this extension is present; false otherwise. - - - - Gets the type URIs of all discovered extensions in the message. - - A sequence of the type URIs. - - - - Gets a value indicating whether the extensions are being read (as opposed to written). - - - - - An interface that OpenID extensions can implement to allow authentication response - messages with included extensions to be processed by Javascript on the user agent. - - - - - Reads the extension information on an authentication response from the provider. - - The incoming OpenID response carrying the extension. - - A Javascript snippet that when executed on the user agent returns an object with - the information deserialized from the extension response. - - - This method is called before the signature on the assertion response has been - verified. Therefore all information in these fields should be assumed unreliable - and potentially falsified. - - - - - An extension to include with an authentication request in order to also - obtain authorization to access user data at the combined OpenID Provider - and Service Provider. - - - When requesting OpenID Authentication via the protocol mode "checkid_setup" - or "checkid_immediate", this extension can be used to request that the end - user authorize an OAuth access token at the same time as an OpenID - authentication. This is done by sending the following parameters as part - of the OpenID request. (Note that the use of "oauth" as part of the parameter - names here and in subsequent sections is just an example. See Section 5 for details.) - See section 8. - - - - - The factory method that may be used in deserialization of this message. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the consumer key agreed upon between the Consumer and Service Provider. - - - - - Gets or sets a string that encodes, in a way possibly specific to the Combined Provider, one or more scopes for the OAuth token expected in the authentication response. - - - - - The OAuth response that a Provider may include with a positive - OpenID identity assertion with an approved request token. - - - - - The factory method that may be used in deserialization of this message. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the user-approved request token. - - The request token. - - - - Gets or sets a string that encodes, in a way possibly specific to the Combined Provider, one or more scopes that the returned request token is valid for. This will typically indicate a subset of the scopes requested in Section 8. - - - - - Constants used in the OpenID OAuth extension. - - - - - The TypeURI for the OpenID OAuth extension. - - - - - The name of the parameter that carries the request token in the response. - - - - - The OAuth response that a Provider should include with a positive - OpenID identity assertion when OAuth authorization was declined. - - - - - The factory method that may be used in deserialization of this message. - - - - - Initializes a new instance of the class. - - - - - An OpenID extension factory that only delegates extension - instantiation requests to other factories. - - - - - The list of factories this factory delegates to. - - - - - Initializes a new instance of the class. - - - - - Creates a new instance of some extension based on the received extension parameters. - - The type URI of the extension. - The parameters associated specifically with this extension. - The OpenID message carrying this extension. - A value indicating whether this extension is being received at the OpenID Provider. - - An instance of if the factory recognizes - the extension described in the input parameters; null otherwise. - - - This factory method need only initialize properties in the instantiated extension object - that are not bound using . - - - - - Loads the default factory and additional ones given by the configuration. - - A new instance of . - Contract.Result<OpenIdExtensionFactoryAggregator>() != null - - - - Gets the extension factories that this aggregating factory delegates to. - - A list of factories. May be empty, but never null. - - - - An OpenID extension factory that supports registration so that third-party - extensions can add themselves to this library's supported extension list. - - - - - A collection of the registered OpenID extensions. - - - - - Initializes a new instance of the class. - - - - - Creates a new instance of some extension based on the received extension parameters. - - The type URI of the extension. - The parameters associated specifically with this extension. - The OpenID message carrying this extension. - A value indicating whether this extension is being received at the OpenID Provider. - - An instance of if the factory recognizes - the extension described in the input parameters; null otherwise. - - - This factory method need only initialize properties in the instantiated extension object - that are not bound using . - - - - - Registers a new extension delegate. - - The factory method that can create the extension. - - - - A delegate that individual extensions may register with this factory. - - The type URI of the extension. - The parameters associated specifically with this extension. - The OpenID message carrying this extension. - A value indicating whether this extension is being received at the OpenID Provider. - - An instance of if the factory recognizes - the extension described in the input parameters; null otherwise. - - - - - Well-known authentication policies defined in the PAPE extension spec or by a recognized - standards body. - - - This is a class of constants rather than a flags enum because policies may be - freely defined and used by anyone, just by using a new Uri. - - - - - An authentication mechanism where the End User does not provide a shared secret to a party potentially under the control of the Relying Party. (Note that the potentially malicious Relying Party controls where the User-Agent is redirected to and thus may not send it to the End User's actual OpenID Provider). - - - - - An authentication mechanism where the End User authenticates to the OpenID Provider by providing over one authentication factor. Common authentication factors are something you know, something you have, and something you are. An example would be authentication using a password and a software token or digital certificate. - - - - - An authentication mechanism where the End User authenticates to the OpenID Provider by providing over one authentication factor where at least one of the factors is a physical factor such as a hardware device or biometric. Common authentication factors are something you know, something you have, and something you are. This policy also implies the Multi-Factor Authentication policy (http://schemas.openid.net/pape/policies/2007/06/multi-factor) and both policies MAY BE specified in conjunction without conflict. An example would be authentication using a password and a hardware token. - - - - - Indicates that the Provider MUST use a pair-wise pseudonym for the user that is persistent - and unique across the requesting realm as the openid.claimed_id and openid.identity (see Section 4.2). - - - - - Indicates that the OP MUST only respond with a positive assertion if the requirements demonstrated - by the OP to obtain certification by a Federally adopted Trust Framework Provider have been met. - - - Notwithstanding the RP may request this authentication policy, the RP MUST still - verify that this policy appears in the positive assertion response rather than assume the OP - recognized and complied with the request. - - - - - Indicates that the OP MUST not include any OpenID Attribute Exchange or Simple Registration - information regarding the user in the assertion. - - - - - Used in a PAPE response to indicate that no PAPE authentication policies could be satisfied. - - - Used internally by the PAPE extension, so that users don't have to know about it. - - - - - OpenID Provider Authentication Policy extension constants. - - - - - The namespace used by this extension in messages. - - - - - The namespace alias to use for OpenID 1.x interop, where aliases are not defined in the message. - - - - - The string to prepend on an Auth Level Type alias definition. - - - - - Well-known assurance level Type URIs. - - - - - The Type URI of the NIST assurance level. - - - - - A mapping between the PAPE TypeURI and the alias to use if - possible for backward compatibility reasons. - - - - - Parameters to be included with PAPE requests. - - - - - Optional. If the End User has not actively authenticated to the OP within the number of seconds specified in a manner fitting the requested policies, the OP SHOULD authenticate the End User for this request. - - Integer value greater than or equal to zero in seconds. - - The OP should realize that not adhering to the request for re-authentication most likely means that the End User will not be allowed access to the services provided by the RP. If this parameter is absent in the request, the OP should authenticate the user at its own discretion. - - - - - Zero or more authentication policy URIs that the OP SHOULD conform to when authenticating the user. If multiple policies are requested, the OP SHOULD satisfy as many as it can. - - Space separated list of authentication policy URIs. - - If no policies are requested, the RP may be interested in other information such as the authentication age. - - - - - The space separated list of the name spaces of the custom Assurance Level that RP requests, in the order of its preference. - - - - - An encoder/decoder design for DateTimes that must conform to the PAPE spec. - - - The timestamp MUST be formatted as specified in section 5.6 of [RFC3339] (Klyne, G. and C. Newman, “Date and Time on the Internet: Timestamps,” .), with the following restrictions: - * All times must be in the UTC timezone, indicated with a "Z". - * No fractional seconds are allowed - For example: 2005-05-15T17:11:51Z - - - - - An array of the date/time formats allowed by the PAPE extension. - - - TODO: This array of formats is not yet a complete list. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Descriptions for NIST-defined levels of assurance that a credential - has not been compromised and therefore the extent to which an - authentication assertion can be trusted. - - - One using this enum should review the following publication for details - before asserting or interpreting what these levels signify, notwithstanding - the brief summaries attached to each level in DotNetOpenAuth documentation. - http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf - - See PAPE spec Appendix A.1.2 (NIST Assurance Levels) for high-level example classifications of authentication methods within the defined levels. - - - - - - Not an assurance level defined by NIST, but rather SHOULD be used to - signify that the OP recognizes the parameter and the End User - authentication did not meet the requirements of Level 1. - - - - - See this document for a thorough description: - http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf - - - - - See this document for a thorough description: - http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf - - - - - See this document for a thorough description: - http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf - - - - - See this document for a thorough description: - http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf - - - - - Utility methods for use by the PAPE extension. - - - - - Looks at the incoming fields and figures out what the aliases and name spaces for auth level types are. - - The incoming message data in which to discover TypeURIs and aliases. - The initialized with the given data. - - - - Concatenates a sequence of strings using a space as a separator. - - The elements to concatenate together.. - The concatenated string of elements. - Thrown if any element in the sequence includes a space. - values != null - values == null - - - - The PAPE request part of an OpenID Authentication request message. - - - - - The factory method that may be used in deserialization of this message. - - - - - The transport field for the RP's preferred authentication policies. - - - This field is written to/read from during custom serialization. - - - - - Initializes a new instance of the class. - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Serializes the policies as a single string per the PAPE spec.. - - The policies to include in the list. - The concatenated string of the given policies. - - - - Serializes the auth levels to a list of aliases. - - The preferred auth level types. - The alias manager. - A space-delimited list of aliases. - - - - Gets or sets the maximum acceptable time since the End User has - actively authenticated to the OP in a manner fitting the requested - policies, beyond which the Provider SHOULD authenticate the - End User for this request. - - - The OP should realize that not adhering to the request for re-authentication - most likely means that the End User will not be allowed access to the - services provided by the RP. If this parameter is absent in the request, - the OP should authenticate the user at its own discretion. - - - - - Gets the list of authentication policy URIs that the OP SHOULD - conform to when authenticating the user. If multiple policies are - requested, the OP SHOULD satisfy as many as it can. - - List of authentication policy URIs obtainable from - the class or from a custom - list. - - If no policies are requested, the RP may be interested in other - information such as the authentication age. - - - - - Gets the namespaces of the custom Assurance Level the - Relying Party requests, in the order of its preference. - - - - - The PAPE response part of an OpenID Authentication response message. - - - - - The first part of a parameter name that gives the custom string value for - the assurance level. The second part of the parameter name is the alias for - that assurance level. - - - - - The factory method that may be used in deserialization of this message. - - - - - One or more authentication policy URIs that the OP conformed to when authenticating the End User. - - Space separated list of authentication policy URIs. - - If no policies were met though the OP wishes to convey other information in the response, this parameter MUST be included with the value of "none". - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Serializes the applied policies for transmission from the Provider - to the Relying Party. - - The applied policies. - A space-delimited list of applied policies. - - - - Gets a list of authentication policy URIs that the - OP conformed to when authenticating the End User. - - - - - Gets or sets the most recent timestamp when the End User has - actively authenticated to the OP in a manner fitting the asserted policies. - - - If the RP's request included the "openid.max_auth_age" parameter - then the OP MUST include "openid.auth_time" in its response. - If "openid.max_auth_age" was not requested, the OP MAY choose to include - "openid.auth_time" in its response. - - - - - Gets or sets the Assurance Level as defined by the National - Institute of Standards and Technology (NIST) in Special Publication - 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., “Electronic - Authentication Guideline,” April 2006.) [NIST_SP800‑63] corresponding - to the authentication method and policies employed by the OP when - authenticating the End User. - - - See PAPE spec Appendix A.1.2 (NIST Assurance Levels) for high-level - example classifications of authentication methods within the defined - levels. - - - - - Gets a dictionary where keys are the authentication level type URIs and - the values are the per authentication level defined custom value. - - - A very common key is - and values for this key are available in . - - - - - Gets a value indicating whether this extension is signed by the Provider. - - - true if this instance is signed by the Provider; otherwise, false. - - - - - Encodes and decodes the as an integer of total seconds. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Carries the request/require/none demand state of the simple registration fields. - - - - - The factory method that may be used in deserialization of this message. - - - - - The type URI that this particular (deserialized) extension was read in using, - allowing a response to alter be crafted using the same type URI. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - by deserializing from a message. - - The type URI this extension was recognized by in the OpenID message. - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Tests equality between two structs. - - One instance to compare. - Another instance to compare. - The result of the operator. - - - - Tests inequality between two structs. - - One instance to compare. - Another instance to compare. - The result of the operator. - - - - Tests equality between two structs. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Renders the requested information as a string. - - - A that represents the current . - - Contract.Result<string>() != null - - - - Prepares a Simple Registration response extension that is compatible with the - version of Simple Registration used in the request message. - - The newly created instance. - - - - Sets the profile request properties according to a list of - field names that might have been passed in the OpenId query dictionary. - - - The list of field names that should receive a given - . These field names should match - the OpenId specification for field names, omitting the 'openid.sreg' prefix. - - The none/request/require state of the listed fields. - - - - Assembles the profile parameter names that have a given . - - The demand level (request, require, none). - An array of the profile parameter names that meet the criteria. - - - - Gets or sets the URL the consumer site provides for the authenticating user to review - for how his claims will be used by the consumer web site. - - - - - Gets or sets the level of interest a relying party has in the nickname of the user. - - - - - Gets or sets the level of interest a relying party has in the email of the user. - - - - - Gets or sets the level of interest a relying party has in the full name of the user. - - - - - Gets or sets the level of interest a relying party has in the birthdate of the user. - - - - - Gets or sets the level of interest a relying party has in the gender of the user. - - - - - Gets or sets the level of interest a relying party has in the postal code of the user. - - - - - Gets or sets the level of interest a relying party has in the Country of the user. - - - - - Gets or sets the level of interest a relying party has in the language of the user. - - - - - Gets or sets the level of interest a relying party has in the time zone of the user. - - - - - Gets or sets a value indicating whether this instance - is synthesized from an AX request at the Provider. - - - - - Gets or sets the value of the sreg.required parameter. - - A comma-delimited list of sreg fields. - - - - Gets or sets the value of the sreg.optional parameter. - - A comma-delimited list of sreg fields. - - - - A struct storing Simple Registration field values describing an - authenticating user. - - - - - The factory method that may be used in deserialization of this message. - - - - - The allowed format for birthdates. - - - - - Storage for the raw string birthdate value. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - - The type URI that must be used to identify this extension in the response message. - This value should be the same one the relying party used to send the extension request. - - !String.IsNullOrEmpty(typeUriToUse) - String.IsNullOrEmpty(typeUriToUse) - - - - Tests equality of two objects. - - One instance to compare. - Another instance to compare. - The result of the operator. - - - - Tests inequality of two objects. - - One instance to compare. - Another instance to compare. - The result of the operator. - - - - Tests equality of two objects. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Reads the extension information on an authentication response from the provider. - - The incoming OpenID response carrying the extension. - - A Javascript snippet that when executed on the user agent returns an object with - the information deserialized from the extension response. - - - This method is called before the signature on the assertion response has been - verified. Therefore all information in these fields should be assumed unreliable - and potentially falsified. - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Translates an empty string value to null, or passes through non-empty values. - - The value to consider changing to null. - Either null or a non-empty string. - - - - Gets or sets the nickname the user goes by. - - - - - Gets or sets the user's email address. - - - - - Gets or sets the full name of a user as a single string. - - - - - Gets or sets the user's birthdate. - - - - - Gets or sets the raw birth date string given by the extension. - - A string in the format yyyy-MM-dd. - - - - Gets or sets the gender of the user. - - - - - Gets or sets the zip code / postal code of the user. - - - - - Gets or sets the country of the user. - - - - - Gets or sets the primary/preferred language of the user. - - - - - Gets or sets the user's timezone. - - - - - Gets a combination of the user's full name and email address. - - - - - Gets or sets a combination o the language and country of the user. - - - - - Gets a value indicating whether this extension is signed by the Provider. - - - true if this instance is signed by the Provider; otherwise, false. - - - - - Simple Registration constants - - - - - Additional type URIs that this extension is sometimes known by remote parties. - - - - - Specifies what level of interest a relying party has in obtaining the value - of a given field offered by the Simple Registration extension. - - - - - The relying party has no interest in obtaining this field. - - - - - The relying party would like the value of this field, but wants - the Provider to display the field to the user as optionally provided. - - - - - The relying party considers this a required field as part of - authentication. The Provider and/or user agent MAY still choose to - not provide the value of the field however, according to the - Simple Registration extension specification. - - - - - Indicates the gender of a user. - - - - - The user is male. - - - - - The user is female. - - - - - Encodes/decodes the Simple Registration Gender type to its string representation. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Constants used to support the UI extension. - - - - - The type URI associated with this extension. - - - - - The Type URI that appears in an XRDS document when the OP supports popups through the UI extension. - - - - - The Type URI that appears in an XRDS document when the OP supports the RP - specifying the user's preferred language through the UI extension. - - - - - The Type URI that appears in the XRDS document when the OP supports the RP - specifying the icon for the OP to display during authentication through the UI extension. - - - - - Constants used in implementing support for the UI extension. - - - - - The required width of the popup window the relying party creates for the provider. - - - - - The required height of the popup window the relying party creates for the provider. - - - - - Gets the window.open javascript snippet to use to open a popup window - compliant with the UI extension. - - The relying party. - The authentication request to place in the window. - The name to assign to the popup window. - A string starting with 'window.open' and forming just that one method call. - relyingParty != null - relyingParty == null - request != null - request == null - !string.IsNullOrEmpty(windowName) - string.IsNullOrEmpty(windowName) - - - - Valid values for the mode parameter of the OpenID User Interface extension. - - - - - Indicates that the Provider's authentication page appears in a popup window. - - The constant "popup". - - The RP SHOULD create the popup to be 450 pixels wide and 500 pixels tall. The popup MUST have the address bar displayed, and MUST be in a standalone browser window. The contents of the popup MUST NOT be framed by the RP. - The RP SHOULD open the popup centered above the main browser window, and SHOULD dim the contents of the parent window while the popup is active. The RP SHOULD ensure that the user is not surprised by the appearance of the popup, and understands how to interact with it. - To keep the user popup user experience consistent, it is RECOMMENDED that the OP does not resize the popup window unless the OP requires additional space to show special features that are not usually displayed as part of the default popup user experience. - The OP MAY close the popup without returning a response to the RP. Closing the popup without sending a response should be interpreted as a negative assertion. - The response to an authentication request in a popup is unchanged from [OpenID 2.0] (OpenID 2.0 Workgroup, “OpenID 2.0,” .). Relying Parties detecting that the popup was closed without receiving an authentication response SHOULD interpret the close event to be a negative assertion. - - - - - OpenID User Interface extension 1.0 request message. - - - Implements the extension described by: http://wiki.openid.net/f/openid_ui_extension_draft01.html - This extension only applies to checkid_setup requests, since checkid_immediate requests display - no UI to the user. - For rules about how the popup window should be displayed, please see the documentation of - . - An RP may determine whether an arbitrary OP supports this extension (and thereby determine - whether to use a standard full window redirect or a popup) via the - method. - - - - - The factory method that may be used in deserialization of this message. - - - - - Additional type URIs that this extension is sometimes known by remote parties. - - - - - Backing store for . - - - - - Initializes a new instance of the class. - - - - - Gets the URL of the RP icon for the OP to display. - - The realm of the RP where the authentication request originated. - The web request handler to use for discovery. - Usually available via OpenIdProvider.Channel.WebRequestHandler. - - A sequence of the RP's icons it has available for the Provider to display, in decreasing preferred order. - - The icon URL. - - This property is automatically set for the OP with the result of RP discovery. - RPs should set this value by including an entry such as this in their XRDS document. - - <Service xmlns="xri://$xrd*($v*2.0)"> - <Type>http://specs.openid.net/extensions/ui/icon</Type> - <URI>http://consumer.example.com/images/image.jpg</URI> - </Service> - - realm != null - webRequestHandler != null - - - - Gets the URL of the RP icon for the OP to display. - - The realm of the RP where the authentication request originated. - The Provider instance used to obtain the authentication request. - - A sequence of the RP's icons it has available for the Provider to display, in decreasing preferred order. - - The icon URL. - - This property is automatically set for the OP with the result of RP discovery. - RPs should set this value by including an entry such as this in their XRDS document. - - <Service xmlns="xri://$xrd*($v*2.0)"> - <Type>http://specs.openid.net/extensions/ui/icon</Type> - <URI>http://consumer.example.com/images/image.jpg</URI> - </Service> - - realm != null - provider != null - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Gets or sets the list of user's preferred languages, sorted in decreasing preferred order. - - The default is the of the thread that created this instance. - - The user's preferred languages as a [BCP 47] language priority list, represented as a comma-separated list of BCP 47 basic language ranges in descending priority order. For instance, the value "fr-CA,fr-FR,en-CA" represents the preference for French spoken in Canada, French spoken in France, followed by English spoken in Canada. - - - - - Gets or sets the style of UI that the RP is hosting the OP's authentication page in. - - Some value from the class. Defaults to . - - - - Gets or sets a value indicating whether the Relying Party has an icon - it would like the Provider to display to the user while asking them - whether they would like to log in. - - - true if the Provider should display an icon; otherwise, false. - - By default, the Provider displays the relying party's favicon.ico. - - - - - Gets the TypeURI the extension uses in the OpenID protocol and in XRDS advertisements. - - - - !String.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the additional TypeURIs that are supported by this extension, in preferred order. - May be empty if none other than is supported, but - should not be null. - - - Useful for reading in messages with an older version of an extension. - The value in the property is always checked before - trying this list. - If you do support multiple versions of an extension using this method, - consider adding a CreateResponse method to your request extension class - so that the response can have the context it needs to remain compatible - given the version of the extension in the request message. - The for an example. - - - Contract.Result<IEnumerable<string>>() != null - - - - - Gets or sets a value indicating whether this extension was - signed by the sender. - - - true if this instance is signed by the sender; otherwise, false. - - - - - Gets the version of the protocol or extension this message is prepared to implement. - - The value 1.0. - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<Version>() != null - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IDictionary<string, string>>() != null - - - - - The discovery service to support host-meta based discovery, such as Google Apps for Domains. - - - The spec for this discovery mechanism can be found at: - http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains - and the XMLDSig spec referenced in that spec can be found at: - http://wiki.oasis-open.org/xri/XrdOne/XmlDsigProfile - - - - - A module that provides discovery services for OpenID identifiers. - - - - - Performs discovery on the specified identifier. - - The identifier to perform discovery on. - The means to place outgoing HTTP requests. - if set to true, no further discovery services will be called for this identifier. - - A sequence of service endpoints yielded by discovery. Must not be null, but may be empty. - - - identifier != null - identifier == null - requestHandler != null - requestHandler == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Path to the well-known location of the host-meta document at a domain. - - - - - The URI template for discovery host-meta on domains hosted by - Google Apps for Domains. - - - - - The pattern within a host-meta file to look for to obtain the URI to the XRDS document. - - - - - Initializes a new instance of the class. - - - - - Performs discovery on the specified identifier. - - The identifier to perform discovery on. - The means to place outgoing HTTP requests. - if set to true, no further discovery services will be called for this identifier. - - A sequence of service endpoints yielded by discovery. Must not be null, but may be empty. - - identifier != null - identifier == null - requestHandler != null - requestHandler == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Gets the XRD elements that have a given CanonicalID. - - The XRDS document. - The CanonicalID to match on. - A sequence of XRD elements. - - - - Gets the described-by services in XRD elements. - - The XRDs to search. - A sequence of services. - xrds != null - xrds == null - Contract.Result<IEnumerable<ServiceElement>>() != null - - - - Gets the services for an identifier that are described by an external XRDS document. - - The XRD elements to search for described-by services. - The identifier under discovery. - The request handler. - The discovered services. - xrds != null - xrds == null - identifier != null - identifier == null - requestHandler != null - requestHandler == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Validates the XML digital signature on an XRDS document. - - The XRDS document whose signature should be validated. - The identifier under discovery. - The response. - The host name on the certificate that should be used to verify the signature in the XRDS. - Thrown if the XRDS document has an invalid or a missing signature. - document != null - document == null - identifier != null - identifier == null - response != null - response == null - - - - Verifies the cert chain. - - The certs. - - This must be in a method of its own because there is a LinkDemand on the - method. By being in a method of its own, the caller of this method may catch a - that is thrown if we're not running with full trust and execute - an alternative plan. - - Thrown if the certificate chain is invalid or unverifiable. - - - - Gets the XRDS HTTP response for a given identifier. - - The identifier. - The request handler. - The location of the XRDS document to retrieve. - - A HTTP response carrying an XRDS document. - - Thrown if the XRDS document could not be obtained. - identifier != null - identifier == null - requestHandler != null - requestHandler == null - xrdsLocation != null - xrdsLocation == null - Contract.Result<IncomingWebResponse>() != null - - - - Gets the XRDS HTTP response for a given identifier. - - The identifier. - The request handler. - The host name on the certificate that should be used to verify the signature in the XRDS. - A HTTP response carrying an XRDS document, or null if one could not be obtained. - Thrown if the XRDS document could not be obtained. - identifier != null - identifier == null - requestHandler != null - requestHandler == null - - - - Gets the location of the XRDS document that describes a given identifier. - - The identifier under discovery. - The request handler. - The host name on the certificate that should be used to verify the signature in the XRDS. - An absolute URI, or null if one could not be determined. - identifier != null - identifier == null - requestHandler != null - requestHandler == null - - - - Gets the host-meta for a given identifier. - - The identifier. - The request handler. - The host name on the certificate that should be used to verify the signature in the XRDS. - - The host-meta response, or null if no host-meta document could be obtained. - - identifier != null - identifier == null - requestHandler != null - requestHandler == null - - - - Gets the URIs authorized to host host-meta documents on behalf of a given domain. - - The identifier. - A sequence of URIs that MAY provide the host-meta for a given identifier. - identifier != null - identifier == null - - - - Gets the set of URI templates to use to contact host-meta hosting proxies - for domain discovery. - - - - - Gets or sets a value indicating whether to trust Google to host domains' host-meta documents. - - - This property is just a convenient mechanism for checking or changing the set of - trusted host-meta proxies in the property. - - - - - A description of a web server that hosts host-meta documents. - - - - - Initializes a new instance of the class. - - The proxy formatting string. - The signing host formatting string. - !String.IsNullOrEmpty(proxyFormat) - String.IsNullOrEmpty(proxyFormat) - !String.IsNullOrEmpty(signingHostFormat) - String.IsNullOrEmpty(signingHostFormat) - - - - Gets the absolute proxy URI. - - The identifier being discovered. - The an absolute URI. - identifier != null - identifier == null - - - - Gets the signing host URI. - - The identifier being discovered. - A host name. - identifier != null - identifier == null - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Gets the URL of the host-meta proxy. - - The absolute proxy URL, which may include {0} to be replaced with the host of the identifier to be discovered. - - - - Gets the formatting string to determine the expected host name on the certificate - that is expected to be used to sign the XRDS document. - - - Either a string literal, or a formatting string where these placeholders may exist: - {0} the host on the identifier discovery was originally performed on; - {1} the host on this proxy. - - - - - An Identifier is either a "http" or "https" URI, or an XRI. - - - - - Initializes a new instance of the class. - - The original string before any normalization. - Whether the derived class is prepared to guarantee end-to-end discovery - and initial redirect for authentication is performed using SSL. - - - - Converts the string representation of an Identifier to its strong type. - - The identifier. - The particular Identifier instance to represent the value given. - identifier == null || identifier.Length > 0 - identifier != null && identifier.Length <= 0 - (identifier == null) == (Contract.Result<Identifier>() == null) - - - - Converts a given Uri to a strongly-typed Identifier. - - The identifier to convert. - The result of the conversion. - (identifier == null) == (Contract.Result<Identifier>() == null) - - - - Converts an Identifier to its string representation. - - The identifier to convert to a string. - The result of the conversion. - (identifier == null) == (Contract.Result<string>() == null) - - - - Parses an identifier string and automatically determines - whether it is an XRI or URI. - - Either a URI or XRI identifier. - An instance for the given value. - !String.IsNullOrEmpty(identifier) - String.IsNullOrEmpty(identifier) - Contract.Result<Identifier>() != null - - - - Parses an identifier string and automatically determines - whether it is an XRI or URI. - - Either a URI or XRI identifier. - if set to true this Identifier will serialize exactly as given rather than in its normalized form. - - An instance for the given value. - - !String.IsNullOrEmpty(identifier) - String.IsNullOrEmpty(identifier) - Contract.Result<Identifier>() != null - - - - Attempts to parse a string for an OpenId Identifier. - - The string to be parsed. - The parsed Identifier form. - - True if the operation was successful. False if the string was not a valid OpenId Identifier. - - - - - Checks the validity of a given string representation of some Identifier. - - The identifier. - - true if the specified identifier is valid; otherwise, false. - - !string.IsNullOrEmpty(identifier) - string.IsNullOrEmpty(identifier) - - - - Tests equality between two s. - - The first Identifier. - The second Identifier. - - true if the two instances should be considered equal; false otherwise. - - - - - Tests inequality between two s. - - The first Identifier. - The second Identifier. - - true if the two instances should be considered unequal; false if they are equal. - - - - - Tests equality between two s. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Gets the hash code for an for storage in a hashtable. - - - A hash code for the current . - - - - - Reparses the specified identifier in order to be assured that the concrete type that - implements the identifier is one of the well-known ones. - - The identifier. - Either or . - identifier != null - identifier == null - Contract.Result<Identifier>() != null - - - - Returns an that has no URI fragment. - Quietly returns the original if it is not - a or no fragment exists. - - A new instance if there was a - fragment to remove, otherwise this same instance.. - - Contract.Result<Identifier>() != null - - - - Converts a given identifier to its secure equivalent. - UriIdentifiers originally created with an implied HTTP scheme change to HTTPS. - Discovery is made to require SSL for the entire resolution process. - - - The newly created secure identifier. - If the conversion fails, retains - this identifiers identity, but will never discover any endpoints. - - - True if the secure conversion was successful. - False if the Identifier was originally created with an explicit HTTP scheme. - - Contract.ValueAtReturn(out secureIdentifier) != null - - - - Gets the original string that was normalized to create this Identifier. - - - - - Gets the Identifier in the form in which it should be serialized. - - - For Identifiers that were originally deserialized, this is the exact same - string that was deserialized. For Identifiers instantiated in some other way, this is - the normalized form of the string used to instantiate the identifier. - - - - - Gets or sets a value indicating whether instances are considered equal - based solely on their string reprsentations. - - - This property serves as a test hook, so that MockIdentifier instances can be considered "equal" - to UriIdentifier instances. - - - - - Gets a value indicating whether this Identifier will ensure SSL is - used throughout the discovery phase and initial redirect of authentication. - - - If this is false, a value of true may be obtained by calling - . - - - - - Gets a value indicating whether this instance was initialized from - deserializing a message. - - - This is interesting because when an Identifier comes from the network, - we can't normalize it and then expect signatures to still verify. - But if the Identifier is initialized locally, we can and should normalize it - before serializing it. - - - - - Code Contract for the class. - - - - - Prevents a default instance of the IdentifierContract class from being created. - - - - - Returns an that has no URI fragment. - Quietly returns the original if it is not - a or no fragment exists. - - - A new instance if there was a - fragment to remove, otherwise this same instance.. - - - - - Converts a given identifier to its secure equivalent. - UriIdentifiers originally created with an implied HTTP scheme change to HTTPS. - Discovery is made to require SSL for the entire resolution process. - - The newly created secure identifier. - If the conversion fails, retains - this identifiers identity, but will never discover any endpoints. - - True if the secure conversion was successful. - False if the Identifier was originally created with an explicit HTTP scheme. - - - - - A set of methods designed to assist in improving interop across different - OpenID implementations and their extensions. - - - - - The gender decoder to translate AX genders to Sreg. - - - - - Adds an Attribute Exchange (AX) extension to the authentication request - that asks for the same attributes as the Simple Registration (sreg) extension - that is already applied. - - The authentication request. - The attribute formats to use in the AX request. - - If discovery on the user-supplied identifier yields hints regarding which - extensions and attribute formats the Provider supports, this method MAY ignore the - argument and accomodate the Provider to minimize - the size of the request. - If the request does not carry an sreg extension, the method logs a warning but - otherwise quietly returns doing nothing. - - request != null - request == null - - - - Looks for Simple Registration and Attribute Exchange (all known formats) - response extensions and returns them as a Simple Registration extension. - - The authentication response. - if set to true unsigned extensions will be included in the search. - - The Simple Registration response if found, - or a fabricated one based on the Attribute Exchange extension if found, - or just an empty if there was no data. - Never null. - response != null - response == null - - - - Looks for Simple Registration and Attribute Exchange (all known formats) - request extensions and returns them as a Simple Registration extension, - and adds the new extension to the original request message if it was absent. - - The authentication request. - - The Simple Registration request if found, - or a fabricated one based on the Attribute Exchange extension if found, - or null if no attribute extension request is found. - request != null - request == null - - - - Converts the Simple Registration extension response to whatever format the original - attribute request extension came in. - - The authentication request with the response extensions already added. - - If the original attribute request came in as AX, the Simple Registration extension is converted - to an AX response and then the Simple Registration extension is removed from the response. - - - - - Gets the attribute value if available. - - The AX fetch response extension to look for the attribute value. - The type URI of the attribute, using the axschema.org format of . - The AX type URI formats to search. - - The first value of the attribute, if available. - - - - - Transforms an AX attribute type URI from the axschema.org format into a given format. - - The ax schema org format type URI. - The target format. Only one flag should be set. - The AX attribute type URI in the target format. - - - - Adds the AX attribute value to the response if it is non-empty. - - The AX Fetch response to add the attribute value to. - The attribute type URI in axschema.org format. - The target format of the actual attribute to write out. - The value of the attribute. - - - - Gets the demand level for an AX attribute. - - The AX fetch request to search for the attribute. - The type URI of the attribute in axschema.org format. - The demand level for the attribute. - ax != null - ax == null - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Tries to find the exact format of AX attribute Type URI supported by the Provider. - - The authentication request. - The attribute formats the RP will try if this discovery fails. - The AX format(s) to use based on the Provider's advertised AX support. - request != null - request == null - - - - Detects the AX attribute type URI format from a given sample. - - The type URIs to scan for recognized formats. - The first AX type URI format recognized in the list. - typeURIs != null - typeURIs == null - - - - Transforms an AX attribute type URI from the axschema.org format into a given format. - - The ax schema org format type URI. - The target format. Only one flag should be set. - The AX attribute type URI in the target format. - !String.IsNullOrEmpty(axSchemaOrgFormatTypeUri) - String.IsNullOrEmpty(axSchemaOrgFormatTypeUri) - - - - Splits the AX attribute format flags into individual values for processing. - - The formats to split up into individual flags. - A sequence of individual flags. - - - - Adds an attribute fetch request if it is not already present in the AX request. - - The AX request to add the attribute request to. - The format of the attribute's Type URI to use. - The attribute in axschema.org format. - The demand level. - ax != null - ax == null - !String.IsNullOrEmpty(axSchemaOrgFormatAttribute) - String.IsNullOrEmpty(axSchemaOrgFormatAttribute) - - - - The COM type used to provide details of an authentication result to a relying party COM client. - - - - - The response read in by the Relying Party. - - - - - Initializes a new instance of the class. - - The response. - response != null - response == null - - - - Gets an Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the provider endpoint that sent the assertion. - - - - - Gets a value indicating whether the authentication attempt succeeded. - - - - - Gets the Simple Registration response. - - - - - Gets details regarding a failed authentication attempt, if available. - - - - - A struct storing Simple Registration field values describing an - authenticating user. - - - - - The Simple Registration claims response message that this shim wraps. - - - - - Initializes a new instance of the class. - - The Simple Registration response to wrap. - response != null - response == null - - - - Gets the nickname the user goes by. - - - - - Gets the user's email address. - - - - - Gets the full name of a user as a single string. - - - - - Gets the raw birth date string given by the extension. - - A string in the format yyyy-MM-dd. - - - - Gets the gender of the user. - - - - - Gets the zip code / postal code of the user. - - - - - Gets the country of the user. - - - - - Gets the primary/preferred language of the user. - - - - - Gets the user's timezone. - - - - - The COM interface describing the DotNetOpenAuth functionality available to - COM client OpenID relying parties. - - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - - - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - - - An authentication request object that describes the HTTP response to - send to the user agent to initiate the authentication. - - Thrown if no OpenID endpoint could be found. - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - A comma-delimited list of simple registration fields to request as optional. - A comma-delimited list of simple registration fields to request as required. - - An authentication request object that describes the HTTP response to - send to the user agent to initiate the authentication. - - Thrown if no OpenID endpoint could be found. - - - - Gets the result of a user agent's visit to his OpenId provider in an - authentication attempt. Null if no response is available. - - The incoming request URL . - The form data that may have been included in the case of a POST request. - The Provider's response to a previous authentication request, or null if no response is present. - - - - Implementation of , providing a subset of the - functionality available to .NET clients. - - - - - The OpenIdRelyingParty instance to use for requests. - - - - - Initializes static members of the class. - - - - - Initializes a new instance of the class. - - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - - - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - - - An authentication request object that describes the HTTP response to - send to the user agent to initiate the authentication. - - Thrown if no OpenID endpoint could be found. - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - A comma-delimited list of simple registration fields to request as optional. - A comma-delimited list of simple registration fields to request as required. - - An authentication request object that describes the HTTP response to - send to the user agent to initiate the authentication. - - Thrown if no OpenID endpoint could be found. - - - - Gets the result of a user agent's visit to his OpenId provider in an - authentication attempt. Null if no response is available. - - The incoming request URL. - The form data that may have been included in the case of a POST request. - The Provider's response to a previous authentication request, or null if no response is present. - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Performs discovery on the specified identifier. - - The identifier to perform discovery on. - The means to place outgoing HTTP requests. - if set to true, no further discovery services will be called for this identifier. - - A sequence of service endpoints yielded by discovery. Must not be null, but may be empty. - - - - - A message a Relying Party sends to a Provider to confirm the validity - of a positive assertion that was signed by a Provider-only secret. - - - The significant payload of this message depends entirely upon the - assertion message, and therefore is all in the - property bag. - - - - - A common base class for OpenID request messages and indirect responses (since they are ultimately requests). - - - - - The openid.ns parameter in the message. - - "http://specs.openid.net/auth/2.0" - - This particular value MUST be present for the request to be a valid OpenID Authentication 2.0 request. Future versions of the specification may define different values in order to allow message recipients to properly interpret the request. - - - - - Backing store for the property. - - - - - Backing store for the property. - - - - - Initializes a new instance of the class. - - The OpenID version this message must comply with. - The OpenID Provider endpoint. - The value for the openid.mode parameter. - A value indicating whether the message will be transmitted directly or indirectly. - providerEndpoint != null - providerEndpoint == null - !String.IsNullOrEmpty(mode) - String.IsNullOrEmpty(mode) - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Sets a flag indicating that this message is received (as opposed to sent). - - - - - Gets some string from a given version of the OpenID protocol. - - The protocol version to use for lookup. - A function that can retrieve the desired protocol constant. - The value of the constant. - - This method can be used by a constructor to throw an - instead of a . - - protocolVersion != null - protocolVersion == null - - - - Gets the value of the openid.mode parameter. - - - - - Gets the preferred method of transport for the message. - - - For direct messages this is the OpenID mandated POST. - For indirect messages both GET and POST are allowed. - - - - - Gets the recipient of the message. - - The OP endpoint, or the RP return_to. - - - - Gets the version of the protocol this message is prepared to implement. - - Version 2.0 - - Contract.Result<Version>() != null - - - - - Gets the level of protection this message requires. - - - - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - - - - Gets the extra parameters included in the message. - - An empty dictionary. - - Contract.Result<IDictionary<string, string>>() != null - - - - - Gets a value indicating whether this message was deserialized as an incoming message. - - - - - Gets the protocol used by this message. - - - - - Initializes a new instance of the class. - - The OpenID version this message must comply with. - The OpenID Provider endpoint. - - - - Initializes a new instance of the class - based on the contents of some signed message whose signature must be verified. - - The message whose signature should be verified. - The channel. This is used only within the constructor and is not stored in a field. - channel != null - channel == null - - - - Gets or sets a value indicating whether the signature being verified by this request - is in fact valid. - - - true if the signature is valid; otherwise, false. - - This property is automatically set as the message is received by the channel's - signing binding element. - - - - - Gets or sets the ReturnTo that existed in the original signed message. - - - This exists strictly for convenience in recreating the - message. - - - - - The message sent from the Provider to the Relying Party to confirm/deny - the validity of an assertion that was signed by a private Provider secret. - - - - - A common base class for OpenID direct message responses. - - - - - The openid.ns parameter in the message. - - "http://specs.openid.net/auth/2.0" - - OpenID 2.0 Section 5.1.2: - This particular value MUST be present for the response to be a valid OpenID 2.0 response. - Future versions of the specification may define different values in order to allow message - recipients to properly interpret the request. - - - - - Backing store for the properties. - - - - - Backing store for the properties. - - - - - The dictionary of parameters that are not part of the OpenID specification. - - - - - Initializes a new instance of the class. - - The OpenID version of the response message. - The originating request. May be null in case the request is unrecognizable and this is an error response. - responseVersion != null - responseVersion == null - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Sets a flag indicating that this message is received (as opposed to sent). - - - - - Gets the version of the protocol this message is prepared to implement. - - Version 2.0 - - Contract.Result<Version>() != null - - - - - Gets the level of protection this message requires. - - - - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - - - - Gets the extra, non-OAuth parameters included in the message. - - - Contract.Result<IDictionary<string, string>>() != null - - - - - Gets the originating request message that caused this response to be formed. - - - This property may be null if the request message was undecipherable. - - - - - Gets a value indicating whether this message was deserialized as an incoming message. - - - - - Gets the protocol used by this message. - - - - - Gets the originating request message that caused this response to be formed. - - - - - Initializes a new instance of the class - for use by the Relying Party. - - The OpenID version of the response message. - The request that this message is responding to. - - - - Initializes a new instance of the class - for use by the Provider. - - The request that this message is responding to. - The OpenID Provider that is preparing to send this response. - provider != null - provider == null - - - - Gets or sets a value indicating whether the signature of the verification request is valid. - - - - - Gets or sets the handle the relying party should invalidate if is true. - - The "invalidate_handle" value sent in the verification request, if the OP confirms it is invalid. - - If present in a verification response with "is_valid" set to "true", - the Relying Party SHOULD remove the corresponding association from - its store and SHOULD NOT send further authentication requests with - this handle. - This two-step process for invalidating associations is necessary - to prevent an attacker from invalidating an association at will by - adding "invalidate_handle" parameters to an authentication response. - For OpenID 1.1, we allow this to be present but empty to put up with poor implementations such as Blogger. - - - - - An authentication request from a Relying Party to a Provider. - - - This message type satisfies OpenID 2.0 section 9.1. - - - - - An indirect request from a Relying Party to a Provider where the response - is expected to be signed. - - - - - Backing store for the property. - - - - - Initializes a new instance of the class. - - The OpenID version to use. - The Provider endpoint that receives this message. - - for asynchronous javascript clients; - to allow the Provider to interact with the user in order to complete authentication. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Adds parameters to the return_to querystring. - - The keys=value pairs to add to the return_to query string. - - This method is useful if the Relying Party wants to recall some value - when and if a positive assertion comes back from the Provider. - - keysValues != null - keysValues == null - - - - Adds a parameter to the return_to querystring. - - The name of the parameter. - The value of the argument. - - This method is useful if the Relying Party wants to recall some value - when and if a positive assertion comes back from the Provider. - - - - - Gets the value of the openid.mode parameter based on the protocol version and immediate flag. - - The OpenID version to use. - - for asynchronous javascript clients; - to allow the Provider to interact with the user in order to complete authentication. - - checkid_immediate or checkid_setup - version != null - version == null - - - - Gets the list of extensions that are included with this message. - - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IList<IExtensionMessage>>() != null - - - - - Gets a value indicating whether the Provider is allowed to interact with the user - as part of authentication. - - - true if using OpenID immediate mode; otherwise, false. - - - - Gets or sets the handle of the association the RP would like the Provider - to use for signing a positive assertion in the response message. - - A handle for an association between the Relying Party and the OP - that SHOULD be used to sign the response. - - If no association handle is sent, the transaction will take place in Stateless Mode - (Verifying Directly with the OpenID Provider). - - - - - Gets or sets the URL the Provider should redirect the user agent to following - the authentication attempt. - - URL to which the OP SHOULD return the User-Agent with the response - indicating the status of the request. - - If this value is not sent in the request it signifies that the Relying Party - does not wish for the end user to be returned. - The return_to URL MAY be used as a mechanism for the Relying Party to attach - context about the authentication request to the authentication response. - This document does not define a mechanism by which the RP can ensure that query - parameters are not modified by outside parties; such a mechanism can be defined - by the RP itself. - - - - - Gets or sets the Relying Party discovery URL the Provider may use to verify the - source of the authentication request. - - - URL pattern the OP SHOULD ask the end user to trust. See Section 9.2 (Realms). - This value MUST be sent if openid.return_to is omitted. - Default: The URL. - - - - - Gets or sets a value indicating whether the return_to value should be signed. - - - - - Initializes a new instance of the class. - - The OpenID version to use. - The Provider endpoint that receives this message. - - for asynchronous javascript clients; - to allow the Provider to interact with the user in order to complete authentication. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets or sets the Claimed Identifier. - - - "openid.claimed_id" and "openid.identity" SHALL be either both present or both absent. - If neither value is present, the assertion is not about an identifier, - and will contain other information in its payload, using extensions (Extensions). - It is RECOMMENDED that OPs accept XRI identifiers with or without the "xri://" prefix, as specified in the Normalization (Normalization) section. - - - - - Gets or sets the OP Local Identifier. - - The OP-Local Identifier. - - If a different OP-Local Identifier is not specified, the claimed - identifier MUST be used as the value for openid.identity. - Note: If this is set to the special value - "http://specs.openid.net/auth/2.0/identifier_select" then the OP SHOULD - choose an Identifier that belongs to the end user. This parameter MAY - be omitted if the request is not about an identifier (for instance if - an extension is in use that makes the request meaningful without it; - see openid.claimed_id above). - - - - - The base class that all successful association response messages derive from. - - - Association response messages are described in OpenID 2.0 section 8.2. This type covers section 8.2.1. - - - - - A flag indicating whether an association has already been created. - - - - - Initializes a new instance of the class. - - The OpenID version of the response message. - The originating request. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Called to create the Association based on a request previously given by the Relying Party. - - The prior request for an association. - The security settings for the Provider. Should be null for Relying Parties. - The created association. - - The response message is updated to include the details of the created association by this method, - but the resulting association is not added to the association store and must be done by the caller. - This method is called by both the Provider and the Relying Party, but actually performs - quite different operations in either scenario. - - request != null - request == null - - - - Called to create the Association based on a request previously given by the Relying Party. - - The prior request for an association. - The security settings of the Provider. - The created association. - - The caller will update this message's and - properties based on the returned by this method, but any other - association type specific properties must be set by this method. - The response message is updated to include the details of the created association by this method, - but the resulting association is not added to the association store and must be done by the caller. - - request != null - request == null - securitySettings != null - securitySettings == null - - - - Called to create the Association based on a request previously given by the Relying Party. - - The prior request for an association. - The created association. - request != null - request == null - - - - Gets or sets the association handle is used as a key to refer to this association in subsequent messages. - - A string 255 characters or less in length. It MUST consist only of ASCII characters in the range 33-126 inclusive (printable non-whitespace characters). - - - - Gets or sets the preferred association type. The association type defines the algorithm to be used to sign subsequent messages. - - Value: A valid association type from Section 8.3. - - - - Gets or sets the value of the "openid.session_type" parameter from the request. - If the OP is unwilling or unable to support this association type, it MUST return an - unsuccessful response (Unsuccessful Response Parameters). - - Value: A valid association session type from Section 8.4 (Association Session Types). - Note: Unless using transport layer encryption, "no-encryption" MUST NOT be used. - - - - Gets or sets the lifetime, in seconds, of this association. The Relying Party MUST NOT use the association after this time has passed. - - An integer, represented in base 10 ASCII. - - - - Members found on error response messages sent from a Provider - to a Relying Party in response to direct and indirect message - requests that result in an error. - - - - - Gets or sets a human-readable message indicating why the request failed. - - - - - Gets or sets the contact address for the administrator of the server. - - The contact address may take any form, as it is intended to be displayed to a person. - - - - Gets or sets a reference token, such as a support ticket number or a URL to a news blog, etc. - - - - - A common base class from which indirect response messages should derive. - - - - - Initializes a new instance of the class. - - The request that caused this response message to be constructed. - The value of the openid.mode parameter. - request != null - request == null - - - - Initializes a new instance of the class - for unsolicited assertion scenarios. - - The OpenID version supported at the Relying Party. - - The URI at which the Relying Party receives OpenID indirect messages. - - The value to use for the openid.mode parameter. - - - - Gets the property of a message. - - The message to fetch the protocol version from. - The value of the property. - - This method can be used by a constructor to throw an - instead of a . - - message != null - message == null - - - - Gets the property of a message. - - The message to fetch the ReturnTo from. - The value of the property. - - This method can be used by a constructor to throw an - instead of a . - - message != null - message == null - - - - Gets the originating request message, if applicable. - - - - - An indirect message from a Provider to a Relying Party where at least part of the - payload is signed so the Relying Party can verify it has not been tampered with. - - - - - The allowed date/time formats for the response_nonce parameter. - - - This array of formats is not yet a complete list. - - - - - Backing store for the property. - - - - - Backing field for the property. - - - The field initializer being DateTime.UtcNow allows for OpenID 1.x messages - to pass through the StandardExpirationBindingElement. - - - - - Backing store for the property. - - - - - Initializes a new instance of the class. - - - The authentication request that caused this assertion to be generated. - - request != null - request == null - - - - Initializes a new instance of the class - in order to perform signature verification at the Provider. - - The previously signed message. - The channel. This is used only within the constructor and is not stored in a field. - channel != null - channel == null - - - - Initializes a new instance of the class - for unsolicited assertions. - - The OpenID version to use. - The return_to URL of the Relying Party. - This value will commonly be from , - but for unsolicited assertions may come from the Provider performing RP discovery - to find the appropriate return_to URL to use. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the value of a named parameter in the return_to URL without signature protection. - - The full name of the parameter whose value is being sought. - The value of the parameter if it is present and unaltered from when - the Relying Party signed it; null otherwise. - - This method will always return null on the Provider-side, since Providers - cannot verify the private signature made by the relying party. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - - - - Gets the names of the callback parameters added to the original authentication request - without signature protection. - - A sequence of the callback parameter names. - - - - Gets a dictionary of all the message part names and values - that are included in the message signature. - - The channel. - - A dictionary of the signed message parts. - - channel != null - channel == null - - - - Determines whether one querystring contains every key=value pair that - another querystring contains. - - The querystring that should contain at least all the key=value pairs of the other. - The querystring containing the set of key=value pairs to test for in the other. - - true if contains all the query parameters that does; false otherwise. - - - - - Verifies that the openid.return_to field matches the URL of the actual HTTP request. - - - From OpenId Authentication 2.0 section 11.1: - To verify that the "openid.return_to" URL matches the URL that is processing this assertion: - * The URL scheme, authority, and path MUST be the same between the two URLs. - * Any query parameters that are present in the "openid.return_to" URL MUST - also be present with the same values in the URL of the HTTP request the RP received. - - - - - Gets the list of extensions that are included with this message. - - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IList<IExtensionMessage>>() != null - - - - - Gets the level of protection this message requires. - - - for OpenID 2.0 messages. - for OpenID 1.x messages. - - - Although the required protection is reduced for OpenID 1.x, - this library will provide Relying Party hosts with all protections - by adding its own specially-crafted nonce to the authentication request - messages except for stateless RPs in OpenID 1.x messages. - - - - - Gets or sets the message signature. - - Base 64 encoded signature calculated as specified in Section 6 (Generating Signatures). - - - - Gets or sets the signed parameter order. - - Comma-separated list of signed fields. - "op_endpoint,identity,claimed_id,return_to,assoc_handle,response_nonce" - - This entry consists of the fields without the "openid." prefix that the signature covers. - This list MUST contain at least "op_endpoint", "return_to" "response_nonce" and "assoc_handle", - and if present in the response, "claimed_id" and "identity". - Additional keys MAY be signed as part of the message. See Generating Signatures. - - - - - Gets or sets the association handle used to sign the message. - - The handle for the association that was used to sign this assertion. - - - - Gets or sets the nonce that will protect the message from replay attacks. - - - - - Gets the context within which the nonce must be unique. - - - - - Gets or sets the UTC date/time the message was originally sent onto the network. - - - The property setter should ensure a UTC date/time, - and throw an exception if this is not possible. - - - Thrown when a DateTime that cannot be converted to UTC is set. - - - - - Gets or sets the association handle that the Provider wants the Relying Party to not use any more. - - If the Relying Party sent an invalid association handle with the request, it SHOULD be included here. - - For OpenID 1.1, we allow this to be present but empty to put up with poor implementations such as Blogger. - - - - - Gets or sets the Provider Endpoint URI. - - - - - Gets or sets the return_to parameter as the relying party provided - it in . - - Verbatim copy of the return_to URL parameter sent in the - request, before the Provider modified it. - - - - Gets or sets a value indicating whether the - URI's query string is unaltered between when the Relying Party - sent the original request and when the response was received. - - - This property is not persisted in the transmitted message, and - has no effect on the Provider-side of the communication. - - - - - Gets the signed extensions on this message. - - - - - Gets the unsigned extensions on this message. - - - - - Gets or sets the nonce that will protect the message from replay attacks. - - - A string 255 characters or less in length, that MUST be unique to - this particular successful authentication response. The nonce MUST start - with the current time on the server, and MAY contain additional ASCII - characters in the range 33-126 inclusive (printable non-whitespace characters), - as necessary to make each response unique. The date and time MUST be - formatted as specified in section 5.6 of [RFC3339] - (Klyne, G. and C. Newman, “Date and Time on the Internet: Timestamps,” .), - with the following restrictions: - - All times must be in the UTC timezone, indicated with a "Z". - No fractional seconds are allowed - - - 2005-05-15T17:11:51ZUNIQUE - - - - Gets or sets the nonce that will protect the message from replay attacks. - - - A string 255 characters or less in length, that MUST be unique to - this particular successful authentication response. The nonce MUST start - with the current time on the server, and MAY contain additional ASCII - characters in the range 33-126 inclusive (printable non-whitespace characters), - as necessary to make each response unique. The date and time MUST be - formatted as specified in section 5.6 of [RFC3339] - (Klyne, G. and C. Newman, “Date and Time on the Internet: Timestamps,” .), - with the following restrictions: - - All times must be in the UTC timezone, indicated with a "Z". - No fractional seconds are allowed - - - 2005-05-15T17:11:51ZUNIQUE - - - - Gets the querystring key=value pairs in the return_to URL. - - - - - Code contract class for the IOpenIdMessageExtension interface. - - - - - Prevents a default instance of the class from being created. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the TypeURI the extension uses in the OpenID protocol and in XRDS advertisements. - - - - - Gets the additional TypeURIs that are supported by this extension, in preferred order. - May be empty if none other than is supported, but - should not be null. - - - Useful for reading in messages with an older version of an extension. - The value in the property is always checked before - trying this list. - If you do support multiple versions of an extension using this method, - consider adding a CreateResponse method to your request extension class - so that the response can have the context it needs to remain compatible - given the version of the extension in the request message. - The for an example. - - - - - Gets or sets a value indicating whether this extension was - signed by the sender. - - - true if this instance is signed by the sender; otherwise, false. - - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - Implementations of this interface should ensure that this property never returns null. - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - Implementations of this interface should ensure that this property never returns null. - - - - - The message OpenID Providers send back to Relying Parties to refuse - to assert the identity of a user. - - - - - Initializes a new instance of the class. - - The request that the relying party sent. - - - - Initializes a new instance of the class. - - The request that the relying party sent. - The channel to use to simulate construction of the user_setup_url, if applicable. May be null, but the user_setup_url will not be constructed. - - - - Initializes a new instance of the class. - - The version. - The relying party return to. - The value of the openid.mode parameter. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Constructs the value for the user_setup_url parameter to be sent back - in negative assertions in response to OpenID 1.x RP's checkid_immediate requests. - - The immediate request. - The channel to use to simulate construction of the message. - The value to use for the user_setup_url parameter. - immediateRequest != null - immediateRequest == null - channel != null - channel == null - - - - Gets the value for the openid.mode that is appropriate for this response. - - The request that we're responding to. - The value of the openid.mode parameter to use. - request != null - request == null - - - - Gets or sets the URL the relying party can use to upgrade their authentication - request from an immediate to a setup message. - - URL to redirect User-Agent to so the End User can do whatever's necessary to fulfill the assertion. - - This part is only included in OpenID 1.x responses. - - - - - Gets a value indicating whether this - is in response to an authentication request made in immediate mode. - - - true if the request was in immediate mode; otherwise, false. - - - - An identity assertion from a Provider to a Relying Party, stating that the - user operating the user agent is in fact some specific user known to the Provider. - - - - - Initializes a new instance of the class. - - - The authentication request that caused this assertion to be generated. - - - - - Initializes a new instance of the class - for unsolicited assertions. - - The OpenID version to use. - The return_to URL of the Relying Party. - This value will commonly be from , - but for unsolicited assertions may come from the Provider performing RP discovery - to find the appropriate return_to URL to use. - - - - Initializes a new instance of the class. - - The relying party return_to endpoint that will receive this positive assertion. - - - - Gets or sets the Claimed Identifier. - - - "openid.claimed_id" and "openid.identity" SHALL be either both present or both absent. - If neither value is present, the assertion is not about an identifier, - and will contain other information in its payload, using extensions (Extensions). - - - - - Gets or sets the OP Local Identifier. - - The OP-Local Identifier. - - OpenID Providers MAY assist the end user in selecting the Claimed - and OP-Local Identifiers about which the assertion is made. - The openid.identity field MAY be omitted if an extension is in use that - makes the response meaningful without it (see openid.claimed_id above). - - - - - Wraps an existing Identifier and prevents it from performing discovery. - - - - - The wrapped identifier. - - - - - Initializes a new instance of the class. - - The ordinary Identifier whose discovery is being masked. - Whether this Identifier should claim to be SSL-secure, although no discovery will never generate service endpoints anyway. - wrappedIdentifier != null - wrappedIdentifier == null - - - - Returns a that represents the current . - - - A that represents the current . - - Contract.Result<string>() != null - - - - Tests equality between two s. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Gets the hash code for an for storage in a hashtable. - - - A hash code for the current . - - - - - Returns an that has no URI fragment. - Quietly returns the original if it is not - a or no fragment exists. - - - A new instance if there was a - fragment to remove, otherwise this same instance.. - - Contract.Result<Identifier>() != null - - - - Converts a given identifier to its secure equivalent. - UriIdentifiers originally created with an implied HTTP scheme change to HTTPS. - Discovery is made to require SSL for the entire resolution process. - - The newly created secure identifier. - If the conversion fails, retains - this identifiers identity, but will never discover any endpoints. - - True if the secure conversion was successful. - False if the Identifier was originally created with an explicit HTTP scheme. - - Contract.ValueAtReturn(out secureIdentifier) != null - - - - A set of utilities especially useful to OpenID. - - - - - The prefix to designate this library's proprietary parameters added to the protocol. - - - - - Gets the OpenID protocol instance for the version in a message. - - The message. - The OpenID protocol instance. - message != null - message == null - - - - Changes the position of some element in a list. - - The type of elements stored in the list. - The list to be modified. - The new position for the given element. - The element to move within the list. - Thrown if the element does not already exist in the list. - - - - Corrects any URI decoding the Provider may have inappropriately done - to our return_to URL, resulting in an otherwise corrupted base64 encoded value. - - The base64 encoded value. May be null. - - The value; corrected if corruption had occurred. - - - AOL may have incorrectly URI-decoded the token for us in the return_to, - resulting in a token URI-decoded twice by the time we see it, and no - longer being a valid base64 string. - It turns out that the only symbols from base64 that is also encoded - in URI encoding rules are the + and / characters. - AOL decodes the %2b sequence to the + character - and the %2f sequence to the / character (it shouldn't decode at all). - When we do our own URI decoding, the + character becomes a space (corrupting base64) - but the / character remains a /, so no further corruption happens to this character. - So to correct this we just need to change any spaces we find in the token - back to + characters. - - - - - Rounds the given downward to the whole second. - - The DateTime object to adjust. - The new value. - - - - Gets the fully qualified Realm URL, given a Realm that may be relative to a particular page. - - The hosting page that has the realm value to resolve. - The realm, which may begin with "*." or "~/". - The request context. - The fully-qualified realm. - page != null - page == null - requestContext != null - requestContext == null - - - - Gets the extension factories from the extension aggregator on an OpenID channel. - - The channel. - The list of factories that will be used to generate extension instances. - - This is an extension method on rather than an instance - method on because the - and classes don't strong-type to - to allow flexibility in the specific type of channel the user (or tests) - can plug in. - - channel != null - channel == null - - - - Provides standard PPID Identifiers to users to protect their identity from individual relying parties - and from colluding groups of relying parties. - - this.Hasher != null - this.Encoder != null - this.BaseIdentifier != null - this.NewSaltLength > 0 - - - - An interface to provide custom identifiers for users logging into specific relying parties. - - - This interface would allow, for example, the Provider to offer PPIDs to their users, - allowing the users to log into RPs without leaving any clue as to their true identity, - and preventing multiple RPs from colluding to track user activity across realms. - - - - - Gets the Identifier to use for the Claimed Identifier and Local Identifier of - an outgoing positive assertion. - - The OP local identifier for the authenticating user. - The realm of the relying party receiving the assertion. - - A valid, discoverable OpenID Identifier that should be used as the value for the - openid.claimed_id and openid.local_id parameters. Must not be null. - - localIdentifier != null - localIdentifier == null - relyingPartyRealm != null - relyingPartyRealm == null - ((IDirectedIdentityIdentifierProvider)this).IsUserLocalIdentifier(localIdentifier) - !(((IDirectedIdentityIdentifierProvider)this).IsUserLocalIdentifier(localIdentifier)) - - - - Determines whether a given identifier is the primary (non-PPID) local identifier for some user. - - The identifier in question. - - true if the given identifier is the valid, unique identifier for some uesr (and NOT a PPID); otherwise, false. - - - identifier != null - identifier == null - - - - The type of hash function to use for the property. - - - - - The length of the salt to generate for first time PPID-users. - - - - - Initializes a new instance of the class. - - The base URI on which to append the anonymous part. - baseIdentifier != null - baseIdentifier == null - - - - Gets the Identifier to use for the Claimed Identifier and Local Identifier of - an outgoing positive assertion. - - The OP local identifier for the authenticating user. - The realm of the relying party receiving the assertion. - - A valid, discoverable OpenID Identifier that should be used as the value for the - openid.claimed_id and openid.local_id parameters. Must not be null. - - localIdentifier != null - localIdentifier == null - relyingPartyRealm != null - relyingPartyRealm == null - ((IDirectedIdentityIdentifierProvider)this).IsUserLocalIdentifier(localIdentifier) - !(((IDirectedIdentityIdentifierProvider)this).IsUserLocalIdentifier(localIdentifier)) - - - - Determines whether a given identifier is the primary (non-PPID) local identifier for some user. - - The identifier in question. - - true if the given identifier is the valid, unique identifier for some uesr (and NOT a PPID); otherwise, false. - - identifier != null - identifier == null - - - - Creates a new salt to assign to a user. - - A non-null buffer of length filled with a random salt. - - - - Creates a new PPID Identifier by appending a pseudonymous identifier suffix to - the . - - The unique part of the Identifier to append to the common first part. - The full PPID Identifier. - !String.IsNullOrEmpty(uriHash) - String.IsNullOrEmpty(uriHash) - - - - Gets the salt to use for generating an anonymous identifier for a given OP local identifier. - - The OP local identifier. - The salt to use in the hash. - - It is important that this method always return the same value for a given - . - New salts can be generated for local identifiers without previously assigned salt - values by calling or by a custom method. - - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the base URI on which to append the anonymous part. - - - - - Gets or sets a value indicating whether each Realm will get its own private identifier - for the authenticating uesr. - - The default value is . - - - - Gets the hash function to use to perform the one-way transform of a personal identifier - to an "anonymous" looking one. - - - - - Gets the encoder to use for transforming the personal identifier into bytes for hashing. - - - - - Gets or sets the new length of the salt. - - The new length of the salt. - - value > 0 - - value <= 0 - - - - A granularity description for who wide of an audience sees the same generated PPID. - - - - - A unique Identifier is generated for every realm. This is the highest security setting. - - - - - Only the host name in the realm is used in calculating the PPID, - allowing for some level of sharing of the PPID Identifiers between RPs - that are able to share the same realm host value. - - - - - Although the user's Identifier is still opaque to the RP so they cannot determine - who the user is at the OP, the same Identifier is used at all RPs so collusion - between the RPs is possible. - - - - - Provides access to a host Provider to read an incoming extension-only checkid request message, - and supply extension responses or a cancellation message to the RP. - - - - - A base class from which identity and non-identity RP requests can derive. - - - - - Implements the interface for all incoming - request messages to an OpenID Provider. - - - - - Represents an incoming OpenId authentication request. - - - Requests may be infrastructural to OpenID and allow auto-responses, or they may - be authentication requests where the Provider site has to make decisions based - on its own user database and policies. - - - - - Adds an extension to the response to send to the relying party. - - The extension to add to the response message. - extension != null - extension == null - - - - Removes any response extensions previously added using . - - - This should be called before sending a negative response back to the relying party - if extensions were already added, since negative responses cannot carry extensions. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - An instance of the extension initialized with values passed in with the request. - - - - Gets an extension sent from the relying party. - - The type of the extension. - An instance of the extension initialized with values passed in with the request. - extensionType != null - extensionType == null - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - Gets or sets the security settings that apply to this request. - - Defaults to the on the . - - - - The incoming request message. - - - - - The incoming request message cast to its extensible form. - Or null if the message does not support extensions. - - - - - The version of the OpenID protocol to use. - - - - - Backing store for the property. - - - - - The list of extensions to add to the response message. - - - - - Initializes a new instance of the class. - - The incoming request message. - The security settings from the channel. - request != null - request == null - securitySettings != null - securitySettings == null - - - - Initializes a new instance of the class. - - The version. - The security settings. - version != null - version == null - securitySettings != null - securitySettings == null - - - - Adds an extension to the response to send to the relying party. - - The extension to add to the response message. - extension != null - extension == null - - - - Removes any response extensions previously added using . - - - This should be called before sending a negative response back to the relying party - if extensions were already added, since negative responses cannot carry extensions. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - extensionType != null - extensionType == null - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - Gets or sets the security settings that apply to this request. - - Defaults to the on the . - - - - Gets the response to send to the user agent. - - Thrown if is false. - - this.IsResponseReady - Contract.Result<IProtocolMessage>() != null - - !(this.IsResponseReady) - - - - Gets the original request message. - - This may be null in the case of an unrecognizable message. - - - - Gets the response message, once is true. - - - this.IsResponseReady - Contract.Result<IProtocolMessage>() != null - - !(this.IsResponseReady) - - - - Gets the protocol version used in the request. - - - - - Interface exposing incoming messages to the OpenID Provider that - require interaction with the host site. - - - - - Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - - The OpenIdProvider that is performing the RP discovery. - - The details of how successful the relying party discovery was. - - - Return URL verification is only attempted if this method is called. - See OpenID Authentication 2.0 spec section 9.2.1. - - provider != null - provider == null - - - - Gets the version of OpenID being used by the relying party that sent the request. - - - - - Gets the URL the consumer site claims to use as its 'base' address. - - - - - Gets a value indicating whether the consumer demands an immediate response. - If false, the consumer is willing to wait for the identity provider - to authenticate the user. - - - - - Gets or sets the provider endpoint claimed in the positive assertion. - - - The default value is the URL that the request came in on from the relying party. - This value MUST match the value for the OP Endpoint in the discovery results for the - claimed identifier being asserted in a positive response. - - - Contract.Result<Uri>() != null - - - value != null - - - - - The negative assertion to send, if the host site chooses to send it. - - - - - A cache of the result from discovery of the Realm URL. - - - - - Initializes a new instance of the class. - - The provider that received the request. - The incoming request message. - provider != null - provider == null - - - - Gets a value indicating whether verification of the return URL claimed by the Relying Party - succeeded. - - The OpenIdProvider that is performing the RP discovery. - Result of realm discovery. - - Return URL verification is only attempted if this property is queried. - The result of the verification is cached per request so calling this - property getter multiple times in one request is not a performance hit. - See OpenID Authentication 2.0 spec section 9.2.1. - - provider != null - provider == null - - - - Gets a value indicating whether verification of the return URL claimed by the Relying Party - succeeded. - - The OpenIdProvider that is performing the RP discovery. - Result of realm discovery. - provider != null - provider == null - - - - Gets the version of OpenID being used by the relying party that sent the request. - - - - - Gets a value indicating whether the consumer demands an immediate response. - If false, the consumer is willing to wait for the identity provider - to authenticate the user. - - - - - Gets the URL the consumer site claims to use as its 'base' address. - - - - - Gets or sets the provider endpoint. - - - The default value is the URL that the request came in on from the relying party. - - - Contract.Result<Uri>() != null - - - value != null - - - - - Gets a value indicating whether realm discovery been performed. - - - - - Gets the negative response. - - - - - Gets the original request message. - - This may be null in the case of an unrecognizable message. - - - - Instances of this interface represent incoming extension-only requests. - This interface provides the details of the request and allows setting - the response. - - - - - Gets or sets a value indicating whether the user approved sending any data to the relying party. - - - true if approved; otherwise, false. - - - - The extension-response message to send, if the host site chooses to send it. - - - - - Initializes a new instance of the class. - - The provider that received the request. - The incoming authentication request message. - provider != null - provider == null - !(request is CheckIdRequest) - (request is CheckIdRequest) - - - - Gets or sets the provider endpoint. - - - The default value is the URL that the request came in on from the relying party. - - - Contract.Result<Uri>() != null - - - value != null - - - - - Gets or sets a value indicating whether the user approved sending any data to the relying party. - - - true if approved; otherwise, false. - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - Gets the response message, once is true. - - - this.IsResponseReady - Contract.Result<IProtocolMessage>() != null - - !(this.IsResponseReady) - - - - The event arguments that include details of the incoming request. - - - - - Initializes a new instance of the class. - - The incoming OpenID request. - request != null - request == null - - - - Gets the incoming OpenID request. - - - - - The event arguments that include details of the incoming request. - - - - - Initializes a new instance of the class. - - The incoming authentication request. - - - - Gets the incoming authentication request. - - - - - Implements the interface - so that OpenID Provider sites can easily respond to authentication - requests. - - - - - Instances of this interface represent incoming authentication requests. - This interface provides the details of the request and allows setting - the response. - - - - - Adds an optional fragment (#fragment) portion to the ClaimedIdentifier. - Useful for identifier recycling. - - - Should not include the # prefix character as that will be added internally. - May be null or the empty string to clear a previously set fragment. - - - Unlike the property, which can only be set if - using directed identity, this method can be called on any URI claimed identifier. - Because XRI claimed identifiers (the canonical IDs) are never recycled, - this method shouldnot be called for XRIs. - - - Thrown when this method is called on an XRI, or on a directed identity - request before the property is set. - - !(((IAuthenticationRequest)this).IsDirectedIdentity && ((IAuthenticationRequest)this).ClaimedIdentifier == null) - !(!(((IAuthenticationRequest)this).IsDirectedIdentity && ((IAuthenticationRequest)this).ClaimedIdentifier == null)) - !(((IAuthenticationRequest)this).ClaimedIdentifier is XriIdentifier) - !(!(((IAuthenticationRequest)this).ClaimedIdentifier is XriIdentifier)) - - - - Gets a value indicating whether the Provider should help the user - select a Claimed Identifier to send back to the relying party. - - - - - Gets a value indicating whether the requesting Relying Party is using a delegated URL. - - - When delegated identifiers are used, the should not - be changed at the Provider during authentication. - Delegation is only detectable on requests originating from OpenID 2.0 relying parties. - A relying party implementing only OpenID 1.x may use delegation and this property will - return false anyway. - - - - - Gets or sets the Local Identifier to this OpenID Provider of the user attempting - to authenticate. Check to see if - this value is valid. - - - This may or may not be the same as the Claimed Identifier that the user agent - originally supplied to the relying party. The Claimed Identifier - endpoint may be delegating authentication to this provider using - this provider's local id, which is what this property contains. - Use this identifier when looking up this user in the provider's user account - list. - - - - - Gets or sets the identifier that the user agent is claiming at the relying party site. - Check to see if this value is valid. - - - This property can only be set if is - false, to prevent breaking URL delegation. - This will not be the same as this provider's local identifier for the user - if the user has set up his/her own identity page that points to this - provider for authentication. - The provider may use this identifier for displaying to the user when - asking for the user's permission to authenticate to the relying party. - - Thrown from the setter - if is true. - - !req.IsDelegatedIdentifier - !req.IsDirectedIdentity || !(req.LocalIdentifier != null && req.LocalIdentifier != value) - - req.IsDelegatedIdentifier - req.IsDirectedIdentity && !(!(req.LocalIdentifier != null && req.LocalIdentifier != value)) - - - - Gets or sets a value indicating whether the provider has determined that the - belongs to the currently logged in user - and wishes to share this information with the consumer. - - - - - The positive assertion to send, if the host site chooses to send it. - - - - - Initializes a new instance of the class. - - The provider that received the request. - The incoming authentication request message. - provider != null - provider == null - - - - Adds an optional fragment (#fragment) portion to the ClaimedIdentifier. - Useful for identifier recycling. - - Should not include the # prefix character as that will be added internally. - May be null or the empty string to clear a previously set fragment. - - Unlike the property, which can only be set if - using directed identity, this method can be called on any URI claimed identifier. - Because XRI claimed identifiers (the canonical IDs) are never recycled, - this method shouldnot be called for XRIs. - - - Thrown when this method is called on an XRI, or on a directed identity - request before the property is set. - - !(((IAuthenticationRequest)this).IsDirectedIdentity && ((IAuthenticationRequest)this).ClaimedIdentifier == null) - !(!(((IAuthenticationRequest)this).IsDirectedIdentity && ((IAuthenticationRequest)this).ClaimedIdentifier == null)) - !(((IAuthenticationRequest)this).ClaimedIdentifier is XriIdentifier) - !(!(((IAuthenticationRequest)this).ClaimedIdentifier is XriIdentifier)) - - - - Sets the Claimed and Local identifiers even after they have been initially set. - - The value to set to the and properties. - identifier != null - identifier == null - - - - Gets or sets the provider endpoint. - - - The default value is the URL that the request came in on from the relying party. - - - Contract.Result<Uri>() != null - - - value != null - - - - - Gets a value indicating whether the response is ready to be created and sent. - - - - - Gets a value indicating whether the Provider should help the user - select a Claimed Identifier to send back to the relying party. - - - - - Gets a value indicating whether the requesting Relying Party is using a delegated URL. - - - When delegated identifiers are used, the should not - be changed at the Provider during authentication. - Delegation is only detectable on requests originating from OpenID 2.0 relying parties. - A relying party implementing only OpenID 1.x may use delegation and this property will - return false anyway. - - - - - Gets or sets the Local Identifier to this OpenID Provider of the user attempting - to authenticate. Check to see if - this value is valid. - - - This may or may not be the same as the Claimed Identifier that the user agent - originally supplied to the relying party. The Claimed Identifier - endpoint may be delegating authentication to this provider using - this provider's local id, which is what this property contains. - Use this identifier when looking up this user in the provider's user account - list. - - - - - Gets or sets the identifier that the user agent is claiming at the relying party site. - Check to see if this value is valid. - - - This property can only be set if is - false, to prevent breaking URL delegation. - This will not be the same as this provider's local identifier for the user - if the user has set up his/her own identity page that points to this - provider for authentication. - The provider may use this identifier for displaying to the user when - asking for the user's permission to authenticate to the relying party. - - Thrown from the setter - if is true. - - !req.IsDelegatedIdentifier - !req.IsDirectedIdentity || !(req.LocalIdentifier != null && req.LocalIdentifier != value) - - req.IsDelegatedIdentifier - req.IsDirectedIdentity && !(!(req.LocalIdentifier != null && req.LocalIdentifier != value)) - - - - Gets or sets a value indicating whether the provider has determined that the - belongs to the currently logged in user - and wishes to share this information with the consumer. - - - - - Gets the original request message. - - - - - Gets the response message, once is true. - - - this.IsResponseReady - Contract.Result<IProtocolMessage>() != null - - !(this.IsResponseReady) - - - - Handles messages coming into an OpenID Provider for which the entire - response message can be automatically determined without help from - the hosting web site. - - - - - The response message to send. - - - - - Initializes a new instance of the class. - - The request message. - The response that is ready for transmittal. - The security settings. - response != null - response == null - - - - Initializes a new instance of the class - for a response to an unrecognizable request. - - The response that is ready for transmittal. - The security settings. - response != null - response == null - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - Gets the response message, once is true. - - - - - Gets the response message, once is true. - - - this.IsResponseReady - Contract.Result<IProtocolMessage>() != null - - !(this.IsResponseReady) - - - - Code contract class for the type. - - - - - Initializes a new instance of the class. - - - - - Adds an optional fragment (#fragment) portion to the ClaimedIdentifier. - Useful for identifier recycling. - - Should not include the # prefix character as that will be added internally. - May be null or the empty string to clear a previously set fragment. - - Unlike the property, which can only be set if - using directed identity, this method can be called on any URI claimed identifier. - Because XRI claimed identifiers (the canonical IDs) are never recycled, - this method shouldnot be called for XRIs. - - - Thrown when this method is called on an XRI, or on a directed identity - request before the property is set. - - - - - Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - - The OpenIdProvider that is performing the RP discovery. - - The details of how successful the relying party discovery was. - - - Return URL verification is only attempted if this method is called. - See OpenID Authentication 2.0 spec section 9.2.1. - - - - - Adds an extension to the response to send to the relying party. - - The extension to add to the response message. - - - - Removes any response extensions previously added using . - - - This should be called before sending a negative response back to the relying party - if extensions were already added, since negative responses cannot carry extensions. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Gets a value indicating whether the Provider should help the user - select a Claimed Identifier to send back to the relying party. - - - - - Gets a value indicating whether the requesting Relying Party is using a delegated URL. - - - When delegated identifiers are used, the should not - be changed at the Provider during authentication. - Delegation is only detectable on requests originating from OpenID 2.0 relying parties. - A relying party implementing only OpenID 1.x may use delegation and this property will - return false anyway. - - - - - Gets or sets the Local Identifier to this OpenID Provider of the user attempting - to authenticate. Check to see if - this value is valid. - - - This may or may not be the same as the Claimed Identifier that the user agent - originally supplied to the relying party. The Claimed Identifier - endpoint may be delegating authentication to this provider using - this provider's local id, which is what this property contains. - Use this identifier when looking up this user in the provider's user account - list. - - - - - Gets or sets the identifier that the user agent is claiming at the relying party site. - Check to see if this value is valid. - - - This property can only be set if is - false, to prevent breaking URL delegation. - This will not be the same as this provider's local identifier for the user - if the user has set up his/her own identity page that points to this - provider for authentication. - The provider may use this identifier for displaying to the user when - asking for the user's permission to authenticate to the relying party. - - Thrown from the setter - if is true. - - - - Gets or sets a value indicating whether the provider has determined that the - belongs to the currently logged in user - and wishes to share this information with the consumer. - - - - - Gets the version of OpenID being used by the relying party that sent the request. - - - - - Gets the URL the consumer site claims to use as its 'base' address. - - - - - Gets a value indicating whether the consumer demands an immediate response. - If false, the consumer is willing to wait for the identity provider - to authenticate the user. - - - - - Gets or sets the provider endpoint claimed in the positive assertion. - - - The default value is the URL that the request came in on from the relying party. - This value MUST match the value for the OP Endpoint in the discovery results for the - claimed identifier being asserted in a positive response. - - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - Gets or sets the security settings that apply to this request. - - - Defaults to the on the . - - - - - Contract class for the type. - - - - - Gets the Identifier to use for the Claimed Identifier and Local Identifier of - an outgoing positive assertion. - - The OP local identifier for the authenticating user. - The realm of the relying party receiving the assertion. - - A valid, discoverable OpenID Identifier that should be used as the value for the - openid.claimed_id and openid.local_id parameters. Must not be null. - - - - - Determines whether a given identifier is the primary (non-PPID) local identifier for some user. - - The identifier in question. - - true if the given identifier is the valid, unique identifier for some uesr (and NOT a PPID); otherwise, false. - - - - - Code contract for the type. - - - - - Initializes a new instance of the class. - - - - - Adds an extension to the response to send to the relying party. - - The extension to add to the response message. - - - - Removes any response extensions previously added using . - - - This should be called before sending a negative response back to the relying party - if extensions were already added, since negative responses cannot carry extensions. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - - The OpenIdProvider that is performing the RP discovery. - - The details of how successful the relying party discovery was. - - - Return URL verification is only attempted if this method is called. - See OpenID Authentication 2.0 spec section 9.2.1. - - - - - Gets the version of OpenID being used by the relying party that sent the request. - - - - - Gets the URL the consumer site claims to use as its 'base' address. - - - - - Gets a value indicating whether the consumer demands an immediate response. - If false, the consumer is willing to wait for the identity provider - to authenticate the user. - - - - - Gets or sets the provider endpoint. - - - The default value is the URL that the request came in on from the relying party. - - - - - Gets or sets the security settings that apply to this request. - - - Defaults to the on the . - - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - An interface that a Provider site may implement in order to better - control error reporting. - - - - - Logs the details of an exception for later reference in diagnosing the problem. - - The exception that was generated from the error. - - A unique identifier for this particular error that the remote party can - reference when contacting for help with this error. - May be null. - - - The implementation of this method should never throw an unhandled exception - as that would preclude the ability to send the error response to the remote - party. When this method is not implemented, it should return null rather - than throwing . - - - - - Gets the message that can be sent in an error response - with information on who the remote party can contact - for help resolving the error. - - - The contact address may take any form, as it is intended to be displayed to a person. - - - - - A hybrid of all the store interfaces that a Provider requires in order - to operate in "smart" mode. - - - - - Code contract for the type. - - - - - Initializes a new instance of the class. - - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - - - - Called when a request is received by the Provider. - - The incoming request. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - - Implementations may set a new value to but - should not change the properties on the instance of - itself as that instance may be shared across many requests. - - - - - Called when the Provider is preparing to send a response to an authentication request. - - The request that is configured to generate the outgoing response. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Adds an extension to the response to send to the relying party. - - The extension to add to the response message. - - - - Removes any response extensions previously added using . - - - This should be called before sending a negative response back to the relying party - if extensions were already added, since negative responses cannot carry extensions. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Gets or sets the security settings that apply to this request. - - - Defaults to the on the . - - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - An OpenID Provider control that automatically responds to certain - automated OpenID messages, and routes authentication requests to - custom code via an event handler. - - - - - The key used to store the pending authentication request in the ASP.NET session. - - - - - The default value for the property. - - - - - The view state key in which to store the value of the property. - - - - - Backing field for the property. - - - - - The lock that must be obtained when initializing the provider field. - - - - - Sends the response for the and clears the property. - - - - - Checks for incoming OpenID requests, responds to ones it can - respond to without policy checks, and fires events for custom - handling of the ones it cannot decide on automatically. - - The object that contains the event data. - e != null - - - - Fires the event. - - The request to include in the event args. - - - - Fires the event. - - The request to include in the event args. - - true if there were any anonymous request handlers. - - - - Creates the default OpenIdProvider to use. - - The new instance of OpenIdProvider. - Contract.Result<OpenIdProvider>() != null - - - - Fired when an incoming OpenID request is an authentication challenge - that must be responded to by the Provider web site according to its - own user database and policies. - - - - - Fired when an incoming OpenID message carries extension requests - but is not regarding any OpenID identifier. - - - - - Gets or sets the instance to use for all instances of this control. - - The default value is an instance initialized according to the web.config file. - - Contract.Result<OpenIdProvider>() != null - - - value != null - - value == null - - - - Gets or sets an incoming OpenID authentication request that has not yet been responded to. - - - This request is stored in the ASP.NET Session state, so it will survive across - redirects, postbacks, and transfers. This allows you to authenticate the user - yourself, and confirm his/her desire to authenticate to the relying party site - before responding to the relying party's authentication request. - - - HttpContext.Current != null - HttpContext.Current.Session != null - Contract.Result<IAuthenticationRequest>() == null || PendingRequest != null - - HttpContext.Current == null - HttpContext.Current.Session == null - - HttpContext.Current != null - HttpContext.Current.Session != null - - HttpContext.Current == null - HttpContext.Current.Session == null - - - - Gets or sets an incoming OpenID anonymous request that has not yet been responded to. - - - This request is stored in the ASP.NET Session state, so it will survive across - redirects, postbacks, and transfers. This allows you to authenticate the user - yourself, and confirm his/her desire to provide data to the relying party site - before responding to the relying party's request. - - - HttpContext.Current != null - HttpContext.Current.Session != null - Contract.Result<IAnonymousRequest>() == null || PendingRequest != null - - HttpContext.Current == null - HttpContext.Current.Session == null - - HttpContext.Current != null - HttpContext.Current.Session != null - - HttpContext.Current == null - HttpContext.Current.Session == null - - - - Gets or sets an incoming OpenID request that has not yet been responded to. - - - This request is stored in the ASP.NET Session state, so it will survive across - redirects, postbacks, and transfers. This allows you to authenticate the user - yourself, and confirm his/her desire to provide data to the relying party site - before responding to the relying party's request. - - - HttpContext.Current != null - HttpContext.Current.Session != null - - HttpContext.Current == null - HttpContext.Current.Session == null - - HttpContext.Current != null - HttpContext.Current.Session != null - - HttpContext.Current == null - HttpContext.Current.Session == null - - - - Gets or sets a value indicating whether or not this control should - be listening for and responding to incoming OpenID requests. - - - - - The result codes that may be returned from an attempt at relying party discovery. - - - - - Relying Party discovery failed to find an XRDS document or the document was invalid. - - - This can happen either when a relying party does not offer a service document at all, - or when a man-in-the-middle attack is in progress that prevents the Provider from being - able to discover that document. - - - - - Relying Party discovery yielded a valid XRDS document, but no matching return_to URI was found. - - - This is perhaps the most dangerous rating for a relying party, since it suggests that - they are implementing OpenID 2.0 securely, but that a hijack operation may be in progress. - - - - - Relying Party discovery succeeded, and a matching return_to URI was found. - - - - - Code contract for the class. - - - - - Prevents a default instance of the class from being created. - - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - Gets the response message, once is true. - - - - - An in-memory store for Providers, suitable for single server, single process - ASP.NET web sites. - - - This class provides only a basic implementation that is likely to work - out of the box on most single-server web sites. It is highly recommended - that high traffic web sites consider using a database to store the information - used by an OpenID Provider and write a custom implementation of the - interface to use instead of this - class. - - - - - The nonce store to use. - - - - - The association store to use. - - - - - Initializes a new instance of the class. - - - - - Saves an for later recall. - - The Uri (for relying parties) or Smart/Dumb (for providers). - The association to store. - - - - Gets the best association (the one with the longest remaining life) for a given key. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The security requirements that the returned association must meet. - - The requested association, or null if no unexpired s exist for the given key. - - - In the event that multiple associations exist for the given - , it is important for the - implementation for this method to use the - to pick the best (highest grade or longest living as the host's policy may dictate) - association that fits the security requirements. - Associations that are returned that do not meet the security requirements will be - ignored and a new association created. - - - - - Gets the association for a given key and handle. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be recalled. - - The requested association, or null if no unexpired s exist for the given key and handle. - - - - - Removes a specified handle that may exist in the store. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be deleted. - - True if the association existed in this store previous to this call. - - - No exception should be thrown if the association does not exist in the store - before this call. - - - - - Stores a given nonce and timestamp. - - The context, or namespace, within which the must be unique. - A series of random characters. - The timestamp that together with the nonce string make it unique. - The timestamp may also be used by the data store to clear out old nonces. - - True if the nonce+timestamp (combination) was not previously in the database. - False if the nonce was stored previously with the same timestamp. - - - The nonce must be stored for no less than the maximum time window a message may - be processed within before being discarded as an expired message. - If the binding element is applicable to your channel, this expiration window - is retrieved or set using the - property. - - - - - A trust root to validate requests and match return URLs against. - - - This fills the OpenID Authentication 2.0 specification for realms. - See http://openid.net/specs/openid-authentication-2_0.html#realms - - this.uri != null - this.uri.AbsoluteUri != null - - - - A regex used to detect a wildcard that is being used in the realm. - - - - - A (more or less) comprehensive list of top-level (i.e. ".com") domains, - for use by in order to disallow overly-broad realms - that allow all web sites ending with '.com', for example. - - - - - The Uri of the realm, with the wildcard (if any) removed. - - - - - Initializes a new instance of the class. - - The realm URL to use in the new instance. - realmUrl != null - realmUrl == null - - - - Initializes a new instance of the class. - - The realm URL of the Relying Party. - realmUrl != null - realmUrl == null - - - - Initializes a new instance of the class. - - The realm URI builder. - - This is useful because UriBuilder can construct a host with a wildcard - in the Host property, but once there it can't be converted to a Uri. - - - - - Implicitly converts the string-form of a URI to a object. - - The URI that the new Realm instance will represent. - The result of the conversion. - (Contract.Result<Realm>() != null) == (uri != null) - - - - Implicitly converts a to a object. - - The URI to convert to a realm. - The result of the conversion. - (Contract.Result<Realm>() != null) == (uri != null) - - - - Implicitly converts a object to its form. - - The realm to convert to a string value. - The result of the conversion. - (Contract.Result<string>() != null) == (realm != null) - - - - Checks whether one is equal to another. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Returns the hash code used for storing this object in a hash table. - - - A hash code for the current . - - - - - Returns the string form of this . - - - A that represents the current . - - Contract.Result<string>() != null - - - - Validates a URL against this trust root. - - A string specifying URL to check. - Whether the given URL is within this trust root. - - - - Validates a URL against this trust root. - - The URL to check. - Whether the given URL is within this trust root. - - - - Searches for an XRDS document at the realm URL, and if found, searches - for a description of a relying party endpoints (OpenId login pages). - - The mechanism to use for sending HTTP requests. - Whether redirects may be followed when discovering the Realm. - This may be true when creating an unsolicited assertion, but must be - false when performing return URL verification per 2.0 spec section 9.2.1. - - The details of the endpoints if found; or null if no service document was discovered. - - - - - Searches for an XRDS document at the realm URL. - - The mechanism to use for sending HTTP requests. - Whether redirects may be followed when discovering the Realm. - This may be true when creating an unsolicited assertion, but must be - false when performing return URL verification per 2.0 spec section 9.2.1. - - The XRDS document if found; or null if no service document was discovered. - - - - - Calls if the argument is non-null. - Otherwise throws . - - The realm URI builder. - The result of UriBuilder.ToString() - - This simple method is worthwhile because it checks for null - before dereferencing the UriBuilder. Since this is called from - within a constructor's base(...) call, this avoids a - when we should be throwing an . - - realmUriBuilder != null - realmUriBuilder == null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the suggested realm to use for the calling web application. - - A realm that matches this applications root URL. - - For most circumstances the Realm generated by this property is sufficient. - However a wildcard Realm, such as "http://*.microsoft.com/" may at times be more - desirable than "http://www.microsoft.com/" in order to allow identifier - correlation across related web sites for directed identity Providers. - Requires an HttpContext.Current context. - - - HttpContext.Current != null && HttpContext.Current.Request != null - Contract.Result<Realm>() != null - - HttpContext.Current == null || HttpContext.Current.Request == null - - - - Gets a value indicating whether a '*.' prefix to the hostname is - used in the realm to allow subdomains or hosts to be added to the URL. - - - - - Gets the host component of this instance. - - - - - Gets the scheme name for this URI. - - - - - Gets the port number of this URI. - - - - - Gets the absolute path of the URI. - - - - - Gets the System.Uri.AbsolutePath and System.Uri.Query properties separated - by a question mark (?). - - - - - Gets the original string. - - The original string. - - - - Gets the realm URL. If the realm includes a wildcard, it is not included here. - - - - - Gets the Realm discovery URL, where the wildcard (if present) is replaced with "www.". - - - See OpenID 2.0 spec section 9.2.1 for the explanation on the addition of - the "www" prefix. - - - - - Gets a value indicating whether this realm represents a reasonable (sane) set of URLs. - - - 'http://*.com/', for example is not a reasonable pattern, as it cannot meaningfully - specify the site claiming it. This function attempts to find many related examples, - but it can only work via heuristics. Negative responses from this method should be - treated as advisory, used only to alert the user to examine the trust root carefully. - - - - - A description of some OpenID Relying Party endpoint. - - - This is an immutable type. - - - - - Initializes a new instance of the class. - - The return to. - - The Type URIs of supported services advertised on a relying party's XRDS document. - - returnTo != null - returnTo == null - supportedServiceTypeUris != null - supportedServiceTypeUris == null - - - - Derives the highest OpenID protocol that this library and the OpenID Provider have - in common. - - The supported service type URIs. - The best OpenID protocol version to use when communicating with this Provider. - - - - Gets the URL to the login page on the discovered relying party web site. - - - - - Gets the OpenId protocol that the discovered relying party supports. - - - - - Diffie-Hellman encryption methods used by both the relying party and provider. - - - - - An array of known Diffie Hellman sessions, sorted by decreasing hash size. - - - - - Finds the hashing algorithm to use given an openid.session_type value. - - The protocol version of the message that named the session_type to be used. - The value of the openid.session_type parameter. - The hashing algorithm to use. - Thrown if no match could be found for the given . - protocol != null - protocol == null - sessionType != null - sessionType == null - - - - Looks up the value to be used for the openid.session_type parameter. - - The protocol version that is to be used. - The hash size (in bits) that the DH session must have. - The value to be used for the openid.session_type parameter, or null if no match was found. - protocol != null - protocol == null - - - - Encrypts/decrypts a shared secret. - - The hashing algorithm that is agreed by both parties to use as part of the secret exchange. - - If the secret is being encrypted, this is the new Diffie Hellman object to use. - If the secret is being decrypted, this must be the same Diffie Hellman object used to send the original request message. - - The public key of the remote party. - The secret to encode, or the encoded secret. Whichever one is given will generate the opposite in the return value. - - The encrypted version of the secret if the secret itself was given in . - The secret itself if the encrypted version of the secret was given in . - - hasher != null - hasher == null - dh != null - dh == null - remotePublicKey != null - remotePublicKey == null - plainOrEncryptedSecret != null - plainOrEncryptedSecret == null - - - - Ensures that the big integer represented by a given series of bytes - is a positive integer. - - The bytes that make up the big integer. - - A byte array (possibly new if a change was required) whose - integer is guaranteed to be positive. - - - This is to be consistent with OpenID spec section 4.2. - - inputBytes != null - inputBytes == null - - - - Provides access to a Diffie-Hellman session algorithm and its name. - - - - - Initializes a new instance of the class. - - The hashing algorithm used in this particular Diffie-Hellman session type. - A function that will return the value of the openid.session_type parameter for a given version of OpenID. - algorithm != null - algorithm == null - getName != null - getName == null - - - - Gets the function that will return the value of the openid.session_type parameter for a given version of OpenID. - - - - - Gets the hashing algorithm used in this particular Diffie-Hellman session type - - - - - Defines the different Diffie-Hellman key generation methods. - - - - - Returns dynamically generated values for P and G. Unlike the Sophie Germain or DSA key generation methods, - this method does not ensure that the selected prime offers an adequate security level. - - - - - Returns values for P and G that are hard coded in this library. Contrary to what your intuition may tell you, - using these hard coded values is perfectly safe. - The values of the P and G parameters are taken from 'The OAKLEY Key Determination Protocol' [RFC2412]. - This is the prefered key generation method, because it is very fast and very safe. - Because this method uses fixed values for the P and G parameters, not all bit sizes are supported. - The current implementation supports bit sizes of 768, 1024 and 1536. - - - - - Represents the parameters of the Diffie-Hellman algorithm. - - - - - Represents the public P parameter of the Diffie-Hellman algorithm. - - - - - Represents the public G parameter of the Diffie-Hellman algorithm. - - - - - Represents the private X parameter of the Diffie-Hellman algorithm. - - - - - Defines a base class from which all Diffie-Hellman implementations inherit. - - - - - Creates an instance of the default implementation of the algorithm. - - A new instance of the default implementation of DiffieHellman. - - - - Creates an instance of the specified implementation of . - - The name of the implementation of DiffieHellman to use. - A new instance of the specified implementation of DiffieHellman. - - - - Initializes a new instance. - - - - - When overridden in a derived class, creates the key exchange data. - - The key exchange data to be sent to the intended recipient. - - - - When overridden in a derived class, extracts secret information from the key exchange data. - - The key exchange data within which the secret information is hidden. - The secret information derived from the key exchange data. - - - - When overridden in a derived class, exports the . - - - true to include private parameters; otherwise, false. - The parameters for Diffie-Hellman. - - - - When overridden in a derived class, imports the specified . - - The parameters for Diffie-Hellman. - - - - Reconstructs a object from an XML string. - - The XML string to use to reconstruct the DiffieHellman object. - One of the values in the XML string is invalid. - - - - Creates and returns an XML string representation of the current object. - - - true to include private parameters; otherwise, false. - An XML string encoding of the current DiffieHellman object. - - - - Implements the Diffie-Hellman algorithm. - - - - - Initializes a new instance. - - The default length of the shared secret is 1024 bits. - - - - Initializes a new instance. - - The length, in bits, of the public P parameter. - The length, in bits, of the secret value X. This parameter can be set to 0 to use the default size. - One of the values. - The larger the bit length, the more secure the algorithm is. The default is 1024 bits. The minimum bit length is 128 bits.
The size of the private value will be one fourth of the bit length specified. - The specified bit length is invalid. - - - - Initializes a new instance. - - The P parameter of the Diffie-Hellman algorithm. This is a public parameter. - The G parameter of the Diffie-Hellman algorithm. This is a public parameter. - The X parameter of the Diffie-Hellman algorithm. This is a private parameter. If this parameters is a null reference (Nothing in Visual Basic), a secret value of the default size will be generated. - - or is a null reference (Nothing in Visual Basic). - - or is invalid. - - - - Initializes a new instance. - - The P parameter of the Diffie-Hellman algorithm. - The G parameter of the Diffie-Hellman algorithm. - The length, in bits, of the private value. If 0 is specified, the default value will be used. - - or is a null reference (Nothing in Visual Basic). - - is invalid. - - or is invalid. - - - - Creates the key exchange data. - - The key exchange data to be sent to the intended recipient. - - - - Extracts secret information from the key exchange data. - - The key exchange data within which the shared key is hidden. - The shared key derived from the key exchange data. - - - - Releases the unmanaged resources used by the SymmetricAlgorithm and optionally releases the managed resources. - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Exports the . - - - true to include private parameters; otherwise, false. - The parameters for . - - - - Imports the specified . - - The parameters for . - - parameters.P or parameters.G is a null reference (Nothing in Visual Basic) -or- parameters.P is not a prime number. - - - - Releases the unmanaged resources used by the SymmetricAlgorithm. - - - - - Gets the name of the key exchange algorithm. - - The name of the key exchange algorithm. - - - - Gets the name of the signature algorithm. - - The name of the signature algorithm. - - - - Default length of a BigInteger in bytes - - - - - The Length of this BigInteger - - - - - The data for this BigInteger - - - - - Table of primes below 2000. - - - - This table was generated using Mathematica 4.1 using the following function: - - - - PrimeTable [x_] := Prime [Range [1, PrimePi [x]]] - PrimeTable [6000] - - - - - - - Generates a new, random BigInteger of the specified length. - - The number of bits for the new number. - A random number generator to use to obtain the bits. - A random number of the specified length. - - - - Generates a new, random BigInteger of the specified length using the default RNG crypto service provider. - - The number of bits for the new number. - A random number of the specified length. - - - - Randomizes the bits in "this" from the specified RNG. - - A RNG. - - - - Randomizes the bits in "this" from the default RNG. - - - - - Tests if the specified bit is 1. - - The bit to test. The least significant bit is 0. - True if bitNum is set to 1, else false. - - - - Normalizes this by setting the length to the actual number of - uints used in data and by setting the sign to Sign.Zero if the - value of this is 0. - - - - - Generates the smallest prime >= bi - - A BigInteger - The smallest prime >= bi. More mathematically, if bi is prime: bi, else Prime [PrimePi [bi] + 1]. - - - - Increments this by two - - - - - Low level functions for the BigInteger - - - - - Adds two numbers with the same sign. - - A BigInteger - A BigInteger - bi1 + bi2 - - - - Compares two BigInteger - - A BigInteger - A BigInteger - The sign of bi1 - bi2 - - - - Performs n / d and n % d in one operation. - - A BigInteger, upon exit this will hold n / d - The divisor - n % d - - - - Multiplies the data in x [xOffset:xOffset+xLen] by - y [yOffset:yOffset+yLen] and puts it into - d [dOffset:dOffset+xLen+yLen]. - - - - - Multiplies the data in x [xOffset:xOffset+xLen] by - y [yOffset:yOffset+yLen] and puts the low mod words into - d [dOffset:dOffset+mod]. - - - - - A factor of confidence. - - - - - Only suitable for development use, probability of failure may be greater than 1/2^20. - - - - - Suitable only for transactions which do not require forward secrecy. Probability of failure about 1/2^40 - - - - - Designed for production use. Probability of failure about 1/2^80. - - - - - Suitable for sensitive data. Probability of failure about 1/2^160. - - - - - Use only if you have lots of time! Probability of failure about 1/2^320. - - - - - Only use methods which generate provable primes. Not yet implemented. - - - - - Finds the next prime after a given number. - - - - - Performs primality tests on bi, assumes trial division has been done. - - A BigInteger that has been subjected to and passed trial division - False if bi is composite, true if it may be prime. - The speed of this method is dependent on Confidence - - - - Probabilistic prime test based on Rabin-Miller's test - - - - The number to test. - - - - - The number of chosen bases. The test has at least a - 1/4^confidence chance of falsely returning True. - - - - - True if "this" is a strong pseudoprime to randomly chosen bases. - - - False if "this" is definitely NOT prime. - - - - - - An association that uses the HMAC-SHA family of algorithms for message signing. - - - - - The default lifetime of a shared association when no lifetime is given - for a specific association type. - - - - - A list of HMAC-SHA algorithms in order of decreasing bit lengths. - - - - - The specific variety of HMAC-SHA this association is based on (whether it be HMAC-SHA1, HMAC-SHA256, etc.) - - - - - Initializes a new instance of the class. - - The specific variety of HMAC-SHA this association is based on (whether it be HMAC-SHA1, HMAC-SHA256, etc.) - The association handle. - The association secret. - The time duration the association will be good for. - typeIdentity != null - typeIdentity == null - !String.IsNullOrEmpty(handle) - String.IsNullOrEmpty(handle) - secret != null - secret == null - totalLifeLength > TimeSpan.Zero - totalLifeLength <= TimeSpan.Zero - this.TotalLifeLength == totalLifeLength - - - - Creates an HMAC-SHA association. - - The OpenID protocol version that the request for an association came in on. - The value of the openid.assoc_type parameter. - The association handle. - The association secret. - How long the association will be good for. - The newly created association. - protocol != null - protocol == null - !String.IsNullOrEmpty(associationType) - String.IsNullOrEmpty(associationType) - secret != null - secret == null - Contract.Result<HmacShaAssociation>() != null - - - - Creates an association with the specified handle, secret, and lifetime. - - The handle. - The secret. - Total lifetime. - The newly created association. - !String.IsNullOrEmpty(handle) - String.IsNullOrEmpty(handle) - secret != null - secret == null - Contract.Result<HmacShaAssociation>() != null - - - - Returns the length of the shared secret (in bytes). - - The protocol version being used that will be used to lookup the text in - The value of the protocol argument specifying the type of association. For example: "HMAC-SHA1". - The length (in bytes) of the association secret. - Thrown if no association can be found by the given name. - - - - Creates a new association of a given type. - - The protocol. - Type of the association (i.e. HMAC-SHA1 or HMAC-SHA256) - A value indicating whether the new association will be used privately by the Provider for "dumb mode" authentication - or shared with the Relying Party for "smart mode" authentication. - The security settings of the Provider. - The newly created association. - - The new association is NOT automatically put into an association store. This must be done by the caller. - - protocol != null - protocol == null - !String.IsNullOrEmpty(associationType) - String.IsNullOrEmpty(associationType) - securitySettings != null - securitySettings == null - Contract.Result<HmacShaAssociation>() != null - - - - Looks for the first association type in a preferred-order list that is - likely to be supported given a specific OpenID version and the security settings, - and perhaps a matching Diffie-Hellman session type. - - The OpenID version that dictates which associations are available. - A value indicating whether to consider higher strength security to be better. Use true for initial association requests from the Relying Party; use false from Providers when the Relying Party asks for an unrecognized association in order to pick a suggested alternative that is likely to be supported on both sides. - The set of requirements the selected association type must comply to. - Use true for HTTP associations, false for HTTPS associations. - The resulting association type's well known protocol name. (i.e. HMAC-SHA256) - The resulting session type's well known protocol name, if a matching one is available. (i.e. DH-SHA256) - - True if a qualifying association could be found; false otherwise. - - protocol != null - protocol == null - securityRequirements != null - securityRequirements == null - - - - Determines whether a named Diffie-Hellman session type and association type can be used together. - - The protocol carrying the names of the session and association types. - The value of the openid.assoc_type parameter. - The value of the openid.session_type parameter. - - true if the named association and session types are compatible; otherwise, false. - - protocol != null - protocol == null - !String.IsNullOrEmpty(associationType) - String.IsNullOrEmpty(associationType) - sessionType != null - sessionType == null - - - - Gets the string to pass as the assoc_type value in the OpenID protocol. - - The protocol version of the message that the assoc_type value will be included in. - - The value that should be used for the openid.assoc_type parameter. - - - protocol != null - protocol == null - - - - Returns the specific hash algorithm used for message signing. - - - The hash algorithm used for message signing. - - - Contract.Result<HashAlgorithm>() != null - - - - Gets the length (in bits) of the hash this association creates when signing. - - - Contract.Result<int>() > 0 - - - - - Provides information about some HMAC-SHA hashing algorithm that OpenID supports. - - - - - Gets or sets the function that takes a particular OpenID version and returns the value of the openid.assoc_type parameter in that protocol. - - - - - Gets or sets a function that will create the using a given shared secret for the mac. - - - - - Gets or sets the base hash algorithm. - - - - - Gets the size of the hash (in bytes). - - - - - An enumeration that can specify how a given is used. - - - - - The manages a shared secret between - Provider and Relying Party sites that allows the RP to verify - the signature on a message from an OP. - - - - - The manages a secret known alone by - a Provider that allows the Provider to verify its own signatures - for "dumb" (stateless) relying parties. - - - - - Represents an association request that is sent using HTTPS and otherwise communicates the shared secret in plain text. - - - - - An OpenID direct request from Relying Party to Provider to initiate an association. - - - - - Initializes a new instance of the class. - - The OpenID version this message must comply with. - The OpenID Provider endpoint. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Creates an association request message that is appropriate for a given Provider. - - The set of requirements the selected association type must comply to. - The provider to create an association with. - - The message to send to the Provider to request an association. - Null if no association could be created that meet the security requirements - and the provider OpenID version. - - securityRequirements != null - securityRequirements == null - provider != null - provider == null - - - - Creates an association request message that is appropriate for a given Provider. - - The set of requirements the selected association type must comply to. - The provider to create an association with. - Type of the association. - Type of the session. - - The message to send to the Provider to request an association. - Null if no association could be created that meet the security requirements - and the provider OpenID version. - - securityRequirements != null - securityRequirements == null - provider != null - provider == null - !String.IsNullOrEmpty(associationType) - String.IsNullOrEmpty(associationType) - sessionType != null - sessionType == null - - - - Creates a Provider's response to an incoming association request. - - The association store where a new association (if created) will be stored. Must not be null. - The security settings on the Provider. - - The appropriate association response that is ready to be sent back to the Relying Party. - - - If an association is created, it will be automatically be added to the provided - association store. - Successful association response messages will derive from . - Failed association response messages will derive from . - - associationStore != null - associationStore == null - securitySettings != null - securitySettings == null - - - - Creates a Provider's response to an incoming association request. - - - The appropriate association response message. - - - If an association can be successfully created, the - method must not be - called by this method. - Successful association response messages will derive from . - Failed association response messages will derive from . - - - - - Creates a response that notifies the Relying Party that the requested - association type is not supported by this Provider, and offers - an alternative association type, if possible. - - The security settings that apply to this Provider. - The response to send to the Relying Party. - securitySettings != null - securitySettings == null - - - - Gets or sets the preferred association type. The association type defines the algorithm to be used to sign subsequent messages. - - Value: A valid association type from Section 8.3. - - - - Gets or sets the preferred association session type. This defines the method used to encrypt the association's MAC key in transit. - - Value: A valid association session type from Section 8.4 (Association Session Types). - Note: Unless using transport layer encryption, "no-encryption" MUST NOT be used. - - - - Initializes a new instance of the class. - - The OpenID version this message must comply with. - The OpenID Provider endpoint. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Creates a Provider's response to an incoming association request. - - - The appropriate association response message. - - - If an association can be successfully created, the - method must not be - called by this method. - Successful association response messages will derive from . - Failed association response messages will derive from . - - - - - Offers services for a web page that is acting as an OpenID identity server. - - - - - The name of the key to use in the HttpApplication cache to store the - instance of to use. - - - - - Backing store for the property. - - - - - Backing field for the property. - - - - - The relying party used to perform discovery on identifiers being sent in - unsolicited positive assertions. - - - - - Initializes a new instance of the class. - - this.AssociationStore != null - this.SecuritySettings != null - this.Channel != null - - - - Initializes a new instance of the class. - - The application store to use. Cannot be null. - applicationStore != null - applicationStore == null - this.AssociationStore == applicationStore - this.SecuritySettings != null - this.Channel != null - - - - Initializes a new instance of the class. - - The association store to use. Cannot be null. - The nonce store to use. Cannot be null. - associationStore != null - associationStore == null - nonceStore != null - nonceStore == null - this.AssociationStore == associationStore - this.SecuritySettings != null - this.Channel != null - - - - Gets the incoming OpenID request if there is one, or null if none was detected. - - The request that the hosting Provider should possibly process and then transmit the response for. - - Requests may be infrastructural to OpenID and allow auto-responses, or they may - be authentication requests where the Provider site has to make decisions based - on its own user database and policies. - Requires an HttpContext.Current context. - - Thrown if HttpContext.Current == null. - Thrown if the incoming message is recognized but deviates from the protocol specification irrecoverably. - - - - Gets the incoming OpenID request if there is one, or null if none was detected. - - The incoming HTTP request to extract the message from. - - The request that the hosting Provider should process and then transmit the response for. - Null if no valid OpenID request was detected in the given HTTP request. - - - Requests may be infrastructural to OpenID and allow auto-responses, or they may - be authentication requests where the Provider site has to make decisions based - on its own user database and policies. - - Thrown if the incoming message is recognized - but deviates from the protocol specification irrecoverably. - httpRequestInfo != null - httpRequestInfo == null - - - - Sends the response to a received request. - - The incoming OpenID request whose response is to be sent. - Thrown by ASP.NET in order to prevent additional data from the page being sent to the client and corrupting the response. - - Requires an HttpContext.Current context. If one is not available, the caller should use - instead and manually send the - to the client. - - Thrown if is false. - HttpContext.Current != null - HttpContext.Current == null - request != null - request == null - request.IsResponseReady - !(request.IsResponseReady) - - - - Gets the response to a received request. - - The request. - The response that should be sent to the client. - Thrown if is false. - request != null - request == null - request.IsResponseReady - !(request.IsResponseReady) - - - - Sends an identity assertion on behalf of one of this Provider's - members in order to redirect the user agent to a relying party - web site and log him/her in immediately in one uninterrupted step. - - The absolute URL on the Provider site that receives OpenID messages. - The URL of the Relying Party web site. - This will typically be the home page, but may be a longer URL if - that Relying Party considers the scope of its realm to be more specific. - The URL provided here must allow discovery of the Relying Party's - XRDS document that advertises its OpenID RP endpoint. - The Identifier you are asserting your member controls. - The Identifier you know your user by internally. This will typically - be the same as . - The extensions. - HttpContext.Current != null - HttpContext.Current == null - providerEndpoint != null - providerEndpoint == null - providerEndpoint.IsAbsoluteUri - !(providerEndpoint.IsAbsoluteUri) - relyingPartyRealm != null - relyingPartyRealm == null - claimedIdentifier != null - claimedIdentifier == null - localIdentifier != null - localIdentifier == null - - - - Prepares an identity assertion on behalf of one of this Provider's - members in order to redirect the user agent to a relying party - web site and log him/her in immediately in one uninterrupted step. - - The absolute URL on the Provider site that receives OpenID messages. - The URL of the Relying Party web site. - This will typically be the home page, but may be a longer URL if - that Relying Party considers the scope of its realm to be more specific. - The URL provided here must allow discovery of the Relying Party's - XRDS document that advertises its OpenID RP endpoint. - The Identifier you are asserting your member controls. - The Identifier you know your user by internally. This will typically - be the same as . - The extensions. - - A object describing the HTTP response to send - the user agent to allow the redirect with assertion to happen. - - providerEndpoint != null - providerEndpoint == null - providerEndpoint.IsAbsoluteUri - !(providerEndpoint.IsAbsoluteUri) - relyingPartyRealm != null - relyingPartyRealm == null - claimedIdentifier != null - claimedIdentifier == null - localIdentifier != null - localIdentifier == null - this.Channel.WebRequestHandler != null - this.Channel.WebRequestHandler == null - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Applies all behaviors to the response message. - - The request. - - - - Prepares the return value for the GetRequest method in the event of an exception. - - The exception that forms the basis of the error response. Must not be null. - The incoming HTTP request. Must not be null. - The incoming message. May be null in the case that it was malformed. - - Either the to return to the host site or null to indicate no response could be reasonably created and that the caller should rethrow the exception. - - ex != null - ex == null - httpRequestInfo != null - httpRequestInfo == null - - - - Called by derived classes when behaviors are added or removed. - - The collection being modified. - The instance containing the event data. - - - - Gets the standard state storage mechanism that uses ASP.NET's - HttpApplication state dictionary to store associations and nonces. - - - HttpContext.Current != null && HttpContext.Current.Request != null - Contract.Result<IProviderApplicationStore>() != null - - HttpContext.Current == null || HttpContext.Current.Request == null - - - - Gets the channel to use for sending/receiving messages. - - - - - Gets the security settings used by this Provider. - - - Contract.Result<ProviderSecuritySettings>() != null - - - value != null - - value == null - - - - Gets the extension factories. - - - - - Gets or sets the mechanism a host site can use to receive - notifications of errors when communicating with remote parties. - - - - - Gets a list of custom behaviors to apply to OpenID actions. - - - Adding behaviors can impact the security settings of the - in ways that subsequently removing the behaviors will not reverse. - - - - - Gets the list of services that can perform discovery on identifiers given to this relying party. - - - - - Gets the association store. - - - - - Gets the web request handler to use for discovery and the part of - authentication where direct messages are sent to an untrusted remote party. - - - - - Gets the relying party used for discovery of identifiers sent in unsolicited assertions. - - - - - An OpenID direct request from Relying Party to Provider to initiate an association that uses Diffie-Hellman encryption. - - - - - The (only) value we use for the X variable in the Diffie-Hellman algorithm. - - - - - The default gen value for the Diffie-Hellman algorithm. - - - - - The default modulus value for the Diffie-Hellman algorithm. - - - - - Initializes a new instance of the class. - - The OpenID version this message must comply with. - The OpenID Provider endpoint. - - - - Called by the Relying Party to initialize the Diffie-Hellman algorithm and consumer public key properties. - - - - - Creates a Provider's response to an incoming association request. - - - The appropriate association response message. - - - If an association can be successfully created, the - method must not be - called by this method. - Successful association response messages will derive from . - Failed association response messages will derive from . - - - - - Gets or sets the openid.dh_modulus value. - - May be null if the default value given in the OpenID spec is to be used. - - - - Gets or sets the openid.dh_gen value. - - May be null if the default value given in the OpenID spec is to be used. - - - - Gets or sets the openid.dh_consumer_public value. - - - This property is initialized with a call to . - - - - - Gets the Diffie-Hellman algorithm. - - - This property is initialized with a call to . - - - - - The successful Diffie-Hellman association response message. - - - Association response messages are described in OpenID 2.0 section 8.2. This type covers section 8.2.3. - - - - - Initializes a new instance of the class. - - The OpenID version of the response message. - The originating request. - - - - Creates the association at relying party side after the association response has been received. - - The original association request that was already sent and responded to. - The newly created association. - - The resulting association is not added to the association store and must be done by the caller. - - request != null - request == null - - - - Creates the association at the provider side after the association request has been received. - - The association request. - The security settings of the Provider. - The newly created association. - - The response message is updated to include the details of the created association by this method, - but the resulting association is not added to the association store and must be done by the caller. - - request != null - request == null - securitySettings != null - securitySettings == null - - - - Gets or sets the Provider's Diffie-Hellman public key. - - btwoc(g ^ xb mod p) - - - - Gets or sets the MAC key (shared secret), encrypted with the secret Diffie-Hellman value. - - H(btwoc(g ^ (xa * xb) mod p)) XOR MAC key. H is either "SHA1" or "SHA256" depending on the session type. - - - - The successful unencrypted association response message. - - - Association response messages are described in OpenID 2.0 section 8.2. This type covers section 8.2.2. - - - - - Initializes a new instance of the class. - - The OpenID version of the response message. - The originating request. - - - - Called to create the Association based on a request previously given by the Relying Party. - - The prior request for an association. - The security settings of the Provider. - The created association. - - The caller will update this message's - and - - properties based on the returned by this method, but any other - association type specific properties must be set by this method. - The response message is updated to include the details of the created association by this method, - but the resulting association is not added to the association store and must be done by the caller. - - request != null - request == null - securitySettings != null - securitySettings == null - - - - Called to create the Association based on a request previously given by the Relying Party. - - The prior request for an association. - The created association. - request != null - request == null - - - - Gets or sets the MAC key (shared secret) for this association, Base 64 (Josefsson, S., “The Base16, Base32, and Base64 Data Encodings,” .) [RFC3548] encoded. - - - - - The Provider's response to a Relying Party that requested an association that the Provider does not support. - - - This message type described in OpenID 2.0 section 8.2.4. - - - - - A message sent from a Provider to a Relying Party in response to a direct message request that resulted in an error. - - - This message must be sent with an HTTP status code of 400. - This class satisfies OpenID 2.0 section 5.1.2.2. - - - - - Initializes a new instance of the class. - - The OpenID version of the response message. - The originating request. - - - - Gets the HTTP status code that the direct respones should be sent with. - - - - - - - - Gets the HTTP headers to add to the response. - - May be an empty collection, but must not be null. - - Contract.Result<WebHeaderCollection>() != null - - - - - Gets or sets a human-readable message indicating why the request failed. - - - - - Gets or sets the contact address for the administrator of the server. - - The contact address may take any form, as it is intended to be displayed to a person. - - - - Gets or sets a reference token, such as a support ticket number or a URL to a news blog, etc. - - - - - A hard-coded string indicating an error occurred. - - "unsupported-type" - - - - Initializes a new instance of the class. - - The OpenID version of the response message. - The originating request. - - - - Gets or sets an association type supported by the OP from Section 8.3 (Association Types). - - - - - Gets or sets a valid association session type from Section 8.4 (Association Session Types) that the OP supports. - - - - - A message sent from a Provider to a Relying Party in response to an indirect message request that resulted in an error. - - - This class satisfies OpenID 2.0 section 5.2.3. - - - - - Initializes a new instance of the class. - - The request that resulted in this error on the Provider. - - - - Initializes a new instance of the class. - - The OpenID version this message should comply with. - The recipient of this message. - - - - Gets or sets a human-readable message indicating why the request failed. - - - - - Gets or sets the contact address for the administrator of the server. - - The contact address may take any form, as it is intended to be displayed to a person. - - - - Gets or sets a reference token, such as a support ticket number or a URL to a news blog, etc. - - - - - Manages the establishment, storage and retrieval of associations at the relying party. - - - - - The storage to use for saving and retrieving associations. May be null. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - The channel the relying party is using. - The association store. May be null for dumb mode relying parties. - The security settings. - channel != null - channel == null - securitySettings != null - securitySettings == null - - - - Gets an association between this Relying Party and a given Provider - if it already exists in the association store. - - The provider to create an association with. - The association if one exists and has useful life remaining. Otherwise null. - provider != null - provider == null - - - - Gets an existing association with the specified Provider, or attempts to create - a new association of one does not already exist. - - The provider to get an association for. - The existing or new association; null if none existed and one could not be created. - - - - Creates a new association with a given Provider. - - The provider to create an association with. - - The newly created association, or null if no association can be created with - the given Provider given the current security settings. - - - A new association is created and returned even if one already exists in the - association store. - Any new association is automatically added to the . - - provider != null - provider == null - - - - Creates a new association with a given Provider. - - The provider to create an association with. - The associate request. May be null, which will always result in a null return value.. - The number of times to try the associate request again if the Provider suggests it. - - The newly created association, or null if no association can be created with - the given Provider given the current security settings. - - provider != null - provider == null - - - - Gets or sets the channel to use for establishing associations. - - The channel. - - value != null - - value == null - - - - Gets or sets the security settings to apply in choosing association types to support. - - - value != null - - value == null - - - - Gets a value indicating whether this instance has an association store. - - - true if the relying party can act in 'smart' mode; - false if the relying party must always act in 'dumb' mode. - - - - - Gets the storage to use for saving and retrieving associations. May be null. - - - - - Preferences regarding creation and use of an association between a relying party - and provider for authentication. - - - - - Indicates that an association should be created for use in authentication - if one has not already been established between the relying party and the - selected provider. - - - Even with this value, if an association attempt fails or the relying party - has no application store to recall associations, the authentication may - proceed without an association. - - - - - Indicates that an association should be used for authentication only if - it happens to already exist. - - - - - Indicates that an authentication attempt should NOT use an OpenID association - between the relying party and the provider, even if an association was previously - created. - - - - - Facilitates customization and creation and an authentication request - that a Relying Party is preparing to send. - - - - - Instances of this interface represent relying party authentication - requests that may be queried/modified in specific ways before being - routed to the OpenID Provider. - - - - - Makes a dictionary of key/value pairs available when the authentication is completed. - - The arguments to add to the request's return_to URI. Values must not be null. - - Note that these values are NOT protected against eavesdropping in transit. No - privacy-sensitive data should be stored using this method. - The values stored here can be retrieved using - , which will only return the value - if it can be verified as untampered with in transit. - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - arguments != null - arguments == null - arguments.Keys.All(k => !String.IsNullOrEmpty(k)) - !(arguments.Keys.All(k => !String.IsNullOrEmpty(k))) - arguments.Values.All(v => v != null) - !(arguments.Values.All(v => v != null)) - - - - Makes a key/value pair available when the authentication is completed. - - The parameter name. - The value of the argument. Must not be null. - - Note that these values are NOT protected against eavesdropping in transit. No - privacy-sensitive data should be stored using this method. - The value stored here can be retrieved using - , which will only return the value - if it can be verified as untampered with in transit. - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - value != null - value == null - - - - Makes a key/value pair available when the authentication is completed. - - The parameter name. - The value of the argument. Must not be null. - - Note that these values are NOT protected against eavesdropping in transit. No - security-sensitive data should be stored using this method. - The value stored here can be retrieved using - . - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - value != null - value == null - - - - Makes a key/value pair available when the authentication is completed without - requiring a return_to signature to protect against tampering of the callback argument. - - The parameter name. - The value of the argument. Must not be null. - - Note that these values are NOT protected against eavesdropping or tampering in transit. No - security-sensitive data should be stored using this method. - The value stored here can be retrieved using - . - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - value != null - value == null - - - - Adds an OpenID extension to the request directed at the OpenID provider. - - The initialized extension to add to the request. - extension != null - extension == null - - - - Redirects the user agent to the provider for authentication. - Execution of the current page terminates after this call. - - - This method requires an ASP.NET HttpContext. - - - - - Gets or sets the mode the Provider should use during authentication. - - - - - Gets the HTTP response the relying party should send to the user agent - to redirect it to the OpenID Provider to start the OpenID authentication process. - - - - - Gets the URL that the user agent will return to after authentication - completes or fails at the Provider. - - - - - Gets the URL that identifies this consumer web application that - the Provider will display to the end user. - - - Contract.Result<Realm>() != null - - - - - Gets the Claimed Identifier that the User Supplied Identifier - resolved to. Null if the user provided an OP Identifier - (directed identity). - - - Null is returned if the user is using the directed identity feature - of OpenID 2.0 to make it nearly impossible for a relying party site - to improperly store the reserved OpenID URL used for directed identity - as a user's own Identifier. - However, to test for the Directed Identity feature, please test the - property rather than testing this - property for a null value. - - - - - Gets a value indicating whether the authenticating user has chosen to let the Provider - determine and send the ClaimedIdentifier after authentication. - - - - - Gets or sets a value indicating whether this request only carries extensions - and is not a request to verify that the user controls some identifier. - - - true if this request is merely a carrier of extensions and is not - about an OpenID identifier; otherwise, false. - - - Although OpenID is first and primarily an authentication protocol, its extensions - can be interesting all by themselves. For instance, a relying party might want - to know that its user is over 21 years old, or perhaps a member of some organization. - OpenID extensions can provide this, without any need for asserting the identity of the user. - Constructing an OpenID request for only extensions can be done by calling - with any valid OpenID identifier - (claimed identifier or OP identifier). But once this property is set to true, - the claimed identifier value in the request is not included in the transmitted message. - It is anticipated that an RP would only issue these types of requests to OPs that - trusts to make assertions regarding the individual holding an account at that OP, so it - is not likely that the RP would allow the user to type in an arbitrary claimed identifier - without checking that it resolved to an OP endpoint the RP has on a trust whitelist. - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location. - - - Contract.Result<IProviderEndpoint>() != null - - - - - Gets the discovery result leading to the formulation of this request. - - The discovery result. - - Contract.Result<IdentifierDiscoveryResult>() != null - - - - - The name of the internal callback parameter to use to store the user-supplied identifier. - - - - - The relying party that created this request object. - - - - - How an association may or should be created or used in the formulation of the - authentication request. - - - - - The extensions that have been added to this authentication request. - - - - - Arguments to add to the return_to part of the query string, so that - these values come back to the consumer when the user agent returns. - - - - - A value indicating whether the return_to callback arguments must be signed. - - - This field defaults to false, but is set to true as soon as the first callback argument - is added that indicates it must be signed. At which point, all arguments are signed - even if individual ones did not need to be. - - - - - Initializes a new instance of the class. - - The endpoint that describes the OpenID Identifier and Provider that will complete the authentication. - The realm, or root URL, of the host web site. - The base return_to URL that the Provider should return the user to to complete authentication. This should not include callback parameters as these should be added using the method. - The relying party that created this instance. - discoveryResult != null - discoveryResult == null - realm != null - realm == null - returnToUrl != null - returnToUrl == null - relyingParty != null - relyingParty == null - - - - Makes a dictionary of key/value pairs available when the authentication is completed. - - The arguments to add to the request's return_to URI. - - Note that these values are NOT protected against eavesdropping in transit. No - privacy-sensitive data should be stored using this method. - The values stored here can be retrieved using - , which will only return the value - if it hasn't been tampered with in transit. - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - arguments != null - arguments == null - arguments.Keys.All(k => !String.IsNullOrEmpty(k)) - !(arguments.Keys.All(k => !String.IsNullOrEmpty(k))) - arguments.Values.All(v => v != null) - !(arguments.Values.All(v => v != null)) - - - - Makes a key/value pair available when the authentication is completed. - - The parameter name. - The value of the argument. - - Note that these values are NOT protected against eavesdropping in transit. No - privacy-sensitive data should be stored using this method. - The value stored here can be retrieved using - , which will only return the value - if it hasn't been tampered with in transit. - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - value != null - value == null - - - - Makes a key/value pair available when the authentication is completed. - - The parameter name. - The value of the argument. Must not be null. - - Note that these values are NOT protected against tampering in transit. No - security-sensitive data should be stored using this method. - The value stored here can be retrieved using - . - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - value != null - value == null - - - - Makes a key/value pair available when the authentication is completed without - requiring a return_to signature to protect against tampering of the callback argument. - - The parameter name. - The value of the argument. Must not be null. - - Note that these values are NOT protected against eavesdropping or tampering in transit. No - security-sensitive data should be stored using this method. - The value stored here can be retrieved using - . - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - value != null - value == null - - - - Adds an OpenID extension to the request directed at the OpenID provider. - - The initialized extension to add to the request. - extension != null - extension == null - - - - Redirects the user agent to the provider for authentication. - Execution of the current page terminates after this call. - - - This method requires an ASP.NET HttpContext. - - Typically thrown by ASP.NET in order to prevent additional data from the page being sent to the client and corrupting the response. - - - - Performs identifier discovery, creates associations and generates authentication requests - on-demand for as long as new ones can be generated based on the results of Identifier discovery. - - The user supplied identifier. - The relying party. - The realm. - The return_to base URL. - if set to true, associations that do not exist between this Relying Party and the asserting Providers are created before the authentication request is created. - - A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier. - Never null, but may be empty. - - userSuppliedIdentifier != null - userSuppliedIdentifier == null - relyingParty != null - relyingParty == null - realm != null - realm == null - Contract.Result<IEnumerable<AuthenticationRequest>>() != null - - - - Creates an instance of FOR TESTING PURPOSES ONLY. - - The discovery result. - The realm. - The return to. - The relying party. - The instantiated . - - - - Creates the request message to send to the Provider, - based on the properties in this instance. - - The message to send to the Provider. - - - - Performs deferred request generation for the method. - - The user supplied identifier. - The relying party. - The realm. - The return_to base URL. - The discovered service endpoints on the Claimed Identifier. - if set to true, associations that do not exist between this Relying Party and the asserting Providers are created before the authentication request is created. - - A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier. - Never null, but may be empty. - - - All data validation and cleansing steps must have ALREADY taken place - before calling this method. - - - - - Returns a filtered and sorted list of the available OP endpoints for a discovered Identifier. - - The endpoints. - The relying party. - A filtered and sorted list of endpoints; may be empty if the input was empty or the filter removed all endpoints. - endpoints != null - endpoints == null - relyingParty != null - relyingParty == null - - - - Creates the request message to send to the Provider, - based on the properties in this instance. - - The message to send to the Provider. - - - - Gets the association to use for this authentication request. - - The association to use; null to use 'dumb mode'. - - - - Gets or sets the mode the Provider should use during authentication. - - - - - - Gets the HTTP response the relying party should send to the user agent - to redirect it to the OpenID Provider to start the OpenID authentication process. - - - - - - Gets the URL that the user agent will return to after authentication - completes or fails at the Provider. - - - - - - Gets the URL that identifies this consumer web application that - the Provider will display to the end user. - - - Contract.Result<Realm>() != null - - - - - Gets the Claimed Identifier that the User Supplied Identifier - resolved to. Null if the user provided an OP Identifier - (directed identity). - - - - Null is returned if the user is using the directed identity feature - of OpenID 2.0 to make it nearly impossible for a relying party site - to improperly store the reserved OpenID URL used for directed identity - as a user's own Identifier. - However, to test for the Directed Identity feature, please test the - property rather than testing this - property for a null value. - - - - - Gets a value indicating whether the authenticating user has chosen to let the Provider - determine and send the ClaimedIdentifier after authentication. - - - - - Gets or sets a value indicating whether this request only carries extensions - and is not a request to verify that the user controls some identifier. - - - true if this request is merely a carrier of extensions and is not - about an OpenID identifier; otherwise, false. - - - - - Gets information about the OpenId Provider, as advertised by the - OpenId discovery documents found at the - location. - - - Contract.Result<IProviderEndpoint>() != null - - - - - Gets the discovery result leading to the formulation of this request. - - The discovery result. - - Contract.Result<IdentifierDiscoveryResult>() != null - - - - - Gets or sets how an association may or should be created or used - in the formulation of the authentication request. - - - - - Gets the extensions that have been added to the request. - - - - - Gets the list of extensions for this request. - - - - - Indicates the mode the Provider should use while authenticating the end user. - - - - - The Provider should use whatever credentials are immediately available - to determine whether the end user owns the Identifier. If sufficient - credentials (i.e. cookies) are not immediately available, the Provider - should fail rather than prompt the user. - - - - - The Provider should determine whether the end user owns the Identifier, - displaying a web page to the user to login etc., if necessary. - - - - - An authentication request comparer that judges equality solely on the OP endpoint hostname. - - - - - The singleton instance of this comparer. - - - - - Prevents a default instance of the class from being created. - - - - - Determines whether the specified objects are equal. - - The first object to compare. - The second object to compare. - - true if the specified objects are equal; otherwise, false. - - - - - Returns a hash code for the specified object. - - The for which a hash code is to be returned. - A hash code for the specified object. - - The type of is a reference type and is null. - - - - - Gets the singleton instance of this comparer. - - - - - Information published about an OpenId Provider by the - OpenId discovery documents found at a user's Claimed Identifier. - - - Because information provided by this interface is suppplied by a - user's individually published documents, it may be incomplete or inaccurate. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - True if support for the extension is advertised. False otherwise. - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - True if support for the extension is advertised. False otherwise. - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets the detected version of OpenID implemented by the Provider. - - - Contract.Result<Version>() != null - - - - - Gets the URL that the OpenID Provider receives authentication requests at. - - - This value MUST be an absolute HTTP or HTTPS URL. - - - Contract.Result<Uri>() != null - - - - - Code contract for the type. - - - - - Prevents a default instance of the class from being created. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - - - - Gets the detected version of OpenID implemented by the Provider. - - - - - Gets the URL that the OpenID Provider receives authentication requests at. - - - - - Contract class for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - - - - Called when an authentication request is about to be sent. - - The request. - - Implementations should be prepared to be called multiple times on the same outgoing message - without malfunctioning. - - - - - Called when an incoming positive assertion is received. - - The positive assertion. - - - - Wraps a negative assertion response in an instance - for public consumption by the host web site. - - - - - An instance of this interface represents an identity assertion - from an OpenID Provider. It may be in response to an authentication - request previously put to it by a Relying Party site or it may be an - unsolicited assertion. - - - Relying party web sites should handle both solicited and unsolicited - assertions. This interface does not offer a way to discern between - solicited and unsolicited assertions as they should be treated equally. - - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available if they are complete and untampered with - since the original request message (as proven by a signature). - If the relying party is operating in stateless mode null is always - returned since the callback arguments could not be signed to protect against - tampering. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available if they are complete and untampered with - since the original request message (as proven by a signature). - If the relying party is operating in stateless mode an empty dictionary is always - returned since the callback arguments could not be signed to protect against - tampering. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - Contract.Result<IDictionary<string, string>>() != null - - - - Tries to get an OpenID extension that may be present in the response. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location, if available. - - - The Provider endpoint that issued the positive assertion; - or null if information about the Provider is unavailable. - - - - - Gets the details regarding a failed authentication attempt, if available. - This will be set if and only if is . - - - - - An interface to expose useful properties and functionality for handling - authentication responses that are returned from Immediate authentication - requests that require a subsequent request to be made in non-immediate mode. - - - - - Gets the to pass to - in a subsequent authentication attempt. - - - ((IAuthenticationResponse)this).Status == AuthenticationStatus.SetupRequired - - !(((IAuthenticationResponse)this).Status == AuthenticationStatus.SetupRequired) - - - - The negative assertion message that was received by the RP that was used - to create this instance. - - - - - Initializes a new instance of the class. - - The negative assertion response received by the Relying Party. - response != null - response == null - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - This may return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - This MAY return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - Contract.Result<IDictionary<string, string>>() != null - - - - Tries to get an OpenID extension that may be present in the response. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location. - - - The Provider endpoint that issued the positive assertion; - or null if information about the Provider is unavailable. - - - - - Gets the details regarding a failed authentication attempt, if available. - This will be set if and only if is . - - - - - - Gets the to pass to - in a subsequent authentication attempt. - - - - ((IAuthenticationResponse)this).Status == AuthenticationStatus.SetupRequired - - !(((IAuthenticationResponse)this).Status == AuthenticationStatus.SetupRequired) - - - - The event details passed to event handlers. - - - - - Initializes a new instance of the class - with minimal information of an incomplete or failed authentication attempt. - - The outgoing authentication request. - request != null - request == null - - - - Initializes a new instance of the class - with information on a completed authentication attempt - (whether that attempt was successful or not). - - The incoming authentication response. - response != null - response == null - - - - Gets or sets a value indicating whether to cancel - the OpenID authentication and/or login process. - - - - - Gets the Identifier the user is claiming to own. Or null if the user - is using Directed Identity. - - - - - Gets a value indicating whether the user has selected to let his Provider determine - the ClaimedIdentifier to use as part of successful authentication. - - - - - Gets the details of the OpenID authentication request, - and allows for adding extensions. - - - - - Gets the details of the OpenID authentication response. - - - - - Several ways that the relying party can direct the user to the Provider - to complete authentication. - - - - - A full browser window redirect will be used to send the - user to the Provider. - - - - - A popup window will be used to send the user to the Provider. - - - - - A popup window will be used to send the user to the Provider - if the Provider advertises support for the popup UI extension; - otherwise a standard redirect is used. - - - - - Wraps an extension-only response from the OP in an instance - for public consumption by the host web site. - - - - - Backin field for the property. - - - - - Information about the OP endpoint that issued this assertion. - - - - - Initializes a new instance of the class. - - The response message. - response != null - response == null - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available if they are complete and untampered with - since the original request message (as proven by a signature). - If the relying party is operating in stateless mode null is always - returned since the callback arguments could not be signed to protect against - tampering. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available if they are complete and untampered with - since the original request message (as proven by a signature). - If the relying party is operating in stateless mode an empty dictionary is always - returned since the callback arguments could not be signed to protect against - tampering. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available if they are complete and untampered with - since the original request message (as proven by a signature). - If the relying party is operating in stateless mode an empty dictionary is always - returned since the callback arguments could not be signed to protect against - tampering. - - Contract.Result<IDictionary<string, string>>() != null - - - - Tries to get an OpenID extension that may be present in the response. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location. - - - The Provider endpoint that issued the positive assertion; - or null if information about the Provider is unavailable. - - - - - Gets the details regarding a failed authentication attempt, if available. - This will be set if and only if is . - - - - - - Gets a value indicating whether trusted callback arguments are available. - - - We use this internally to avoid logging a warning during a standard snapshot creation. - - - - - Gets the positive extension-only message the Relying Party received that this instance wraps. - - - - - Wraps a positive assertion response in an instance - for public consumption by the host web site. - - - - - Initializes a new instance of the class. - - The positive assertion response that was just received by the Relying Party. - The relying party. - relyingParty != null - relyingParty == null - - - - Verifies that the positive assertion data matches the results of - discovery on the Claimed Identifier. - - The relying party. - - Thrown when the Provider is asserting that a user controls an Identifier - when discovery on that Identifier contradicts what the Provider says. - This would be an indication of either a misconfigured Provider or - an attempt by someone to spoof another user's identity with a rogue Provider. - - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - Gets the OpenID service endpoint reconstructed from the assertion message. - - - This information is straight from the Provider, and therefore must not - be trusted until verified as matching the discovery information for - the claimed identifier to avoid a Provider asserting an Identifier - for which it has no authority. - - - - - Gets the positive assertion response message. - - - - - An enumeration of the possible results of an authentication attempt. - - - - - The authentication was canceled by the user agent while at the provider. - - - - - The authentication failed because an error was detected in the OpenId communication. - - - - - The Provider responded to a request for immediate authentication approval - with a message stating that additional user agent interaction is required - before authentication can be completed. - Casting the to a - in this case can help - you retry the authentication using setup (non-immediate) mode. - - - - - Authentication is completed successfully. - - - - - The Provider sent a message that did not contain an identity assertion, - but may carry OpenID extensions. - - - - - Wraps a failed authentication response in an instance - for public consumption by the host web site. - - - - - Initializes a new instance of the class. - - The exception that resulted in the failed authentication. - exception != null - exception == null - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - This MAY return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - Contract.Result<IDictionary<string, string>>() != null - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - This may return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - - - - Tries to get an OpenID extension that may be present in the response. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location. - - - The Provider endpoint that issued the positive assertion; - or null if information about the Provider is unavailable. - - - - - Gets the details regarding a failed authentication attempt, if available. - This will be set if and only if is . - - - - - Code contract for the type. - - - - - Initializes a new instance of the class. - - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - This may return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - This MAY return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - - - - Tries to get an OpenID extension that may be present in the response. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location, if available. - - - The Provider endpoint that issued the positive assertion; - or null if information about the Provider is unavailable. - - - - - Gets the details regarding a failed authentication attempt, if available. - This will be set if and only if is . - - - - - - Code contract class for the type. - - - - - Initializes a new instance of the class. - - - - - Gets the to pass to - in a subsequent authentication attempt. - - - - - A delegate that decides whether a given OpenID Provider endpoint may be - considered for authenticating a user. - - The endpoint for consideration. - - True if the endpoint should be considered. - False to remove it from the pool of acceptable providers. - - - - - Provides the programmatic facilities to act as an OpenID relying party. - - this.SecuritySettings != null - this.Channel != null - this.EndpointOrder != null - - - - The name of the key to use in the HttpApplication cache to store the - instance of to use. - - - - - Backing store for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - The lock to obtain when initializing the member. - - - - - A dictionary of extension response types and the javascript member - name to map them to on the user agent. - - - - - Backing field for the property. - - - - - Backing store for the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The application store. If null, the relying party will always operate in "dumb mode". - - - - Initializes a new instance of the class. - - The association store. If null, the relying party will always operate in "dumb mode". - The nonce store to use. If null, the relying party will always operate in "dumb mode". - associationStore == null || nonceStore != null - associationStore != null && nonceStore == null - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - - - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - - - An authentication request object to customize the request and generate - an object to send to the user agent to initiate the authentication. - - Thrown if no OpenID endpoint could be found. - userSuppliedIdentifier != null - userSuppliedIdentifier == null - realm != null - realm == null - returnToUrl != null - returnToUrl == null - Contract.Result<IAuthenticationRequest>() != null - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - - - An authentication request object that describes the HTTP response to - send to the user agent to initiate the authentication. - - - Requires an HttpContext.Current context. - - Thrown if no OpenID endpoint could be found. - Thrown if HttpContext.Current == null. - userSuppliedIdentifier != null - userSuppliedIdentifier == null - realm != null - realm == null - Contract.Result<IAuthenticationRequest>() != null - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - An authentication request object that describes the HTTP response to - send to the user agent to initiate the authentication. - - - Requires an HttpContext.Current context. - - Thrown if no OpenID endpoint could be found. - Thrown if HttpContext.Current == null. - userSuppliedIdentifier != null - userSuppliedIdentifier == null - Contract.Result<IAuthenticationRequest>() != null - - - - Generates the authentication requests that can satisfy the requirements of some OpenID Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - - - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - - - A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier. - Never null, but may be empty. - - - Any individual generated request can satisfy the authentication. - The generated requests are sorted in preferred order. - Each request is generated as it is enumerated to. Associations are created only as - is called. - No exception is thrown if no OpenID endpoints were discovered. - An empty enumerable is returned instead. - - userSuppliedIdentifier != null - userSuppliedIdentifier == null - realm != null - realm == null - returnToUrl != null - returnToUrl == null - Contract.Result<IEnumerable<IAuthenticationRequest>>() != null - - - - Generates the authentication requests that can satisfy the requirements of some OpenID Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - - - A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier. - Never null, but may be empty. - - - Any individual generated request can satisfy the authentication. - The generated requests are sorted in preferred order. - Each request is generated as it is enumerated to. Associations are created only as - is called. - No exception is thrown if no OpenID endpoints were discovered. - An empty enumerable is returned instead. - Requires an HttpContext.Current context. - - Thrown if HttpContext.Current == null. - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - userSuppliedIdentifier != null - userSuppliedIdentifier == null - realm != null - realm == null - Contract.Result<IEnumerable<IAuthenticationRequest>>() != null - - - - Generates the authentication requests that can satisfy the requirements of some OpenID Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier. - Never null, but may be empty. - - - Any individual generated request can satisfy the authentication. - The generated requests are sorted in preferred order. - Each request is generated as it is enumerated to. Associations are created only as - is called. - No exception is thrown if no OpenID endpoints were discovered. - An empty enumerable is returned instead. - Requires an HttpContext.Current context. - - Thrown if HttpContext.Current == null. - userSuppliedIdentifier != null - userSuppliedIdentifier == null - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - Contract.Result<IEnumerable<IAuthenticationRequest>>() != null - - - - Gets an authentication response from a Provider. - - The processed authentication response if there is any; null otherwise. - - Requires an HttpContext.Current context. - - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - - - - Gets an authentication response from a Provider. - - The HTTP request that may be carrying an authentication response from the Provider. - The processed authentication response if there is any; null otherwise. - httpRequestInfo != null - httpRequestInfo == null - - - - Processes the response received in a popup window or iframe to an AJAX-directed OpenID authentication. - - The HTTP response to send to this HTTP request. - - Requires an HttpContext.Current context. - - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - Contract.Result<OutgoingWebResponse>() != null - - - - Processes the response received in a popup window or iframe to an AJAX-directed OpenID authentication. - - The incoming HTTP request that is expected to carry an OpenID authentication response. - The HTTP response to send to this HTTP request. - request != null - request == null - Contract.Result<OutgoingWebResponse>() != null - - - - Allows an OpenID extension to read data out of an unverified positive authentication assertion - and send it down to the client browser so that Javascript running on the page can perform - some preprocessing on the extension data. - - The extension response type that will read data from the assertion. - The property name on the openid_identifier input box object that will be used to store the extension data. For example: sreg - - This method should be called before . - - !string.IsNullOrEmpty(propertyName) - string.IsNullOrEmpty(propertyName) - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Determines whether some parameter name belongs to OpenID or this library - as a protocol or internal parameter name. - - Name of the parameter. - - true if the named parameter is a library- or protocol-specific parameter; otherwise, false. - - - - - Creates a relying party that does not verify incoming messages against - nonce or association stores. - - The instantiated . - - Useful for previewing messages while - allowing them to be fully processed and verified later. - - - - - Processes the response received in a popup window or iframe to an AJAX-directed OpenID authentication. - - The incoming HTTP request that is expected to carry an OpenID authentication response. - The callback fired after the response status has been determined but before the Javascript response is formulated. - - The HTTP response to send to this HTTP request. - - request != null - request == null - Contract.Result<OutgoingWebResponse>() != null - - - - Performs discovery on the specified identifier. - - The identifier to discover services for. - A non-null sequence of services discovered for the identifier. - identifier != null - identifier == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Invokes a method on a parent frame or window and closes the calling popup window if applicable. - - The method to call on the parent window, including - parameters. (i.e. "callback('arg1', 2)"). No escaping is done by this method. - The entire HTTP response to send to the popup window or iframe to perform the invocation. - !string.IsNullOrEmpty(methodCall) - string.IsNullOrEmpty(methodCall) - - - - Called by derived classes when behaviors are added or removed. - - The collection being modified. - The instance containing the event data. - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets an XRDS sorting routine that uses the XRDS Service/@Priority - attribute to determine order. - - - Endpoints lacking any priority value are sorted to the end of the list. - - - - - Gets the standard state storage mechanism that uses ASP.NET's - HttpApplication state dictionary to store associations and nonces. - - - Contract.Result<IRelyingPartyApplicationStore>() != null - - - - - Gets or sets the channel to use for sending/receiving messages. - - - value != null - - value == null - - - - Gets the security settings used by this Relying Party. - - - Contract.Result<RelyingPartySecuritySettings>() != null - - - value != null - - value == null - - - - Gets or sets the optional Provider Endpoint filter to use. - - - Provides a way to optionally filter the providers that may be used in authenticating a user. - If provided, the delegate should return true to accept an endpoint, and false to reject it. - If null, all identity providers will be accepted. This is the default. - - - - - Gets or sets the ordering routine that will determine which XRDS - Service element to try first - - Default is . - - This may never be null. To reset to default behavior this property - can be set to the value of . - - - value != null - - value == null - - - - Gets the extension factories. - - - - - Gets a list of custom behaviors to apply to OpenID actions. - - - Adding behaviors can impact the security settings of this - instance in ways that subsequently removing the behaviors will not reverse. - - - - - Gets the list of services that can perform discovery on identifiers given to this relying party. - - - - - Gets a value indicating whether this Relying Party can sign its return_to - parameter in outgoing authentication requests. - - - - - Gets the web request handler to use for discovery and the part of - authentication where direct messages are sent to an untrusted remote party. - - - - - Gets the association manager. - - - - - Gets the instance used to process authentication responses - without verifying the assertion or consuming nonces. - - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to An absolute URI is required for this value.. - - - - - Looks up a localized string similar to This is already a PPID Identifier.. - - - - - Looks up a localized string similar to The requested association type '{0}' with session type '{1}' is unrecognized or not supported by this Provider due to security requirements.. - - - - - Looks up a localized string similar to The length of the shared secret ({0}) does not match the length required by the association type ('{1}').. - - - - - Looks up a localized string similar to The length of the encrypted shared secret ({0}) does not match the length of the hashing algorithm ({1}).. - - - - - Looks up a localized string similar to No association store has been given but is required for the current configuration.. - - - - - Looks up a localized string similar to If an association store is given, a nonce store must also be provided.. - - - - - Looks up a localized string similar to An attribute with type URI '{0}' has already been added.. - - - - - Looks up a localized string similar to Only {0} values for attribute '{1}' were requested, but {2} were supplied.. - - - - - Looks up a localized string similar to The private data supplied does not meet the requirements of any known Association type. Its length may be too short, or it may have been corrupted.. - - - - - Looks up a localized string similar to The {0} extension failed to deserialize and will be skipped. {1}. - - - - - Looks up a localized string similar to Callback arguments are only supported when a {0} is provided to the {1}.. - - - - - Looks up a localized string similar to A Simple Registration request can only generate a response on the receiving end.. - - - - - Looks up a localized string similar to The openid.claimed_id and openid.identity parameters must both be present or both be absent.. - - - - - Looks up a localized string similar to The ClaimedIdentifier property cannot be set when IsDelegatedIdentifier is true to avoid breaking OpenID URL delegation.. - - - - - Looks up a localized string similar to This OpenID exploits features that this relying party cannot reliably verify. Please try logging in with a human-readable OpenID or from a different OpenID Provider.. - - - - - Looks up a localized string similar to The ClaimedIdentifier property must be set first.. - - - - - Looks up a localized string similar to An extension with this property name ('{0}') has already been registered.. - - - - - Looks up a localized string similar to The extension '{0}' has already been registered.. - - - - - Looks up a localized string similar to An authentication request has already been created using CreateRequest().. - - - - - Looks up a localized string similar to Only OpenIDs issued directly by their OpenID Provider are allowed here.. - - - - - Looks up a localized string similar to The following properties must be set before the Diffie-Hellman algorithm can generate a public key: {0}. - - - - - Looks up a localized string similar to URI is not SSL yet requireSslDiscovery is set to true.. - - - - - Looks up a localized string similar to An extension sharing namespace '{0}' has already been added. Only one extension per namespace is allowed in a given request.. - - - - - Looks up a localized string similar to Cannot lookup extension support on a rehydrated ServiceEndpoint.. - - - - - Looks up a localized string similar to Fragment segments do not apply to XRI identifiers.. - - - - - Looks up a localized string similar to The HTML head tag must include runat="server".. - - - - - Looks up a localized string similar to ClaimedIdentifier and LocalIdentifier must be the same when IsIdentifierSelect is true.. - - - - - Looks up a localized string similar to The openid.identity and openid.claimed_id parameters must either be both present or both absent from the message.. - - - - - Looks up a localized string similar to The Provider requested association type '{0}' and session type '{1}', which are not compatible with each other.. - - - - - Looks up a localized string similar to {0} (Contact: {1}, Reference: {2}). - - - - - Looks up a localized string similar to Cannot encode '{0}' because it contains an illegal character for Key-Value Form encoding. (line {1}: '{2}'). - - - - - Looks up a localized string similar to Cannot decode Key-Value Form because a line was found without a '{0}' character. (line {1}: '{2}'). - - - - - Looks up a localized string similar to The scheme must be http or https but was '{0}'.. - - - - - Looks up a localized string similar to The value '{0}' is not a valid URI.. - - - - - Looks up a localized string similar to Not a recognized XRI format.. - - - - - Looks up a localized string similar to The OpenID Provider issued an assertion for an Identifier whose discovery information did not match. - Assertion endpoint info: - {0} - Discovered endpoint info: - {1}. - - - - - Looks up a localized string similar to The list of keys do not match the provided dictionary.. - - - - - Looks up a localized string similar to The '{0}' and '{1}' parameters must both be or not be '{2}'.. - - - - - Looks up a localized string similar to The maximum time allowed to complete authentication has been exceeded. Please try again.. - - - - - Looks up a localized string similar to Missing {0} element.. - - - - - Looks up a localized string similar to No recognized association type matches the requested length of {0}.. - - - - - Looks up a localized string similar to No recognized association type matches the requested name of '{0}'.. - - - - - Looks up a localized string similar to Unless using transport layer encryption, "no-encryption" MUST NOT be used.. - - - - - Looks up a localized string similar to No identifier has been set.. - - - - - Looks up a localized string similar to No XRDS document containing OpenID relying party endpoint information could be found at {0}.. - - - - - Looks up a localized string similar to Diffie-Hellman session type '{0}' not found for OpenID {1}.. - - - - - Looks up a localized string similar to This operation is not supported by serialized authentication responses. Try this operation from the LoggedIn event handler.. - - - - - Looks up a localized string similar to No OpenID endpoint found.. - - - - - Looks up a localized string similar to No OpenID url is provided.. - - - - - Looks up a localized string similar to This operation is only allowed when IAuthenticationResponse.State == AuthenticationStatus.SetupRequired.. - - - - - Looks up a localized string similar to An positive OpenID assertion was received from OP endpoint {0} that is not on this relying party's whitelist.. - - - - - Looks up a localized string similar to Unable to find the signing secret by the handle '{0}'.. - - - - - Looks up a localized string similar to The {0} property must be set first.. - - - - - Looks up a localized string similar to This property value is not supported by this control.. - - - - - Looks up a localized string similar to Unable to determine the version of the OpenID protocol implemented by the Provider at endpoint '{0}'.. - - - - - Looks up a localized string similar to An HTTP request to the realm URL ({0}) resulted in a redirect, which is not allowed during relying party discovery.. - - - - - Looks up a localized string similar to Sorry. This site only accepts OpenIDs that are HTTPS-secured, but {0} is not a secure Identifier.. - - - - - Looks up a localized string similar to The response is not ready. Use IsResponseReady to check whether a response is ready first.. - - - - - Looks up a localized string similar to return_to '{0}' not under realm '{1}'.. - - - - - Looks up a localized string similar to The {0} parameter ({1}) does not match the actual URL ({2}) the request was made with.. - - - - - Looks up a localized string similar to The ReturnTo property must not be null to support this operation.. - - - - - Looks up a localized string similar to The openid.return_to parameter is required in the request message in order to construct a response, but that parameter was missing.. - - - - - Looks up a localized string similar to The following parameter(s) are not included in the signature but must be: {0}. - - - - - Looks up a localized string similar to Invalid birthdate value. Must be in the form yyyy-MM-dd.. - - - - - Looks up a localized string similar to The type must implement {0}.. - - - - - Looks up a localized string similar to The property {0} had unexpected value {1}.. - - - - - Looks up a localized string similar to Unexpected HTTP status code {0} {1} received in direct response.. - - - - - Looks up a localized string similar to An unsolicited assertion cannot be sent for the claimed identifier {0} because this is not an authorized Provider for that identifier.. - - - - - Looks up a localized string similar to Rejecting unsolicited assertions requires a nonce store and an association store.. - - - - - Looks up a localized string similar to Unsolicited assertions are not allowed at this relying party.. - - - - - Looks up a localized string similar to Unsolicited assertions are not allowed from 1.0 OpenID Providers.. - - - - - Looks up a localized string similar to Providing a DateTime whose Kind is Unspecified is not allowed.. - - - - - Looks up a localized string similar to This feature is unavailable due to an unrecognized channel configuration.. - - - - - Looks up a localized string similar to The openid.user_setup_url parameter is required when sending negative assertion messages in response to immediate mode requests.. - - - - - Looks up a localized string similar to The X.509 certificate used to sign this document is not trusted.. - - - - - Looks up a localized string similar to XRI support has been disabled at this site.. - - - - - Looks up a localized string similar to XRI resolution failed.. - - - - - An enumeration of the OpenID protocol versions supported by this library. - - - - - OpenID Authentication 1.0 - - - - - OpenID Authentication 1.1 - - - - - OpenID Authentication 2.0 - - - - - Tracks the several versions of OpenID this library supports and the unique - constants to each version used in the protocol. - - - - - The value of the openid.ns parameter in the OpenID 2.0 specification. - - - - - Scans a list for matches with some element of the OpenID protocol, - searching from newest to oldest protocol for the first and best match. - - The type of element retrieved from the instance. - Takes a instance and returns an element of it. - The list to scan for matches. - The protocol with the element that matches some item in the list. - - - - A list of all supported OpenID versions, in order starting from newest version. - - - - - A list of all supported OpenID versions, in order starting from newest version. - V1.1 and V1.0 are considered the same and only V1.1 is in the list. - - - - - The default (or most recent) supported version of the OpenID protocol. - - - - - Attempts to detect the right OpenID protocol version based on the contents - of an incoming OpenID indirect message or direct request. - - query != null - query == null - - - - Attempts to detect the right OpenID protocol version based on the contents - of an incoming OpenID direct response message. - - query != null - query == null - - - - Attemps to detect the highest OpenID protocol version supported given a set - of XRDS Service Type URIs included for some service. - - serviceTypeURIs != null - serviceTypeURIs == null - - - - The OpenID version that this instance describes. - - - - - The namespace of OpenId 1.x elements in XRDS documents. - - - - - The value of the openid.ns parameter that appears on the query string - whenever data is passed between relying party and provider for OpenID 2.0 - and later. - - - - - The XRD/Service/Type value discovered in an XRDS document when - "discovering" on a Claimed Identifier (http://andrewarnott.yahoo.com) - - - - - The XRD/Service/Type value discovered in an XRDS document when - "discovering" on an OP Identifier rather than a Claimed Identifier. - (http://yahoo.com) - - - - - The XRD/Service/Type value discovered in an XRDS document when - "discovering" on a Realm URL and looking for the endpoint URL - that can receive authentication assertions. - - - - - Used as the Claimed Identifier and the OP Local Identifier when - the User Supplied Identifier is an OP Identifier. - - - - - The value of the 'rel' attribute in an HTML document's LINK tag - when the same LINK tag's HREF attribute value contains the URL to an - OP Endpoint URL. - - - - - The value of the 'rel' attribute in an HTML document's LINK tag - when the same LINK tag's HREF attribute value contains the URL to use - as the OP Local Identifier. - - - - - Parts of the protocol that define parameter names that appear in the - query string. Each parameter name is prefixed with 'openid.'. - - - - - Parts of the protocol that define parameter names that appear in the - query string. Each parameter name is NOT prefixed with 'openid.'. - - - - - The various 'constants' that appear as parameter arguments (values). - - - - - The maximum time a user can be allowed to take to complete authentication. - - - This is used to calculate the length of time that nonces are stored. - This is internal until we can decide whether to leave this static, or make - it an instance member, or put it inside the IConsumerApplicationStore interface. - - - - - The maximum permissible difference in clocks between relying party and - provider web servers, discounting time zone differences. - - - This is used when storing/validating nonces from the provider. - If it is conceivable that a server's clock could be up to five minutes - off from true UTC time, then the maximum time skew should be set to - ten minutes to allow one server to be five minutes ahead and the remote - server to be five minutes behind and still be able to communicate. - - - - - Checks whether a given Protocol version practically equals this one - for purposes of verifying a match for assertion verification. - - The other version to check against this one. - - true if this and the given Protocol versions are essentially the same. - - OpenID v1.0 never had a spec, and 1.0 and 1.1 are indistinguishable because of that. - Therefore for assertion verification, 1.0 and 1.1 are considered equivalent. - - - - - Returns the enum value for the instance. - - - - - The value "openid." - - - - - Verifies conditions that should be true for any valid state of this object. - - - - - A preference order list of all supported session types. - - - - - A preference order list of signature algorithms we support. - - - - - Describes some OpenID Provider endpoint and its capabilities. - - - This is an immutable type. - - this.Capabilities != null - - - - Initializes a new instance of the class. - - The OpenID Provider endpoint URL. - The OpenID version supported by this particular endpoint. - providerEndpoint != null - providerEndpoint == null - openIdVersion != null - openIdVersion == null - - - - Initializes a new instance of the class. - - The URI the provider listens on for OpenID requests. - The set of services offered by this endpoint. - providerEndpoint != null - providerEndpoint == null - serviceTypeURIs != null - serviceTypeURIs == null - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the URL that the OpenID Provider listens for incoming OpenID messages on. - - - Contract.Result<Uri>() != null - - - - - Gets the OpenID protocol version this endpoint supports. - - - If an endpoint supports multiple versions, each version must be represented - by its own object. - - - Contract.Result<Version>() != null - - - - - Gets the collection of service type URIs found in the XRDS document describing this Provider. - - - - - Security settings that are applicable to providers. - - - - - Security settings that may be applicable to both relying parties and providers. - - - - - Gets the default minimum hash bit length. - - - - - Gets the maximum hash bit length default for relying parties. - - - - - Gets the maximum hash bit length default for providers. - - - - - Initializes a new instance of the class. - - A value indicating whether this class is being instantiated for a Provider. - - - - Determines whether a named association fits the security requirements. - - The protocol carrying the association. - The value of the openid.assoc_type parameter. - - true if the association is permitted given the security requirements; otherwise, false. - - - - - Determines whether a given association fits the security requirements. - - The association to check. - - true if the association is permitted given the security requirements; otherwise, false. - - association != null - association == null - - - - Gets or sets the minimum hash length (in bits) allowed to be used in an - with the remote party. The default is 160. - - - SHA-1 (160 bits) has been broken. The minimum secure hash length is now 256 bits. - The default is still a 160 bit minimum to allow interop with common remote parties, - such as Yahoo! that only supports 160 bits. - For sites that require high security such as to store bank account information and - health records, 256 is the recommended value. - - - - - Gets or sets the maximum hash length (in bits) allowed to be used in an - with the remote party. The default is 256 for relying parties and 512 for providers. - - - The longer the bit length, the more secure the identities of your visitors are. - Setting a value higher than 256 on a relying party site may reduce performance - as many association requests will be denied, causing secondary requests or even - authentication failures. - Setting a value higher than 256 on a provider increases security where possible - without these side-effects. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The subset of association types and their customized lifetimes. - - - - - Initializes a new instance of the class. - - - - - Creates a deep clone of this instance. - - A new instance that is a deep clone of this instance. - - - - Gets a subset of the available association types and their - customized maximum lifetimes. - - - - - Gets or sets a value indicating whether Relying Party discovery will only - succeed if done over a secure HTTPS channel. - - Default is false. - - - - Gets or sets the level of verification a Provider performs on an identifier before - sending an unsolicited assertion for it. - - The default value is . - - - - Gets or sets a value indicating whether OpenID 1.x relying parties that may not be - protecting their users from replay attacks are protected from - replay attacks by this provider. - - The default value is true. - - Nonces for protection against replay attacks were not mandated - by OpenID 1.x, which leaves users open to replay attacks. - This feature works by preventing associations from being used - with OpenID 1.x relying parties, thereby forcing them into - "dumb" mode and verifying every claim with this provider. - This gives the provider an opportunity to verify its own nonce - to protect against replay attacks. - - - - - Gets or sets a value indicating whether outgoing extensions are always signed. - - - true if outgoing extensions should be signed; otherwise, false. - The default is true. - - - This property is internal because Providers should never turn it off, but it is - needed for testing the RP's rejection of unsigned extensions. - - - - - The behavior a Provider takes when verifying that it is authoritative for an - identifier it is about to send an unsolicited assertion for. - - - - - Always verify that the Provider is authoritative for an identifier before - sending an unsolicited assertion for it and fail if it is not. - - - - - Always check that the Provider is authoritative for an identifier before - sending an unsolicited assertion for it, but only log failures, and proceed - to send the unsolicited assertion. - - - - - Never verify that the Provider is authoritative for an identifier before - sending an unsolicited assertion for it. - - - This setting is useful for web servers that refuse to allow a Provider to - introspectively perform an HTTP GET on itself, when sending unsolicited assertions - for identifiers that the OP controls. - - - - - A hybrid of all the store interfaces that a Relying Party requires in order - to operate in "smart" mode. - - - - - A serializable snapshot of a verified authentication message. - - - - - The callback arguments that came with the authentication response. - - - - - The untrusted callback arguments that came with the authentication response. - - - - - Initializes a new instance of the class. - - The authentication response to copy from. - copyFrom != null - copyFrom == null - - - - Tries to get an OpenID extension that may be present in the response. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - This MAY return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - Contract.Result<IDictionary<string, string>>() != null - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - This may return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location. - - - The Provider endpoint that issued the positive assertion; - or null if information about the Provider is unavailable. - - - - - Gets the details regarding a failed authentication attempt, if available. - This will be set if and only if is . - - - - - - Manages signing at the RP using private secrets. - - - - - The optimal length for a private secret used for signing using the HMACSHA256 class. - - - The 64-byte length is optimized for highest security when used with HMACSHA256. - See HMACSHA256.HMACSHA256(byte[]) documentation for more information. - - - - - The URI to use for private associations at this RP. - - - - - The security settings that apply to this Relying Party. - - - - - The association store - - - - - Initializes a new instance of the class. - - The security settings. - The association store. - securitySettings != null - securitySettings == null - store != null - store == null - - - - Used to verify a signature previously written. - - The data whose signature is to be verified. - The handle to the private association used to sign the data. - - The signature for the given buffer using the provided handle. - - Thrown when an association with the given handle could not be found. - This most likely happens if the association was near the end of its life and the user took too long to log in. - buffer != null - buffer == null - !String.IsNullOrEmpty(handle) - String.IsNullOrEmpty(handle) - - - - Creates the new association handle. - - The ASCII-encoded handle name. - - - - Gets an association to use for signing new data. - - - The association, which may have previously existed or - may have been created as a result of this call. - - - - - Gets the handle of the association to use for private signatures. - - - An string made up of plain ASCII characters. - - - - - Security settings that are applicable to relying parties. - - - - - The default value for the property. - - - - - Initializes a new instance of the class. - - - - - Filters out any disallowed endpoints. - - The endpoints discovered on an Identifier. - A sequence of endpoints that satisfy all security requirements. - - - - Gets or sets a value indicating whether the entire pipeline from Identifier discovery to - Provider redirect is guaranteed to be encrypted using HTTPS for authentication to succeed. - - - Setting this property to true is appropriate for RPs with highly sensitive - personal information behind the authentication (money management, health records, etc.) - When set to true, some behavioral changes and additional restrictions are placed: - - User-supplied identifiers lacking a scheme are prepended with - HTTPS:// rather than the standard HTTP:// automatically. - User-supplied identifiers are not allowed to use HTTP for the scheme. - All redirects during discovery on the user-supplied identifier must be HTTPS. - Any XRDS file found by discovery on the User-supplied identifier must be protected using HTTPS. - Only Provider endpoints found at HTTPS URLs will be considered. - If the discovered identifier is an OP Identifier (directed identity), the - Claimed Identifier eventually asserted by the Provider must be an HTTPS identifier. - In the case of an unsolicited assertion, the asserted Identifier, discovery on it and - the asserting provider endpoint must all be secured by HTTPS. - - Although the first redirect from this relying party to the Provider is required - to use HTTPS, any additional redirects within the Provider cannot be protected and MAY - revert the user's connection to HTTP, based on individual Provider implementation. - There is nothing that the RP can do to detect or prevent this. - - A is thrown during discovery or authentication when a secure pipeline cannot be established. - - - - - - Gets or sets a value indicating whether only OP Identifiers will be discoverable - when creating authentication requests. - - - - - Gets or sets the oldest version of OpenID the remote party is allowed to implement. - - Defaults to - - - - Gets or sets the maximum allowable age of the secret a Relying Party - uses to its return_to URLs and nonces with 1.0 Providers. - - The default value is 7 days. - - - - Gets or sets a value indicating whether all unsolicited assertions should be ignored. - - The default value is false. - - - - Gets or sets a value indicating whether delegating identifiers are refused for authentication. - - The default value is false. - - When set to true, login attempts that start at the RP or arrive via unsolicited - assertions will be rejected if discovery on the identifier shows that OpenID delegation - is used for the identifier. This is useful for an RP that should only accept identifiers - directly issued by the Provider that is sending the assertion. - - - - - Gets or sets a value indicating whether unsigned extensions in authentication responses should be ignored. - - The default value is false. - - When set to true, the methods - will not return any extension that was not signed by the Provider. - - - - - Gets or sets a value indicating whether authentication requests will only be - sent to Providers with whom we can create a shared association. - - - true to immediately fail authentication if an association with the Provider cannot be established; otherwise, false. - The default value is false. - - - - - Gets or sets a value indicating whether identifiers that are both OP Identifiers and Claimed Identifiers - should ever be recognized as claimed identifiers. - - - The default value is false, per the OpenID 2.0 spec. - - - OpenID 2.0 sections 7.3.2.2 and 11.2 specify that OP Identifiers never be recognized as Claimed Identifiers. - However, for some scenarios it may be desirable for an RP to override this behavior and allow this. - The security ramifications of setting this property to true have not been fully explored and - therefore this setting should only be changed with caution. - - - - - Gets or sets a value indicating whether certain Claimed Identifiers that exploit - features that .NET does not have the ability to send exact HTTP requests for will - still be allowed by using an approximate HTTP request. - - - The default value is true. - - - - - Gets or sets a value indicating whether special measures are taken to - protect users from replay attacks when those users' identities are hosted - by OpenID 1.x Providers. - - The default value is true. - - Nonces for protection against replay attacks were not mandated - by OpenID 1.x, which leaves users open to replay attacks. - This feature works by adding a signed nonce to the authentication request. - This might increase the request size beyond what some OpenID 1.1 Providers - (such as Blogger) are capable of handling. - - - - - Represents a single OP endpoint from discovery on some OpenID Identifier. - - this.ProviderEndpoint != null - this.ClaimedIdentifier != null - this.ProviderLocalIdentifier != null - this.Capabilities != null - this.Version != null - this.Protocol != null - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - The provider endpoint. - The Claimed Identifier. - The User-supplied Identifier. - The Provider Local Identifier. - The service priority. - The URI priority. - providerEndpoint != null - providerEndpoint == null - claimedIdentifier != null - claimedIdentifier == null - - - - Implements the operator ==. - - The first service endpoint. - The second service endpoint. - The result of the operator. - - - - Implements the operator !=. - - The first service endpoint. - The second service endpoint. - The result of the operator. - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Returns a that represents the current . - - - A that represents the current . - - Contract.Result<string>() != null - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Determines whether a given extension is supported by this endpoint. - - An instance of the extension to check support for. - - true if the extension is supported by this endpoint; otherwise, false. - - extension != null - extension == null - - - - Creates a instance to represent some OP Identifier. - - The provider identifier (actually the user-supplied identifier). - The provider endpoint. - The service priority. - The URI priority. - The created instance - providerEndpoint != null - providerEndpoint == null - - - - Creates a instance to represent some Claimed Identifier. - - The claimed identifier. - The provider local identifier. - The provider endpoint. - The service priority. - The URI priority. - The created instance - - - - Creates a instance to represent some Claimed Identifier. - - The claimed identifier. - The user supplied identifier. - The provider local identifier. - The provider endpoint. - The service priority. - The URI priority. - The created instance - - - - Determines whether a given type URI is present on the specified provider endpoint. - - The type URI. - - true if the type URI is present on the specified provider endpoint; otherwise, false. - - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Sets the Capabilities property (this method is a test hook.) - - The value. - The publicize.exe tool should work for the unit tests, but for some reason it fails on the build server. - - - - Gets the priority rating for a given type of endpoint, allowing a - priority sorting of endpoints. - - The endpoint to prioritize. - An arbitary integer, which may be used for sorting against other returned values from this method. - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the detected version of OpenID implemented by the Provider. - - - Contract.Result<Version>() != null - - - - - Gets the Identifier that was presented by the end user to the Relying Party, - or selected by the user at the OpenID Provider. - During the initiation phase of the protocol, an end user may enter - either their own Identifier or an OP Identifier. If an OP Identifier - is used, the OP may then assist the end user in selecting an Identifier - to share with the Relying Party. - - - - - Gets the Identifier that the end user claims to control. - - - - - Gets an alternate Identifier for an end user that is local to a - particular OP and thus not necessarily under the end user's - control. - - - - - Gets a more user-friendly (but NON-secure!) string to display to the user as his identifier. - - A human-readable, abbreviated (but not secure) identifier the user MAY recognize as his own. - - - - Gets the provider endpoint. - - - - - Gets the @priority given in the XRDS document for this specific OP endpoint. - - - - - Gets the @priority given in the XRDS document for this service - (which may consist of several endpoints). - - - - - Gets the collection of service type URIs found in the XRDS document describing this Provider. - - Should never be null, but may be empty. - - - - Gets the URL that the OpenID Provider receives authentication requests at. - - This value MUST be an absolute HTTP or HTTPS URL. - - Contract.Result<Uri>() != null - - - - - Gets an XRDS sorting routine that uses the XRDS Service/@Priority - attribute to determine order. - - - Endpoints lacking any priority value are sorted to the end of the list. - - - - - Gets the protocol used by the OpenID Provider. - - - - - Adds OpenID-specific extension methods to the XrdsDocument class. - - - - - Finds the Relying Party return_to receiving endpoints. - - The XrdsDocument instance to use in this process. - A sequence of Relying Party descriptors for the return_to endpoints. - - This is useful for Providers to send unsolicited assertions to Relying Parties, - or for Provider's to perform RP discovery/verification as part of authentication. - - xrds != null - xrds == null - Contract.Result<IEnumerable<RelyingPartyEndpointDescription>>() != null - - - - Finds the icons the relying party wants an OP to display as part of authentication, - per the UI extension spec. - - The XrdsDocument to search. - A sequence of the icon URLs in preferred order. - xrds != null - xrds == null - Contract.Result<IEnumerable<Uri>>() != null - - - - Creates the service endpoints described in this document, useful for requesting - authentication of one of the OpenID Providers that result from it. - - The XrdsDocument instance to use in this process. - The claimed identifier that was used to discover this XRDS document. - The user supplied identifier. - - A sequence of OpenID Providers that can assert ownership of the . - - xrds != null - xrds == null - claimedIdentifier != null - claimedIdentifier == null - userSuppliedIdentifier != null - userSuppliedIdentifier == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Creates the service endpoints described in this document, useful for requesting - authentication of one of the OpenID Providers that result from it. - - The XrdsDocument instance to use in this process. - The user-supplied i-name that was used to discover this XRDS document. - A sequence of OpenID Providers that can assert ownership of the canonical ID given in this document. - xrds != null - xrds == null - userSuppliedIdentifier != null - userSuppliedIdentifier == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Generates OpenID Providers that can authenticate using directed identity. - - The XrdsDocument instance to use in this process. - The OP Identifier entered (and resolved) by the user. Essentially the user-supplied identifier. - A sequence of the providers that can offer directed identity services. - xrds != null - xrds == null - opIdentifier != null - opIdentifier == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Generates the OpenID Providers that are capable of asserting ownership - of a particular URI claimed identifier. - - The XrdsDocument instance to use in this process. - The claimed identifier. - The user supplied identifier. - - A sequence of the providers that can assert ownership of the given identifier. - - xrds != null - xrds == null - claimedIdentifier != null - claimedIdentifier == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Generates the OpenID Providers that are capable of asserting ownership - of a particular XRI claimed identifier. - - The XrdsDocument instance to use in this process. - The i-name supplied by the user. - A sequence of the providers that can assert ownership of the given identifier. - - - - Enumerates the XRDS service elements that describe OpenID Providers offering directed identity assertions. - - The XrdsDocument instance to use in this process. - A sequence of service elements. - xrds != null - xrds == null - Contract.Result<IEnumerable<ServiceElement>>() != null - - - - Returns the OpenID-compatible services described by a given XRDS document, - in priority order. - - The XrdsDocument instance to use in this process. - A sequence of the services offered. - xrds != null - xrds == null - Contract.Result<IEnumerable<ServiceElement>>() != null - - - - Enumerates the XRDS service elements that describe OpenID Relying Party return_to URLs - that can receive authentication assertions. - - The XrdsDocument instance to use in this process. - A sequence of service elements. - xrds != null - xrds == null - Contract.Result<IEnumerable<ServiceElement>>() != null - - - - A very simple IXrdsProviderEndpoint implementation for verifying that all positive - assertions (particularly unsolicited ones) are received from OP endpoints that - are deemed permissible by the host RP. - - - - - Initializes a new instance of the class. - - The positive assertion. - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets the detected version of OpenID implemented by the Provider. - - - Contract.Result<Version>() != null - - - - - Gets the URL that the OpenID Provider receives authentication requests at. - - - Contract.Result<Uri>() != null - - - - - An in-memory store for Relying Parties, suitable for single server, single process - ASP.NET web sites. - - - - - The nonce store to use. - - - - - The association store to use. - - - - - Initializes a new instance of the class. - - - - - Saves an for later recall. - - The Uri (for relying parties) or Smart/Dumb (for providers). - The association to store. - - - - Gets the best association (the one with the longest remaining life) for a given key. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The security settings. - - The requested association, or null if no unexpired s exist for the given key. - - - - - Gets the association for a given key and handle. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be recalled. - - The requested association, or null if no unexpired s exist for the given key and handle. - - - - - Removes a specified handle that may exist in the store. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be deleted. - - True if the association existed in this store previous to this call. - - - No exception should be thrown if the association does not exist in the store - before this call. - - - - - Stores a given nonce and timestamp. - - The context, or namespace, within which the must be unique. - A series of random characters. - The timestamp that together with the nonce string make it unique. - The timestamp may also be used by the data store to clear out old nonces. - - True if the nonce+timestamp (combination) was not previously in the database. - False if the nonce was stored previously with the same timestamp. - - - The nonce must be stored for no less than the maximum time window a message may - be processed within before being discarded as an expired message. - If the binding element is applicable to your channel, this expiration window - is retrieved or set using the - property. - - - - - Implements the Identity, Credential, & Access Management (ICAM) OpenID 2.0 Profile - for the General Services Administration (GSA). - - - Relying parties that include this profile are always held to the terms required by the profile, - but Providers are only affected by the special behaviors of the profile when the RP specifically - indicates that they want to use this profile. - - - - - The maximum time a shared association can live. - - - - - Initializes static members of the class. - - - - - Initializes a new instance of the class. - - - - - Applies a well known set of security requirements. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - securitySettings != null - securitySettings == null - - - - Called when an authentication request is about to be sent. - - The request. - request != null - request == null - - - - Called when an incoming positive assertion is received. - - The positive assertion. - assertion != null - assertion == null - - - - Adapts the default security settings to the requirements of this behavior. - - The original security settings. - securitySettings != null - securitySettings == null - - - - Called when a request is received by the Provider. - - The incoming request. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - - Implementations may set a new value to but - should not change the properties on the instance of - itself as that instance may be shared across many requests. - - request != null - request == null - - - - Called when the Provider is preparing to send a response to an authentication request. - - The request that is configured to generate the outgoing response. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - request != null - request == null - - - - Ensures the maximum association lifetime does not exceed a given limit. - - Type of the association. - The maximum lifetime. - The security settings to adjust. - !String.IsNullOrEmpty(associationType) - maximumLifetime.TotalSeconds > 0 - - - - Gets or sets the provider for generating PPID identifiers. - - - - - Gets or sets a value indicating whether PII is allowed to be requested or received via OpenID. - - The default value is false. - - - - Gets or sets a value indicating whether to ignore the SSL requirement (for testing purposes only). - - - - - Common OpenID Provider Identifiers. - - - - - The Yahoo OP Identifier. - - - - - The Google OP Identifier. - - - - - The MyOpenID OP Identifier. - - - - - The Verisign OP Identifier. - - - - - The MyVidoop OP Identifier. - - - - - Prevents a default instance of the class from being created. - - - - - A paranoid HTTP get/post request engine. It helps to protect against attacks from remote - server leaving dangling connections, sending too much data, causing requests against - internal servers, etc. - - - Protections include: - * Conservative maximum time to receive the complete response. - * Only HTTP and HTTPS schemes are permitted. - * Internal IP address ranges are not permitted: 127.*.*.*, 1::* - * Internal host names are not permitted (periods must be found in the host name) - If a particular host would be permitted but is in the blacklist, it is not allowed. - If a particular host would not be permitted but is in the whitelist, it is allowed. - - - - - The set of URI schemes allowed in untrusted web requests. - - - - - The collection of blacklisted hosts. - - - - - The collection of regular expressions used to identify additional blacklisted hosts. - - - - - The collection of whitelisted hosts. - - - - - The collection of regular expressions used to identify additional whitelisted hosts. - - - - - The maximum redirections to follow in the course of a single request. - - - - - The maximum number of bytes to read from the response of an untrusted server. - - - - - The handler that will actually send the HTTP request and collect - the response once the untrusted server gates have been satisfied. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The chained web request handler. - chainedWebRequestHandler != null - chainedWebRequestHandler == null - - - - Determines whether this instance can support the specified options. - - The set of options that might be given in a subsequent web request. - - true if this instance can support the specified options; otherwise, false. - - - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - The options to apply to this web request. - - The writer the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - request != null - request == null - ((IDirectWebRequestHandler)this).CanSupport(options) - !(((IDirectWebRequestHandler)this).CanSupport(options)) - - - - Processes an and converts the - to a instance. - - The to handle. - The options to apply to this web request. - - An instance of describing the response. - - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - request != null - request == null - ((IDirectWebRequestHandler)this).CanSupport(options) - !(((IDirectWebRequestHandler)this).CanSupport(options)) - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - - The writer the caller should write out the entity data to. - - request != null - request == null - - - - Processes an and converts the - to a instance. - - The to handle. - - An instance of describing the response. - - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - request != null - request == null - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Determines whether an IP address is the IPv6 equivalent of "localhost/127.0.0.1". - - The ip address to check. - - true if this is a loopback IP address; false otherwise. - - ip != null - ip == null - - - - Determines whether the given host name is in a host list or host name regex list. - - The host name. - The list of host names. - The list of regex patterns of host names. - - true if the specified host falls within at least one of the given lists; otherwise, false. - - !String.IsNullOrEmpty(host) - String.IsNullOrEmpty(host) - stringList != null - stringList == null - regexList != null - regexList == null - - - - Determines whether a given host is whitelisted. - - The host name to test. - - true if the host is whitelisted; otherwise, false. - - - - - Determines whether a given host is blacklisted. - - The host name to test. - - true if the host is blacklisted; otherwise, false. - - - - - Verify that the request qualifies under our security policies - - The request URI. - If set to true, only web requests that can be made entirely over SSL will succeed. - Thrown when the URI is disallowed for security reasons. - - - - Determines whether a URI is allowed based on scheme and host name. - No requireSSL check is done here - - The URI to test for whether it should be allowed. - - true if [is URI allowable] [the specified URI]; otherwise, false. - - uri != null - uri == null - - - - Prepares the request by setting timeout and redirect policies. - - The request to prepare. - - true if this is a POST request whose headers have not yet been sent out; false otherwise. - request != null - request == null - - - - Gets or sets the default maximum bytes to read in any given HTTP request. - - Default is 1MB. Cannot be less than 2KB. - - value >= 2048 - - value < 2048 - - - - Gets or sets the total number of redirections to allow on any one request. - Default is 10. - - - value >= 0 - - value < 0 - - - - Gets or sets the time allowed to wait for single read or write operation to complete. - Default is 500 milliseconds. - - - - - Gets or sets the time allowed for an entire HTTP request. - Default is 5 seconds. - - - - - Gets a collection of host name literals that should be allowed even if they don't - pass standard security checks. - - - - - Gets a collection of host name regular expressions that indicate hosts that should - be allowed even though they don't pass standard security checks. - - - - - Gets a collection of host name literals that should be rejected even if they - pass standard security checks. - - - - - Gets a collection of host name regular expressions that indicate hosts that should - be rejected even if they pass standard security checks. - - - - - Gets the configuration for this class that is specified in the host's .config file. - - - - - The discovery service for URI identifiers. - - - - - Initializes a new instance of the class. - - - - - Performs discovery on the specified identifier. - - The identifier to perform discovery on. - The means to place outgoing HTTP requests. - if set to true, no further discovery services will be called for this identifier. - - A sequence of service endpoints yielded by discovery. Must not be null, but may be empty. - - identifier != null - identifier == null - requestHandler != null - requestHandler == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Searches HTML for the HEAD META tags that describe OpenID provider services. - - The final URL that provided this HTML document. - This may not be the same as (this) userSuppliedIdentifier if the - userSuppliedIdentifier pointed to a 301 Redirect. - The user supplied identifier. - The HTML that was downloaded and should be searched. - - A sequence of any discovered ServiceEndpoints. - - - - - A URI style of OpenID Identifier. - - this.Uri != null - this.Uri.AbsoluteUri != null - - - - The allowed protocol schemes in a URI Identifier. - - - - - The special scheme to use for HTTP URLs that should not have their paths compressed. - - - - - The special scheme to use for HTTPS URLs that should not have their paths compressed. - - - - - The special scheme to use for HTTP URLs that should not have their paths compressed. - - - - - The special scheme to use for HTTPS URLs that should not have their paths compressed. - - - - - A value indicating whether scheme substitution is being used to workaround - .NET path compression that invalidates some OpenIDs that have trailing periods - in one of their path segments. - - - - - Initializes static members of the class. - - - This method attempts to workaround the .NET Uri class parsing bug described here: - https://connect.microsoft.com/VisualStudio/feedback/details/386695/system-uri-incorrectly-strips-trailing-dots?wa=wsignin1.0#tabs - since some identifiers (like some of the pseudonymous identifiers from Yahoo) include path segments - that end with periods, which the Uri class will typically trim off. - - - - - Initializes a new instance of the class. - - The value this identifier will represent. - !String.IsNullOrEmpty(uri) - String.IsNullOrEmpty(uri) - - - - Initializes a new instance of the class. - - The value this identifier will represent. - if set to true [require SSL discovery]. - !String.IsNullOrEmpty(uri) - String.IsNullOrEmpty(uri) - - - - Initializes a new instance of the class. - - The value this identifier will represent. - - - - Initializes a new instance of the class. - - The value this identifier will represent. - if set to true [require SSL discovery]. - uri != null - uri == null - - - - Converts a instance to a instance. - - The identifier to convert to an ordinary instance. - The result of the conversion. - - - - Converts a instance to a instance. - - The instance to turn into a . - The result of the conversion. - - - - Tests equality between this URI and another URI. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Returns the hash code of this XRI. - - - A hash code for the current . - - - - - Returns the string form of the URI. - - - A that represents the current . - - Contract.Result<string>() != null - - - - Determines whether a URI is a valid OpenID Identifier (of any kind). - - The URI to test for OpenID validity. - - true if the identifier is valid; otherwise, false. - - - A valid URI is absolute (not relative) and uses an http(s) scheme. - - - - - Determines whether a URI is a valid OpenID Identifier (of any kind). - - The URI to test for OpenID validity. - - true if the identifier is valid; otherwise, false. - - - A valid URI is absolute (not relative) and uses an http(s) scheme. - - - - - Returns an that has no URI fragment. - Quietly returns the original if it is not - a or no fragment exists. - - - A new instance if there was a - fragment to remove, otherwise this same instance.. - - Contract.Result<Identifier>() != null - - - - Converts a given identifier to its secure equivalent. - UriIdentifiers originally created with an implied HTTP scheme change to HTTPS. - Discovery is made to require SSL for the entire resolution process. - - The newly created secure identifier. - If the conversion fails, retains - this identifiers identity, but will never discover any endpoints. - - True if the secure conversion was successful. - False if the Identifier was originally created with an explicit HTTP scheme. - - Contract.ValueAtReturn(out secureIdentifier) != null - - - - Determines whether the given URI is using a scheme in the list of allowed schemes. - - The URI whose scheme is to be checked. - - true if the scheme is allowed; otherwise, false. - false is also returned if is null. - - - - - Determines whether the given URI is using a scheme in the list of allowed schemes. - - The URI whose scheme is to be checked. - - true if the scheme is allowed; otherwise, false. - false is also returned if is null. - - - - - Tries to canonicalize a user-supplied identifier. - This does NOT convert a user-supplied identifier to a Claimed Identifier! - - The user-supplied identifier. - The resulting canonical URI. - If set to true and the user-supplied identifier lacks a scheme, the "https://" scheme will be prepended instead of the standard "http://" one. - if set to true [scheme prepended]. - - true if the identifier was valid and could be canonicalized. - false if the identifier is outside the scope of allowed inputs and should be rejected. - - - Canonicalization is done by adding a scheme in front of an - identifier if it isn't already present. Other trivial changes that do not - require network access are also done, such as lower-casing the hostname in the URI. - - !string.IsNullOrEmpty(uri) - string.IsNullOrEmpty(uri) - - - - Fixes up the scheme if appropriate. - - The URI, already in legal form (with http(s):// prepended if necessary). - The resulting canonical URI. - - true if the canonicalization was successful; false otherwise. - - This does NOT standardize an OpenID URL for storage in a database, as - it does nothing to convert the URL to a Claimed Identifier, besides the fact - that it only deals with URLs whereas OpenID 2.0 supports XRIs. - For this, you should lookup the value stored in IAuthenticationResponse.ClaimedIdentifier. - - uri != null - uri == null - - - - Gets the special non-compressing scheme or URL for a standard scheme or URL. - - The ordinary URL or scheme name. - The non-compressing equivalent scheme or URL for the given value. - !string.IsNullOrEmpty(normal) - string.IsNullOrEmpty(normal) - schemeSubstitution - !(schemeSubstitution) - !string.IsNullOrEmpty(Contract.Result<string>()) - - - - Performs the minimal URL normalization to allow a string to be passed to the constructor. - - The user-supplied identifier URI to normalize. - if set to true, a missing scheme should result in HTTPS being prepended instead of HTTP. - if set to true, the scheme was prepended during normalization. - The somewhat normalized URL. - !String.IsNullOrEmpty(uri) - String.IsNullOrEmpty(uri) - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets or sets a value indicating whether scheme substitution is being used to workaround - .NET path compression that invalidates some OpenIDs that have trailing periods - in one of their path segments. - - - - - Gets the URI this instance represents. - - - - - Gets a value indicating whether the scheme was missing when this - Identifier was created and added automatically as part of the - normalization process. - - - - - Gets a value indicating whether this Identifier has characters or patterns that - the class normalizes away and invalidating the Identifier. - - - - - A simple URI class that doesn't suffer from the parsing problems of the class. - - - - - URI characters that separate the URI Path from subsequent elements. - - - - - Initializes a new instance of the class. - - The value. - !string.IsNullOrEmpty(value) - string.IsNullOrEmpty(value) - - - - Returns a that represents this instance. - - - A that represents this instance. - - Contract.Result<string>() != null - - - - Determines whether the specified is equal to this instance. - - The to compare with this instance. - - true if the specified is equal to this instance; otherwise, false. - - - The parameter is null. - - - - - Returns a hash code for this instance. - - - A hash code for this instance, suitable for use in hashing algorithms and data structures like a hash table. - - - - - Normalizes the characters that are escaped in the given URI path. - - The path to normalize. - The given path, with exactly those characters escaped which should be. - path != null - path == null - - - - Gets the scheme. - - The scheme. - - - - Gets the authority. - - The authority. - - - - Gets the path of the URI. - - The path from the URI. - - - - Gets the query. - - The query. - - - - Gets the fragment. - - The fragment. - - - - A URI parser that does not compress paths, such as trimming trailing periods from path segments. - - - - - The field that stores the scheme that this parser is registered under. - - - - - The standard "http" or "https" scheme that this parser is subverting. - - - - - Initializes a new instance of the class. - - The standard scheme that this parser will be subverting. - !string.IsNullOrEmpty(standardScheme) - string.IsNullOrEmpty(standardScheme) - - - - Initializes this parser with the actual scheme it should appear to be. - - if set to true Uris using this scheme will look like they're using the original standard scheme. - - - - Gets the scheme this parser is registered under. - - The registered scheme. - - - - The discovery service for XRI identifiers that uses an XRI proxy resolver for discovery. - - - - - The magic URL that will provide us an XRDS document for a given XRI identifier. - - - We use application/xrd+xml instead of application/xrds+xml because it gets - xri.net to automatically give us exactly the right XRD element for community i-names - automatically, saving us having to choose which one to use out of the result. - The ssl=true parameter tells the proxy resolver to accept only SSL connections - when resolving community i-names. - - - - - Initializes a new instance of the class. - - - - - Performs discovery on the specified identifier. - - The identifier to perform discovery on. - The means to place outgoing HTTP requests. - if set to true, no further discovery services will be called for this identifier. - - A sequence of service endpoints yielded by discovery. Must not be null, but may be empty. - - identifier != null - identifier == null - requestHandler != null - requestHandler == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Downloads the XRDS document for this XRI. - - The identifier. - The request handler. - The XRDS document. - identifier != null - identifier == null - requestHandler != null - requestHandler == null - Contract.Result<XrdsDocument>() != null - - - - Gets the URL from which this XRI's XRDS document may be downloaded. - - The identifier. - The URI to HTTP GET from to get the services. - - - - An XRI style of OpenID Identifier. - - this.canonicalXri != null - - - - The scheme and separator "xri://" - - - - - An XRI always starts with one of these symbols. - - - - - Backing store for the property. - - - - - Initializes a new instance of the class. - - The string value of the XRI. - !String.IsNullOrEmpty(xri) - String.IsNullOrEmpty(xri) - IsValidXri(xri) - !(IsValidXri(xri)) - - - - Initializes a new instance of the class. - - The XRI that this Identifier will represent. - - If set to true, discovery and the initial authentication redirect will - only succeed if it can be done entirely using SSL. - - !String.IsNullOrEmpty(xri) - String.IsNullOrEmpty(xri) - IsValidXri(xri) - !(IsValidXri(xri)) - - - - Tests equality between this XRI and another XRI. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Returns the hash code of this XRI. - - - A hash code for the current . - - - - - Returns the canonical string form of the XRI. - - - A that represents the current . - - Contract.Result<string>() != null - - - - Tests whether a given string represents a valid XRI format. - - The value to test for XRI validity. - - true if the given string constitutes a valid XRI; otherwise, false. - - !String.IsNullOrEmpty(xri) - String.IsNullOrEmpty(xri) - - - - Returns an that has no URI fragment. - Quietly returns the original if it is not - a or no fragment exists. - - - A new instance if there was a - fragment to remove, otherwise this same instance.. - - - XRI Identifiers never have a fragment part, and thus this method - always returns this same instance. - - Contract.Result<Identifier>() != null - - - - Converts a given identifier to its secure equivalent. - UriIdentifiers originally created with an implied HTTP scheme change to HTTPS. - Discovery is made to require SSL for the entire resolution process. - - The newly created secure identifier. - If the conversion fails, retains - this identifiers identity, but will never discover any endpoints. - - True if the secure conversion was successful. - False if the Identifier was originally created with an explicit HTTP scheme. - - Contract.ValueAtReturn(out secureIdentifier) != null - - - - Takes any valid form of XRI string and returns the canonical form of the same XRI. - - The xri to canonicalize. - The canonicalized form of the XRI. - The canonical form, per the OpenID spec, is no scheme and no whitespace on either end. - xri != null - xri == null - Contract.Result<string>() != null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the original XRI supplied to the constructor. - - - - - Gets the canonical form of the XRI string. - - - Contract.Result<string>() != null - - - - - A direct message sent from Consumer to Service Provider to request a Request Token. - - - - - Initializes a new instance of the class. - - The URI of the Service Provider endpoint to send this message to. - The OAuth version. - - - - Gets or sets the absolute URL to which the Service Provider will redirect the - User back when the Obtaining User Authorization step is completed. - - - The callback URL; or null if the Consumer is unable to receive - callbacks or a callback URL has been established via other means. - - - - - Gets the extra, non-OAuth parameters that will be included in the message. - - - - - A binding element that signs outgoing messages and verifies the signature on incoming messages. - - - - - The name of the hash algorithm to use. - - - - - The token manager for the service provider. - - - - - Initializes a new instance of the class - for use by Consumers. - - The certificate used to sign outgoing messages. - signingCertificate != null - signingCertificate == null - - - - Initializes a new instance of the class - for use by Service Providers. - - The token manager. - tokenManager != null - tokenManager == null - - - - Calculates a signature for a given message. - - The message to sign. - The signature for the message. - - This method signs the message per OAuth 1.0 section 9.3. - - message != null - message == null - this.Channel != null - this.Channel == null - - - - Determines whether the signature on some message is valid. - - The message to check the signature on. - - true if the signature on the message is valid; otherwise, false. - - message != null - message == null - - - - Clones this instance. - - A new instance of the binding element. - - - - Gets or sets the certificate used to sign outgoing messages. Used only by Consumers. - - - - - The default handler for transmitting instances - and returning the responses. - - - - - The set of options this web request handler supports. - - - - - The value to use for the User-Agent HTTP header. - - - - - Determines whether this instance can support the specified options. - - The set of options that might be given in a subsequent web request. - - true if this instance can support the specified options; otherwise, false. - - - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - - The writer the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - request != null - request == null - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - The options to apply to this web request. - - The writer the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - request != null - request == null - ((IDirectWebRequestHandler)this).CanSupport(options) - !(((IDirectWebRequestHandler)this).CanSupport(options)) - - - - Processes an and converts the - to a instance. - - The to handle. - - An instance of describing the response. - - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - request != null - request == null - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Processes an and converts the - to a instance. - - The to handle. - The options to apply to this web request. - - An instance of describing the response. - - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - request != null - request == null - ((IDirectWebRequestHandler)this).CanSupport(options) - !(((IDirectWebRequestHandler)this).CanSupport(options)) - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Determines whether an exception was thrown because of the remote HTTP server returning HTTP 417 Expectation Failed. - - The caught exception. - - true if the failure was originally caused by a 417 Exceptation Failed error; otherwise, false. - - - - - Initiates a POST request and prepares for sending data. - - The HTTP request with information about the remote party to contact. - - The stream where the POST entity can be written. - - - - - Prepares an HTTP request. - - The request. - - true if this is a POST request whose headers have not yet been sent out; false otherwise. - request != null - request == null - - - - An immutable description of a URL that receives messages. - - - - - Initializes a new instance of the class. - - The URL of this endpoint. - The HTTP method(s) allowed. - locationUri != null - locationUri == null - method != HttpDeliveryMethods.None - method == HttpDeliveryMethods.None - (method & HttpDeliveryMethods.HttpVerbMask) != 0 - !((method & HttpDeliveryMethods.HttpVerbMask) != 0) - - - - Initializes a new instance of the class. - - The URL of this endpoint. - The HTTP method(s) allowed. - location != null - location == null - method != HttpDeliveryMethods.None - method == HttpDeliveryMethods.None - (method & HttpDeliveryMethods.HttpVerbMask) != 0 - !((method & HttpDeliveryMethods.HttpVerbMask) != 0) - - - - Gets the URL of this endpoint. - - - - - Gets the HTTP method(s) allowed. - - - - - The statistical reporting mechanism used so this library's project authors - know what versions and features are in use. - - - - - A UTF8 encoder that doesn't emit the preamble. Used for mid-stream writers. - - - - - A value indicating whether reporting is desirable or not. Must be logical-AND'd with !. - - - - - A value indicating whether reporting experienced an error and cannot be enabled. - - - - - A value indicating whether the reporting class has been initialized or not. - - - - - The object to lock during initialization. - - - - - The isolated storage to use for collecting data in between published reports. - - - - - The GUID that shows up at the top of all reports from this user/machine/domain. - - - - - The recipient of collected reports. - - - - - The outgoing HTTP request handler to use for publishing reports. - - - - - A few HTTP request hosts and paths we've seen. - - - - - Cultures that have come in via HTTP requests. - - - - - Features that have been used. - - - - - A collection of all the observations to include in the report. - - - - - The named events that we have counters for. - - - - - The lock acquired while considering whether to publish a report. - - - - - The time that we last published reports. - - - - - Initializes static members of the class. - - - - - Records an event occurrence. - - Name of the event. - The category within the event. Null and empty strings are allowed, but considered the same. - !String.IsNullOrEmpty(eventName) - - - - Records an event occurence. - - The object whose type name is the event name to record. - The category within the event. Null and empty strings are allowed, but considered the same. - eventNameByObjectType != null - - - - Records the use of a feature by name. - - The feature. - !String.IsNullOrEmpty(feature) - - - - Records the use of a feature by object type. - - The object whose type is the feature to set as used. - value != null - - - - Records the use of a feature by object type. - - The object whose type is the feature to set as used. - Some dependency used by . - Some dependency used by . - value != null - - - - Records the feature and dependency use. - - The consumer or service provider. - The service. - The token manager. - The nonce store. - value != null - service != null - tokenManager != null - - - - Records statistics collected from incoming requests. - - The request. - request != null - - - - Initializes Reporting if it has not been initialized yet. - - - - - Assembles a report for submission. - - A stream that contains the report. - - - - Sends the usage reports to the library authors. - - A value indicating whether submitting the report was successful. - - - - Interprets the reporting response as a log message if possible. - - The line from the HTTP response to interpret as a log message. - - - - Called by every internal/public method on this class to give - periodic operations a chance to run. - - - - - Sends the stats report asynchronously, and careful to not throw any unhandled exceptions. - - - - - Gets the isolated storage to use for reporting. - - An isolated storage location appropriate for our host. - Contract.Result<IsolatedStorageFile>() != null - - - - Gets a unique, pseudonymous identifier for this particular web site or application. - - A GUID that will serve as the identifier. - - The identifier is made persistent by storing the identifier in isolated storage. - If an existing identifier is not found, a new one is created, persisted, and returned. - - file != null - file == null - Contract.Result<Guid>() != Guid.Empty - - - - Sanitizes the name of the file so it only includes valid filename characters. - - The filename to sanitize. - The filename, with any and all invalid filename characters replaced with the hyphen (-) character. - !String.IsNullOrEmpty(fileName) - String.IsNullOrEmpty(fileName) - - - - Gets or sets a value indicating whether this reporting is enabled. - - - true if enabled; otherwise, false. - - Setting this property to truemay have no effect - if reporting has already experienced a failure of some kind. - - - - - Gets the configuration to use for reporting. - - - - - A set of values that persist the set to disk. - - - - - The isolated persistent storage. - - - - - The persistent reader. - - - - - The persistent writer. - - - - - The total set of elements. - - - - - The maximum number of elements to track before not storing new elements. - - - - - The set of new elements added to the since the last flush. - - - - - The time the last flush occurred. - - - - - A flag indicating whether the set has changed since it was last flushed. - - - - - Initializes a new instance of the class. - - The storage location. - Name of the file. - The maximum number of elements to track. - storage != null - storage == null - !String.IsNullOrEmpty(fileName) - String.IsNullOrEmpty(fileName) - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Adds a value to the set. - - The value. - - - - Flushes any newly added values to disk. - - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets a value indicating whether the hashset has reached capacity and is not storing more elements. - - - true if this instance is full; otherwise, false. - - - - Gets the name of the file. - - The name of the file. - - - - A feature usage counter. - - - - - The separator to use between category names and their individual counters. - - - - - The isolated persistent storage. - - - - - The persistent reader. - - - - - The persistent writer. - - - - - The time the last flush occurred. - - - - - The in-memory copy of the counter. - - - - - A flag indicating whether the set has changed since it was last flushed. - - - - - Initializes a new instance of the class. - - The storage location. - Name of the file. - storage != null - storage == null - !String.IsNullOrEmpty(fileName) - String.IsNullOrEmpty(fileName) - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Increments the counter. - - The category within the event. Null and empty strings are allowed, but considered the same. - - - - Flushes any newly added values to disk. - - - - - Resets all counters. - - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets the name of the file. - - The name of the file. - - - - The channel for the OAuth protocol. - - - - - Initializes a new instance of the class. - - The authorization server. - authorizationServer != null - authorizationServer == null - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - - The deserialized message parts, if found. Null otherwise. - - Thrown when the response is not valid. - response != null - response == null - - - - Queues a message for sending in the response stream. - - The message to send as a response. - - The pending user agent redirect based message to be sent as an HttpResponse. - - - This method implements spec OAuth V1.0 section 5.3. - - response != null - response == null - Contract.Result<OutgoingWebResponse>() != null - - - - Gets the protocol message that may be embedded in the given HTTP request. - - The request to search for an embedded message. - - The deserialized message, if one is found. Null otherwise. - - request != null - request == null - - - - Initializes the binding elements for the OAuth channel. - - The authorization server. - - An array of binding elements used to initialize the channel. - - authorizationServer != null - authorizationServer == null - - - - Gets the authorization server. - - The authorization server. - - - - A message sent by a web application Client to the AuthorizationServer - via the user agent to obtain authorization from the user and prepare - to issue an access token to the Consumer if permission is granted. - - - - - Initializes a new instance of the class. - - The Authorization Server's user authorization URL to direct the user to. - The protocol version. - authorizationEndpoint != null - authorizationEndpoint == null - version != null - version == null - - - - Initializes a new instance of the class. - - The authorization server. - authorizationServer != null - authorizationServer == null - authorizationServer.Version != null - authorizationServer.Version == null - authorizationServer.AuthorizationEndpoint != null - authorizationServer.AuthorizationEndpoint == null - - - - Gets the type of the authorization that the client expects of the authorization server. - - Always . Other response types are not supported. - - - - Gets or sets the identifier by which this client is known to the Authorization Server. - - - - - Gets or sets the callback URL. - - - An absolute URL to which the Authorization Server will redirect the User back after - the user has approved the authorization request. - - - REQUIRED unless a redirection URI has been established between the client and authorization server via other means. An absolute URI to which the authorization server will redirect the user-agent to when the end-user authorization step is completed. The authorization server MAY require the client to pre-register their redirection URI. The redirection URI MUST NOT include a query component as defined by [RFC3986] (Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005.) section 3 if the state parameter is present. - - - - - Gets or sets state of the client that should be sent back with the authorization response. - - - An opaque value that Clients can use to maintain state associated with this request. - - - REQUIRED. The client identifier as described in Section 3.4 (Client Credentials). - - - - - Gets the scope of access being requested. - - The scope of the access request expressed as a list of space-delimited strings. The value of the scope parameter is defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope. - - - - An enumeration of the OAuth protocol versions supported by this library. - - - - - The OAuth 2.0 specification. - - - - - Protocol constants for OAuth 2.0. - - - - - The HTTP authorization scheme "OAuth"; - - - - - The format of the HTTP Authorization header value that authorizes OAuth 2.0 requests. - - - - - The "type" string. - - - - - The "state" string. - - - - - The "redirect_uri_mismatch" string. - - - - - The "bad_verification_code" string. - - - - - The "incorrect_client_credentials" string. - - - - - The "authorization_expired" string. - - - - - The "redirect_uri" string. - - - - - The "client_id" string. - - - - - The "scope" string. - - - - - The "immediate" string. - - - - - The "client_secret" string. - - - - - The "code" string. - - - - - The "user_code" string. - - - - - The "verification_uri" string. - - - - - The "interval" string. - - - - - The "error" string. - - - - - The "access_token" string. - - - - - The "access_token_secret" string. - - - - - The "refresh_token" string. - - - - - The "expires_in" string. - - - - - The "expired_delegation_code" string. - - - - - The "username" string. - - - - - The "password" string. - - - - - The "format" string. - - - - - The "assertion" string. - - - - - The "assertion_type" string. - - - - - The "user_denied" string. - - - - - The "error_uri" string. - - - - - The "error_description" string. - - - - - The "response_type" string. - - - - - The "grant_type" string. - - - - - Gets the instance with values initialized for V1.0 of the protocol. - - - - - A list of all supported OAuth versions, in order starting from newest version. - - - - - The default (or most recent) supported version of the OpenID protocol. - - - - - Gets the OAuth Protocol instance to use for the given version. - - The OAuth version to get. - A matching instance. - - - - Gets or sets the OAuth 2.0 version represented by this instance. - - The version. - - - - Gets or sets the OAuth 2.0 version represented by this instance. - - The protocol version. - - - - Error codes that an authorization server can return to a client in response to a malformed or unsupported access token request. - - - - - The request is missing a required parameter, includes an unknown parameter or parameter value, repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed. - - - - - The client identifier provided is invalid, the client failed to authenticate, or the client provided multiple client credentials. - - - - - The client is not authorized to use the access grant type provided. - - - - - The provided access grant is invalid, expired, or revoked (e.g. invalid assertion, expired authorization token, bad end-user basic credentials, or mismatching authorization code and redirection URI). - - - - - The access grant included - its type or another attribute - is not supported by the authorization server. - - - - - The requested scope is invalid, unknown, malformed, or exceeds the previously granted scope. - - - - - Error codes that an authorization server can return to a client in response to a malformed or unsupported end user authorization request. - - - - - The request is missing a required parameter, includes an unknown parameter or parameter value, or is otherwise malformed. - - - - - The client identifier provided is invalid. - - - - - The client is not authorized to use the requested response type. - - - - - The redirection URI provided does not match a pre-registered value. - - - - - The end-user or authorization server denied the request. - - - - - The requested response type is not supported by the authorization server. - - - - - The requested scope is invalid, unknown, or malformed. - - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to The requested access scope ("{0}") exceeds the grant scope ("{1}").. - - - - - Looks up a localized string similar to None of the client's pre-registered callback URLs ({0}) match the one found in the authorization request ({1}).. - - - - - Looks up a localized string similar to Failed to obtain access token. Authorization Server reports reason: {0}. - - - - - Looks up a localized string similar to This message can only be sent over HTTPS.. - - - - - Looks up a localized string similar to Failed to obtain access token due to invalid Client Identifier or Client Secret.. - - - - - Looks up a localized string similar to No callback URI was available for this request.. - - - - - Looks up a localized string similar to Refresh tokens should not be granted without the request including an access grant.. - - - - - Looks up a localized string similar to Individual scopes may not contain spaces.. - - - - - A description of an OAuth Authorization Server as seen by an OAuth Client. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the Authorization Server URL from which an Access Token is requested by the Client. - - An HTTPS URL. - - After obtaining authorization from the resource owner, clients request an access token from the authorization server's token endpoint. - The URI of the token endpoint can be found in the service documentation, or can be obtained by the client by making an unauthorized protected resource request (from the WWW-Authenticate response header token-uri (The 'authorization-uri' Attribute) attribute). - The token endpoint advertised by the resource server MAY include a query component as defined by [RFC3986] (Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005.) section 3. - Since requests to the token endpoint result in the transmission of plain text credentials in the HTTP request and response, the authorization server MUST require the use of a transport-layer mechanism such as TLS/SSL (or a secure channel with equivalent protections) when sending requests to the token endpoints. - - - - - Gets or sets the Authorization Server URL where the Client (re)directs the User - to make an authorization request. - - An HTTP or HTTPS URL. - - Clients direct the resource owner to the authorization endpoint to approve their access request. Before granting access, the resource owner first authenticates with the authorization server. The way in which the authorization server authenticates the end-user (e.g. username and password login, OpenID, session cookies) and in which the authorization server obtains the end-user's authorization, including whether it uses a secure channel such as TLS/SSL, is beyond the scope of this specification. However, the authorization server MUST first verify the identity of the end-user. - The URI of the authorization endpoint can be found in the service documentation, or can be obtained by the client by making an unauthorized protected resource request (from the WWW-Authenticate response header auth-uri (The 'authorization-uri' Attribute) attribute). - The authorization endpoint advertised by the resource server MAY include a query component as defined by [RFC3986] (Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005.) section 3. - Since requests to the authorization endpoint result in user authentication and the transmission of sensitive values, the authorization server SHOULD require the use of a transport-layer mechanism such as TLS/SSL (or a secure channel with equivalent protections) when sending requests to the authorization endpoints. - - - - - Gets or sets the OAuth version supported by the Authorization Server. - - - - - Gets the version of the OAuth protocol to use with this Authorization Server. - - The version. - - - - An OAuth 2.0 consumer designed for web applications. - - - - - Initializes a new instance of the class. - - The authorization server. - The client identifier. - The client secret. - - - - Prepares a request for user authorization from an authorization server. - - The scope of authorized access requested. - The state of the client that should be sent back with the authorization response. - The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used. - - - - Prepares a request for user authorization from an authorization server. - - The scope of authorized access requested. - The state of the client that should be sent back with the authorization response. - The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used. - The authorization request. - - - - Prepares a request for user authorization from an authorization server. - - The authorization state to associate with this particular request. - The state of the client that should be sent back with the authorization response. - The authorization request. - authorization != null - authorization == null - authorization.Callback != null || (HttpContext.Current != null && HttpContext.Current.Request != null) - authorization.Callback == null && (HttpContext.Current == null || HttpContext.Current.Request == null) - !string.IsNullOrEmpty(this.ClientIdentifier) - string.IsNullOrEmpty(this.ClientIdentifier) - Contract.Result<OutgoingWebResponse>() != null - - - - Processes the authorization response from an authorization server, if available. - - The incoming HTTP request that may carry an authorization response. - The authorization state that contains the details of the authorization. - !string.IsNullOrEmpty(this.ClientIdentifier) - string.IsNullOrEmpty(this.ClientIdentifier) - !string.IsNullOrEmpty(this.ClientSecret) - string.IsNullOrEmpty(this.ClientSecret) - - - - Gets or sets an optional component that gives you greater control to record and influence the authorization process. - - The authorization tracker. - - - - A grab-bag utility class. - - - - - The base namespace for this library from which all other namespaces derive. - - - - - The web.config file-specified provider of web resource URLs. - - - - - Tests for equality between two objects. Safely handles the case where one or both are null. - - The type of objects been checked for equality. - The first object. - The second object. - - true if the two objects are equal; false otherwise. - - - - Prepares a dictionary for printing as a string. - - The type of the key. - The type of the value. - The dictionary or sequence of name-value pairs. - An object whose ToString method will perform the actual work of generating the string. - - The work isn't done until (and if) the - method is actually called, which makes it great - for logging complex objects without being in a conditional block. - - - - - Offers deferred ToString processing for a list of elements, that are assumed - to generate just a single-line string. - - The type of elements contained in the list. - The list of elements. - An object whose ToString method will perform the actual work of generating the string. - - - - Offers deferred ToString processing for a list of elements. - - The type of elements contained in the list. - The list of elements. - if set to true, special formatting will be applied to the output to make it clear where one element ends and the next begins. - An object whose ToString method will perform the actual work of generating the string. - - - - Gets the web resource URL from a Page or object. - - Some type in resource assembly. - Name of the manifest resource. - An absolute URL - - - - Gets a human-readable description of the library name and version, including - whether the build is an official or private one. - - - - - Manages an individual deferred ToString call. - - The type of object to be serialized as a string. - - - - The object that will be serialized if called upon. - - - - - The method used to serialize to string form. - - - - - Initializes a new instance of the DelayedToString class. - - The object that may be serialized to string form. - The method that will serialize the object if called upon. - toString != null - toString == null - - - - Returns a that represents the current . - - - A that represents the current . - - Contract.Result<string>() != null - - - - An enumeration of the OAuth protocol versions supported by this library. - - - - - OAuth 1.0 specification - - - - - OAuth 1.0a specification - - - - - Constants used in the OAuth protocol. - - - OAuth Protocol Parameter names and values are case sensitive. Each OAuth Protocol Parameters MUST NOT appear more than once per request, and are REQUIRED unless otherwise noted, - per OAuth 1.0 section 5. - - - - - The namespace to use for V1.0 of the protocol. - - - - - The prefix used for all key names in the protocol. - - - - - The string representation of a instance to be used to represent OAuth 1.0a. - - - - - The scheme to use in Authorization header message requests. - - - - - Gets the instance with values initialized for V1.0 of the protocol. - - - - - Gets the instance with values initialized for V1.0a of the protocol. - - - - - A list of all supported OAuth versions, in order starting from newest version. - - - - - The default (or most recent) supported version of the OpenID protocol. - - - - - The namespace to use for this version of the protocol. - - - - - Initializes a new instance of the class. - - - - - Gets the OAuth Protocol instance to use for the given version. - - The OAuth version to get. - A matching instance. - - - - Gets the OAuth Protocol instance to use for the given version. - - The OAuth version to get. - A matching instance. - version != null - version == null - AllVersions.Any(p => p.Version == version) - !(AllVersions.Any(p => p.Version == version)) - - - - Gets the OAuth version this instance represents. - - - - - Gets the version to declare on the wire. - - - - - Gets the enum value for the instance. - - - - - Gets the namespace to use for this version of the protocol. - - - - - A web application that allows access via OAuth. - - - The Service Provider’s documentation should include: - - The URLs (Request URLs) the Consumer will use when making OAuth requests, and the HTTP methods (i.e. GET, POST, etc.) used in the Request Token URL and Access Token URL. - Signature methods supported by the Service Provider. - Any additional request parameters that the Service Provider requires in order to obtain a Token. Service Provider specific parameters MUST NOT begin with oauth_. - - - - - - The name of the key to use in the HttpApplication cache to store the - instance of to use. - - - - - The length of the verifier code (in raw bytes before base64 encoding) to generate. - - - - - The field behind the property. - - - - - Initializes a new instance of the class. - - The endpoints and behavior on the Service Provider. - The host's method of storing and recalling tokens and secrets. - - - - Initializes a new instance of the class. - - The endpoints and behavior on the Service Provider. - The host's method of storing and recalling tokens and secrets. - An object that can figure out what type of message is being received for deserialization. - serviceDescription != null - serviceDescription == null - tokenManager != null - tokenManager == null - messageTypeProvider != null - messageTypeProvider == null - - - - Initializes a new instance of the class. - - The endpoints and behavior on the Service Provider. - The host's method of storing and recalling tokens and secrets. - The nonce store. - - - - Initializes a new instance of the class. - - The endpoints and behavior on the Service Provider. - The host's method of storing and recalling tokens and secrets. - The nonce store. - An object that can figure out what type of message is being received for deserialization. - serviceDescription != null - serviceDescription == null - tokenManager != null - tokenManager == null - nonceStore != null - nonceStore == null - messageTypeProvider != null - messageTypeProvider == null - - - - Creates a cryptographically strong random verification code. - - The desired format of the verification code. - The length of the code. - When is , - this is the length of the original byte array before base64 encoding rather than the actual - length of the final string. - The verification code. - length >= 0 - length < 0 - - - - Reads any incoming OAuth message. - - The deserialized message. - - Requires HttpContext.Current. - - - - - Reads any incoming OAuth message. - - The HTTP request to read the message from. - The deserialized message. - - - - Gets the incoming request for an unauthorized token, if any. - - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - Requires HttpContext.Current. - - - - - Reads a request for an unauthorized token from the incoming HTTP request. - - The HTTP request to read from. - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - - - Prepares a message containing an unauthorized token for the Consumer to use in a - user agent redirect for subsequent authorization. - - The token request message the Consumer sent that the Service Provider is now responding to. - The response message to send using the , after optionally adding extra data to it. - request != null - request == null - - - - Gets the incoming request for the Service Provider to authorize a Consumer's - access to some protected resources. - - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - Requires HttpContext.Current. - - - - - Reads in a Consumer's request for the Service Provider to obtain permission from - the user to authorize the Consumer's access of some protected resource(s). - - The HTTP request to read from. - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - - - Gets the OAuth authorization request included with an OpenID authentication - request, if there is one. - - The OpenID authentication request. - - The scope of access the relying party is requesting, or null if no OAuth request - is present. - - - Call this method rather than simply extracting the OAuth extension - out from the authentication request directly to ensure that the additional - security measures that are required are taken. - - openIdRequest != null - openIdRequest == null - this.TokenManager is ICombinedOpenIdProviderTokenManager - !(this.TokenManager is ICombinedOpenIdProviderTokenManager) - - - - Attaches the authorization response to an OpenID authentication response. - - The OpenID authentication request. - The consumer key. Must be null if and only if is null. - The approved access scope. Use null to indicate no access was granted. The empty string will be interpreted as some default level of access is granted. - openIdAuthenticationRequest != null - openIdAuthenticationRequest == null - (consumerKey == null) == (scope == null) - !((consumerKey == null) == (scope == null)) - this.TokenManager is ICombinedOpenIdProviderTokenManager - !(this.TokenManager is ICombinedOpenIdProviderTokenManager) - - - - Attaches the authorization response to an OpenID authentication response. - - The OpenID authentication request. - The approved access scope. Use null to indicate no access was granted. The empty string will be interpreted as some default level of access is granted. - openIdAuthenticationRequest != null - openIdAuthenticationRequest == null - this.TokenManager is ICombinedOpenIdProviderTokenManager - !(this.TokenManager is ICombinedOpenIdProviderTokenManager) - - - - Prepares the message to send back to the consumer following proper authorization of - a token by an interactive user at the Service Provider's web site. - - The Consumer's original authorization request. - - The message to send to the Consumer using if one is necessary. - Null if the Consumer did not request a callback as part of the authorization request. - - request != null - request == null - - - - Prepares the message to send back to the consumer following proper authorization of - a token by an interactive user at the Service Provider's web site. - - The Consumer's original authorization request. - The callback URI the consumer has previously registered - with this service provider or that came in the . - - The message to send to the Consumer using . - - request != null - request == null - callback != null - callback == null - - - - Gets the incoming request to exchange an authorized token for an access token. - - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - Requires HttpContext.Current. - - - - - Reads in a Consumer's request to exchange an authorized request token for an access token. - - The HTTP request to read from. - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - - - Prepares and sends an access token to a Consumer, and invalidates the request token. - - The Consumer's message requesting an access token. - The HTTP response to actually send to the Consumer. - request != null - request == null - - - - Gets the authorization (access token) for accessing some protected resource. - - The authorization message sent by the Consumer, or null if no authorization message is attached. - - This method verifies that the access token and token secret are valid. - It falls on the caller to verify that the access token is actually authorized - to access the resources being requested. - - Thrown if an unexpected message is attached to the request. - - - - Gets the authorization (access token) for accessing some protected resource. - - HTTP details from an incoming WCF message. - The URI of the WCF service endpoint. - The authorization message sent by the Consumer, or null if no authorization message is attached. - - This method verifies that the access token and token secret are valid. - It falls on the caller to verify that the access token is actually authorized - to access the resources being requested. - - Thrown if an unexpected message is attached to the request. - - - - Gets the authorization (access token) for accessing some protected resource. - - The incoming HTTP request. - The authorization message sent by the Consumer, or null if no authorization message is attached. - - This method verifies that the access token and token secret are valid. - It falls on the caller to verify that the access token is actually authorized - to access the resources being requested. - - Thrown if an unexpected message is attached to the request. - request != null - request == null - - - - Creates a security principal that may be used. - - The request. - The instance that can be used for access control of resources. - request != null - request == null - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets the standard state storage mechanism that uses ASP.NET's - HttpApplication state dictionary to store associations and nonces. - - - Contract.Result<INonceStore>() != null - - - - - Gets the description of this Service Provider. - - - - - Gets or sets the generator responsible for generating new tokens and secrets. - - - - - Gets the persistence store for tokens and secrets. - - - - - Gets the channel to use for sending/receiving messages. - - - - - Gets the security settings for this service provider. - - - - - Gets or sets the channel to use for sending/receiving messages. - - - value != null - - value == null - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to The configuration-specified type {0} must be public, and is not.. - - - - - Looks up a localized string similar to The configuration XAML reference to {0} requires a current HttpContext to resolve.. - - - - - Looks up a localized string similar to The current IHttpHandler is not one of types: {0}. An embedded resource URL provider must be set in your .config file.. - - - - - Looks up a localized string similar to No current HttpContext was detected, so an {0} instance must be explicitly provided or specified in the .config file. Call the constructor overload that takes an {0}.. - - - - - Utility methods for working with URIs. - - - - - Tests a URI for the presence of an OAuth payload. - - The URI to test. - The prefix. - - True if the URI contains an OAuth message. - - !string.IsNullOrEmpty(prefix) - string.IsNullOrEmpty(prefix) - - - - Determines whether some is using HTTPS. - - The Uri being tested for security. - - true if the URI represents an encrypted request; otherwise, false. - - uri != null - uri == null - - - - Equivalent to UriBuilder.ToString() but omits port # if it may be implied. - Equivalent to UriBuilder.Uri.ToString(), but doesn't throw an exception if the Host has a wildcard. - - The UriBuilder to render as a string. - The string version of the Uri. - builder != null - builder == null - Contract.Result<string>() != null - - - - Validates that a URL will be resolvable at runtime. - - The page hosting the control that receives this URL as a property. - If set to true the page is in design-time mode rather than runtime mode. - The URI to check. - Thrown if the given URL is not a valid, resolvable URI. - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to XRI CanonicalID verification failed.. - - - - - Looks up a localized string similar to Failure parsing XRDS document.. - - - - - Looks up a localized string similar to The XRDS document for XRI {0} is missing the required CanonicalID element.. - - - - - Looks up a localized string similar to Could not find XRI resolution Status tag or code attribute was invalid.. - - - - - String constants for various content-type header values used in YADIS discovery. - - - - - The text/html content-type - - - - - The application/xhtml+xml content-type - - - - - The application/xrds+xml content-type - - - - - The text/xml content type - - - - - Contains the result of YADIS discovery. - - - - - The original web response, backed up here if the final web response is the preferred response to use - in case it turns out to not work out. - - - - - Initializes a new instance of the class. - - The user-supplied identifier. - The initial response. - The final response. - - - - Reverts to the HTML response after the XRDS response didn't work out. - - - - - Applies the HTML response to the object. - - The initial response. - - - - Gets the URI of the original YADIS discovery request. - This is the user supplied Identifier as given in the original - YADIS discovery request. - - - - - Gets the fully resolved (after redirects) URL of the user supplied Identifier. - This becomes the ClaimedIdentifier. - - - - - Gets the location the XRDS document was downloaded from, if different - from the user supplied Identifier. - - - - - Gets the Content-Type associated with the . - - - - - Gets the text in the final response. - This may be an XRDS document or it may be an HTML document, - as determined by the property. - - - - - Gets a value indicating whether the - represents an XRDS document. False if the response is an HTML document. - - - - - An HTML HEAD tag parser. - - - - - Common flags to use on regex tests. - - - - - A regular expression designed to select tags (?) - - - - - A regular expression designed to select start tags (?) - - - - - A regular expression designed to select attributes within a tag. - - - - - A regular expression designed to select the HEAD tag. - - - - - A regular expression designed to select the HTML tag. - - - - - A regular expression designed to remove all comments and scripts from a string. - - - - - Finds all the HTML HEAD tag child elements that match the tag name of a given type. - - The HTML tag of interest. - The HTML to scan. - A sequence of the matching elements. - - - - Filters a list of controls based on presence of an attribute. - - The type of HTML controls being filtered. - The sequence. - The attribute. - A filtered sequence of attributes. - sequence != null - sequence == null - !String.IsNullOrEmpty(attribute) - String.IsNullOrEmpty(attribute) - - - - Generates a regular expression that will find a given HTML tag. - - Name of the tag. - The close tags (?). - The created regular expression. - - - - Generates a regular expression designed to find a given tag. - - The tag to find. - The created regular expression. - - - - The Service element in an XRDS document. - - - - - A node in an XRDS document. - - - - - The XRD namespace xri://$xrd*($v*2.0) - - - - - The XRDS namespace xri://$xrds - - - - - Initializes a new instance of the class. - - The node represented by this instance. - The parent node. - node != null - node == null - parentNode != null - parentNode == null - - - - Initializes a new instance of the class. - - The document's root node, which this instance represents. - document != null - document == null - document.NameTable != null - document.NameTable == null - - - - Gets the node. - - - - - Gets the parent node, or null if this is the root node. - - - - - Gets the XML namespace resolver to use in XPath expressions. - - - - - Initializes a new instance of the class. - - The service element. - The parent. - - - - Compares the current object with another object of the same type. - - An object to compare with this object. - - A 32-bit signed integer that indicates the relative order of the objects being compared. The return value has the following meanings: - Value - Meaning - Less than zero - This object is less than the parameter. - Zero - This object is equal to . - Greater than zero - This object is greater than . - - - - - Gets the XRD parent element. - - - - - Gets the priority. - - - - - Gets the URI child elements. - - - - - Gets the type child elements. - - The type elements. - - - - Gets the type child element's URIs. - - - - - Gets the OP Local Identifier. - - - - - The Type element in an XRDS document. - - - - - Initializes a new instance of the class. - - The type element. - The parent. - typeElement != null - typeElement == null - parent != null - parent == null - - - - Gets the URI. - - - - - The Uri element in an XRDS document. - - - - - Initializes a new instance of the class. - - The URI element. - The service. - - - - Compares the current object with another object of the same type. - - An object to compare with this object. - - A 32-bit signed integer that indicates the relative order of the objects being compared. The return value has the following meanings: - Value - Meaning - Less than zero - This object is less than the parameter. - Zero - This object is equal to . - Greater than zero - This object is greater than . - - - - - Gets the priority. - - - - - Gets the URI. - - - - - Gets the parent service. - - - - - The Xrd element in an XRDS document. - - - - - Initializes a new instance of the class. - - The XRD element. - The parent. - - - - Searches for service sub-elements that have Type URI sub-elements that match - one that we have for a known OpenID protocol version. - - A function that selects what element of the OpenID Protocol we're interested in finding. - A sequence of service elements that match the search criteria, sorted in XRDS @priority attribute order. - - - - Gets the child service elements. - - The services. - - - - Gets a value indicating whether this XRD element's resolution at the XRI resolver was successful. - - - true if this XRD's resolution was successful; otherwise, false. - - - - - Gets the canonical ID (i-number) for this element. - - - - - Gets a value indicating whether the was verified. - - - - - Gets the services for OP Identifiers. - - - - - Gets the services for Claimed Identifiers. - - - - - Gets the services that would be discoverable at an RP for return_to verification. - - - - - Gets the services that would be discoverable at an RP for the UI extension icon. - - - - - Gets an enumeration of all Service/URI elements, sorted in priority order. - - - - - Gets the XRI resolution status code. - - - - - An XRDS document. - - - - - The namespace used by XML digital signatures. - - - - - The namespace used by Google Apps for Domains for OpenID URI templates. - - - - - Initializes a new instance of the class. - - The root node of the XRDS document. - - - - Initializes a new instance of the class. - - The Xml reader positioned at the root node of the XRDS document. - - - - Initializes a new instance of the class. - - The text that is the XRDS document. - - - - Gets the XRD child elements of the document. - - - - - Gets a value indicating whether all child XRD elements were resolved successfully. - - - - - YADIS discovery manager. - - - - - The HTTP header to look for in responses to declare where the XRDS document should be found. - - - - - The maximum number of bytes to read from an HTTP response - in searching for a link to a YADIS document. - - - - - Gets or sets the cache that can be used for HTTP requests made during identifier discovery. - - - - - Performs YADIS discovery on some identifier. - - The mechanism to use for sending HTTP requests. - The URI to perform discovery on. - Whether discovery should fail if any step of it is not encrypted. - - The result of discovery on the given URL. - Null may be returned if an error occurs, - or if is true but part of discovery - is not protected by SSL. - - - - - Searches an HTML document for a - <meta http-equiv="X-XRDS-Location" content="{YadisURL}"> - tag and returns the content of YadisURL. - - The HTML to search. - The URI of the XRDS document if found; otherwise null. - - - - Sends a YADIS HTTP request as part of identifier discovery. - - The request handler to use to actually submit the request. - The URI to GET. - Whether only HTTPS URLs should ever be retrieved. - The value of the Accept HTTP header to include in the request. - The HTTP response retrieved from the request. - requestHandler != null - requestHandler == null - uri != null - uri == null - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Determines whether a given HTTP response constitutes an XRDS document. - - The response to test. - - true if the response constains an XRDS document; otherwise, false. - - - - - An ASP.NET control that provides a minimal text box that is OpenID-aware. - - - This control offers greater UI flexibility than the - control, but requires more work to be done by the hosting web site to - assemble a complete login experience. - - - - - A common base class for OpenID Relying Party controls. - - - - - The manifest resource name of the javascript file to include on the hosting page. - - - - - The cookie used to persist the Identifier the user logged in with. - - - - - The callback parameter name to use to store which control initiated the auth request. - - - - - The callback parameter to use for recognizing when the callback is in a popup window or hidden iframe. - - - - - The parameter name to include in the formulated auth request so that javascript can know whether - the OP advertises support for the UI extension. - - - - - The "Appearance" category for properties. - - - - - The "Behavior" category for properties. - - - - - The "OpenID" category for properties and events. - - - - - The callback parameter for use with persisting the property. - - - - - The callback parameter to use for recognizing when the callback is in the parent window. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - Default value of . - - - - - Default value of . - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The key under which the value for the property will be stored. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The lifetime of the cookie used to persist the Identifier the user logged in with. - - - - - Backing field for the property. - - - - - A value indicating whether the field contains - an instance that we own and should Dispose. - - - - - Initializes a new instance of the class. - - - - - Clears any cookie set by this control to help the user on a returning visit next time. - - - - - Immediately redirects to the OpenID Provider to verify the Identifier - provided in the text box. - - - - - Immediately redirects to the OpenID Provider to verify the Identifier - provided in the text box. - - The request. - request != null - request == null - - - - When implemented by a class, enables a server control to process an event raised when a form is posted to the server. - - A that represents an optional event argument to be passed to the event handler. - - - - Enables a server control to perform final clean up before it is released from memory. - - - - - Creates the authentication requests for a given user-supplied Identifier. - - The identifier to create a request for. - - A sequence of authentication requests, any one of which may be - used to determine the user's control of the . - - identifier != null - identifier == null - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - When implemented by a class, enables a server control to process an event raised when a form is posted to the server. - - A that represents an optional event argument to be passed to the event handler. - - - - Creates the authentication requests for the value set in the property. - - - A sequence of authentication requests, any one of which may be - used to determine the user's control of the . - - this.Identifier != null - this.Identifier == null - - - - Raises the event. - - The instance containing the event data. - e != null - - - - Notifies the user agent via an AJAX response of a completed authentication attempt. - - - - - Called when the property is changed. - - - - - Processes the response. - - The response. - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Fires the event. - - The response. - response != null - response == null - response.Status == AuthenticationStatus.Authenticated - response.Status != AuthenticationStatus.Authenticated - - - - Fires the event. - - The request. - - Returns whether the login should proceed. False if some event handler canceled the request. - - request != null - request == null - - - - Fires the event. - - The response. - response != null - response == null - response.Status == AuthenticationStatus.Canceled - response.Status != AuthenticationStatus.Canceled - - - - Fires the event. - - The response. - response != null - response == null - response.Status == AuthenticationStatus.Failed - response.Status != AuthenticationStatus.Failed - - - - Creates the relying party instance used to generate authentication requests. - - The instantiated relying party. - - - - Creates the relying party instance used to generate authentication requests. - - The store to pass to the relying party constructor. - The instantiated relying party. - - - - Configures the relying party. - - The relying party. - relyingParty != null - relyingParty == null - - - - Detects whether a popup window should be used to show the Provider's UI. - - The request. - - true if a popup should be used; false otherwise. - - request != null - request == null - - - - Adds attributes to an HTML <A> tag that will be written by the caller using - after this method. - - The HTML writer. - The outgoing authentication request. - The text to try to display in the status bar on mouse hover. - writer != null - writer == null - request != null - request == null - - - - Creates the identifier-persisting cookie, either for saving or deleting. - - The positive authentication response; or null to clear the cookie. - An persistent cookie. - - - - Creates the authentication requests for a given user-supplied Identifier. - - The identifier to create a request for. - - A sequence of authentication requests, any one of which may be - used to determine the user's control of the . - - - - - Gets the javascript to executee to redirect or POST an OpenID message to a remote party. - - The authentication request to send. - The javascript that should execute. - request != null - request == null - - - - Wires the return page to immediately display a popup window with the Provider in it. - - The request. - request != null - request == null - this.RelyingParty != null - this.RelyingParty == null - - - - Tries to preset the property based on a persistent - cookie on the browser. - - - A value indicating whether the property was - successfully preset to some non-empty value. - - - - - Fired when the user has typed in their identifier, discovery was successful - and a login attempt is about to begin. - - - - - Fired upon completion of a successful login. - - - - - Fired when a login attempt fails. - - - - - Fired when an authentication attempt is canceled at the OpenID Provider. - - - - - Occurs when the property is changed. - - - - - Gets or sets the instance to use. - - The default value is an instance initialized according to the web.config file. - - A performance optimization would be to store off the - instance as a static member in your web site and set it - to this property in your Page.Load - event since instantiating these instances can be expensive on - heavily trafficked web pages. - - - - - Gets the collection of extension requests this selector should include in generated requests. - - - - - Gets or sets a value indicating whether stateless mode is used. - - - - - Gets or sets the OpenID of the relying party web site. - - - !string.IsNullOrEmpty(value) - - string.IsNullOrEmpty(value) - - - - Gets or sets the OpenID ReturnTo of the relying party web site. - - - - - Gets or sets a value indicating whether to send a persistent cookie upon successful - login so the user does not have to log in upon returning to this site. - - - - - Gets or sets the way a completed login is communicated to the rest of the web site. - - - - - Gets or sets a value indicating when to use a popup window to complete the login experience. - - The default value is . - - - - Gets or sets a value indicating whether to enforce on high security mode, - which requires the full authentication pipeline to be protected by SSL. - - - - - Gets or sets the Identifier that will be used to initiate login. - - - - - Gets or sets the default association preference to set on authentication requests. - - - - - Gets ancestor controls, starting with the immediate parent, and progressing to more distant ancestors. - - - - - Gets a value indicating whether this control is a child control of a composite OpenID control. - - - true if this instance is embedded in parent OpenID control; otherwise, false. - - - - - The name of the manifest stream containing the - OpenID logo that is placed inside the text box. - - - - - Default value for property. - - - - - The "Simple Registration" category for properties. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - An empty sreg request, used to compare with others to see if they too are empty. - - - - - Initializes a new instance of the class. - - - - - When implemented by a class, processes postback data for an ASP.NET server control. - - The key identifier for the control. - The collection of all incoming name values. - - true if the server control's state changes as a result of the postback; otherwise, false. - - - - - When implemented by a class, signals the server control to notify the ASP.NET application that the state of the control has changed. - - - - - Creates the authentication requests for a given user-supplied Identifier. - - The identifier to create a request for. - - A sequence of authentication requests, any one of which may be - used to determine the user's control of the . - - identifier != null - identifier == null - - - - Checks for incoming OpenID authentication responses and fires appropriate events. - - The object that contains the event data. - e != null - - - - Called when the property is changed. - - - - - Sends server control content to a provided object, which writes the content to be rendered on the client. - - The object that receives the server control content. - writer != null - - - - When implemented by a class, processes postback data for an ASP.NET server control. - - The key identifier for the control. - The collection of all incoming name values. - - true if the server control's state changes as a result of the postback; otherwise, false. - - - - - When implemented by a class, signals the server control to notify the ASP.NET application that the state of the control has changed. - - - - - Called on a postback when the Text property has changed. - - - - - Creates the authentication requests for a given user-supplied Identifier. - - The authentication requests to prepare. - - A sequence of authentication requests, any one of which may be - used to determine the user's control of the . - - - - - Adds extensions to a given authentication request to ask the Provider - for user profile data. - - The authentication request to add the extensions to. - request != null - request == null - - - - Occurs when the content of the text changes between posts to the server. - - - - - Gets or sets the content of the text box. - - - - - Gets or sets the form name to use for this input field. - - - - - Gets or sets the CSS class assigned to the text box. - - - - - Gets or sets a value indicating whether to show the OpenID logo in the text box. - - - - - Gets or sets a value indicating whether to use inline styling to force a solid gray border. - - - - - Gets or sets the width of the text box in characters. - - - - - Gets or sets the maximum number of characters the browser should allow - - - - - Gets or sets the tab index of the Web server control. - - - - The tab index of the Web server control. The default is 0, which indicates that this property is not set. - - - The specified tab index is not between -32768 and 32767. - - - - - Gets or sets a value indicating whether this is enabled - in the browser for editing and will respond to incoming OpenID messages. - - - true if enabled; otherwise, false. - - - - Gets or sets your level of interest in receiving the user's nickname from the Provider. - - - - - Gets or sets your level of interest in receiving the user's email address from the Provider. - - - - - Gets or sets your level of interest in receiving the user's full name from the Provider. - - - - - Gets or sets your level of interest in receiving the user's birthdate from the Provider. - - - - - Gets or sets your level of interest in receiving the user's gender from the Provider. - - - - - Gets or sets your level of interest in receiving the user's postal code from the Provider. - - - - - Gets or sets your level of interest in receiving the user's country from the Provider. - - - - - Gets or sets your level of interest in receiving the user's preferred language from the Provider. - - - - - Gets or sets your level of interest in receiving the user's time zone from the Provider. - - - - - Gets or sets the URL to your privacy policy page that describes how - claims will be used and/or shared. - - - - - Gets or sets a value indicating whether to use OpenID extensions - to retrieve profile data of the authenticating user. - - - - - An ASP.NET control providing a complete OpenID login experience. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The HTML to append to the property value when rendering. - - - - - The number to add to to get the tab index of the textbox control. - - - - - The number to add to to get the tab index of the login button control. - - - - - The number to add to to get the tab index of the remember me checkbox control. - - - - - The number to add to to get the tab index of the register link control. - - - - - The control into which all other controls are added. - - - - - The Login button. - - - - - The label that presents the text box. - - - - - The validator that flags an empty text box. - - - - - The validator that flags invalid formats of OpenID identifiers. - - - - - The label that precedes an example OpenID identifier. - - - - - The label that contains the example OpenID identifier. - - - - - A link to allow the user to create an account with a popular OpenID Provider. - - - - - The Remember Me checkbox. - - - - - The javascript snippet that activates the ID Selector javascript control. - - - - - The label that will display login failure messages. - - - - - Initializes a new instance of the class. - - - - - Outputs server control content to a provided object and stores tracing information about the control if tracing is enabled. - - The object that receives the control content. - writer != null - - - - Creates the child controls. - - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Initializes the child controls. - - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Renders the child controls. - - The object that receives the rendered content. - writer != null - - - - Adds failure handling to display an error message to the user. - - The response. - response != null - response == null - response.Status == AuthenticationStatus.Failed - response.Status != AuthenticationStatus.Failed - - - - Adds authentication cancellation behavior to display a message to the user. - - The response. - response != null - response == null - response.Status == AuthenticationStatus.Canceled - response.Status != AuthenticationStatus.Canceled - - - - Fires the event. - - - - - Handles the ServerValidate event of the identifierFormatValidator control. - - The source of the event. - The instance containing the event data. - - - - Handles the CheckedChanged event of the rememberMeCheckBox control. - - The source of the event. - The instance containing the event data. - - - - Handles the Click event of the loginButton control. - - The source of the event. - The instance containing the event data. - - - - Renders the control inner. - - The writer. - - - - Sets child control properties that depend on this control's ID. - - - - - Fired when the Remember Me checkbox is changed by the user. - - - - - Gets a object that represents the child controls for a specified server control in the UI hierarchy. - - - The collection of child controls for the specified server control. - - - Contract.Result<ControlCollection>() != null - - - - - Gets or sets the caption that appears before the text box. - - - - - Gets or sets the text that introduces the example OpenID url. - - - - - Gets or sets the example OpenID Identifier to display to the user. - - - - - Gets or sets the text to display if the user attempts to login - without providing an Identifier. - - - - - Gets or sets the text to display if the user provides an invalid form for an Identifier. - - - - - Gets or sets a value indicating whether to perform Identifier - format validation prior to an authentication attempt. - - - - - Gets or sets the text of the link users can click on to obtain an OpenID. - - - - - Gets or sets the URL to link users to who click the link to obtain a new OpenID. - - - - - Gets or sets the text of the tooltip to display when the user hovers - over the link to obtain a new OpenID. - - - - - Gets or sets a value indicating whether to display a link to - allow users to easily obtain a new OpenID. - - - - - Gets or sets the text that appears on the button that initiates login. - - - - - Gets or sets the text of the "Remember Me" checkbox. - - - - - Gets or sets the message display in the event of a failed - authentication. {0} may be used to insert the actual error. - - - - - Gets or sets the text to display in the event of an authentication canceled at the Provider. - - - - - Gets or sets a value indicating whether the "Remember Me" checkbox should be displayed. - - - - - Gets or sets a value indicating whether a successful authentication should result in a persistent - cookie being saved to the browser. - - - - - Gets or sets the starting tab index to distribute across the controls. - - - - - Gets or sets the tooltip to display when the user hovers over the login button. - - - - - Gets or sets the validation group that the login button and text box validator belong to. - - - - - Gets or sets the unique hash string that ends your idselector.com account. - - - - - Gets or sets a value indicating whether a FormsAuthentication - cookie should persist across user sessions. - - - - - A control that acts as a placeholder to indicate where - the OpenIdLogin control should render its OpenIdTextBox parent. - - - - - The owning control to render. - - - - - Initializes a new instance of the class. - - The render control. - - - - Sends server control content to a provided object, which writes the content to be rendered on the client. - - The object that receives the server control content. - writer != null - - - - Provides the programmatic facilities to act as an AJAX-enabled OpenID relying party. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The application store. If null, the relying party will always operate in "dumb mode". - - - - Generates AJAX-ready authentication requests that can satisfy the requirements of some OpenID Identifier. - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - - A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier. - Never null, but may be empty. - - - Any individual generated request can satisfy the authentication. - The generated requests are sorted in preferred order. - Each request is generated as it is enumerated to. Associations are created only as - is called. - No exception is thrown if no OpenID endpoints were discovered. - An empty enumerable is returned instead. - - userSuppliedIdentifier != null - userSuppliedIdentifier == null - realm != null - realm == null - returnToUrl != null - returnToUrl == null - Contract.Result<IEnumerable<IAuthenticationRequest>>() != null - - - - Serializes discovery results on some single identifier on behalf of Javascript running on the browser. - - The discovery results from just one identifier to serialize as a JSON response. - - The JSON result to return to the user agent. - - - We prepare a JSON object with this interface: - - class jsonResponse { - string claimedIdentifier; - Array requests; // never null - string error; // null if no error - } - - Each element in the requests array looks like this: - - class jsonAuthRequest { - string endpoint; // URL to the OP endpoint - string immediate; // URL to initiate an immediate request - string setup; // URL to initiate a setup request. - } - - requests != null - requests == null - - - - Serializes discovery on a set of identifiers for preloading into an HTML page that carries - an AJAX-aware OpenID control. - - The discovery results to serialize as a JSON response. - - The JSON result to return to the user agent. - - requests != null - requests == null - - - - Converts a sequence of authentication requests to a JSON object for seeding an AJAX-enabled login page. - - The discovery results from just one identifier to serialize as a JSON response. - A JSON object, not yet serialized. - requests != null - requests == null - - - - Serializes discovery on a set of identifiers for preloading into an HTML page that carries - an AJAX-aware OpenID control. - - The discovery results to serialize as a JSON response. - - A JSON object, not yet serialized to a string. - - requests != null - requests == null - - - - Gets the full URL that carries an OpenID message, even if it exceeds the normal maximum size of a URL, - for purposes of sending to an AJAX component running in the browser. - - The authentication request. - - trueto create a checkid_immediate request; - false to create a checkid_setup request. - The absolute URL that carries the entire OpenID message. - request != null - request == null - - - - The contract class for the class. - - - - - A button that would appear in the control via its collection. - - - - - Initializes a new instance of the class. - - - - - Ensures that this button has been initialized to a valid state. - - - This is "internal" -- NOT "protected internal" deliberately. It makes it impossible - to derive from this class outside the assembly, which suits our purposes since the - control is not designed for an extensible set of button types. - - - - - Renders the leading attributes for the LI tag. - - The writer. - writer != null - writer == null - - - - Renders the content of the button. - - The writer. - The containing selector control. - writer != null - writer == null - selector != null - selector == null - - - - Ensures that this button has been initialized to a valid state. - - - This is "internal" -- NOT "protected internal" deliberately. It makes it impossible - to derive from this class outside the assembly, which suits our purposes since the - control is not designed for an extensible set of button types. - - - - - Renders the leading attributes for the LI tag. - - The writer. - - - - Renders the content of the button. - - The writer. - The containing selector control. - - - - A button that appears in the control that - provides one-click access to a popular OpenID Provider. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The OP Identifier. - The image to display on the button. - providerIdentifier != null - providerIdentifier == null - !string.IsNullOrEmpty(imageUrl) - string.IsNullOrEmpty(imageUrl) - - - - Ensures that this button has been initialized to a valid state. - - !string.IsNullOrEmpty(this.Image) - this.OPIdentifier != null - - - - Renders the leading attributes for the LI tag. - - The writer. - writer != null - writer == null - - - - Renders the content of the button. - - The writer. - The containing selector control. - writer != null - writer == null - selector != null - selector == null - - - - Gets or sets the path to the image to display on the button's surface. - - The virtual path to the image. - - - - Gets or sets the OP Identifier represented by the button. - - - The OP identifier, which may be provided in the easiest "user-supplied identifier" form, - but for security should be provided with a leading https:// if possible. - For example: "yahoo.com" or "https://me.yahoo.com/". - - - - - Gets or sets a value indicating whether this Provider doesn't handle - checkid_immediate messages correctly and background authentication - should not be attempted. - - - - - A button that appears in the control that - allows the user to type in a user-supplied identifier. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The image to display on the button. - !string.IsNullOrEmpty(imageUrl) - string.IsNullOrEmpty(imageUrl) - - - - Ensures that this button has been initialized to a valid state. - - !string.IsNullOrEmpty(this.Image) - - - - Renders the leading attributes for the LI tag. - - The writer. - writer != null - writer == null - - - - Renders the content of the button. - - The writer. - The containing selector control. - writer != null - writer == null - selector != null - selector == null - - - - Gets or sets the path to the image to display on the button's surface. - - The virtual path to the image. - - - - The locations the YADIS protocol describes can contain a reference - to an XRDS document. - - - - - The XRDS document should not be advertised anywhere. - - - When the XRDS document is not referenced from anywhere, - the XRDS content is only available when - is true - and the discovering client includes an - "Accept: application/xrds+xml" HTTP header. - - - - - Indicates XRDS document referencing from an HTTP protocol header (outside the HTML). - - - - - Indicates XRDS document referencing from within an HTML page's <HEAD> tag. - - - - - Indicates XRDS document referencing in both HTTP headers and HTML HEAD tags. - - - - - An ASP.NET control that advertises an XRDS document and even responds to specially - crafted requests to retrieve it. - - - - - The view state key to ues for storing the value of the property. - - - - - The default value for the property. - - - - - The view state key to ues for storing the value of the property. - - - - - The default value for the property. - - - - - The view state key to ues for storing the value of the property. - - - - - The default value for the property. - - - - - The view state key to ues for storing the value of the property. - - - - - Initializes a new instance of the class. - - - - - Detects YADIS requests for the XRDS document and responds immediately - if is true. - - The object that contains the event data. - e != null - - - - Renders the HTTP Header and/or HTML HEAD tags. - - The object that receives the server control content. - writer != null - - - - Gets or sets the location of the XRDS document. - - - - - Gets or sets where the XRDS document URL is advertised in the web response. - - - - - Gets or sets a value indicating whether a specially crafted YADIS - search for an XRDS document is immediately answered by this control. - - - - - Gets or sets a value indicating whether the XRDS document is advertised. - - - - - Arguments for the event. - - this.TokenXml != null - this.DecryptingTokens != null - - - - Initializes a new instance of the class. - - The raw token XML, prior to any decryption. - tokenXml != null - tokenXml == null - - - - Adds a security token that may be used to decrypt the incoming token. - - The security token. - securityToken != null - securityToken == null - - - - Adds an X.509 certificate with a private key that may be used to decrypt the incoming token. - - The certificate. - certificate != null - certificate == null - certificate.HasPrivateKey - !(certificate.HasPrivateKey) - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets a value indicating whether the token is encrypted. - - - true if the token is encrypted; otherwise, false. - - - - - Gets the raw token XML, prior to any decryption. - - - - - Gets or sets a value indicating whether processing - this token should be canceled. - - - true if cancel; otherwise, false. - - If set the true, the - event will never be fired. - - - - - Gets a list where security tokens such as X.509 certificates may be - added to be used for token decryption. - - - - - Arguments for the event. - - this.TokenXml != null - this.Exception != null - - - - Initializes a new instance of the class. - - The token XML. - The exception. - tokenXml != null - tokenXml == null - exception != null - exception == null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the raw token XML. - - - - - Gets the exception that was generated while processing the token. - - - - - The style to use for NOT displaying a hidden region. - - - - - A hidden region should be invisible while still occupying space in the page layout. - - - - - A hidden region should collapse so that it does not occupy space in the page layout. - - - - - An Information Card selector ASP.NET control. - - - - - The resource name for getting at the SupportingScript.js embedded manifest stream. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - The default value for the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The "Behavior" property category. - - - - - The "Appearance" property category. - - - - - The "InfoCard" property category. - - - - - The panel containing the controls to display if InfoCard is supported in the user agent. - - - - - The panel containing the controls to display if InfoCard is NOT supported in the user agent. - - - - - Recalls whether the property has been set yet, - so its default can be set as soon as possible without overwriting - an intentional value. - - - - - Initializes a new instance of the class. - - - - - When implemented by a class, enables a server control to process an event raised when a form is posted to the server. - - A that represents an optional event argument to be passed to the event handler. - - - - When implemented by a class, enables a server control to process an event raised when a form is posted to the server. - - A that represents an optional event argument to be passed to the event handler. - - - - Fires the event. - - The token XML, prior to any processing. - The event arguments sent to the event handlers. - tokenXml != null - tokenXml == null - - - - Fires the event. - - The token, if it was decrypted. - token != null - token == null - - - - Fires the event. - - The unprocessed token. - The exception generated while processing the token. - unprocessedToken != null - unprocessedToken == null - ex != null - ex == null - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Called by the ASP.NET page framework to notify server controls that use composition-based implementation to create any child controls they contain in preparation for posting back or rendering. - - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Creates a control that renders to <Param Name="{0}" Value="{1}" /> - - The parameter name. - The parameter value. - The control that renders to the Param tag. - Contract.Result<string>() != null - - - - Creates the panel whose contents are displayed to the user - on a user agent that has an Information Card selector. - - The Panel control - - Contract.Result<Panel>() != null - - - - Gets the InfoCard selector activation script. - - Whether a postback should always immediately follow the selector, even if is false. - The javascript to inject into the surrounding context. - - - - Creates the panel whose contents are displayed to the user - on a user agent that does not have an Information Card selector. - - The Panel control. - - Contract.Result<Panel>() != null - - - - Adds the javascript that adds the info card selector <object> HTML tag to the page. - - - - - - Creates the info card clickable image. - - An Image object. - - - - - Compiles lists of requested/required claims that should accompany - any submitted Information Card. - - A space-delimited list of claim type URIs for claims that must be included in a submitted Information Card. - A space-delimited list of claim type URIs for claims that may optionally be included in a submitted Information Card. - - this.ClaimsRequested != null - this.ClaimsRequested == null - Contract.ValueAtReturn<string>(out required) != null - Contract.ValueAtReturn<string>(out optional) != null - - - - Adds Javascript snippets to the page to help the Information Card selector do its work, - or to downgrade gracefully if the user agent lacks an Information Card selector. - - this.infoCardSupportedPanel != null - this.infoCardSupportedPanel == null - - - - Occurs when an InfoCard has been submitted but not decoded yet. - - - - - Occurs when an InfoCard has been submitted and decoded. - - - - - Occurs when an InfoCard token is submitted but an error occurs in processing. - - - - - Gets the set of claims that are requested from the Information Card. - - - Contract.Result<Collection<ClaimType>>() != null - - - - - Gets or sets the issuer URI. - - - - - Gets or sets the issuer policy URI. - - - - - Gets or sets the URL to this site's privacy policy. - - - - - Gets or sets the version of the privacy policy file. - - - - - Gets or sets the URI that must be found for the SAML token's intended audience - in order for the token to be processed. - - Typically the URI of the page hosting the control, or null to disable audience verification. - - Disabling audience verification introduces a security risk - because tokens can be redirected to allow access to unintended resources. - - - - - Gets or sets a value indicating whether a postback will automatically - be invoked when the user selects an Information Card. - - - - - Gets or sets the size of the standard InfoCard image to display. - - The default size is 114x80. - - - - Gets or sets the template to display when the user agent lacks - an Information Card selector. - - - - - Gets or sets a value indicating whether a hidden region (either - the unsupported or supported InfoCard HTML) - collapses or merely becomes invisible when it is not to be displayed. - - - - - Gets or sets a value indicating whether the identity selector will be triggered at page load. - - - - - Gets the name of the hidden field that is used to transport the token back to the server. - - - - - Gets the id of the OBJECT tag that creates the InfoCard Selector. - - - - - Gets the XML token, which will be encrypted if it was received over SSL. - - - - - Gets or sets the type of token the page is prepared to receive. - - - - - Arguments for the event. - - this.Token != null - - - - Initializes a new instance of the class. - - The token. - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the processed token. - - - - - Methods that generate HTML or Javascript for hosting AJAX OpenID "controls" on - ASP.NET MVC web sites. - - - - - Emits a series of stylesheet import tags to support the AJAX OpenID Selector. - - The on the view. - HTML that should be sent directly to the browser. - html != null - html == null - Contract.Result<string>() != null - - - - Emits a series of script import tags and some inline script to support the AJAX OpenID Selector. - - The on the view. - HTML that should be sent directly to the browser. - - - - Emits a series of script import tags and some inline script to support the AJAX OpenID Selector. - - The on the view. - An optional instance of an control, whose properties have been customized to express how this MVC control should be rendered. - An optional set of additional script customizations. - - HTML that should be sent directly to the browser. - - html != null - html == null - Contract.Result<string>() != null - - - - Emits the HTML to render an OpenID Provider button as a part of the overall OpenID Selector UI. - - The on the view. - The OP Identifier. - The URL of the image to display on the button. - - HTML that should be sent directly to the browser. - - html != null - html == null - providerIdentifier != null - providerIdentifier == null - !string.IsNullOrEmpty(imageUrl) - string.IsNullOrEmpty(imageUrl) - Contract.Result<string>() != null - - - - Emits the HTML to render a generic OpenID button as a part of the overall OpenID Selector UI, - allowing the user to enter their own OpenID. - - The on the view. - The URL of the image to display on the button. - - HTML that should be sent directly to the browser. - - html != null - html == null - !string.IsNullOrEmpty(imageUrl) - string.IsNullOrEmpty(imageUrl) - Contract.Result<string>() != null - - - - Emits the HTML to render the entire OpenID Selector UI. - - The on the view. - The buttons to include on the selector. - - HTML that should be sent directly to the browser. - - html != null - html == null - buttons != null - buttons == null - Contract.Result<string>() != null - - - - Emits the HTML to render the control as a part of the overall - OpenID Selector UI. - - The on the view. - - HTML that should be sent directly to the browser. - - - - - Emits the HTML to render a button as a part of the overall OpenID Selector UI. - - The on the view. - The value to assign to the HTML id attribute. - The value to assign to the HTML class attribute. - The URL of the image to draw on the button. - - HTML that should be sent directly to the browser. - - html != null - html == null - id != null - id == null - !string.IsNullOrEmpty(imageUrl) - string.IsNullOrEmpty(imageUrl) - Contract.Result<string>() != null - - - - Emits <script> tags that import a given set of scripts given their URLs. - - The writer to emit the tags to. - The locations of the scripts to import. - writer != null - writer == null - scriptUrls != null - scriptUrls == null - - - - Writes out script tags that import a script from resources embedded in this assembly. - - The writer to emit the tags to. - Name of the resource. - writer != null - writer == null - !string.IsNullOrEmpty(resourceName) - string.IsNullOrEmpty(resourceName) - - - - Writes out script tags that import scripts from resources embedded in this assembly. - - The writer to emit the tags to. - The resource names. - writer != null - writer == null - resourceNames != null - resourceNames == null - - - - Writes a given script block, surrounding it with <script> and CDATA tags. - - The writer to emit the tags to. - The script to inline on the page. - writer != null - writer == null - !string.IsNullOrEmpty(script) - string.IsNullOrEmpty(script) - - - - Writes a given CSS link. - - The writer to emit the tags to. - Name of the resource containing the CSS content. - writer != null - writer == null - !string.IsNullOrEmpty(resourceName) - string.IsNullOrEmpty(resourceName) - - - - Writes a given CSS link. - - The writer to emit the tags to. - The stylesheet to link in. - writer != null - writer == null - !string.IsNullOrEmpty(stylesheet) - string.IsNullOrEmpty(stylesheet) - - - - An ASP.NET control that manages the OpenID identity advertising tags - of a user's Identity Page that allow a relying party web site to discover - how to authenticate a user. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The default value for the property. - - - - - Initializes a new instance of the class. - - - - - Checks the incoming request and invokes a browser redirect if the URL has not been normalized. - - - - - - Checks the incoming request and invokes a browser redirect if the URL has not been normalized. - - The object that contains the event data. - e != null - - - - Renders OpenID identity tags. - - The object that receives the server control content. - writer != null - - - - Normalizes the URL by making the path and query lowercase, and trimming trailing slashes. - - The URI to normalize. - The normalized URI. - - - - Fired at each page request so the host web site can return the normalized - version of the request URI. - - - - - Gets or sets the OpenID version supported by the provider. - If multiple versions are supported, this should be set to the latest - version that this library and the Provider both support. - - - - - Gets or sets the Provider URL that processes OpenID requests. - - - - - Gets or sets the Identifier that is controlled by the Provider. - - - - - Gets or sets a value indicating whether every incoming request - will be checked for normalized form and redirected if it is not. - - - If set to true (and it should be), you should also handle the - event and apply your own policy for normalizing the URI. - If multiple controls are on a single page (to support - multiple versions of OpenID for example) then only one of them should have this - property set to true. - - - - - Gets the protocol to use for advertising OpenID on the identity page. - - - - - The event arguments passed to the event handler. - - - - - Initializes a new instance of the class. - - The user supplied identifier. - - - - Gets or sets the portion of the incoming page request URI that is relevant to normalization. - - - This identifier should be used to look up the user whose identity page is being queried. - It MAY be set in case some clever web server URL rewriting is taking place that ASP.NET - does not know about but your site does. If this is the case this property should be set - to whatever the original request URL was. - - - - - Gets or sets the normalized form of the user's identifier, according to the host site's policy. - - - This should be set to some constant value for an individual user. - For example, if indicates that identity page - for "BOB" is being called up, then the following things should be considered: - - Normalize the capitalization of the URL: for example, change http://provider/BOB to - http://provider/bob. - Switch to HTTPS is it is offered: change http://provider/bob to https://provider/bob. - Strip off the query string if it is not part of the canonical identity: - https://provider/bob?timeofday=now becomes https://provider/bob - Ensure that any trailing slash is either present or absent consistently. For example, - change https://provider/bob/ to https://provider/bob. - - When this property is set, the control compares it to - the request that actually came in, and redirects the browser to use the normalized identifier - if necessary. - Using the normalized identifier in the request is very important as it - helps the user maintain a consistent identity across sites and across site visits to an individual site. - For example, without normalizing the URL, Bob might sign into a relying party site as - http://provider/bob one day and https://provider/bob the next day, and the relying party - site should interpret Bob as two different people because the URLs are different. - By normalizing the URL at the Provider's identity page for Bob, whichever URL Bob types in - from day-to-day gets redirected to a normalized form, so Bob is seen as the same person - all the time, which is of course what Bob wants. - - - - - - A button that appears in the control that - activates the Information Card selector on the browser, if one is available. - - - - - The backing field for the property. - - - - - Initializes a new instance of the class. - - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Ensures that this button has been initialized to a valid state. - - - - - Renders the leading attributes for the LI tag. - - The writer. - writer != null - writer == null - - - - Renders the content of the button. - - The writer. - The containing selector control. - writer != null - writer == null - selector != null - selector == null - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets or sets the InfoCard selector which may be displayed alongside the OP buttons. - - - value != null - - value == null - - - - An ASP.NET control for mobile devices that provides a minimal text box that is OpenID-aware. - - - - - The name of the manifest stream containing the - OpenID logo that is placed inside the text box. - - - - - Default value of . - - - - - The "Appearance" category for properties. - - - - - The "Simple Registration" category for properties. - - - - - The "Behavior" category for properties. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The callback parameter for use with persisting the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - - - - Immediately redirects to the OpenID Provider to verify the Identifier - provided in the text box. - - - - - Constructs the authentication request and returns it. - - The instantiated authentication request. - - This method need not be called before calling the method, - but is offered in the event that adding extensions to the request is desired. - The Simple Registration extension arguments are added to the request - before returning if is set to true. - - this.Request == null - this.Request != null - !string.IsNullOrEmpty(this.Text) - string.IsNullOrEmpty(this.Text) - - - - Checks for incoming OpenID authentication responses and fires appropriate events. - - The object that contains the event data. - e != null - - - - Fires the event. - - The response. - response != null - response == null - - - - Fires the event. - - The response. - response != null - response == null - - - - Fires the event. - - The response. - response != null - response == null - - - - Fires the event. - - The response. - response != null - response == null - - - - Adds extensions to a given authentication request to ask the Provider - for user profile data. - - The authentication request to add the extensions to. - request != null - request == null - - - - Creates the relying party instance used to generate authentication requests. - - The instantiated relying party. - - - - Fired upon completion of a successful login. - - - - - Fired when a login attempt fails. - - - - - Fired when an authentication attempt is canceled at the OpenID Provider. - - - - - Fired when an Immediate authentication attempt fails, and the Provider suggests using non-Immediate mode. - - - - - Gets or sets the OpenID of the relying party web site. - - - - - Gets or sets the OpenID ReturnTo of the relying party web site. - - - - - Gets or sets a value indicating whether to use immediate mode in the - OpenID protocol. - - - True if a Provider should reply immediately to the authentication request - without interacting with the user. False if the Provider can take time - to authenticate the user in order to complete an authentication attempt. - - - Setting this to true is sometimes useful in AJAX scenarios. Setting this to - true can cause failed authentications when the user truly controls an - Identifier, but must complete an authentication step with the Provider before - the Provider will approve the login from this relying party. - - - - - Gets or sets a value indicating whether stateless mode is used. - - - - - Gets or sets a value indicating whether to send a persistent cookie upon successful - login so the user does not have to log in upon returning to this site. - - - - - Gets or sets your level of interest in receiving the user's nickname from the Provider. - - - - - Gets or sets your level of interest in receiving the user's email address from the Provider. - - - - - Gets or sets your level of interest in receiving the user's full name from the Provider. - - - - - Gets or sets your level of interest in receiving the user's birthdate from the Provider. - - - - - Gets or sets your level of interest in receiving the user's gender from the Provider. - - - - - Gets or sets your level of interest in receiving the user's postal code from the Provider. - - - - - Gets or sets your level of interest in receiving the user's country from the Provider. - - - - - Gets or sets your level of interest in receiving the user's preferred language from the Provider. - - - - - Gets or sets your level of interest in receiving the user's time zone from the Provider. - - - - - Gets or sets the URL to your privacy policy page that describes how - claims will be used and/or shared. - - - - - Gets or sets a value indicating whether to use OpenID extensions - to retrieve profile data of the authenticating user. - - - - - Gets or sets a value indicating whether to enforce on high security mode, - which requires the full authentication pipeline to be protected by SSL. - - - - - Gets or sets the type of the custom application store to use, or null to use the default. - - - If set, this property must be set in each Page Load event - as it is not persisted across postbacks. - - - - - Gets or sets the instance to use. - - The default value is an instance initialized according to the web.config file. - - A performance optimization would be to store off the - instance as a static member in your web site and set it - to this property in your Page.Load - event since instantiating these instances can be expensive on - heavily trafficked web pages. - - - - - Gets or sets the OpenID authentication request that is about to be sent. - - - - - An ASP.NET control that provides a minimal text box that is OpenID-aware and uses AJAX for - a premium login experience. - - - - - A common base class for OpenID Relying Party controls. - - - - - The manifest resource name of the javascript file to include on the hosting page. - - - - - The "dnoa.op_endpoint" string. - - - - - The "dnoa.claimed_id" string. - - - - - The name of the javascript field that stores the maximum time a positive assertion is - good for before it must be refreshed. - - - - - The name of the javascript function that will initiate an asynchronous callback. - - - - - The name of the javascript function that will initiate a synchronous callback. - - - - - The viewstate key to use for storing the value of a successful authentication. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - Default value of the property. - - - - - Default value of property.. - - - - - The authentication response that just came in. - - - - - Stores the result of an AJAX discovery request while it is waiting - to be picked up by ASP.NET on the way down to the user agent. - - - - - Initializes a new instance of the class. - - - - - Allows an OpenID extension to read data out of an unverified positive authentication assertion - and send it down to the client browser so that Javascript running on the page can perform - some preprocessing on the extension data. - - The extension response type that will read data from the assertion. - The property name on the openid_identifier input box object that will be used to store the extension data. For example: sreg - - This method should be called from the event handler. - - !string.IsNullOrEmpty(propertyName) - string.IsNullOrEmpty(propertyName) - - - - Returns the result of discovery on some Identifier passed to . - - The result of the callback. - A whitespace delimited list of URLs that can be used to initiate authentication. - - - - Performs discovery on some OpenID Identifier. Called directly from the user agent via - AJAX callback mechanisms. - - The identifier to perform discovery on. - - - - Returns the results of a callback event that targets a control. - - The result of the callback. - - - - Processes a callback event that targets a control. - - A string that represents an event argument to pass to the event handler. - - - - Creates the relying party instance used to generate authentication requests. - - The store to pass to the relying party constructor. - The instantiated relying party. - - - - Pre-discovers an identifier and makes the results available to the - user agent for javascript as soon as the page loads. - - The identifier. - - - - Pre-discovers a given set of identifiers and makes the results available to the - user agent for javascript as soon as the page loads. - - The identifiers to perform discovery on. - - - - Fires the event. - - - - - Raises the event. - - The instance containing the event data. - e != null - - - - Called when the property is changed. - - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Sends server control content to a provided object, which writes the content to be rendered on the client. - - The object that receives the server control content. - writer != null - - - - Notifies the user agent via an AJAX response of a completed authentication attempt. - - - - - Constructs a function that will initiate an AJAX callback. - - if set to true causes the AJAX callback to be a little more asynchronous. Note that false does not mean the call is absolutely synchronous. - The string defining a javascript anonymous function that initiates a callback. - - - - Sets the window.aspnetapppath variable on the user agent so that cookies can be set with the proper path. - - - - - Fired when a Provider sends back a positive assertion to this control, - but the authentication has not yet been verified. - - - No security critical decisions should be made within event handlers - for this event as the authenticity of the assertion has not been - verified yet. All security related code should go in the event handler - for the event. - - - - - Gets or sets a value indicating when to use a popup window to complete the login experience. - - The default value is . - - - - Gets or sets the way a completed login is communicated to the rest of the web site. - - - - - Gets or sets the instance to use. - - - The default value is an instance initialized according to the web.config file. - - - A performance optimization would be to store off the - instance as a static member in your web site and set it - to this property in your Page.Load - event since instantiating these instances can be expensive on - heavily trafficked web pages. - - - - - Gets the completed authentication response. - - - - - Gets the relying party as its AJAX type. - - - - - Gets the name of the open id auth data form key (for the value as stored at the user agent as a FORM field). - - Usually a concatenation of the control's name and "_openidAuthData". - - - - Gets or sets a value indicating whether an authentication in the page's view state - has already been processed and appropriate events fired. - - - - - The name of the manifest stream containing the OpenIdAjaxTextBox.js file. - - - - - The name of the manifest stream containing the OpenIdAjaxTextBox.css file. - - - - - The name of the manifest stream containing the spinner.gif file. - - - - - The name of the manifest stream containing the login_success.png file. - - - - - The name of the manifest stream containing the login_failure.png file. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - Default value for property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The path where the YUI control library should be downloaded from for HTTP pages. - - - - - The path where the YUI control library should be downloaded from for HTTPS pages. - - - - - Initializes a new instance of the class. - - - - - When implemented by a class, processes postback data for an ASP.NET server control. - - The key identifier for the control. - The collection of all incoming name values. - - true if the server control's state changes as a result of the postback; otherwise, false. - - - - - When implemented by a class, signals the server control to notify the ASP.NET application that the state of the control has changed. - - - - - Raises the event. - - The instance containing the event data. - e != null - - - - Called when the property is changed. - - - - - Prepares to render the control. - - An object that contains the event data. - e != null - - - - Renders the control. - - The object that receives the control content. - writer != null - - - - When implemented by a class, processes postback data for an ASP.NET server control. - - The key identifier for the control. - The collection of all incoming name values. - - true if the server control's state changes as a result of the postback; otherwise, false. - - - - - When implemented by a class, signals the server control to notify the ASP.NET application that the state of the control has changed. - - - - - Called on a postback when the Text property has changed. - - - - - Assembles the javascript to send to the client and registers it with ASP.NET for transmission. - - - - - Fired when the content of the text changes between posts to the server. - - - - - Gets or sets the client-side script that executes when an authentication - assertion is received (but before it is verified). - - - In the context of the executing javascript set in this property, the - local variable sender is set to the openid_identifier input box - that is executing this code. - This variable has a getClaimedIdentifier() method that may be used to - identify the user who is being authenticated. - It is very important to note that when this code executes, - the authentication has not been verified and may have been spoofed. - No security-sensitive operations should take place in this javascript code. - The authentication is verified on the server by the time the - server-side event fires. - - - - - Gets or sets the value in the text field, completely unprocessed or normalized. - - - - - Gets or sets a value indicating whether a postback is made to fire the - event as soon as authentication has completed - successfully. - - - true if a postback should be made automatically upon authentication; - otherwise, false to delay the - event from firing at the server until a postback is made by some other control. - - - - - Gets or sets the width of the text box in characters. - - - value >= 0 - - value < 0 - - - - Gets or sets the CSS class assigned to the text box. - - - - - Gets or sets the tab index of the text box control. Use 0 to omit an explicit tabindex. - - - - - Gets or sets a value indicating whether this is enabled - in the browser for editing and will respond to incoming OpenID messages. - - - true if enabled; otherwise, false. - - - - Gets or sets the HTML name to assign to the text field. - - - !String.IsNullOrEmpty(value) - - String.IsNullOrEmpty(value) - - - - Gets or sets the time duration for the AJAX control to wait for an OP to respond before reporting failure to the user. - - - value.TotalMilliseconds > 0 - - value.TotalMilliseconds <= 0 - - - - Gets or sets the maximum number of OpenID Providers to simultaneously try to authenticate with. - - - value > 0 - - value <= 0 - - - - Gets or sets the text that appears on the LOG IN button in cases where immediate (invisible) authentication fails. - - - !String.IsNullOrEmpty(value) - - String.IsNullOrEmpty(value) - - - - Gets or sets the rool tip text that appears on the LOG IN button in cases where immediate (invisible) authentication fails. - - - - - Gets or sets the rool tip text that appears on the LOG IN button when clicking the button will result in an immediate postback. - - - - - Gets or sets the text that appears on the RETRY button in cases where authentication times out. - - - !String.IsNullOrEmpty(value) - - String.IsNullOrEmpty(value) - - - - Gets or sets the tool tip text that appears on the RETRY button in cases where authentication times out. - - - - - Gets or sets the tool tip text that appears when authentication succeeds. - - - - - Gets or sets the tool tip text that appears on the green checkmark when authentication succeeds. - - - - - Gets or sets the tool tip text that appears when authentication fails. - - - - - Gets or sets the tool tip text that appears over the text box when it is discovering and authenticating. - - - - - Gets or sets the message that is displayed if a postback is about to occur before the identifier has been supplied. - - - - - Gets or sets the message that is displayed if a postback is attempted while login is in process. - - - - - Gets or sets a value indicating whether the Yahoo! User Interface Library (YUI) - will be downloaded in order to provide a login split button. - - - true to use a split button; otherwise, false to use a standard HTML button - or a split button by downloading the YUI library yourself on the hosting web page. - - - The split button brings in about 180KB of YUI javascript dependencies. - - - - - Gets or sets a value indicating whether the "Log in" button will be shown - to initiate a postback containing the positive assertion. - - - - - Gets or sets a value indicating whether the ajax text box should hook the form's submit event for special behavior. - - - - - Gets the name of the open id auth data form key. - - - A concatenation of and "_openidAuthData". - - - - - Gets the default value for the property. - - 8 seconds; or eternity if the debugger is attached. - - - - An ASP.NET control that provides a user-friendly way of logging into a web site using OpenID. - - - - - The name of the manifest stream containing the OpenIdButtonPanel.js file. - - - - - The name of the manifest stream containing the OpenIdButtonPanel.css file. - - - - - The substring to append to the end of the id or name of this control to form the - unique name of the hidden field that will carry the positive assertion on postback. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The default value for the property. - - - - - The OpenIdAjaxTextBox that remains hidden until the user clicks the OpenID button. - - - - - The hidden field that will transmit the positive assertion to the RP. - - - - - Initializes a new instance of the class. - - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Called by the ASP.NET page framework to notify server controls that use composition-based implementation to create any child controls they contain in preparation for posting back or rendering. - - - - - Ensures that the child controls have been built, but doesn't set control - properties that require executing in order to avoid - certain initialization order problems. - - - We don't just call EnsureChildControls() and then set the property on - this.textBox itself because (apparently) setting this property in the ASPX - page and thus calling this EnsureID() via EnsureChildControls() this early - results in no ID. - - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Sends server control content to a provided object, which writes the content to be rendered on the client. - - The object that receives the server control content. - writer != null - - - - Fires the event. - - The token, if it was decrypted. - e != null - - - - Raises the event. - - The instance containing the event data. - e != null - - - - Handles the ReceivedToken event of the infoCardSelector control. - - The source of the event. - The instance containing the event data. - - - - Handles the TokenProcessingError event of the infoCardSelector control. - - The source of the event. - The instance containing the event data. - - - - Ensures the collection has a valid set of buttons. - - - - - Occurs when an InfoCard has been submitted and decoded. - - - - - Occurs when [token processing error]. - - - - - Gets the text box where applicable. - - - - - Gets or sets the maximum number of OpenID Providers to simultaneously try to authenticate with. - - - - - Gets or sets the time duration for the AJAX control to wait for an OP to respond before reporting failure to the user. - - - - - Gets or sets the tool tip text that appears on the green checkmark when authentication succeeds. - - - - - Gets or sets a value indicating whether the Yahoo! User Interface Library (YUI) - will be downloaded in order to provide a login split button. - - - true to use a split button; otherwise, false to use a standard HTML button - or a split button by downloading the YUI library yourself on the hosting web page. - - - The split button brings in about 180KB of YUI javascript dependencies. - - - - - Gets the collection of buttons this selector should render to the browser. - - - - - Gets a object that represents the child controls for a specified server control in the UI hierarchy. - - - The collection of child controls for the specified server control. - - - Contract.Result<ControlCollection>() != null - - - - - Gets the name of the open id auth data form key (for the value as stored at the user agent as a FORM field). - - - Usually a concatenation of the control's name and "_openidAuthData". - - - - - Gets a value indicating whether some button in the selector will want - to display the control. - - - - - An ASP.NET control that renders a button that initiates an - authentication when clicked. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The key under which the value for the property will be stored. - - - - - The key under which the value for the property will be stored. - - - - - The key under which the value for the property will be stored. - - - - - Initializes a new instance of the class. - - - - - When implemented by a class, enables a server control to process an event raised when a form is posted to the server. - - A that represents an optional event argument to be passed to the event handler. - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Sends server control content to a provided object, which writes the content to be rendered on the client. - - The object that receives the server control content. - writer != null - - - - Gets or sets the text to display for the link. - - - - - Gets or sets the image to display. - - - - - Gets or sets a value indicating whether to pre-discover the identifier so - the user agent has an immediate redirect. - - - - - Gets or sets a value indicating when to use a popup window to complete the login experience. - - The default value is . - - - - Methods of indicating to the rest of the web site that the user has logged in. - - - - - The rest of the web site is unaware that the user just completed an OpenID login. - - - - - After the event is fired - the control automatically calls - with the as the username - unless the event handler sets - property to true. - - - - - How an OpenID user session should be persisted across visits. - - - - - The user should only be logged in as long as the browser window remains open. - Nothing is persisted to help the user on a return visit. Public kiosk mode. - - - - - The user should only be logged in as long as the browser window remains open. - The OpenID Identifier is persisted to help expedite re-authentication when - the user visits the next time. - - - - - The user is issued a persistent authentication ticket so that no login is - necessary on their return visit. - - - - Contract.Result<string>() != null - - - Contract.Result<WebHeaderCollection>() != null - - - Contract.Result<IDictionary<string, string>>() != null - - - !String.IsNullOrEmpty(Contract.Result<string>()) - - - Contract.Result<IEnumerable<string>>() != null - - - !string.IsNullOrEmpty(this.Prefix) - - - Contract.Result<string>() != null - - - Contract.Result<Uri>() != null - - - Contract.Result<object>() == this.Model[this.CurrentIndex] - - - Contract.Result<Version>() != null - - - Contract.Result<IDictionary<string, string>>() != null - - - Contract.Result<WebHeaderCollection>() != null - - - Contract.Result<WebHeaderCollection>() != null - - - Contract.Result<WebHeaderCollection>() != null - - - Contract.Result<Version>() != null - - - \ No newline at end of file diff --git a/src/SimpleSocialAuth.Core/bin/Debug/Newtonsoft.Json.dll b/src/SimpleSocialAuth.Core/bin/Debug/Newtonsoft.Json.dll deleted file mode 100644 index c07a3b2e4d44dcf2b890fdc3b6e7845d9fdb1fb6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 377856 zcmbTf2Y?($mB&5XJ<~JO8?>{#n%P~2m1Ik9PgqM@W3MG+3yiY?0|q1~Y-0?LZDu44 zTCb4FK_>vl;`{wybgLS3mUpm*o6hE|=%|$3JqpkKpQWi~Sz@XE)J9Qy&}3eW3i+)gS3Q=c}vFd(xGi zRoA!UC$=xWcGcrAz3#er`>M;Hu&TY|x>Z+Rx9TAef7GgLG5FUxoi(++1$h{GQ`m0P$~stAbn(`0m{S z<=XOWq3VCnO@aO{hlIeD*{dj=Jo61h{a-YD>{B5DSrrS@rCI(Tw8j@&z_5i#G zTXg2)acL+w?F>bo13e@`K!hq@4a^ADdBwdx7*IV^go{VAA4UjynNftd%yM0-~9UW zqXswp+i?$=ddDwM*>!gH+B?2>^}V?dK6HBi!rXgKn%VN3(eFR&hR3e-=1`n`eU0bO zo98iJbY(6VdbNmB1VAZSzP{0$lN(<}R5x(70uT252q6aRaErM0TyEL=LhddaNnb8k z@s%VP9j%Pkww*eHB<6s=o=0MQy~1R31;`)6-3R=)JPO}K_(8bYX9IBxKL&U9L_GfX zkZK4Wb3uG9S;g1DRS>t8>saH_l`%oXeuq+wUmz5*6ki9}E5^^0e~zE+?}y_gJWqIJ z>Hei_C`@H(M4JjgRaz?}L}OC7?zm^5GS(~-grV?9E{|$_J%PHv9dUXC4p!>1Rvj$G zH$Z5#+BmaPjh_teXx?E}Ouh+cBYs2~!l=VfIl8qBL$!pVnq#PvH)hJUt%DFUhTa83 zRT!!slp(6g8!aSx6|B%M4;ofza)WC_3KAqI8Hcn(NKfG>MJgsp#SA4%7RFC?NQ26* z2REhj|FmT2#XsFQeSCeyHb)o6buwAdXRiEVC4LVFb& z9q=ORBB;&uj|@aqYdAX47;&)inKG~&4OSVbMmOiFh5p77Y5EzZ9~>EsU@^qmg%iEd zkP@c)7nFafGUQ5zZC*CIB*9toqAN|5F6fjYjf$TR$+V=ymElbCN`g~KafT$l5w9{5 zKZEi(OlfEeFclq7G-5o_h>`eNi;)dr$P)?jgcEohIbGkT8D4Mo>l*4FOurZX3T^A` zhS#0-K8(1R+m*ZQUS}%3+_JvMJh=}o!CWr!qnp5LjyUEC!mHCH&(B9#j6{)=HbI)v z^+As2C(~W=n^$;qA!emD?5&cuxcS2ra9)tSh1XB-qUq)RsvkcS!VbBrGKTA1mI){y zKO0!xVaLzG-?a%Q@)5tbwNBoi6#~Oi$+!Gkqi>}744)_QT+4GJ&z2;7J??uJJwF3qu>S{l_U(8Qdo|gg7^o$UW@U*PsDavG z*(;efGIP4sf@X1$b+C1?Sl-$Xt~K+2rI|0GnJ;n8yja`X9~5QKf+E@_yEB@f94%Bw z15An;o8iW>sGAv^Vx>^qI$Ed{yh>npB|_jq0x7!8i4H&tNMjj(jtqy%aM)#-P{>yb zmMNL2IoBuaEBWVdcMU(=?nld&Ql;GTtBnDxqe?k`E|nD1#4rXj5s6u#wt|QPm=R3v zM7>t88ey|dVbWf=AE{=CEm&6Rf6 z3{(aki2+CAel-u&)!Ij#JK?Qq`}kh&K@+ZhY^-+ZUBcbc;W{1dlEfXCs}9#ZM8K&7 zmt9fH473E9vxlT-3ATha|PPyoZR;izg((&HS_my&Ee; z%)L-CdI67v~1^oEME&~y(e<~T#ROeLz-el(`M9!-i-o(5F?A7Ka zR)#!SKL#+P*n@Y$H^Z5V7ab2Q%Y9N(e_lmR3gOs}Ukc%ozWqzZ{z#w0D284zFFw2* zC3I&nALGU74KiYUAn0I;?p`&wp^PW3xb@!LQX*Rs49erR$-r4_mu$}(nt)mBXr6v* zCki3nUk~r-T(+*N8%}mShKSgT-mAyjHWQa)@*t5fgRjPDn%t_{6){_)hAR={ER|=V zNS~|npom_#JVmc+3f`KYItU|7f*uX1_mp)LSc92kP|E^nK##g4Q5|)R^&3Cz# z>t6d&eQEt#)7tY@6e*L493`L2kPkMy;*DqJQ%>YV>z4;eS4u>uc8{cFC@in3%FIAQK~_0|j&GqE z<~py2$Y7)6FxBxa+jc6ZB=;B|D%57ImBQ4}^kkz|c2wMm^ED)lZxIW}mE+gqGEknX zFzglc7200=ZHJauqB+m@+W#j+Ya?C3i~05`-eCkTd5(5GUjnCRr~ zBy5g(D}x^0AfeWNZLh>?DjDtSO2$-DIY}k|yN9o`ELKU$XB7F+kyJ2K_t9Qurw(YZ z2a(SQoP1Vf<+EM#QAAcg3ftsik$jX#MNJn-b8}ts5jN` z`is2F2ZK>`MNLgN9eCJWgP2Cu5S~d7N{O-Knn;?m1s#`n`_cKsYDND@A<3tJS{&Ap z`?MQmY=3l%PA{ZEwJkRTOf1*HLd&I^wVG+aT@1Zh{GXOub*uO0@lF&D>%(BhZxPn2 z1z0Zjn_U`SEo%yEi`#hB#uZ);v+KryCilsiq8G1)qjjzxY#i7ecjJK2MK#Oxvl{7a z{O>voL}MmZ#)V$)`_N)IR$(lP>BxKed2})FhXK>B3UR28EkjP>p2c$`&*KmA97EhJ z&x0~JbsC%v`Dzi(mELZd3yvqjsj>@Cq~XB`65ve@rJf~;XWU`hcqMP6fO+If7vx2B zctI;aHPGl=>5y#1h{$OBer^XYm75*^j!zF|20jxrTV3czs?!Y*TO$rqHKQ~yc-=wP z&MBZ_{!P?st6yUwS)yWN2-x$1)wX6584rcr>A1+0vFs7>8nRG#B5p9f#%up1RczlX zJ=oLIh~w87kEFLeuzYTO{5WVb0Eec^9|rx!Q}ck9@pwF;i_SIH&}pg;>I~+bI~As$ zfyC23yO1=mB!8_xxcrf!mxEiUD`Bu=+o|-#mW8re{D_70N#h!5chz(bMNH|SW&Wb{ zDPBIugvRjD#;L&`q6h~(ji6Q^uTRiqhJ%D}C%sHxy2h);Onrj-!`!rwzRqvb7ETuI zd~b!7oOW-zKW4hG8RD^$lxBwJ0WgyS%maV{lfy7i-SeyC(HSD@yl2XLj~A`R_1ljW ze@jAo0>ATCDrKI5bl&T{OavUb@31vHDqxP-wjs8p9LFcYeKS zMi=4@14iwceo2TwY=b2}<*S;>TK1X;D^S$h7J81PML+Wb(J;SyBdj{6^ z!ntBS*GI$F-%U5=20n?&dVv?Ie!U1q59omABf zAU#-kGh-E3i7QPeCVJgYSTs#Cj$4mLi4a#Z-b53v!#7f#Ra#9FnHX&x*H)D)XXV zew0h~duCrQSMADxRkYw#nupczgK;0i^GKfk8CP(@@+8eZvws2T%s|s0Z}io|G%(rd zo9L(N9)Ku{R*?f<$ttq6pdzdEQFCgM(fMFXlr*>eV7cX0>*YDC>}{j@@*EuGEBRwu z<+&~RCTEs<5&bR-wlMXi11G{ylg*szMccq`GGIAUf_77_=&`_DhQzqsqAP&8OeUuD zQ$r1;&!$ABU?ov~Ue_hy)JnsToW@J%;OfttGvj5y@jIz)RxsX$1^8FxrXOOj_=Hi4qT*>jY>s>n9a|ly%5tiC7JHoaZPW3~=sh zo}E0;#rJNKbF>p0&eYeSzwXz$3fa+hlzTEG*T6B)6d}48Zqtrc5?M!gOq#&j z8H3P@-%3}RGs5+Y+f10HZR-p88^t8Vvaw|A7%r9Lk3&&f-Rf@-lvp+Y1mT^`J$oNS75aq`SJ3uLK$C zTDpvM8(wvw=$|}-j1!SMSssThmrE{a8G~|H)ZnGjB@$$@6(H2G5f*FHnt_Fld{8~+ z2Sq>FHskqqDXdR@oC^*8`MX#g%GX}Ho{_b`3+>NWU%GL?`2-yYN|FRBpP&;!8(pY; zf=(u5^9PEq>e`e>8-lxmxD7!S&k3is+=OOvF+(nvD1w{sqVdj4`V6*LX6-f>Gz2!8 zh0)RlTYv`v!4}y3&j?26pgv@+b&meldG(P1{R}}r{;V)fU$27W6_jDz*hY|3Pro(T zEm=88f3dm>?A)!z+NvL$yIaC@kprdbs(S@2)mHttxw|Df7dcq2uKKNj<=U!0n!8&9 zWU%ZGYxwh96l8vIid@Yg%md&dDZo5*E>|Y}vgZkq2G&%jZ66_lHX&s13DHxChKr2z9h z*z?CD%y!`Aqut62jI&b=^8h#}1(@eKY1U3K(K9V|5_q;~3{CZm&O_5=<^k}q6kwjN z=s6$b*_dDo+3$J+NIGiM2+do)rQh5Yw+!t2sz#SzMiS9QOo-!u#W$L7T*7wiSMcst z^k5LTm9?^dnCWpp6`nq1X>+JXIVi>d28~9MJ!E;HkF3MiKe6eXXVW+DHhqKm zYe3OSoA-FR4Y_M?cYB_roc9@l-YUwo@@85L+v?S+@a7S6Kb$ zk~bQa{2c-1azv<$YVCIVL&X=y<(<%v3eENoBLKnCVeU{PT`)e* z&%^{j6rvI=TgK1w75uEwkEIS=>fnw5!Y*}@&X?3hr7kLUQK^ecT~z9#Qk&o_PVyB* z4?`|>sZy$u#w1@c(N{{7BrPd@N$E>UZ}P9W3aC&6yG^5SreW;9Tn&JRa823}%wuCF z`t`)#UqNKDpB%l8RLwkn8Vd)m-+DB7t7W5Zd?I*mdpYgd4HWHSgSd5+Hzzu7GZ~#r zHj|acHj|6CncSdL6dTqKT*0uxn-jS`Y6Uh&9E+~kCauf!B$7e;pykRGrMEBMElPG@9NA*d zoxw8?fU8n~c>r9U0?hNNq{~RQ!6gn>T*N7kXs~E1M7qP5z#`RPGTMPlk+b~TI%c<4 zY#mdfh3lAtEL_JF5?O=)U*l73#~HEtK7- z?0&nu=;zylPb(c48$bK{@(<#KC9%LuR{jOyne z53qo%_QJs24i8_8y9PL2Y3_C&rVlwfm)tLT{+s82dH%su1ZN4)19)aNbM`b#2xi$` z!TTn8&%o>3)`v|X!l3;en%-ozk4j+8!B@)*W|bL5!RWX_ar|aM2Npx$D(IiccmeLu z1iiNhb(_;Ph%mlOQD0ab#ULiskSUnGvlnITY0MhTzM=h+(Ae(9 zACt=--y7w!$G2DRg`W0vg2s6XhqgnekwMUSPy({uiI^!%(3nm^X!o-CUV)aiUxIvG z4cU@^`%Q$Sw=%%k$^61qE6JFb2GKkD(V?wACLUBibsKD&VtSV74vMZh8uhIhjsUg4 z0j<#$2Q^BjK%(heIC#1@_Qt-x7S6^&Rs=9DgTl5F#hgv;o zk#V;4XVD?WZv(@NUdnHE{qO9|)bUVS;_^83{=@5y>Q@(0HG6#mG!Epm0JJ1N%Tt5( zsiFGR5_tR4L3sm9eWT9e90jQ=O+9)qO!jB&ZgD1G3mXq`+>dY5;>D4rGRuk1EHZL@ zF`8|5t~e8v$G3)!5^D{N&5rq=>C4~AI?)pI}37*FF!x;78K|Os<&}yMGYY`1cFAk?O2AJ>-v1hyDZ{T0gbxaPHu*FGXnJ@zri~62^*Ja=va6TQv zOZ=DzR!FRiD!a%v-irI-S()M_9*Bo2XmNVt4ney|VAv4=z2{33_DJkp(&siz*|C;+ zt$P5TA*1^#g%te_LafvEqQ9wV?2?QA*5c@IEBdZ9`a6rGzpLoaq|x779Q}Poe>RQ& z!Q$v2Dq0O*dqocY zO~!hj?V&^3ohSXtLFoPTko0~gdS6^buaVOG`9bLYKZm6E3(@=MMf92}yfbGn z{=K5VlBWK{;^;prnhwC_{XdJN8Owy4)3Xol_n4ZhxJGjY2QvN_jAobJw9Uz;<#S80 zp3{;`H>n@#kkJX-=@k4(M~ryW=Fd=IvD+Qn&=v=(s4WuPMt>&mLwO#@^JJb^^3WyP zh>t?&P~}`7X*BA4CayZDS!Q%P{@WJwuh-8fRe}`q7eP!NQpjHgvG$Nc{w9c3NecP9 zAg1IgUUidqXWOOH>orsU`RmT2~<5Ns|oQn867!_FZ z?efGwahS6yraVqty!IEn{gWL6x1$Y7SG2}kmg-M)sUQ6pYM{~DO#|J&oCUaAM6(UF z$oC}rp{cU^>o*9p(VKf35UnW%%t$QY$7otme~}lx7I)#f1?B)@hjCUguVnR|DbDxF zEEB8J{1~ ztdwL&H8YsJj<}CZ-$CGpXZ3A4L>y)MD?@_1+drM=6eB_?C1TF+?A=Jm}{! zG%A?3fXH;Y3%`JZs&V_R&>KsUJilg3(5__XgQ7O+`F2{9Zr&)p%U{JP?CHm$cqa{Y z>jzwQ+2DQ-T~2XD;w}d!wr^_0k@%Fq8WQ?5GJjb><}(f-tJ1}P3}n=Xp^hQxt2ruy zl9`~enT3*8PzGjwD;=&FkqrWh;aR|+3=v@LS{H2N?<1+tL2NK7W%I^DItdxZs6@M9 z_hYfBWUQd`;S3$+Dq9Gc*e-c7F5?1t1K^}MF9Rwg1jiEyt*Rc$8Z0ZXlFLMk@?PZpzpMe<+6Ecu67X2^I5lCc0f+U zZ6fZ8Sh196r$d~N(rPOj)2+i&ezj*$Gp9Y zwqAThpO)SB^Nk=MaX29)!31n@s(*Dp`jp~oe)~%)wY)pq_AL<_!!!tWd`5G^DY)rx zY)Mj=XO?D`Sq4h>20?#gwcj47bQx1(TYJb54KhU?4Qe+dt3Kw5#XHJTzX}%YQ#svk z2Ws6c96V=5C!%c0@?i|&CbzUT$*G>c3B1SSiPb@^O{CjIRO5b17yF zi88K*nRQOOlha>jB;oHeU)$C_M3eSutjTPd`5lS*WEFX*XIzD|Nf zY$X*v6i*3ep|O<$o9w;`+F&96CGxJ#)R15etmX-cXV*9(`bv}S1b&mPJU!VK`~*23 zDj?v3+h%(m0xmcKv)hA!gRFp)YS{E}x~X1Gu*?BsF-4>_(hv78;<>pee9+Z}hgyH+ zp0r-_ISQ&5Zj$xc$(c!~<+fnhnS|9;?2VvFO?G<0W91QX(ytJ1cQwOh#BNIRbj6&tw;`0=lT$Ut5e<19eqbj9JB9h*8^o z1!C#WTb~S@ODG?26S5H+62gk8_q5YiM0L_xHT& z#}g!eGyXY2+L_ z`Igd{(H_eC4jKojjPuq{+b2BZ1%WBMkoRNL*1*(^{^nuiqd$LNms#UXR_5q5wLzL@ zi`0)B#V!^m@esC1YlClwKD|19N#6BLtkct_j5T<@SzhbH&=?sczx`JVWhRCWZ$_~; z@N0XcDY!Tmt)nm^z)tj0coUR?6eYoE9_8rkCBu;tePh`#8ERt;+LrTA$+CeJ|ERKd zmg*N?bOPDB_H-iyG3r&!Z#t~CZigLIKbN8SSmvsB`oe5p``K9$+)z_N~b|t!^RPg)<9|5^mvIr zSmRwWuJ_uTU^F~sCo9wXc9v;tQ`bQYCMunl(R!q#HCX0cwU}4GzL|$L@9AS3$7V%+ zFgYYS4+OLPW^clr@24pxGZ-<;L<4Wcu*I zq_LD+MMG}%mtCT6|IE3yeDqa@XV!=KLX?^a(V9sHv6Mx0ZNTa5-SCASO2&Yg)CuH@ zDXIi5G~z1NUoz0k4iI@QbiLRuRb%d92?t9xb4T-IqlK|iRNVT2#-$ngYB}EcU*`7X z61`i8B9~2(M+=QQDB?UpVfbitKtXO&c8-feoW4EH!tpyf{i@=)4HLEC&soPiIId6$ z_>F#mcwGDRq!+mdQdTC0Hs19i=El41qibBfGKl^{OtTuq8!6VlZ`uWG@_xCy8o=-Z>F~>qL zFVh^>qKARh90=Nf7LQmgrkXBlyc_lR#ZgSR(`1Y}l4L7;w{K^KA6uP4E%@K}}6^`v`J71zvjd+q_nZ+0|_~RX>}-=3I_RC*s}| z_9&9jRBNV0^{c*E<8`Zz=TjjArQ(PmKM>S)<+UwuU2%|?d4M<1Dc5ek3(^vDb*gzA z18FW~33ojU4qKJ6{lP_Gb?809-2xdrD$s#NRDEMK-(C+x7{3RDF^D1hq|=eSElNK` zWjN&A*zCyR=EhUynd49}m7_oD8co4RyqI$g;kwe=*1)=qr5p%Kwdf(lB%SJt8Oq+R zEpDBXoc;E3aGuQWWwRIet-M!$s%TIbniF9&v|r7N=QEIlKaz`2BX-l@h-SCdLD!BJ zIg5Wf@P$~-5{CEgZ-5$|L8Se3&csJ|aTd;KsXAJoRS&0|U2dUsI2-6dao=}S4XVZG zC?UOXW7o6Os<~KIgOvz(3uJKJM%2( z)8(b^#9yA7$+X?hqsb`@2JShv-)~Eg43}zk-0FyumFb{wirvUQ+cu5K{kH#8(w(fPh z=^(v~y}9}$ERSA3VqfyH6p__;zq3_R6#}*-n+E+lbQ&Ra)0|=XFxIj(+n|}`Lo;;w zT%de}&`oourP-6Dxv-Z8BjVDavf;cC)Y(2xP)=RTWuSOD>MU?at_IuKJOf-RJOM6~ zXPs`tdVJSMDr=)Y=LTMjKIktWJppKZ1wXB0@@8Czy?p!F8n)AbgDzm5v0`S4=>|?z z0M!b8x1^>Xd)V`u5Afn|z)`c6Z$C0c@#1d+vc+^S{#NRB@BF%S3v=ogoBH%}n(tIh zW_u+wy{_#8!qTt^@a2mAIc z6*omwjNNb(Uu6l~&+Eo&+~V1bk_X|%gAbMg?BP6zWjD6JugY*IlO69J=p6P5Af82e zI#-hiZ>?X0GtgMV1$B5>R^>fpL{xH1HNUziEHw#GTI`4!bedISO9q)P+e9h%NH2Oe ziM+YDQ39+1_*UPVGj9Q3V=YwUS>Q0I+(W54*MqVX*mHn|yI6?JbN2qp09#A*3{~=e zw3`^FS#&Bdz*oPD1NTI`JhXeHykhh)tiQ^Ksy7Z*v=OQn#r~jUC*C0(d#6tPtcIVn ztv*FS?Iq>H;d9+i{1m0Q!i9M=!`SQG0B~Mun0s#D$(SnMz#3xxVvm#cDh223`IX{7 zRmp#IP^ON^GQ}ISY4B+ziFPVom4D)MO)57pngi~~2r+cxN<;$RH!20USc$D(fvLc7 zo$5(+F2FrU<#k+gymK+Vek&itd5OPSOQ@}OF14cC; zl5M1x8F9&pe?YMv{xYaN7yQ=S?im^>?yo+A5r}IhHS2DZHqy*p@LYQvFgG1N5A@yA zbQzfE6TqE&x5CtwQ%d?QILvDs;HC8@lCvTQBVzFH*>NbM;Jl zYrN;sE3@W%Yt)PImu|U**sx@aKY9f;XyKn?;4^?d*OOeL~n|iNL!T9AAJK9fqZ86mW=Rcto?Dv}sh16yK<5b%` zM6mwt0OkSk=@eid0C%MT^QbR=H1+myvq8~&RNc`9EK4%YJ|$3pj`FXQ@>iJPDHwg+ zRi;*x%tn4;@JXa^cArb{hOF^YiJKeSI<>>=ROM-FICR|U79;* zX$)pl-GP!`|DTH7O5|!#9>)V@dOGI!0ylap0DBn^6X@LR&HOm3!3KIA5o9Q#TmrZD zz&!Y0VWb@IL8QF%|26Su2)s8_>u)@%eG-Kz?YT=zger#}dfx2M3IH@mmQSi+5~N0lpTFX+?Fd&{tZXP51lJ7jH@X0C(0GkS|5Ek?jt1I z1@!%?3%D=fXzmNRh+&U%exUwu?}RKg-a zvHqat6b?Q$Szw*O?qe9jufL0T{WD^1g&oFM!EX5tAj|Q20yai554f7MuE2#nef@XD zY`{&1jJ2HKoYwDj@sB?}>^1v+dK2G9PmFGLQe^InDNXYL_(BRWPinWE?NL9=qzl_4 z4$#0&2*oXkIFJ`VP*QgR-lp@b@i_oo`^xKl$^V!1-PE%4CzAF&@{axq(Z;Xl$D2Fa z&*ix;kN!&tNC+E!F8jrk*bOr2jF0# zx&}H_bPq~6kLo%>$ur;N2SF)`3ChxPxeMXA zi|)dSpp;^PpbXFxlu^hCN@aCA=4p*UV}c5@N=lg&Fe9tSERxj>=_RX;xQVRfb+Y1? zYSW`*fz0d2WVJe#6?Q6-m6Bv+b(~~%KC&`WT*yJR2`l~&$>;$DO_}7G-@p$t5~|54 zNuxL?Bl)<5%YH>^<_o4$O1D5#2Ixu3=wu|NlDahv$w_iRPDu%q!d=&XQflhFh+$Fa zO!~Rf+UwfyxX-vmzOreLg)Vl+tY@HGz8m#JQ@!sTCwJXK#u%{pzmVD27px z75Gq8pK}N+wFRTJu6_s%KYobp)+Vo3y}639j{ZpQtlRi@7vWavPg?^VW+$wbb{@il zsFvGb#oD-6%*Ve6+bz=!+{0KDKUO~cQMwlD@oLai-L2WkhBuMfHpvW=`fS~n?bc6r zXmx|-1h>keiSKaE)A?$)k?LRc+P_v^*ez=Z#f*O_iOqrT7K|?T3^LU}-JkeER;Ft8 zXSmRcY2G1IlI7C_K8p*{|EkF9CX$2)z%NV43@lENMwAyvyvn6mIn6zw%4!+=?T)Fz z=`_b0H)1&0PzGk>vy)RfMgK!$1X~WO(ckd4mbL%XQ_MdBaY}o=ls1Sj)1Y7V6@8r_ zxA(Z|V6^_~XdSma>Fd4dptS4|JO)SWI**6W`Bry!1NSTn$~|R025a}1!IoYBtn?*1 z@P#bfI<@2bpfdQ2z>F!ykF4c{pbUEPXuz;VF)|km3|@bwvZ>F$hbP)-mTL^>BlGT7cEw668$(7tv}x{TCeZYQawGcC$}{R z$}Lgi!xh-olhQA&CyBt`HS6icCB6JuZeLtaNq&bDipx*w7v?81byyWkWOX^^yR?@d z=H))}JDlKLeoB8}eqZn0p$uhr4q7+&v$;B*QRD2%>arg1$KEIJhchsaccov*yG%}p z)yGVJ=mY(o*-S=Ci)EFxq2pHGpEj%X3-fyuS#|by^E;@l?x$IBvXT+#$%?v8d7n9u z_e8I@-!I;kej)E~7VmHA@~(FCgkF9RxX=9Fcfaye`i1$uRr#?}nw0NQvO1hebF#Xj zE2~4%I$YH{TB=AVclH^QF_La0Py5$W5dGbm_un3__$14At9Ke@*M}dJ&-+=8j!#vZ z@W|Iuva{YGI z0oy?~hY{63X*!_szv|?P!fkI?6=?YFx1XANI|Gc;`+eSP9U?(74he?$gvBO)n*!Kc zh&uzaJXdMCIlxA*>PxT~M{JR?S+CS~8@Z$5jmNPtRZDS)Y>mwDf^A75y^D9=xxUl0S zB*hlvTIO5LrGceiHqEiY^H-&e7pb-AL;;ZBhIcoCA3p zx-kDG7PY**^Z$#M!LIXe6fC-lSnhPWQ9uhYElSUe6vW${(7LyyyE7)wH}#?n?p%q( z6NQ7}t>ZrJh$SekP5E}C$5pE5&R1#eEMn#3eR%4de6RCPq)_X;E7i}_l!lU?>D>7H z!sF7qpW?El^snT{rFCD%VOr(ew8FR9Rdkk8Y~oG2Pt)?2_kt|#WrJ+R^sVT{exVoS zWl{HX-hhi%_(MeVR-VzOOe=c{F&n&%c#sHeQ5vE1d^PI(YRQyiWBZqGqlL4l^Eh~Q zX-y|4!6Ak-l~83etkVO5XM4~=bcM>r&W!0#A$Oz4H$jEVX1DPCrd-~FBHZ+r*1b`_ zhsO(9G#`6OoO;S>C*+kpALQ9jv(@vR1a=JmC-Juh&WZoa@KCuT2DX{C{*-PcRISD?|MymOa~3{{py9}#kUWDWPN*&<7O9bS{G3%dhR zcE6GAnAUi%m0mm1-#~sGnle3*Usdx4%GosIQPftX8|MdfQ`ecUzh7)2CArO`y=K9i zI(cSw!MCke-%7y81$l?X9a6S4T8}`{olY)GbaOP(&3>nwCwvUP{HC9871-Pa+p#3o zOf^UTe(l8sQ~vkd?Riv2N)YHtFQy}}<~6#m4b@Fz3jq~TCFYd93n8V-e%d%~Ru zEu7??s=fS!p3XX3;fg9;k-|Mufayoiauy|rSA{E5xLJNPg}ai2hiKvjITzvFXqAMfvwX>MKM@A#tJNBKM0 z4(e;2?eCzw>1&rL&uv_V`=IqJ`K?bM%Woo^VMw3BBiS@g1AglCk^G)H zJ=~aOZ;q>@t=ExU6xy~RbpC?S1>KPL-WiFVEknpv5FP7F)_5zONB0E(hV1l5lbFI7 z+UtEY=5>vRLCGa%MxB6W6M?T!1RN!TU6q>iq#`iKCcu&tc+*=>qoRKMoX<249MeE> zG?Hz4E5Kpw(%1C$O-M75iC0z*?+{RRmw3x~k9XcBcxAhQ4&#;G!CR@fFHEhA?@p@Q zuBWYUx^a^FyBJ+vl8Zh?18I3H>v%tnH)NT$%=Zrp`j$c|0qTpH-kgmKa5YSTfW{u@ zK<9esIH2qaXZ#fJ-X%({%?o7|XsmX+qQ>rzNOkTaJJ(y=kRus@Fs8}pIQyxKSfDFR z-hrN8R-6jA*@an1%+6G5?li{Jcp!&0Ezdj1CjObu$tRF3Ll*f7i*#?c`*wF7=V+9+ z8L?r~Wjv}d8ePlRnYduUpf=);muk4=SQ;oT-*zfvZMzC)IqpMwuHyMc^4yfTG@cye zxb8Fi69NfUXFb(y;=9C{%ga=Q^VtbMKh2b<*8{kFm+q^WpFALqI_%`~87q)ev5|y8 z_MR4(t;I+#fr z3lLn&4u(J7aB$z0VrH2OIW~MNRkV!;s}r=^h&awq&WYL>&*}XX`Px{}26xGT&|b26 zqMABKw?0dDI-F^I(Y-pKalvU;2TpHxwUBkCIvyTXW})D#<9AsEttE^D9HJe1s~231sZRng zFi;^0a^Srs+Vyt$E+i}$8vTU~%lY_=WZ7SwI%55K#i^z1A6Tqz=A{qrI~Z_pN>>Ry z3jR*OeFZL~8}loy=i7w;$TNE^0s7?4Wpj_1zQiuqRM)(Qo_X`{!RhwRcN55gCwKO5 z7IW(6edeCIna(pet47VMel`_y1#|*M)oc<&@$Mt~uo&K<3FHq;Ab)5AUWR}ZZ&HAv zd~^YN)f^nk59QCbX|@%^b)3;ZOWX8nfc2oX4DNZgKGfD09*97&TL;_M^z;d#WIwaB zgB%9#8Oy9_EZE*m?gALeEj`MuIcTqQ-3I5U_uj6?M2|ydxU($g0f0Gk0P{QpHW~K? ze7x&jL~vMICks1g7MTY=O(d>J&&_>S{i6HS)ciL@gL0(p)9ga#sut7B(5(XQyO3_! zwE~)P7<~!p>=g_GN>9&g``FnFSauxerklgf&4=qTj zCPxR*YZ$|Q%+)O8e@Ux_6F?2CAGXk)XE^m#QqM^08BIO(mkxPp>S5IFAhpypo_Z!y z4>M?ovn=({<26(<-%RVlJh~8ynPtF-n^X^WL6n78E(%Y$aJO25BYM^HEv3|%v&SIQ zrCVmZHzWbTQ=_HxmZtP;$#fhVINy=N43zM=P# zs5keXQ7+eN<@EYjpYnVxdEQ`oVo4U~xl(xw?#=1fk2yCN_AAe;?pL0fZ*ir0BEs)N zN)LvG>OLC@!LmC$y% z@uPG^x6$9em(sZdj6wWunzp0k>-&DzUm>D*sYUSu;XX22mzL*5;-9AcU3>^eU(8}m z*gA@%n?FEKwXO4Vyc_lF+F1t$V#J!)N?=$tO*Y~M19aEjSO-e!Dqm5h?A_D5_o@<9 zx8@Aj8iq@7R%C*zvdNgR; ztH`SVp7F4KJ=m@R*rEd8jD`44x4uh~+|W>NT>4HO{W9gxJjA8zk8`3s_wPh&{qbAS z*MJG{xAEG$aNof*F9el$VX>l5N=389>g!A7U>-8|Qh<2?_$k0V0P-ooJOBzQz&rqg z6kr|z#S~y30HqXQ9srC6Tz!}aK$rr|1E4*QVQh<2? z{6k_www~@G(Tu^};rV=Ytjedy-Dffzebwf0`_as&vR#Eguf!boVt`^a-1_j1RzH79 z>gT(?`uSd3Ki^mV2%)?7Ja1|Knxy$bFAZmFT%G<%X@t;Cv&+&jCNe#^+tN%(5AI3R z{8(v(&`tAnOY`?6&ApbUrZhiE)3Dqe&I^I7_vZc&*RI$3vjA!=f|xDJzGJx`pmgy^ z2rbdY$ENhQik=Ya=Rf^_arQ4g3H`P1-{EUpFf5V&FqNB-Sx0Ro{BIo-!<`w-Mr0vh4b+RWQC?70m z8p0K6#hD);D%~#*m5v)EhoR+eGf4x>HSJ3SE3yHG1iA-0jho2E(W%?#Zz|C9<6n|1 zbudQ2>cF#exHnmugrPkyCTQNA1%5>!nE_h(*Mu#tJ*^zwvXn{kNA)_>XvbyUuvAl)m<9L!B85n}flK zuOoD!5doXUnXvUQyb@mKmGE**G4v{@m4A6L-mW~xig8;mmpquqC3WwBZaPI5aSc>T zq)uN1ty>}W3PrD!;p{)Dl%bVUHx5f1ywQU=CpCO4{0PiIx)(XNW_gqPaEQJc?$`YCwHeKY(f{tjyFK`>K3>hwj)8wqZKd(66s8Smfs#06q z&gb4u{?8_VUz?phi((@_M$J!whvqqENbT?{BO*J!>W;aplDO?gNI{1INf51(-Yn;K z%T!K9TOF}#@T2{*nNa~mUGUB6qpd8K%-7)gwZD%+chEb=afik&-I#p zX${j6aee7-c*m?FJF|qcY4)ObKX6QqO(Gew+8Nx`)mRb4+$x@yF--~Z#<8M!xUJKAx%zE-%X1kQ~QHS0v!&!gwYXHXvCs93yQU3hnFOR=&x#UixNy6 zm|(ygFJ%)bJtwD*P8SH<*oAFn!GJvHTaF!~Yt?O6@8x?jC zl^Rpb=I*G{54!Zfxck*gKS=t)`$|7V`k};L>wC0Im3}Bq&rm2=86y4AeWhPQ`Xw&C zK1&geDE*Q&{kYOEA^np3Nu~A!5`r$M^bJkpCnDoQw2_>cPTYeGPsxOxAr1xfdax7a}2NuWc-` zj$*KSyffIv;;6e>XbMoLk7T8}59*mgq9uK#d-fFEB0jnO>E8jS3jeAhRD@gCqvV3dz3>^e!hSLpDe$2eig1EZzYm1N)i%5s>UiCmM z=aYH*sf*_6?(!_I))Sb!3@BJ499KdKhr7)$J1QN5ILyV|`|(z#FK}H_BA1wf44>6a zBDkfCOAtgE;S{^Vf%3;Plttq}%2xqxKAelzapMA-Fj{IH&G<6FtL;4vWn1H3dwG=d zSj^NIh-M`JZQ-~yId}G7x#Ny-?M1r8^isN>$a3<&W$9LH=t^|s6W<0iJ^KN{6JCot z2G^i#f|{-sVe^{fq-;V+l#P$XIt6#%Qg-Njn5Qqxud^ zXUh08B)@V0NM0;50SapD-frxU@>-C=OO+xoh8p=}%lI#wN^71ZVZERDEt?`jWWK4U1Afn<{RDI*MW?y9WY1Gy)n2z>A-!eQ zCHIo9-i{wmZ*Mq=-o8ePa9FiHwb2#uttMb8C4&pK-x+@z7s>LBN-zLPZBXj}gIGB9$y5_aF^*HOzfgHUc zUIUst@B27-psjFco2^w0JC_Y6Wu|Rnw=}WYx$yvCGvWh{F=xWVeBf3i^0oeZs)@D! zdG<1?YCYM*(06rLJ;LezNp4fwpIT+=Uhjs7UHGql{1`-O)26)5?pjBC?Sbh;+%9$x z=Gx2KZ^rIw8{gKX$0^$@%tj0|UfJ;gkZJ4Oe)J73oV)Y22gT8Z#!bO(9(D+vZzW6c z%gDf%AR&F>}5i+AfRkN_#TA>aY8zw&K~5Q8F*jWQ8}igU%r0 zkC+EGqN6o3TS27V3dy_Y$*qtA8GP5uG?LfFgU&E1cMD|j2rJr{H&%{guxM*Y=OJzz zI%aO_q+;2 zAcIFOky^tZB`d_N{GkvWosEyxyeqRCQU~88YaW(<8vtzSmtm8wKu5n}jz2H3R)(8N zv>mLlgo03ye(rOW=auL~-kq8{BfobegLBT1i1gI(CrR?p#?V~YD!fXum#s=I5^ z-|ua1eE@en6I|IMEnR zYh}rWoV=Z2qZ(3je3TZz$Gh;ul9&*xD!;yv#AFwKmbYp*>M}3Y@S=^u>)va!c++wy(R!Z$^65@?CP= z7dCC4M6<~;%}we$Q`2F#rgeqXVZUuMF*Ba2j?6b@TSxKnkAu{s!!`?>UZ<{QpLH(h z6{`N{t-l}DZ=XWt3V3}Am9a{O1|L6#$lni5Bv`DS1Eq{kmRx;eIjpkSF1->tvnj#q zkQrWc*~^d{FQYQFv0;Jb*}w_~v<>-CS~#ECawsc-My&fau*8p+Et?YH7y!|FnK9Fi z4d?~~G5S)GXIXK&7)({BhZ^Jl_VZD;PFp1X?H9Bvn zKR%jRCx$MlejuoEAc!Tt#R*$o&?6J_`9eJ11wJeV#>aGF-AoZ+=xV5kwxJ7?eADu$ zoNr8ta5^A<1Z6WD;oJ9iC8us~Gd;vYg7^#O~ z)4guc>0VloQiPtm1AUJuJ~pAK04sb6MT_cD>;@N7lnO4O_(4(JCK`~p!1)Pz1^oDe zB+B$kO1L2P$CUcQB!L2ce33$@@ij$7T}&Y6-MmGRO9Vj*hSTG@8(he<)9_{RI$WRHYV802BV|M(uVDJt`cB~}u9*ZDsCq&;{ z5dTKv>pwNM#!UI!QSUw{ZGXpB{DR4KU3&ZJ8x|Z*V(re){VV*u9)89`Uso{34(cpl@OH9WICPfebO;+~WVr|>qgD>Cp)@Hd{4uvvfuC(ufJTaO!B18*!| z1VC3te~awx9l?70Qb6_g)AgIi)Y~sT5bu?S_d5Iin*ILJe*eHPU(A5up2te#-hm|C zyon2+tU@0()8&XyMS$4u@@Q*4zP=Zschec4OI36NDRSOjC(~%G%l{=2I)5JS7RcZc zThE-k;>3*UM|6V(ZtwnT|EAKH%h6;iou>lks?^2<^YO_LDaPzNhXY=z5Ph4V`{=_? zK&@d@a_*rlbA#j@kV?Mf^u4yVpR=P%9p4Ci;|GIy9(OdHeHomy_`XXaZPGkl9^RIW zcjKwejIbqJjc>vqeTUTCfbG}xz9H}1`)N#pqx)*fjWbFA45cp(>55@CSl()LO>~Pd zy_6f{O2g?PktdhU;RdH5%rb(O?DC9oi=W>{s%GhYWb2Jwp=y*|nUWk=~!T zt*-IxrxMakP;8fjB=ub~sk2dTS(;Fr4^0_R z1@SGIC6&T{PBAC?V)wEhkES%&X7Q{ds~b4(n-Z@&+9^`cXcZf$^MxH5Eo|JW^!^&>y`PIBGoHLIEgZrY{4p<&V_3KGsLoy|`Ye zI?$Nv%FUQ7S%!t0DW$HzEoEuAM)TEf67W=we*8w!9Lk??0oC5+(pdYMVp1B5WImC? zh1s(u&Ax>Rx<;niO|Zxu^^y0%CBKlFtem!QLm_#aFX16mTTV9Rc!#8B{Q=+Wc^tOS zHDecHi-hI)DOsE+XK)me;5;>p^Xv?cA`B-HVEZ;AQ<)sh5GQ+Ef5@G8db%eYEDEN%?)6bGWs~b%LzO@4I{=eyb(1b|O3+sS=>q3Ao-|Zo zAfW|YjqSpCtMYybKkMp?Vz%99%=z~jb3rC1@APqEDDS?7#oYmeboN6ssP}@GEEtc^ z3<(On5Zx_sf>SUFGKf(>@Cx*XK8CUzQ4S}5wO0fFP$Bv;DMMo4&GfE+C~sp9t(S() zM-1g__W3f_7`w$DEE%SmX|aoc)q(`Gf2J>~AigEJY=|4N$z4I5*OQ4uUuUr^?1GN;rv===UE{y-W;$N1DAD%ffS*d2^8b-I% z*1~|p|1Sq8TCaVSS7fmJXIT04+m{?iOA)?feDS_TI%GL39kLwHNW@weda5@1UdoNu z*?6Uqj8_Wt!opM zh{F20_D}IyLooICcRZf9(2RVGjGs)tt!3cnga&RfFYcA4RoULf53)^1?M=3Be|m78DE^-m3Ner7i?vH1r4vzK-O`b^s7 z^iYMbp>Af^FE`7kAX)W{K-t>kCd_cI>}-@IGa6RHsUxRP=XcAN|3nyNXFoVrmDqA? zGh7*8#v;6$0(m+j_A?56!p}j^(^3mIZ=C)1fvGe3j~4PyR+`b-0R1YiZeO~F2HhAQ zDRE+l0d!c~8a)js-}a8D!!7MmwDn15BU;}*06tpeldHll+GNXRAvXEQVp3-WxF5&n zjb)oMCIx96#YYv6;F+ooG?uj|p^|L~y;)YVHN^J-oIp0ch+F5AJ;=XO;J2BbZfojh zP2+^m101t{e)gq!GZI)kT4-KfDcFF;bxgt$<%adJ`x84_V*%Yndt z4%(+1O5N(FVYSb&5(%`RTUWjEvaHj>!7b-AgURcoxEE5VgN1U^KhjA#O~_;)Uj)i% zULA((MBV&e=acV54h7c-(lZsTx*A2k1OFPtpUmEyWjf=FA<-!D`Rn*``1 zyJluKV`j|G>_lbXE;}>WY01n$MJ-4}hY5ER&UfLU#>1O#urW30KFcvgNY892Pu>RW ze86!uZ(|U;)w>ap8&XxW!-RQp&=sk&8lSnQ8k(u1>~o5y_m!#Q5`IjSNi<`sg4&k% z!Hu&{CtxC#yJiw*p~@{@+t?pWrv_@Utoz$Iew`S$#?vr~i}GnaAyW+ljR9dWhczCO z{7*@0bji$58^_aWy9D;7)A+IE?W(M?yxuf2qM_)72o z_UF%nGH(e!T+S-Z)^EOx;pqI?gl&=0JRkDr9s!^=;;quHah+@F&*lZ81}vr;Uk%9l z>zDC%tmyG}tdaF=+vXo8ddN(B2n_9WSQUN$8!(wz!cJ)cJCa!;H;3%rDVbS8mUE%G zd0K3?iMR2Yqy6@K$lAs+t9FCUsOL6uahf+Z9N1Y2Ba2!tM(m4j7vc)mdq)vK^i1~V z5zBDVw$qbTtahnS{|l7g4IimKuXOs%cX@)TMlF6Fga%4WXZWUYD+%p-J+Q&j(&_Q> ze%^IE9=Sz-qO5}fC&i8<6b38YVDJqf+9*Yb1M~q`=|Hcj(`ixH!rMrp9Ni&&4Y%Kj zr`&lHzrAwSi@HvV`8*ZPvyz9xRb`nnORSEKjy%g48uBmlgO*R-mX5yNOeUX`FH z2==V~@$>VA@$-lB{25x2ZXe;+;h{0DG9 z%sJ9^7sn@pH}C;RrEn1EuNI@#gEtp)Mr5o;>Nc}K;il)rkLzQS3J{vdr* zS>fq)+8JY0csdshUHRs6&u>k+tZh5_t04PLPTV-Y#}f|oTN#49nbL)U83ay9387l7 zrkIY$qFIXB=R##c(FRJQkm7D^TF@vBmZ}@ZT!brHxmt3x%0{cP0)&G}CBeFHsgyEO zdC`@Qoo%&kye%_lRxS~=#6{2j77B-wt+fi_sxV7jDYS}ML&+;;(MgwSIbSoB@O?@p z*v2xQPxL>McXCG!ra4D{w?N+66x-+|tNk8>jBQp=eDSDMEV1AlZ2WaGIEMPE*%`G< zpo4N&yu`}1_ViQ2zTEn`}#s+O1Uxl5}A zHaTI`kZXJs@0!hDbg-i~f6{p_oPJ>AqfX0M;+}aIKPW)-dkWrqgBLg((B7M}>Mt%x zic+naus9Zc_%!69hGMM0TtiBm5nZ_cSY|{=t*`OBX7jtK8wEG-#WVW?%nPAo{$I|{ z1VE0W>f@8{nV#9%BiZa`XS0D!xI(ityFeCUlW+u(Q$awkAh!a7LgP$=z_KBr;=!SU zCmv`7_4B?DP((#kyy5|PKt#N6yzlt^{;#TMdUiL!_XTFV>Q&XNS5>cGy?S-6eysza zy80@Cn+|;L9{mKKJ-!Ej&mBKz@>B=Dh`SBT)rPx}4HI*YMNB(+jpZ*l$>2bPom^fz z5KW%u-Bn(npQJ-tKoyBSd2s6K!NUmRLVEG+mU>RbvmG7@bRnFa??cj>i08o?687<5 zX#aZ8vj6-Sp&3o0mvDV#{AYkG--4TW?}K4ijVrIl-@!oDQzxF61yoMHsk(lGhrI?$ zUbh)O*)>*Yc4OQ5EYf^SEY;MCj)qbfA}IbfZOufzzf@woUk+M5d!@0M$*nq5-O9L* z&4wyvTDZo%)t-wR2jJ>2I0n&7F2lW#5n^t|8HP8waa$?e1v9pU-hON$z99@7ls4cm1Cm z$qwC5e8YWY>OIA3ZS5iG2{}FD{tW+}>6ZVoeoD8k-?q}#))uQLuRaUR#p+pW4~amr z2G3l-V)fG1lZ4ffts3ZP!!?ADuI&*{gnk!ab=OZn3&- z^|$emZuP4LeAGO<@3E*@t*?HY^Q^u}A@`f-v~g--dVJr>FXDBDbGc6pF`P)eu6i~l z3aUNR8o?M3I%X)7Pf=h8DByB4jhPHGGvIyOfX`3i>EP6vPK#iSz@6A8zs2Me3e^!O z?~&U&-sBxPqxk(WDqD*>@Jzl%u^Mkn<$!w7>%|xM4Ar?S?(ws# zfAT;;+o*x%mN25qQhiwL@rl`dSKU!}mhL)H?IeXMkeiVfZAMxS zgufOCjrzW+){tfCS;O+|iDgTP$@GNks&P=h@QI=9X!T&kPaTUklMUh!`YNL*vXKoQ z!E{$WV>}A0JKK9)ZjSId>g1C%WtZ=gJ*Ar#mf$);Lt^GFaIm^o!p&2rRp+gRV(5d;Ro*k+;#0C(qpgX_gjR}yZPy> z-&^@D^=`^dXd)40-Q?&Nohi!uJ}$&Z-pqVaP})pgE( zcL)i%%nEcbXvLK3oi+of68Zf2^;vx5~_(74~((SfF zlR+G>mkvEB9zU>HJx88idG-n#e@L4ln`o9o9W;&~NSQ=AFZMYPcjnA}tQ|R5k5E<> zWyM^)&nNP_e7wl{I~l){O4UyA@Z8{POE_11wh^Nxro9+?kCYoHhTbY?M?RA`0NREa zYFZFlZh1^b5s8{{70(x|U6Zp!^hKSS&@D8-A0}A& z9Cd@11XblQ7i)9UO+BTt{W_>@iLdVljYMeN+ap%5Gl-ac85x&MZq^sfpzmhn$OPvo zlp~jg*sxqXtwasaPl3iMwIh5HD=D~xYigsVYCM6`Yj|p0T=RL+B;n>Cw{8#DsZ1

i3_suJx}$%8Kz#%w8qB|*mmGK<2!CU z@Q|(Z*wm^Vy^*o9<|>-IAI%jC*4iQN9xk0P)DLt>GR9!d85?5<z7S zDb4Z!((_CxAcrR(p>8`8qRN!_&=Uz&9IM|;@Z<;hgG@3*jGjnXJ*k~S9ing8Yi_G< zR7m4*qRC0WPMLJc3<=;(NcGb@Xu!I5R4S5O2ahncwrA*_NVK$^ib;-$$YxNRF%}h9 z4oh8MGK&S=Qi!#T*+!oZ`Iz6>OlhXi%35#Y!g$KcBzxc6f-gGxCRSIqPBTuZj0Wrj zd;uMA#rHgY&g*9OX2T702ZA4N(cP>Ipwm72lUf~hXSy%8EA>tBLL!ZIwz{t0@#9vQ z)7tl4;0qc2ciUsPDAhVOgVOIT|C2jnR6K=f;|J7Eh^o8qfiS9%BUES@v) zrYBZGgJ(CLmd=(~QgM{ro$XTle!Qz|qOSr?p&M~2#n9-cV8aDcCp41Q=LgktVjqL6WHYBZx zL&4IWs2Kh|`d{nXDS5wdAtwGsbH%^1BmRB|ro|!t#dE~}dnf*DTk-D?;saEewZfMongE|%S?T+!9xvLKJq2HT5CtgW;j%DFk~-GMFdtksc@ z(*@R%4s)b;>3&vxIQ4YGbbsj`WF;gxKZTRyBw-VKad}!1=o{|NQ$#Uoj`wNqY^TBQ z?9$w&G>XtlbGW5B!KYa(Rn_Igq{O9R*KB!O5n5?JZ)r~SX+GP|=W}U3%*4vmiqJ}P zgrzyjr#ZEq52jw155+G}D?%&HVV34(pXNb&ucwVzE)8MjX+>zI!DvJsP!6lNtJ-NW zU$``v;h0v0R+=eGLxC;LcfjfMxi8JV-R^iPQ=EN3w4I5gd6^8f z0=WQ{_nE?TdN{OucjMD^4fp&O#Wy(N&r(pEY2xzP+ew7f?-Dj%ixNY+%4{VSrEU~ zy6nq+msOCutVQ{PqMRPYn-s-BjeE!~VG+jQx3=LgtfcU7QE6;#OcUIjCU6KsOYD(- zCk>;m!rZgq4J3!jf41W=blGax0N$Ql^ndfD*2*{DxM8<@Se^p(_d6MF?CyZg^3xtNTCKk zrCi&YU8M1sNakzNwPmsSWk41m!+tp$+T*(tZo*WpyIfN5GUw%Nu|i#ijUE@o*q*o< zSpy6M%hSY`05RYI)R4mb+yldyscBj?*H|B-yv#*ln7&RFJ`+~~6)QWB6^1d2n>Lud znryarcm@58gTAg4dY6Oh5~@sGM6xj4+zCbK3i<}1OWSx6k%H=$B@aCX@7)f1BT%Z; z3MV4I;J~lxM0}5fzP1yJ^;(E;>V$sDL2v1Ve%V3a(h0rSLEj40leP(jUjZ5hF|!Z1 z2V?*%IF-v?=d=1fI8*C4Gdv*&aCuZV@m8{N8TX9{TTVn_DY7&G);SJ{}mm^Y~ zKbewqX57&Rh`tJ<00Jzt7m=13f>n^}?Q0eoZxXnx4gR_VzikHiM-F^z2COdpV}UL2 zM(JSRw|yD2UAQj|gBiJoyOqeZErRP@ifWR~90=IwYmXJ8ExuHa<=Pr>S<7{~TnDAF zpb%dGUG$U$WjrG0^W;66gIe(vG4*Cg&`bm)r}NUB%mLupDZm^6&QAg6ctW&XouTFV zWE8N4u4&&wyj~eofI*uVQ3G~qlDm@_TCY^Fv&nGS)yWRPMtBg^hXcD=37d&sbX*SX zlH=}LUPh&SfkUOuD}(_u@0Ao<9tznXh*j6NngY!`k9RqItMncz$ zIKB!BJ{#~4y8^i57&D&J_4Jn*931_ye`tlDKhHL@=dJK=Eln#~{5T^~nYe&6RJFTozB(^{Ds&-b_4b{`9v=x@1>R2zZdq{^C{JDQ-x(hN z^(A49+~L0m?DOaK@x8S@%Pr?HxUTWO`MIq_?AMu>Y@$gzVqC;+Eq?=8k4%r_ZEi(zZL=J` zJ$}3LXGE#Q=WA|kbZnVtcc}NPVWs_z2Jt)s%h5{P_mlh`6y3#PcfL1IWJxRuYiP*9 zTc)_4!dJ`E*YlIb>;3%h;`dE{f8zHDKW1!p?st;uD>_UAyvbWy^m)KP1du*8>H+^0 zKss6q_?H0EqEf)W1(3Ry0{$a_G_@44RRHOlDd4{XNIy#fIT|^Z-kAc}Nm90ZPg6i3 zfV9mN5DFkgGX+pLWz#WJKtX`3GBF|nr0R|Ons!e(_5^lSUHn3Y1nyx_VEf1jBrOZr zO5D1JM&DSv6fp4sFngjnmfAJixTo8*Q84$Lp~uq<_eutpBj2DJ4*tKtyiZ#*GggR< z+XzJe0=ol`lTk6-M9K?t!OY9TWWL+HvyRe0PC4!&mNw1@o2`H|U@GX$cvd-`@nUv0 zM)5mU5$H05@%x<%^~t-2!uY*{x&BA)y8D8qhKOClLwj%mL0|Jx?mN`6e@5e|$o!n8 zM2`=PolC1bGY%syIx-u=@;shZUIzQ*nxCK~+@~hKZvLDO%Y|r9CP^O62U4;Q%6%1xZ{1SUzqivfjQ$U~oT1-b=xGecWn|pcN{)L3Q>*OnYW}9A zS$~!eg^J$a+@0ebY<`|r>?oX8^e8`V@qYn%(bi}W9r*Yq?qoltKD9PD7~kP?aN{{iI$P-%dLBoL(nfY13!+jJ_vW@0O?Jq{b`e7OXeEClt=i|R^MKD-u~AP3psgZb--Ab+)u%JVIi z=SjXiicNVGo$^?GU!J{HofZ);xAcNmY4XcofmxaRd8@++}HU8 z?PKa4B#60n34rb`8jA02q5XUw0*6Gfy0zJ0q2YvuRTh?WjA>PN01H zXXi#YYGt9Z{>izEH_GVWxJoXK@{Mcdl3}NDi(InYH$EtrZ2pZe$R+Fi4!MmV{o7xz zyrr~JTC4c{@#ohzWxY?OnmJ{?U%(?Z<#n@E?h^Z!K&d`-pLlxeCFGQOcWW8L1n+JM z%DY=nrZ>!bcWY+4pCKOBZ7bac!PGRk#<~No=0?-_Qz#*A97Dk+gi!-z$ACBzV?cRa=tH)zu#9?E$@F-4YW*iG64kp($&f=MI zEQ~no+i`|x#<4KsT+)s+D=!Np4wjNMuUT;{j5yd((m1o|u`uGm8flza^jH{iu)w5o zX60pJG!M*S&9f2Sn3l(Z^my|XE+~Ewl1H5T^K$>hxmm7=lAk#@c6*+3b8al}QSuAtX3iZYzjAIY9Z~W-=Vm4v zC4Vya6tj{1w5kaM=s)BZ%i(6GlQ&kv%_Jv3Ef&Ge{3buGrpL|HCO@sl#{FNp)nvGH ze5~DqgekJF$8wJ30rCtIrsxhPNAd@QF%5SxIg;-ijLEly$&oxLdNGcMrcmW$DHR${ z^GQ)It9#Cn@_m51=k^9pvzmU!{U3-%uc|%BTVUu>`Q#xz_-bQ=X=ZJ_<~=7IN;+R*oD)DlP0vk#}_>XDh`b(8P~8w@lXf?!Jhv;LGYsfcKb zE*{`bkFwoYz|$TtWtuRt2>(?$@ayCESyk#(iqiE`DN2_N;|ZE-Bpvv~-kmT>kCGn> zz@^|tHg33jb9L1la=CVxoh*9kdXFb9jhUdW#y z7bxy*7P}c}&@8fQ!<;golyLZwjLQ>nWs2vDWQ~=ftJQ>oYeFGpZJ&t{tuC4 z|JyorDs`UxRBJFd1dXfGrVa+TMvOAG=2jxchvSNO5H0N_tK^-T-GP z@4V5BKY5ix7AS;6>U`p3Ti8cD_AOWXR6a?9I2`*-pjYp-L)vBKDA&ul(ey&0o6_I< zP6W%5LAxYH8+(dBo5?jjeDWDR+>F6FN>J}8GsdT`X;i@IMf zI3Q=)2f3YdJ0I@cY}^nX*WE&6j$YonuwMkQ5DaO?r_*9n4q&G&BPP&>4r2!BQ}nrPLjrNdVWGmg1t86tA`t4wK({(sWfJ!IVDMs~q1g6Li?( zSIS#<@kxC;W9Qp>VwOmb>2|~g(?O2xI^w%GzR|TYye3>7ytX6ZVXI8WYvQAn*G9!X z!u=o!ot0_{bjEl+%*%_+Zoj3P~4`pDLTn2 zHl5ZRU(-0%fVEq^h!ibnl+|BhcW&+it(Qm1*(lDA5^kuK$Kh;ejfGe*z|u*(Yi@`d5M}y`YiFn|#N zt}kP(%h*#cpzPRF1jU|0lG*l@nd!`)@&wZT#PYkgGr#A!`~)RGhRWIb%}i(cJ%MyT zwfq?IvgLcO%TG}9J9)1BW~Q_Jwv~>GMcrbl3Wd zHY#cP`v~+0fBoyPvU?-cMrmIfS>bH1HwIH2L&(>cH0B-Z8II=^z-XJ}-9yl6+e**+ zd8V$Np0ykn)H`A!QazXZg@wDeuP;Vs2)op=U5U1(gnA(WV*)ZltJCErxf01*>3^B2 z+m7_{W2fIgNX963!V_62%z@eV(3Wz)0$&)|Ys40T+o==}c2~@z{nhqxZs1#j?V281 z<_a)<5_E6dwQHBmy7(&|tT0j-hIp;IMd~>v<7w8x+zNSyLfYfPuc4cP#YJPBE=rI`ce|cg#rcE?@@k`XWzT{PLgYm zA;K^RhR)TNSZDfl~&aJOe3fIidQo|R`n5EitjO~UDt`3UQu2W0wG z#hTLJ`dI|Xkw}v^KAk>8p^FViZFhp@cR6vVnsU;|L!raTHFl6vPBr8`&_s8>fXEUQV}<8AEOU zlDGT+e`9^qaiV(To(mf1BZM03`P1A;v8WK1C!!! z^~d{scpA!eJA=vLq`<`R05tJV&X4%$3BY`UIVIu>PJOr|n}r<(c?3Lv2nE5EL|MHz zsD#ZiNK96Uo+(NBI)`raVRKy2380#n<+TQ?_sIL%D(y@2jaF&0gs$+R|7wN$vby3K z`Q^Ea+nvQySv%gUkdxCQbCGco8KzQ|>cvvg6?o8!9}T8H1*dh@qmmA1OIV3IO6KHO zg|Z5qx;c3OAL9I;5sF1 z-~VS_rEKA9$#H?PMY{rLum$>EnQ9a>&8W?hYz+>xBH7%%#T*(R&!_&}7;aqc7~hTF z+y|{W<=lw(A=VKE<_oU8zmY(M^K z(I0m%B)c-6k=tQoTE@WEY#9RkZDWhx-l;?hRy8&XP896fQK1;p2TiUIdm7j0njk6-Gz>mduF8!^ty zvrauajqmpO@8Ej@U+kV8KjwROr;qf2W&B>kFO4&K4hfnMQJkKVJw~P*V^vqB?n&Xw zk}$beao<8Cbmh1~b$C0RmlG zYfatW<@19xlxp%Dtr%`|-f5tmBbrQTgVnNL>zXV0r54=1jo{ja8Txfhx_JPtqO;JR zn04!ED&5M+!q|IMJkBeRl?gW*IX~Tn^AB{={$h7+Sz~L;BJMWU_O;w@R^snv{S)^q zz@M5U!O$j~W{8pnUX(B=+KY0Xl}eFcWTl8ET27Ai<+dAja%99Va@Dv#&+JE3bAOQh z8UoiNLgyh=DA{T{-sqs2Yc(j2B1pOV-Z~#9TpJt}m>j4;TUIjZDo{rk695I?$2nB4 z@{pxmBliY`7I&4KZr19&jb|U3iqBI5df8dTG^|d}R&=(|b>LO4V9TTBH3_ey35X7* z_LP$||L@;QBodYzF&gaK<>7%spU{mNRz9QMPmFASC0y48Q`e(3af9p?`ZgI0Ikq%` z=v?kXM%{jl=h23Lq@J655v0lNo@5v$Pr^60r13_|Yetdm9F?`)2pfo^IMub<_-7h# zvxJ=6#izsG%}iXAe_Tmp6;{-VP4~aIi24ttN9p81wZaRAM6~MJkqsq#lWFVO;?HV4 z8E;+<#T%vW%0RAi@|}96^H04(-yPXDV2<))6y)YUAemMKE?rdhZpebz`40@{co83$ zO0^tctC)HqQi39I!eR8rY)V5GHa@izb=HmSOf$9lz^>HupCnt?H>n|5nM+tiQe^qq z)!S^OjN&IL8{Hz@e5qVEPd|*be^y$T#Gb1S%xcan$!0b0sm*tt&X!>RNCWwi`5sSEK1Ke@Z$Y$M4dPOKZ-HsqxE$@HWM9J?xKjrJZ={ zL!^;h`%3T#{3*pk2vegi?{5g~U+=?%8rMOiZbsB_U@i*bI&4{6H=a!j4*Kj)v zulQ}HfTufP7&Fq<%pBot*w=*X-;SuPb03Kkg}2G)(tBMfMQ5yhP<*=5vxT#~kqw;2 z$7rdodz^QpPW~d9IQ43v8CxGLC0n1M*uu^L$*jFoGt-$Z>%=q$+fNp<7+ZR!>0W&^F;rPAH{n)L0zSzprt=&ux* z67tCYCNNzzdU~GsNKE})f)+y;FT_rTGyZ!eIIu;d3(eG3#~)u;4NXZZW97@63q5mB zhUTLEb$y*29YqG4A0$ZWsJ=s^_h`?!F3D^)_%O$};i(TJ|^h4$v|Nh-UUpp8rxo{hrgkrfCGrUH(#BB7Po z4Xhlwwb%PZ%zolvfeap>Ev_~rowHd_Qn$=mJL=YqAvD#J#;4L62xkeNDE@%R)|_hP zW8ygHX}%Wcz>$wXC?urUI#reLKa7_AF|Dp1OIs4(430*woWu=tyZg9QuZw^|HlIw; z7_d*GnuUv+2dZ(TY5-FkIXi{qnRqg2@1L11+Lnrh#}I85iMHn|k`^lF7Hy{g&MnVW z-WAaCPtjp}ifzkJnQL#L6DHOCqP{5dJBfRu#wp8Ef{Jj8?YoLU>dO@7P{rJuco^@4 zqQ{`No164i#+NlJ$9ggy=(;H>2JJy4GUe2bZwG_tUupyC%HBxgt?Ywtp6>dSwijt^ z^YincWasChdvUBa|6bfOk^@{sA`yV}l`p|WE{0J3EP@vCL#vIoeK1NM zC5FFa#JyMB8K+>63ow{#Uc_4iBh8y=pvy1dtX|Cin=+qk__TRLL&q_yNaeXxnx~K5 zVn5|9j6OMbLDL6rA^yKrUr)d$aKrg?83b-P|FNwByE|>d39k@~z{`(gXe2fF zr;lGHXvR+P<*c@m&V|?JR=>*W_o#6f(JA(!YE-Lf<>-Zq@^ZTaTPlDn<9jLN!)k}A zvoNswHCSftxfk=hkl*Ch{K3YqV9eNO^J&{Nrk^Ef#R6+b5G=nLIIKw1&vc3OF|o+G zdpT9tRE~SmEBrTCDJ0r<%ulVEQhKrl>Q6b(>5XrLEY^UUg@FpqC_a{~_O@=3208 z=~cBBkJa7 zz^X84evfP_%_9|XPys3Q6kLhMBKo=;)0RQE#>_&xDX3U5+d!GvPbGGgXw(st8^evh zJ+v)M8`u@(2F~xRBu5c*qd*3apQ%9^NpZ9?W>Uk}k^E?RxHX57zpXFXw8lUged%G) zN?&RR&eoR(q5Z$m9s*yb(MtuV+>rw8o0iejtJWrxMbv+ zd*CA9bnL>uJ!9?~IAmWA zlUrwwTk})E&^_o1|G4?sLbf|N{+x3@_FziZY?bD5=VLE;x-ZhU z()#%r3icd!6KAv7mYwDQVpM^ZO~Uht_zu)q*!a~F2=mjco5jrGG&>w@B0o+9@jgnI zefRL+J^dF&#^7W6I{uIz@pQGRT?ADh3#Nq3R!PxK5Vvo@8;y&*LnOVf7E^@yzv7D2 zQy`>*WX(R+;PK0jDV|{-E@CIxGLsXYFku(5)Srb>INldJ8-MZ}U=zGTbU$C+FmF+* zVEN;`&<+19C z+sRddw3=$Rr60*Ih|N@eD!lXUo|S zT4?}G9ZXHzo-bUHQ?sAQ57SR>nxCd_xAFTVzpwFonBSlI^?@?xH>oX=ob6}0qS@V* zwWGme?;mlKHN=K}%KM<#StSZ6e4X`_yrvUZYeRo*&{(S^ zOC0n9;(pqob_D8r#2eQT4T(yjxzmE|GS}_f(9byN=Mj+^=v@v5pW2fe!!`Z)*v z0??&xydb3B?1DoNJp~#_D(J_E%gs_P(nu@tJ)Ma03i`!1RDC1NEu(KB&?GAfi?}9Y zo=xuK66!7X_-vuSvj?;8$aVms=-EE&R$7QoMy< zX0&O`{h+WOH5nDP14ffTci%U zuTWJvv*cXs6?>`P$|J2c5v%L$nuwRAR^iLFq#{chO>1|nALOb!=VvO9l{oP0_=r}w z{$7jnP0e#+GsRtidZs+=ZFXO1XE$O`xeNI$eanT6g+n}mX>INnD@9Mb{$MtqS?dqW zPoUu*W3Drzxz44Eq}H8#t`pe%xNiMH(s=G^5272L#!k^spQ8!Br%i1WqF*(iVbgeS zXe5wZEVf3c0%-mZ2;;-~6HQsF6wQ%bqeet3hOp!~DTl7C^i;if(BC}G@HL-K(6pi& z&eJ<^VnSEQvH4??*EG;L|C<902Z20pU%$dil2kCy|Z2b}<;_0;-G$%#0+qhfpoaBu2i!*!{S$2bK9ZZ6%M8`;(I zipJPq5?B;J2FdZH9Ai@UbRAb^Hu4}0CK(|2Nl1m-yhcd-PjleY4SZe; ze1-#a))pGhZ-LKp;IsLt6we_*2dCPl2wJ6hri=P4AN4|__VN^AJ8Ia9dX9^FE}t+- zl$jOeJO_TZfuAR^736#eUdN}-#?vVRxY<8ZGlt1k`09+^m*CUY3o<(;&sPcqxd=_# zB#NKKEOj~ce5oaT5eWzK3-hj`X^|ps)$^IjWftKKVcsQ3F7TKoq>|?tW`V*)5#n=% zG?kO$Bh)DDMb{8x`YSME5OC$q2Kl}wUz0t&<>{|lz?2~I3kWO2N4lp2nV9P$eOTW; zOkPSrK4D`pR~TtGuKbnjU&GkVOC9-5UGceO9lu7&Yl~cfj@lB${Xqr}rbGdpARN3} z=zQ$gE{}#|rF`=y($r+TRX{v^_ zv3{6MY|dNKv)7yuCX(%{cTl~6U0(71eDZvy=;i%qbH!H^EuXwpz&-)xvdZGMZ0$wd zkNPZIeXI-_wGXB5>u9SCc(`Vpq|a=Z~-bM2#4+qgbj&c%L>CcPV`Tev}# zV74wV=a6z#uQa1RE zeR@mZ!u-}DCR9sO>!F(7HmTJkN3v2r=Pu2xjI`Xy;Jq%)#oeN%p+e zJGL;2*Wv6XPoKl@kcr8KmV-b+mm`}cx-ya3FIgVD7qTOJprS>#Dj7?euWpy5DI}xw zVtNx7&K-7Tj!nOE-<&(_N2&YYxmA15Gx#Oh4xQ=3e)CV5ycl$vrC$OG8nnMovzfMF z4glXs0pWiTQxkw!jGic5R27qUQ4< zC4QM|sd=fK*R`EDnDa70Um+*gO7bz85x)c%_K-quLnrR6{2_<@rpU>k^AJLryc`=g zFK^`-CgK_guzX!FXil|qcfBAM|Ielb^{M$Pk;F2_^+<=&vhJJI{lurJ!T4wQh6Wq3 zu()N7*DAX!z`ju+gU8Q?$PM?UFegJn9nTFx`EgA674Xm-)fy4N%nb7W&RL@fDWDe=9 zq9qn4-EMYR&BCPK&92&`EKK^`?6Abbq>Em+<$Z)Haoiv-?p%83G3jDN9U_bOj#3;d6n^8-vmD*QKq$QVa-Lc4IzxBBW%oO(}tbj z7Sj&dC33beB;Bt6(3T$Vd(;kYn-w_J$!#<_Lj&~GclEjbI?c_&9W;ZGZ6ZWpNvGtZ z1M4CGN>g~Gw;EE#O0K4>4HRn6V+;5TaH7D??D8+-Ww*u46d-CZ^Eow$ph1?_k%RLQXfy{l;*^NZ#DC37h~-x?`b!EE=xlUTD&= z;1$UoydtR^PNYXVCP=kObwsaCKG3;@>a+JcWhFQEWH;~AUV>}LvtRPkRO9$Lh;$uj zaxJ+sEt3m1owzbFfLbCwddMlx%GW3Gtf)YnklG1gO-NBTtv)<`9VdW252y_ofSlfY zVs7MOMjjr9$!&zNK<)ybwQ^B5n8{ zy}<50xfN=gFC}oJKn9O5)cARk4Q9#92pXF=%E+YpkIYYz^OW{lg5r0oY+|m_yp=Xe zt^?d#8|X@|$I+cHwxe`8p8IL`p3}Vbv2+gp@?7V0XW7m`Pm!MQ<;<~Wt|v|KZqae#K-jsr+=dOCk9jca_{nwo>INLRAh?ra*8_kG}v)7&@ylJ zZFq#-b{QxzBRGtzOQVk!o39{hEh;r%$+x$Qb+j9CppD-_N-qiv@zY7e7A41n2jwO& zx9j+Gn1#QB9YS`zjMLG63*vJS+JpFGqJe92&!)z?K6~Hzo21!*UBxlpg9JBkBGZim z89YWL)#8i!)6;yF=qe7crXF%(d?q*s@~lF9fK(3AuTn%0wGaukL4Vqa1`4I*)u0;a zntY*pN>}_E`KY)Lk!)t$gRMt=K3bsafrp0R)s<*bkFIBm=gv-3FNP4lbl~c*6CP+DrJxDg?Y&Ko=H_?@!lHN9`gJX|{>N^axJ_TS_k`mRiK`z&Z=^>O*tci{L~vbmjGKh~el?6h<| zN49YT>W4X z9xLV^g2xtl(F#$PqG~z4$oRwX5;~sPu`&bQ8k3F^Z>{y@y^7HD#>y_;Yu_| zF=0O*mnM!OXAC>0Ks6tfEL55(*`AM98AEd=OC7Y@g36UFbI{#dP`Q#(gHH7axx8jB zOn#M%`D+3&*DW`h#+IiQg}lZ{&@#|MkNm`RR@&yt#7xEwXR!hNN?j2f7 zhVeP{y3rMJ!iQ-XJPi+oy3am0BHlAW5I=)ZmWcYoXzHbs5wBCX+{p)Ogy}BU**pGD zSfSn%R$Tol5@tTbklYP-BsUAP;bFRvPukBiV)8~olUMV%65oMvC&JC|5rIm&Lc< z!GU7uj}=q4)rIpG1`9))_)7pl`!XudZf(33yv3HE2YT?ATK-b<7W{}mi@!YYWPOF5 z&ZOUrttxwSl5TQ*Gtni!EPg4ZQ@#s`(OSse2d&$Q*1=;7gU9yq>C-nFJT|QEoxF>Z z_M)duzJq98{rQ`bMehc-O8c<}F?~vCAk;TwesS66kD-@-ivrczVtyS86Cmg#sF1-oo5ejiHBP?Z#nV@-xGApTN|&wlTAe0bLFx2{^)t617>;cA5~ zvoM~v$%LhgwY=kol{!BdChwuzB(I|!BU^34IzV=4c`Wulyl z43n==^}M$s&A|MhasJa%|GmzCdg}kO`7?)6d*F90*lkGie${|*f7PX(B1`jI+RcTu z)>x5NUsFt<%Qs12{%~J+dKga7S@n>4VKJ zh%3E4=wW#ma!g%v6qGv>hMek*(pT_uV4ubmx`b_K7`Z+GD;DQqQ&cHzigx&v6A0Z?7&f69Pk)G8%L0QPzBnt@$wV_ zONOm1^YO1+xdq9Gh`AZ1DO)!?G6giX;_q9o_S`s(n8 z^M@y%6b{{N>PEX8S&3MEt@wcJQxRhUD_IfDHQt=&>FSFY3o@B+Dpi6_rQtTlO{K+~ zTUdD6pk4Z~UWJUx#Nus`QLi=5IdzWWwQ*-Es4t(l;|lOvA$K5T9&LN6{z(n86Epss zzQw?l|50n~#^7nWi-%h+o_v`4rP%|!Z-SQo2!1Cw-CMZy8O{bQk{rZva}}IA7AzXY z$q=oG>3oTj~zi!TPOgRx?luJVIf8`%~?zv zHO0RZBBh^|Vvr7?C6&flfiCu!k~<*RRR6GRtcQ8}qL;(<{TOGu>{)43%PpvT>!MdE zs9QnDt3ITLTTsu|MNd&skAhB6kkoDq>fO2sWok)(uYyigkko7o>f5^LsS4^-&`AoC zT5Un|w=UB9O#gfZF_FmIM8bj=_@D&}LdDM~2V1IoUstk}c6Z`irR#P8y^0+r2d1d| zJ+1vpkBXm94oia;dV&@z2xUK?970fEG<2M^{8X2nQC&8HE>=0Nt8SmZ!m#sW0u$IX zAr?NjsCPC`Z=#)qLne_-FS_kxu(Qn%SoqA1sxLkh#f4>mb-%_n2$s;@jtDv8YzGa(+vJRYP9a9$?h?$O zXX%_hmIvmQ5|};);{<}*Ft76`xiRWses1cI1adR%)SvhwK2M0^&rtzA%(OnQwi{~P zu13{{Pk&R!H|af>a~Is*1k3&;6|BBpqEt8pSNxM?@#o;i`XUz12p)5ncXtv)OH75yK)<4`pNp zAb)wRqOAC75fNpixc0q+@=)FEkPs28-j6rfe79KnUedcNldA5jtYlR-{V!FswRF37 zW2}xE1FV1n+U@Fk`c7@8ad;`K$J=Fi(I#E;GS9$}g^Oi71|xP1>d7;fkh3#$ z(d=aN;SlcT$uiwb%sF-|N1F#z1~4+lc8c0`I0%a*EfzEgrhU3YFGfh~bmjoimjcWI zV15cP2Y>}Bz#Qs7>@Cghndv`EeE(UJ5*1ugCXwquV35c2Kef>ERc`LC&39ZS!&m%8 z3W=SdDE2AFUHZf&{$_fGyslStfivwDeL&SK_D%D5783V3jGAQP#Jo z3v)1M$jT&iU>C&&q8oFs(s8GI{mkVYOo{4@_QjZgKUv#cq5`QCM*m2BG-P0;;1uT) z@8(L3_yMAhxl3Q1hwTmDRdTa&U{}d8-{{YeOw13oq2(x*n(e}zYKy-|wBFiCSMq%v zT(|1hqTr2umPI6MWI1Hcg}z#IUMOabNq@RSr_4ggP00p6jO060Dcm;=BGDZm^6PD}yj0B}+YFb9B1 z0g&_Vy|yQbhvOf>XUMX~*ctSI2k}fRmRH6r@fGlr|^UvK>)NN&z1ztNIg`YP%7vGl<{K2gV&Q=!XC0@ZSUl}l=Amy>pqw3%JE z`ApvV=9{3EBXh|urm9*R#@gIU(%2lV`6eWlrl(B8x_K}do2*oao5&+dHqp~KogGd; zL)9>~mcQ&Uq+YnFA9rTstQ#}k`?sr9mMJA6p3=C#Zrj+}MuUYfrbLzTnv2~y zSnXn`4P9!5&bsn2i?|)F+B>l@Xx>0R@oV_Q8$im^Q-L8gGQ2UXfNXTjponY(v(4>R zQegH+8eK|Z#~Qn9DH0=f0%chd8lOx_EoLt)ZX>SG_n4Fn;+UqYo{F}Qx~DWY)L40@ zFRa7hmKt~-CR2zgej}x*?Uo^G8^vJ6QB)rhrjKS4aEGrF%BXhuHQMt*TBF*fypmTJ zb6W>CJO=~NstvSHb^GQP_+S?s9f#r{np<0~E8eaB)x+McP1TFNTYHN~yj%Mcmw31K zE^p`E+GxDJcWdYMQty5P)xqg&m)U#eDSMALA9EJpg=n`i=kT3J+l#Bc-lP4*)jsdh zCgJLQ@6m2zPJp{K+6K(wZ|Bi|;p#%~(I(*PfcI!$X?4(hw7<5x$a}QyyPDRD_J>!~ zYSB*NYFaPaA6!i%GYa7xvaUqqx4r){JuVN7Quk>?aiKf;nSl z=y~qrMYw3r2#y-o#>;L^;8{;7*4a-eR^ti9y7)0-wQK3zOsv>A;u;5eOD3Sr7@3MW z`SBv0IA;XclGi;(*qJWu7Wa9x`@G3Mj*z_&h`MRSv9U&@j6^*aCdo;_rR69UK-beK)W5w3)%0vRq3C(dVb6m9{a6a$8@kNvgeT zPG^Hlk%iU=Naw~&U$;8AP)vSI{b0f#JA00SH5-vPl8Nb2+gQ1OHlMyVAK_g@KkPSN zpJK~Inc4pAop!8c)LOZdm$doo_f#zHp0?%F)r=cEo3R`XuU7qYPs*CtsT~~8T-lDL zCNZ7Q-FT3prrOnF)(4&dv5$v3TQ94#+4N1kEUlCSp85DZHTu_V;xd|3rjG312onv7 zDegYZ6vgCHS9RzqVeXAo#(wmJ=1-}$w9QNv8$ZM0Z+u+DxQi^>oYvNpIKW~&q=sG& zm$1MiF8O_0gsl1%ale^Kho8@2kQv(CYaG2%a=A#AK6Ptn8|x@vvaa2FqPTTICL^ld z!CUhZ$xdqcjHST)(RC&`Q;zzKhWUEhFvmXY2{er8W#KKi|J?O@nXlJ7o&YXSQ>VO` zS>wNWA~pWYCs^Z`IOb3p{!1AS=$uP*7l+4pD$pAf|NZZ6pUB(bL6w6V& z#78nUz1@)xJ?HW3F-qlPt7}>Yz3hs`o?d3*Jim3(#agk>*ZKgSLHsRAD zgm>?>)<+2ym1~=Wag*S3NyrPA%C{kVt+%D_-f{dx>Dk|c+B3!u8Z73 zO7}Y;Wo}(2?@ID}JW=D>xT_1i=Mp?4-hB=3Veh``$wXS?J+C5Qsdpd6OF-3S-gB!^ zUFkd3b*kyU)QB)AI33H-E$AQRoe( zuEg!9(28Lb>vSHCu8=#}_)aNYy5tWe<8iS+s^|{X8Sp1Vs{}EEzQ(>@?j~sG&N9lN zk>Q@Omn~r^{)l)TBO`YonN!!CDJ1W_AIsP;Glm6LMn!!P7V6rFGCUN2LU^R>%*!o< zcIFN&o%^lFgHdu0JfTb2%46))kp}~x;_gXYR>nKxo|la)&uAFG(3PiHO#VzEwJYD* z=%32>kQwQpnN2T`UWJoA@mzk)DEZLP5s{~o%7jds2W znSLI`?;*8^C-0>MyF?Pbd!8z+FaLF)kz3fvD`wOFKb(k%pc{fPn_w%P% z?+N1f$ze0Sf^GzpH$$oer0L_25}Ih{Hv|4L!8PmStP%@GLQ=ibM5EQuWSvQG*OZp6 z2L}2F;EEDWQQ!yf>g@>Hg*7^U-{ki)|DAjohtH_GARm7ctZkf~6u5S`Vx+`&twY%e z;yXw+`JN1>WltDW+5+lY>kk8&PJq;P$m%0Z1lW_sqehMqZDm|f8o8x`l}r>o}|CXXhgR;siN`S{K`3hmf)aN(eF;>bi7E)7vEldt?7^M;hDf3sk> z@`G)_=HI2ui0-7+s#j~0VPv%@JKp~{SkfjZDKa__CocQDlD`u&u!u7?i;{oH$`H9Y!JU+%&b1Y;*;MPEYx{fJ+%S2sc*ybyX7h?K!@}N$eYR}d-|O4yRix_gjYCz` zOWGLv`-Ys9HQlxLylo=(0UrOHOvs9O5PyndV|g_CvK^x~)HvkXzQ1>M^z;v?{xnpj z=T=`Cp7aZMhIt&BRR|G4qao{C`7<=mOIH4w0vx7s%(5{JJCS;ocZa)dg~y$Outgru zL1=kv)vHMswNLMSieoYrSSqhQbz-TpaXr68Ogpjj83o6;;~nD`!@%k0t*8awB z;x7RZB{lvQk$^U0aR-c!Al3Uho+gK}ip{GW!FHFBI|Efpq&~V8r&UMm5M#Nk&IvhV zi!k0Qj_^z{PErxC)Tway*undR`OO{8|dRdT<-V0GiW8)tol#SSPbbeKSQn4OBNN8yNG98ULb-9i3G zkpEDb23*2rp(@5ebxk>Rk8+nndxD$iQsW#!-Nl~LAp@jAD%daL+s%);XHM|P`c()| ze=MNqcH*bCkJ=7V<;>AY%o8o;C(j7KVeiJ@xGLqy;&sQ+rNhjobY8^yH^rRZD22qS zoG4!}z-QW+IRLyc1(@S~E@p>zvm1t1zfc>07G_}I)#v$0m3u{+*c<>}nF7oK;KmeS z4gfc$0CNC%RSGZ%fLEsgbI`~bNxw~f9I5_t#mfn`(R$U#fdxZmh@2KQh`$I~sKrC^ ze<(O3q#GP9aFPw=bnY(`BT?__shw9!yOvmg>`2#fbbjtm`i+}Hyds@K(Ch$*&#?1u ztPJE}Lynn?4l9D7Kyq@9+& z(4MzLGE62c&qpm!>2Usu%CVw*$&gc>n!FBA>{B#_X?UVS=ePoa5Ej?n0KW|m#(yKD z<)dNak_-IU;dXb%-_h<)m%g&*tzu3(FL4LChD=CDCics`&DhwE`)Wqq68|nfrVF;6 z)tQ(*KGadP#3-6}6v55GU@88yQRKoaEZyZHR_Yf)TRpK~pOe@I_g^@D*O8d9#aU@C zNpC37tfF0Yp{c*x*HFs+fP!K!wRdOEj9`y-#vb{23puj~V~`sA8P2q#_v8N1q8qK^ ze*+(@NA;bfsdu5Ba(N}$`RHyDfvWj!eBioZ)Lx_XHAF%O+n z`2}0KS;qBePPFH4`DkvZB0`z>PhKys?+JqD@kE`L&%wAHYU*Z%XhrUh~V zu&Bwuqxqhvxnp}RJzrm%w^DCjN#nIoX>s%-z630z%^qld0l6+d0inN|JG3>Lz9`%ZMI(DGv7Wh=gy~9 z^P3s`vnK$03-xlrSXI;P{N|l$%1kqH2EL8-wHgUH+-smYvNj`HnabyjS2#VLi+>?Xg5oGb{x>-7F^eDL z7%hxd!bagDFCFu4NyTKMkFcolnOn+Vhk%{fm!ny-!gaJ18TmM|cjum#xwG5<< zZ|7Sh$c9!C^ZksogM;)1NkJ|`ab@qPNb59Q3=};TCGNNm`-}0P6s;8W>!?yMZeXH7 zV+u*=hQR=xxZlY7hXZO>H30ASbFks>0)>rpT2;la{htCez18#Bl0AyK-@`e_(iVMP zoDMH>I@}lPd%!b=VqSzruROH>XMuB3!zA2a-FeN2XU4LfCT{p#`FiTb7t>*75oZ_g z>PFXZ?BDS1==P_y#}t?Gwg%i1=RF;j6Ck;LTS)rY-D_IK_fP4buWsS;*pt80Y=xJ1KZ2<_(Q6w)pwA*~; zC#X>rVP;c5VEpw7e?UUr!I6ZhUIWD~OE~4$xT)!@)=i+fqvk%TLH!6{lV9|r-*-lF zJkdG@d{F+F_E~5rcz4eq!yDAQK+M?AVdJQEJ_lg3TXM;`J{kVv*xs=P7}!*fV?8HS zx@(Ont7O%DKp*l%eQ0K@XA-WA8lNXuubu7Y6EdtEQ#gihTkPvP#)cMk3~S83Qhygs zK7=7URrXdN#hchnJ~d9}avz>I{FQl3%Xusw{Zu;fQu@MU2$}U#HrZpkG;Dl3t$_UO zuEoO_{ss7+tW-x2P(HW7ZpTUfIq9~Ny}CAB#=nF!y88;N&IC}fn<)@P8))j@zNlU; zp*c0qzSLKHVWuKhNZtnP`D5TN^8Jqy`G00cKIXD*VJ;?HH31k3IL$i`5<_}IU*r^S z)VnV4{|iCOODnIX7F~*Zm2m@enmZ%ooOXI8eyPe-yVQfe0^ih^cC9;@ewO6n;!LXe zN{f1w18u&nH4N)mM}2Pxc1Kj~Kt>k_GUD$OW`|pPYlB_uKTqw}d%En{N-{vuXji$m zEKp~iQJQkCr59{al{x+Dj-;d5p`|Y9%R7ChIN0;hjezi@`sM2<;6QoE$1-Eq_s-i> ztaZ-k8#Hg)OC@GOqujIQw0zvHSVE>W`M5yc_G~$X%Qy^Bh`(eJ_tNarp)Hc2XUk6A zVdKt}9pKX6(XtSzbNEFkNb=g`?E28M+|`?M7|n9?-X4xcjfIz^Y=n-k{swJ&G0*by zH~ty(dbG_=Qoz&?x=qJCUi|#-GH9nUDV{ ztkQ-JD~kmfMNq-_6PRma^yQ$dy&#j^OSSpF{ARl932IZu&c5Q%aW;;YhmP~x=euCC zy^v}ZFh2GiLvV2sTxR99ACx*w%-c^}c>kG@soDycmJ+`l0ISzSO zI;OstE4G~w8{5@+X7rM=1^#@ruDr3O7m+6m%2;1t@zAj>jk=zQD~~*lKNpQfXsk>O zdZMb`6YcmcEy@OpDaR-Hr4p2sApQdZ^_ou=ucBo2?eR&(htAab4l!pNS(wZhN#OG2 zYNnbj;1A^->(=<72*=j;=<5mqndQKZEeL)WI6jyU%%j_$Xm6Y19?KK$-Xbi%3v*}C zp-!aD+-*$kx1L?xLf)N7weqzaZD#ovu$F3OTPuql?y`Et#S3d%zdw?^n#{ep!3sfG z-OrTgOH0csM)R6Ma=tMRFaTCvsnya~_=Jy=(&7EXr*pq66W$J?- zrKvkysgt}H1}>ypg3LL|d&wkkQ_1c^Ql^T=78Zg+65+CnOuAKV39BPM#LjA2JA4S3 zn*{7K*1w!YiZqy3anDdM-IS))a?glc-_-P^43+(*YVYbF;hB7xKY8PT0gkrP=a`5f z>qUqsLUTao_sa(g`Npf-bs(nkF(iZf3r+|Hc}GSmYq#jhXQol5`m&M}AHyXgt2kNX z1h=4#2#MhB5;;S~02+6mRV^lAK{6uG9ppZ8c~lR%|0qeOR*uN2KFQNtp!Wm%=S zwq3sQwyE63t}6?*3oez5_n0qU-za zy}Nfy>Ly{6&_XETn$3n1Iw(Z}#e!H6u%XznUEK{9*2Gw_AYcOp1Vj|RK08&v)<9jA&A*7>}4E*#Avts$1~^=IZoP24FEx#8S4wP%NOEAs2GNyN^>2UU3H zldsPWCVEJVoRXuYnN4{h+KM?vcM;RcqyUWA1#BGp4OK;b+o6Hdw&wv92Qm1xJFq}v zKIAJ3C6}S-&0vh2EOhirCm;)vom4EL)42kCY6b@}d{-Y7=VKU7gD6-cBa<)^vFr2V6?Inr5MHT*vs}+?80XMQ7CV)o52ES z#NPp>B?T_4Jg~qSVq-DDao!=d>UvrdkjzElTMd6808{oDVS345{Lm;}$>M55nS? zvzOxMjLh6`y(%NZzW%>5^L4!s_nF=MCX=JW2<@cJ+UNK7- z6tkr4e`=0HT5@bva|B*6-7sUr@ghUU5~L;GIs8|{7!DfgLSH;M7<869&>)~~^_BRb z;QbEH(J89f$N)8#o1V8t5h1J*Q&R_1!t5V01c3Ua#3y4)j&o|-qw7JJ1N#zT7#7MN zSp=y}gj$AQI88;+M5ANfiLRz<$3f_qOfQDCGM)&f8qw_W#D873uR|4AWjkX$k)22G zctYy;cJ0q?p3bb_xD+H*Qr!p3|3xUlVwzRvs$ZiFo`5ol&TY|EC~7=O=+u99BBu2_ zk|YNMS6Yf}yhD~&VADiL>=MP`)I=w7Z(QJd8uTooC!NIIx)#gtxrtVA%=6n3Jg|#q zA~w5}^3@w?Tu3HnSWKb}2-$uu~;k94U%OJY_7l+ncWaWg0f@pB zG=?sCbGO&r4vX6vdu#Gx3%4D-+1N&DQwavEF|da9jI^G2H0#fJ)bmM!lKTc}9lNGL& z!k2|!mi@Tp$XOe`I2@8iQH&^Do-%DL##pTXXKZ$J!nvaRD9*#HQtA}vhx2V@dZ@T8 zS{yF3v8WTm-a-sioFPe>+LH9?cB&}CWm63H4&~u;>`f|Hn@}79+6=jZ6d|S8E^Hw~ zI2^7yEnFB5i&ne12(Ll)icN4f6se)&*3nMk)*`^ts~AX0xCooMDv*eHbil(t1Y{tQ zJyM%?vrw z3(s8q_(%62k@}tRVqmk-zDo`f58x?w5yp$O(; zGIc`#k}-9<5=3E~svL+BlhzMId}stY4-y3mdek?O@d0TbyTtOU4B5`4@VsDuuFM5h z<5(2bl}YD}rcrqXrD4R{J=cLTBl9U|n2Z&pY-$;})R%6bof9lF1PrP+__Te8f;PJ& z>YFr>gcvU89t~?XgPeqNgNgGfa6e%P)N8gcL!4UB;+41 z@KC*2wHRSCy-8Rb@rJONIvh=_6d5k1?uTDb{5s&r}q6!+Uu0`d=xeZr!WYF*6pK_Yo9t1?)1J?P};NgEg zl333iQwC^zdu?LU-p`sG=@FsXH!kTacc=${gEwxYkZ+{*3`I|J1|vP4!3YjTNmD9n zk6L8QI}*VCQ~+lyL7*s6eq#MLBQUzUf$?I+c-7VW8VS*Wom_hrqW;ydwMIQWnfaDA z@8RIZXKw)8SgEV{qMoNrR9I9P4);mzYQ(-5b%%nFeNji0%_cgDd*hw1r%BIF^rVxx zTbL6>_cGs6({e{66UlX^CjPKLqaDE1Pz(Ff4(MzLJOE0CBJDt)k}N$;is8_Vq_C<5 z9lhyV09`yskS%M1nq_TYi?ZU3m~cD8|2&>@H9wqTIp1MemDzB3(+x-F_?_gYr6G}I zBnCcSLxy4)6Jb@<7j!1*sflF^9Sg=pf2U)?c;C^nJmQRrIOSc)g>_DOSz!I9^(S7l zO949p0~Jfnf8NyA&sF0i>R8wmV@U>j`~Fk$3N2=5WN)#r9~QAS>`Utc3|d613eOxo zyW)v$^!`BUkXlgq#YBy4hunl#DAvwrbN`%JWfupWU?{{`;5~TaDoxl`!Ao9%LrhrL zPz%}f@$9!8AXr-K4VKj*4VF%G%Dpm6lA$B?J1xH-hcDQ+X0-f%wP`hoUO|FU>0{y;Efp%1*dog^D{S-Ck^{O#% zE@r?`D^LNWCag$L3+XrD9(LRLMX(n8AIyqW$IU((IsyLm#m|exp8ppCsEDmpR z=41-?>==lBUA&! zp3orDnuB3tDT=XZ!!%P{I`V?f(FjO|&0d;Z-FP~l_4wV4--GzA!w=hfylO{>lN2Sw zM25mSsWnUkm!)#qk879=sV#}{W&H&xL9Syv$5Czda42(9ju-*!RUE8A() zk*MU0;t2!eGPx+P4XPJx;*L~94M^FoJV>76vA-g~r7T!jape9;`qOfdSs2NNu+JgO ztJF$)LE`O{nA|g_U51U*DlDK}zd06ias9?C8}t#dLz%H$#6A=)lO!VV-(Uh@tj@%S$$2bH zj>vZO!O>?w!{pVIY&^VnHJY7P0~aI6R2)8G4o9T}8IBp23?h%h^BDZ1$HdRPM!O&f zTPXeUrFe4|P{IgEHUF4#;L3pbde={Fug&m-*7g=uXlw)7jDV(cnJT{9rFN2$BFvbB zpyfNYueh}OCDou9>B}(PLMjVRUi(30klaY-G%6~uPKDf^k&f8LPo1w>Gsv-%-)ryo z@!S2yK7J1L7HCr5~_C~-I_pu^z(XgdH->9!>i`O zbF;4$RJovpRnU$h5wVA~7LUC}+gWQmRO>cXvs8aNR6F-!HFagbFd22?G^7cNF%@tF zjs}i*uE+Ps85=ZY*v44}!TR@iv9828gausz=wj{jeNHi>0t2oo1%_Jc^}~q+53jS( zO%i^nCNMnYf~(5&{YOggDjTloJBChZhzc0obI3Y{<028JXFgnO$_;R0O>xqiJi_om zJ7dVl4sjve*!sXNmheqk0A3imXI~B!g%Di2nuz)zp5u+^>G7P`9nY!zgK%iO zuCr77;)h@B)Llm;sc24>EUo4xE%|;`q^0j~K!i?b9pacD=69VE$5t0jn`+@pGMie} zo?k1({>+9oquyqZAz&;PV+Yn4i(`lCm4@t?b4Cvii=D_r=at*g ztf!Gb>Q+K`#l7XzKsh=I@!_BDL)$9drR0$8yh`*!|hdi zGP56aj?mGFrV2B$C&8~vEKr5p{6hE&^*4x_RH^`?+6JY>Mcd=e@nQ71xgDBGS-z60 zALFD-NfDUw6xunb{`*q(-=9(cclc;WcN^pob=SE(8P+OnDvcQClF)nk)$rMnJ0DFP z!IEL$zETb|dalo9CY5RzJy1npWT+kXuohG8!zo&Fn{2d2KXr_D$9GCC#8P|A4q zFYU0KV3@-A|nv4Mk+R8m1*?c(-?wAZ=Y=Ehso7=%E9lH@EyD^{j z;aaYEk|RtuAz+*Wp%+sbB)f}BP+yZg&*2wId%_Uft?O!P$Z%7SJn zdts#x?xx)fFgIEkuzTYr$3V;52QLyWm=*O{eSzuD)0r7MJ$=CL2fx_5|EW^`wS-eQ zaRb`7v!#8@^#31Xlp3d8!Z909=@kc~XF?Azc250rk4epO|G&m7j?vVcFkZp+C0u^M zfPb6UT8y-|eb^;f9Ev7z8X70RQPZ$m2bIVo_|=@`v!_B}+y~-|qP^ui##a52db}qD zH^{Mf#G)Hl>{unS-QF2Yb;eG5FP5L3hBT0BNV5h~AvKV?8iL`%Hb@|X{qOU|(+dSs zJ6h{@WqKS{zua8{_)Hs6p>#{S_O{k^gh!SJIIsB(U!B9e#OT7KHkJFMD1O{@&U*;4 z9v6z8ig~sSKCo1R!3W1nvZ0)#4eb*2|5Gik5gnO@Yy zr@cPU^rFHd?e%4*7qBRwm+G|^;7l+qruOBkKe$4Xvcc#}*SzbS9di|2+^=qcrZ&_ZyXL|jS<@KLT zuRU2_e`b1NJewiBhu8!?xeSG<2G>CFiP^}#e857Q0dGuVUHZFo-`>>+2w`UQV4iVXNk1?MZ zYz5Ger8(u32v^KlumfP~t>x@H%DB2`dmt+l5HasE3Ujm+0!?5V!7`;FPok<@gZK^F z0IrR8#q&J0=Xxkw=3L#qKfG}Q2gmuaYXtPXAc_4zY^QU#aT4F0&u^TIv|+_U_#QyM zdi}K+y5dAz$|=VmI|3Klv5^^J%4JQt(H;TQ+71^X<{dtAYj#Ock>v(6z7B{Gx&Bzt zF-#MC+0XS-k5&sg&`v@QUS5e=GfYLn@&}Sm?qp*e(CXlLv2`;1G4R#PaI&Lk$g%7?Xg;nqI>9gAu;xVd?S>$96kfve}Lh1C7N3Ew9qE@y%(uPc=< zzQ|u{-6)ZtaRSCEY~NL;{?*wYhPV}bu~#$Ng?qE+RWlnVk=5%LEtXdhuvN5u;nl!LN38GQJ6`BTU}HOV`w zEO8)`+=9jRQ2X?2>%?%^wJiNwni%1_Dq|Z>WV9o{O4$QZn8TfldzK5ehMKD#bflKA z=A9m`AKWiOd@f&}lB3cZ3D%f99gGL>XFmi_Y^WAPBTb}J#KQInDa<%`{UO||txs8m zS75{0X?RJD!iR}N0h(A9;d&Nb52NehbY&evRXPIix;+}O`XmrxC>2c{Nun_%qHpy8 z$N0O^@C?8Csqtwtw2p#bO=~?#M;W)o2hGH!wHs8nuOpXwdoBhyJw!W@h@(&Gg6 zf|VmZ39B()vrFl?kl_U^)NfwkD;-~GnC0EPzDW0-IFgH3?7ME@r|9-bAHjDNI$|A- ztjvM3R4~7F8A^)oD?d?)-Ovtz27(`htNI*me)-I&8FOKl8^yJ0d<#JTKQ1ut<^`ff zQXlpF6mEGH{c-xN4voRMU=QqR7!SiLKr)5EEWtscCZZT5F4Vojp06VlxbK>Ii8UaU z50wb8GAzL>Jd+piGmr?GDnbzz_XG4Ka|A-#$FOuy*Nw(w@#38^4DF^h7O%Rm;W$3> zy$$0?g06o&o=Ztk9mlm5K&0d~=Xe~e3WoIw3Sr8~%Mq~pPY%iB0S)^EK#||nj)MG` zpbR8Vgj>kOEed$T)Fuh__*CS(brN105t3~Nx?D*eJJl@2q(^h3&SU^>1`kx#E@^|vr}ReLkyuvlE9h_ z0Ac8_+)HO-^PdN|K$${-%b(6Bqdn$1c!+e?x%|cz4heG}a6NfGpkdqeL%y2Y7|4Z< zB;mvbaH3o!gFvLy&YpAhJ6wJ5GKQB zo+KIe#c*WUBt+Px)Z=ewg-tK(5&(ovA2Uf8H|$ICzK=Ya3NJmG6nGh+VK)F)AEhVh zgE~dW61$O(B3F)v^EujOlFOXOOc2`JN?N22%%HOqc z(UaE+ydKc7r;~omOr6LlE9h)fP|-imOGOXR*)yOjdz7h>GTj0v%0yzwL^{YMAH^|HbgCw05{e`VtXlyf z6aBN?9hqjsdml2*fftNZ3A`Q9u;&6QnJ$1#ms6&BaH32khD@Y`O!85DP?k(WktBgN z9{@7Z-%Qdyqn?r=T~F@-wm0!mQ5V2VPc8&B>_vc*f2=D_l0vQ&R%5 zp3=)&3;p&au+=I7Bb4u5;9BPE$|*dDDMGNs|l|L;oyyC$H{<_ufQm)RXtaOHV!^@IiqO0b;WvpxcgMjKO_z;lv|w zq-^{MvXS2OHShz7C_LheQX-Z^L?KKHU6N$hqW}<;RD1D#jGXqEkK-ZYX1B3Oz$f6N zC!ZAf6rf=*2Xy7cmTv7T%DDoLl#}F;lavrpK8vqN3CJ`QiX;iFrvV@u{j=PiG<*i$ zN+@Z5C+POGa7iyzSS$JcGQDvXp0O~-oX_!#=K-4NB<|L&7>8Q3Idq4t+okvYAk3{tbO8c5~swG&hmY<)dpI5H9C}x^(#1 zi|EeRE!dJWYj)!To)_@Flud4Gz6N2!sEss=Slz^7RxH7@-E><_7^g`!nV{!dO*@PW zuf=z1Axf+@_#~8gkso4~CL+rCt90aKH6Bpb7>W?~KsifICizS#RR0TW<*!L$=ogfHd_kqHzAG%7I_|7HJ0C zAn7ztM@uDIjwD)cVBd)r$Vjw+O0?1QMgpZeHjtQ1<4GF5tqnfAwqgql#`(9T7zyKfEHN0J~QtBH|67RgjV@w zZGb3_;HAiPWi^a~tDI^nFsF&XNqQ0}V28m^Ox3+>qjz75#55I12$0Ik;i1MT?H{yQ8 zK;}Lwujuq|*f;;BQzzt`T?A^_)1g07VyUuTdnjEI89_Mwg=2R_0( z+7&}P8~!ul-?$#K#ZHa?h}cD}kKs*Kl&Gg#$NzC7qRjcRcxP@?Q_K5)YYAj(dL1mv z#08ed%NGTd>l=*p-S97MVi+iJY?r1X+*t@W-h2~yi|Q-B^JeEY$JA#{mRpQr=pZ`Y zjQ?^A%=4F(sC!}42Sd}Q>QLcJ>`x%I=!2XCq|o<7BC^E41WQdwT`X_nj9O4GLzY#1 z1k>{_ULPqkeTL_aEo3rpb!Ad4x=z`3t|sPDRkU5W1O_7H1>(iCMc&qO(=_!? ztls|8OnLof%~V=Q4S-)c4C(mYD9G)#*lu|V+T5l$k!XQ<*DQ`$WFp5v7RNvq#{fA7 z9F9K4(Wf}RrLqBW_Q}5PBhUv~cOi!w8CFT_nYt7-H|=l$cZpeMEHTR)nZrv=bt^Tt z#mc#tmORM)?|860Wbrr~b?;DU{0#duq@L70s5agPnUobn>y3Q5iDfuRM&J=Nd^tI7Q^;r=DLe+2;U?~ps=kMqRZ&BB{bh8oMV5JkLb zkpJ62-Zt#7!Px!>K*gXsY-s-mZ-)IXpsMw(eAYh!s<9C89iO!c=n6wkY!f)Y`JQg> zgtFFpl-aR~eozdco^s573*;2H5^Fc8Yfg>iHf{t-7cP!sLtrS=vwwUbicI2PAcQji zF|bSgfOq>x08s=&fBkQ~WBckkAdJ{Q0cm20V$U~d9Sw%tMCYZ$+Vj}cm3>Rb{Nr7cdBb;+Q6e#*wkxtJcw2HuuiK=v_4iCKXs0FL3}nqVmgGLY9=?RtdTW! zwq>_5Jstu7_&uOf%0x$xcqkH5j>2`IIT5x2nU|{b@^f7D{s$8fwtiQD1uWP5F#xpx z12<^33Q!LB;5FADu%CuEQ0_d7eTjV&SR(@}32EAYf{1OIiqlxFZQR{Us!JWhR`YN( zHTcr#s8Of&I5?t!><1xfLQ}_(uz`{DPa)+}g6grVsIsgjUIKj+le>CsN_YDnP}~r* znXc`1dl{-5pNu%=VLjV|=Ujwu*jVp__Svwp(ibZ9q?04Q7716;+1BBXs>5^6IsV4? z!Ba-^&m-Ifmj6OcbP{(9_8+3w?En}jFmSXZ2(n^?VLySd1GX3BIC>%>_QGPm4|wAi zm*Z-3#0p-hiB95f%_T<@!1lwVDrg7rU~^zv&w(6?ZLPu+=MV7qEZ*>V1`p`*8iOFU zLjWqyUTrwyj3ERLrhBcGAY%D_9)i_W#Xm<}m9+7a+q4VxB$LqY%98RF@-~6hN2qHX zbMY|kJn~%W!~>d8(yEWWmKO!3I?Ks^j>*ryy#vChKC=||4UI-DLxNWUA#}Oe<6Vf? z(s4aM!{UEq81Evx-Uvg}Nd96#TtOxY8gCB~Re)AKt%`v!>q!?pxeo!+dx6o@ldxim zjd3OT7Q4nlyP#k*s})u&CuH`u$Q z_9SP_x73g*H;^%BU4mf&4z8qn;>r zL|)zzpe>Z}SP?OktKf&;#twK$LGdyqk$xwn#U|2TSpqQBfD>jE?~0Kbm@h4m z^%1^NyG=35dqr`E!F3VIsBb`#5FudC#I9jrNU6sm83U~!0$=N6FmMFQQ%=&ZaFYy$ z$_qB9=PpEvOa;6+a^%Q1sir@8PckYh%BBWNw>?AMuwALrFJd& znCWb51~0Q2lkv=KBZ>gn&YlDQcQW5BTA!<_L;`jLhbnI)Jl&k@fmg%s2^bw{RP-v5 zAWQ6rnbT;ahC31AvV6wBNw*c*@lr$O7A18bg>$3C z5@YSmSQ3?XZ34n#yK0o$b%;Z%S#1;lF(tAzT&h-!+~!^i6dHAAF_LHjVlFx7bu;V# zeVjJ!Gfo&i_Ch?eOS?CtA%=v#L69jS<#XGF_^{hk?K9KdnI|!+Q@uSK1rF=gd}D8o z0@{SlB4RW<*@;&FraK}U&SF0+q>*k7;4Bid&KZq;AgnH32-dFP;*`z*=kjjZr@YcX z4Ry+iUTXK1a^jSMeaAt{fy6--4M+Ui#0LneNtVLVl)uR+t;py!oywM{H}*p~s%BN| zjs4Te^fXDj^6iskK>EWhE)TS5sSqGX2!mianyJ|ZcI6EMrB{pw zK=qN_pWlf>1*`2SK$2g&HWul(81*c10Q{-T9gL@$B#e(jkrOS5sT`)TJ#82w1cZ(i zgFL8`hXPFu1E>aaUM*KY=*u?H1?WS0m2%%6DXD*k=HSA{gK@*eL==5__z znHR}5Oxg&nP~c1J9D;KJsvF&DS>imP4d(;s-UJkXp@s|Sk2wM21ckr+VYM8NhJ7I* zjI||6;65Q2ssUtq3%6DdR|4a?t7C&$5GZ`CF=7V#0*bVRBJjwxv5OKp2pS##Ps$ zy_Q|wgS~PuTuooc0(F(>Bs?(QqKiQiWqTUbVtG1%iII;=09<_|wx*G~nA3Y|D$=?} zSnEL2VtOVQW|WGm7gn*wR1NMo{0(x&AeY#^YZEV->&%eU)erGmz?BL_pVE_@J9(Sy z++0(_hxMiONnnL7G=qMw5NCUv`?e$%Are!OS~KW}%S5mVN0kA^&5<*bNHRse&Hb{y zBPtp)iL)*v8xmmSD^EXT18E6P=0AqPT@7Y`u&rS?2p93ie$ry-3LD{46AHlBzMP)A z+%!^W;nqWDQLqFzqXzI+9lys-3%GDwSVE?Y`V>UeQ&X(h^J&5UrkVP}JI_fy_lqNu z^i$nZjaF?giVQBy5jY>v@-ZaNt!q(+A7B}tjpD?WQ<9>&B`uayNsL}=4$E2-#P(SW zIs0V!_sR_%3DlF!i(69VDi(5LhT@BPCJqFc2vatU>S7z+iLTTouXaA34@&ukSp+Bz zp!LOFv^5r{`BIKhR2#oWdu)0W1>j>}0b!8tMOgHBlT|n!SbT(=8jfxEm|u*Sb2_yI zT%AOf=0>$qh?4y2Vybf83dBpC|#JViU*%F2waa*jt8GJ2waat9S=Td z5V#(PIUan@AW$Ch1+MIl){J*&sFo4Ac?QRWkd*mGUG*DmqpUyS8Zz6cYevxuK+U-C zUsTTMaF?W)oUcSGCawZ#V%nk|O#Z`pe#0j=lQ+---K5|sNkr`zk>YxiPV#yRPH9Ye z34tox+DrLr6@fpN$mN3qk33XOgJOwa!i^7c!*1)9PPZE0#uSicuPJDU+wfFjJzpBG zhL|Wx4b%8M<1gg!5sD?akq;Eq3-M{#*T{ECe&&paTA>tF@#ZKYgieo7``R>}9RUS8 z{T7_AOH(+UN=b*!`@#slnuO@Jug@U#+8s#LGPLPw68mj59DgCWA%g%L%iXco{>WUO zzilboj5K+MY$4o0sb@yLEjXDtx}YR>qaLCFiq2Yu`fZCtOOZ3E(90~rE@Q-7rP3xR ze(-$vBZrtqheFk_q_{qmBJe8V6i;skQ4m_{&ab`36d#4A>tFXL0jo+VZta;ZxBu(~jLV_o9sLkzVH z&^!#)M20oeZN#x$;PjzLpDFZ=b=6}XGsr}BQ=H+z(E=-RDUZfTp~le|KAqCRvAMcq z@FBL#XUW>3*ZYqatP-f<6X0Sm5R5gH3#f<`!)uG zvdwuHx^?Y!mhq4&wo(;Edh;!qlEemOnY9xNwWCo%&0b=9U4cqK%lKg_+kaqbdD} z6V0XkrX|5LIywaRDyAGuTnt_u$2oC3RXuTT^FGk1hFA*Y$h~;5^n^^%-cMS_&3XWD zHQ1NWEXZQw7T;7EvmXRW^;FDzQmKUZ>{N2fH`jvs=g3&6p4Ji+!p4WdMb_>f#!KQ6 zfF?SLyLC4x>_>sR5tnz2rXHi4TMW^6OPTd%Re8xbujH7j{BF6y;6li4M&B)aLM^3R z(qS*WGYfVmZzX%w_zK^CaDH(kTgvyWKON|ff7s_qzMk4 z7~P_~jcIL&-M@T}4ChlCA-7c$Dz;VCOB{Jpab@;p$Cd3*)nC}LF>qT4VaGOuLqQ@u zy~rn;(+=qf8ub`wqXU$Z4ylFGO^8a;NvHS(K4hoJXLhGZ7xr25A^I#n9a*c7Fyc37 zbO%q;3&$az!c*)JV;4Qq-#ser0{Pl2oR6Qz zljHg}*um<$)27cebUz&KiD&tC6)H7kQ8Zj^Pa)VBfUO(4y%J=RvuXJiRSWG9m-Zh+ zcxjD$$V^{#AF-hv2*o1tIgD@|43z;fHH9e9_C%#(_C4SZu=aH)g26e1*E1ZpkATTM9ZE%G}D>HLa`tDibg z8~d`_doV1WAlAM3N~M>ny@zyz6@jqsY%;^n5hRVHwUc)%7n569M&M9Jw@$(%C-D*j z$Cj{uGx2o*x1+rb9Hxxd;*k+fcJvbK;A_7Eu;bWbbq7v-H^M3xg|pghX))2c_cYA~ zSee5*oeh$H@Ufmkc80x)SMk|Y*-2*Fui<_0nY{FXab%yMX#=!g=WEA$F^_~E>~#>p zF0P@?fDf#xV4TKV#c;dzj|(woQcLanA`}oVva6yYrY|uJ!{jy8_;1Y1q&=O8&k}Ed zT@#(e-GaRX97DC=ge&%plp^Ea!YlTwikdkOQJDcA?%t7IE%uH$dc_G^=SG!pnetu@ zd7u0*bBg>9pXp60bjAc(T-zIVv!b##@Tv5KsIS^nh!;!>LN)X%65Z&J z`mL3ON?@@F#SBIdHCT!02a&i3q@qJlq-%#JBuBS=peNK~7l?OA4XAL72=)M0bnV_d zY_=aioTFk|-5P-3f%s9AaV&o5J7{FQ<3OlU_|moZGP%DUuP4+V9yU8*ZlKAF)d6?6 zh&kG!a2kbQbW*$ug#*WS8{;+VWlFrKdO0`VPrXcvAD~_)#1B$0W8$OK%faz+>Sb{J z4E53{Uawwa@u}*iGh$WIy^TNSZ##1h3Nh}z@msr*d+{bkV3e@J)C>v+dbBcWu5=@k z6NXCy!N7Pq^M=Zh8}SoR9&rCbS$+dLo7809E{XiF6HxkxM49+1h9 zu^YeClO&!sxz3N%!WTjS<)C*-(zgq?;Ya|cv9S7Iy14nqx!?5k#v!m) zB9aaVpZXrsq(##sN@z8AW1F;sX(Zf@ab*)k;E-Yoc_@hW9?Y^yXKi?5Uo?h z;E1%!({in~lcyY4SAaL{f?_W>IjiYt;sf%60UnBKJw(YC;V`1>-`owX)Y62rQ29O* zMdl~foAvanV{_LOouePcpt>1)B1fnFBEF(k16+}(3J&vy<)u5G&q5~bK*cLhJ?cr= zRPZkG+s$lJO|{yAHGLeOqI*EC-tyerR(uPKL*bI##BJy^aWuYxBtaoeEAAAo4wpjJ zrX&hp#!#%6DA#d83DSB6NGK4?3+^#*r-J!IBu#E0rx}BX%$P~jdZltO?7fUZsRTP0G=ja(6myZ+faKt| zxv+PSInPbMykKtgt8V%^``A+_Ua*xLMg`S)gj>m-pm~Z#Qt=h0qT@J)C9I~%!Rm=6 zHb^@D;-;hHr-qZ%R7<2(LNfi%L5KC6l>b!uHX=tsVGlMn`D(~vlpfWO9h;uM+!Dj& zwP4o&E+irB@}X0V%>V0Fcy4wNU@yD18MJv3SY@=gqWlyGBCvTj0C&U$=d%lu{hjPH z)i%Vs)K1`zL@8zy{_~RMGw={gh~w_Q1OrUED1$x_2yJXv83v@&gNoW z#sH%xX!R0o6pqBhi(Sbwj!B@OqJED0v*%gIQ)AvY{Hc~rw|gMoa_AwXN6d(WvyrEH z9K+gCSkg*sc%E7GRYrS;5>whE}$ z6KhKL4sfpVmgek;1k}#rPh<%hThBoLge9IlaUW{N=>{~G2*^;q}e^BdEtN5}X z!HT7ZC6{nw7i0_RIXJKUHp}iuK-Ftaxj$l4{hS+6&0jDeEniObT`3b@?I!SeiTOoy znb@m`32a>fRw}LQP_keq9;~XdDWC`3as8#Z3I~{#VOV)Ve{D|ubQC(Z8tGcxRQ6r4 za~uYh!@k*zTuUxy&u?&{WV97FG>6SaG>T?ji-2&++BjB5C#0UcWS<=tZ#B%Npzn?3 zM7tRN*|~mLj3^yn7r;1Olod3;=?=`8f}Xn#w1-ALUm8A#H_vxiUu4r^xF%lH z^(3EMa^lmlzvKtHqsK)9AZtWI0_}&8c8bxDq{f74$2n#4*_;gmqtZ(V}7x~nJm|@*a-^RZLu9m^j zhTOV0&T0kBx^ZuQYVphZC;d2XQTvu&ka4bvmrCjxBth0t1gv%i@OlegtK?>eteB|f zE9*Oc08NqjK~uyh_BDLZN24C;=G?l2wM>kt&b4;K-TD{66uhj4%2MV5xQ%3X>y=1uxbR`U#;NwDO#lCm9%jHY=s(1VF~wiK3V)2p z$e$1E2Z)&X2sPD7uYRag=P|vEI!43_aMmesTqk(puk#T1?Xf`UFGNF`C~8w;IO`KXB<9WCUQSae!=4Zg4h=bT!n5kqTYuf)+qj=+=xh zX8p*7*QcyT(;q9;r>x^MpijZP#)C_+9e2ZVHXN`mTnuOBnfi1jcN z6Lrtfu*529s9Qf%BBLg3ij?v2T{x1Zq+~jfwm+V)G9I%g!}>51vh@6buZWb zB9r02+4>b8G`1F~mKL37BtMF{d~(4DT8yxcd*eOURSZ!YWxM;~u52zDq^}rY z!*UbStyL}VYsk?hPNn0`I=@je#;cF1HZbb3Va6x~4Be64m#@{ejlV&hCY~F>l&Su5 zBoX-P+EBu%+sxGo0 zgD_r0nt5yX^TL*Jk#7G7Yyz;T9Pi#ryTC6S_oF^ZZh5DUL+(fj8F@ib-k{iFFoHe~ z#^#VvM<8T8!UI+gK2ISaKC_1O;dAL5#RX9npsj2OQ!gKui)b$h`c5$64 z+LNE~IM^PDRTb@)jdt+I@=9~k-i5fjH8&6ord&i1qw=BWbfpog#@;|(&LV@qro-@^ zJ3p2UVKFpVvQey~nk>XH9F`4ZMS8|jh+L*VN2bnHCg&K=cPDDleDZWo& zLKkYHlek-tgAHsfWyVSbfDr^PutWLqNS5cXaIC>VyeA^m97D-di};KmTC)-AtC(!o z3(<}BAOzX47X*enIQ2tZxOa3o;=;eIxZItN%YT?|>9}mzYg{n=Sf^M@`Wyg$l5T$+ zH!&sY%${&1Hf|x&#VO5WvV%<07Vo( zKYnIKVQqf2vtEBQ5=c&iIJQLPbPe7|V;RK8h7t6)_k&-YOqEgsU$Z^rn4ndQ@UoBe z!9vPgEHn`uO^ok%w=0zG0asj-h!GOk;;sjux3l>e@e?rx&WJ*8pmnW30Feu#1C+>y z+K;d7pBiezf6k6!q4+?C!@8)JXk=b*CUgWjHGZw@mq|d4L`Li~Z2a}s3Wsa$cpQ#> z@W zh1StQiaT0Vw8y4xAbLtssS*TBOI|p!H5Up@oa-Qk>T8i7%)b-&&bw>$5QjI+&6BOq zn_{!qfXo&F_00^()dXUJic3Y+*TB5loz%!}M5@=|d?a1t7v6(B!zyKn8fEG#c0#sh z#Ji-}Ow6a^4|*!2fgdJjqou>rK-jPN>;NCz4-wK%yHZYe03L}TK#tj1>~=Pv!9Nj# zV-uak-FgBw!_I|UaUgmm?1AUum6lfFoENZA-J)2>Ev+lyk>aOFi=DlpXcby)Ggc7B zKJq)LI=mH*oS0kCp+qrqgyM{%fuAT13g-bF9O%d7fnIA+`Y=^jbBd5 z)Mh<7WiKjS+{WRvOA$dVHf8j$m{77dg0BxZF~}vFXk)fP1n$}3)HhHe;4Typ3AHk#v-F%&H2>?M@_GuF2Y8M zOVtwo6@%<@I9ku7>IiiF+Gggz9KUdK#BL3uL>mAuYg#)IuxUNZZyLZ87h%5S+6kRqI&`I27k)G>}QE2C^Rd^aQ-0D*3aZHLo z>z1WS2xrS*WNb$n+q*J;j1Z7xy`U$pfE!epJVvc6lVPnD7RWFwZeoW=2M|gwnRX>! zd%jFl3&zPtEr;F4DXC>N+(*D9)RT)Lyu7OBpW~aWA=?LT8Z@NS;1r|*B~;4NL)Bn8 zu>kcCYSjiZ(y;`#knM0skXg?m0dfPa>hkrV3Z@fWqj`G3K|2G@8caXjGP!1@A!~*oB3_9_5D}`^27c)GHjt%W(aU}S zsf&)}PDY@L5qKUEz-j{PXbI8;YXxYNQ^%-amB;!9StS0fIm%xdQ$nKy|59HjO}iA0 z+DntBDa%hWJ4%ngdz{mbP_NCMGt#apeZS}iutI^GtlZr{QXSckL_*OLR2kN8>rvDGQA771Ci$ zpn7X12X!LbnZAinBj4n~Y-VmR zI*Wzlo}gxG)v2f5%X#*8o_(BWU+3A+dG>dn1DxkT=Q+rE?(aMgaGrztWZS@YYX{>K zincMu0E?m09ivne(`nZvqto7PQ`2j%Yep+^iQIgQi>2vyKJs%8p1T9fvsh5UmF*d1`Z#+7SP4w}J8OI~t>fs_9x&+zDL3bW zyO>U*k!frT2}I8lVCd4}(MjCX9Ug6hK-E~wx||bjXZq)hzSVG^mW6z$rbspLNUH6! z|AX~-5W@Qi;aRtX#-0m+n>i3dT`SzOfoH{@x*Y6q;VZJvA4xm}LC`WJ(dc;_V8OyG zDZ3P|vgfWFR9U-N=jH1h|8O(_Yy>n9JWh0;Sd7y8{Q;o2Qk+ZG114I*P!uZ-4>QC_ z!y|a~LleV$b;T)3m-!73(pyjR(SXGB>Se;BG_;+}b%$ZO%a?SD@1rD+G(3h!bTBvw zo+LWI;UW6zNj?EP>V^sds;|jtGqA8H8J;c_4J;FwZm9g?yhA9|I57-{ zEJGE0+|tp&(!qium8UvnpbhZKUB4f*Y+EK`ZM`VfNVg9}{W2Td;R`A0LHH#Of?E@v z#J#b->lvaaw*7^g=p^peOW=d!CfFtCw87HuVfVtb?ucJ0_Y9>3q4JS?U>zleYz-}q zf8o-q+ksu$Q*|R=zRa08IBO;^GraRN!{e?h9OiXDs!jV*?Va{OI`QuqK&{@-t zI(leNW;`ZE+M8S68@RCHlY)w(OMdF}&4`*`Upi)9(aoQqzpB;L>&Et5T6*0@b$&gWTlZ)3%L!+%UUbokp;y<}y)yHmGr#zJc=sAE+ ze>`XX>mL;SGUo8nr$4Z(=O>*a6TZ4?;sKq9<)41h6`k&zv@7S}4+qTt;n`Uu#vGn_ zhs^(GVPhJpR8K4?UdEmUHRQV zpV!(w+<8vqd(S01FI|6Gvgcd=FV8vQ?z=`j`fJVF5AWSGb-|3=H(mUSXQ{pA-OENj z-F$zy53uR5%MrW!u1%c1y`*XPhLax}br|+#A(D&E#MwpYoTQ~C5 zzO#Q1wcUTsnC1<`zM6RS@1tMam0z^Ix_fkFTeDu~KH=a><=echLge&Ev16K~R=d(&SP zZJ71o(6TqK8u``_fr{pPj-9*w+QaM_PloPq)m^{z^|nuZe!xQ;PrUxrA)}xEY5Kxh ztIoP6GV&kEwRKBppZn+9M-wBz%HQvX$4{UyStGab%;_3LBEmutX>CW7?4-VaQ-LRua z4P!atA9auy^{VY&Ti3m=M}NBbv~vM_UFp#}VS2q7&uyP+TBoDyDZ&SZTSW)1>$|=v4(8J<2MWLBTQ&7;XVuQXa}TQ;H>d{{0uM~0(S(@I|PIe+dsTYTX!X% zsCZg?{Ln%o=>Sm46~pB4CN;j8fd1@HMZQj6)yOe7g3UE5hdKe=vAmA#uQBkoFp(I@Q$LZpk`?>FfMS8 zz~=>S68N*gif*LuRCiTTNSoG+G5xg{B{{h_VcR~0?fWv6{rmF$(1D#W-n{Jq$~k2y zrF!C^4JAd|$l-&A7iq0V5Naa{2MN3vFrvLX^5u~c?Q?;H4(9vG0xuVMtH1>UKN0u` zV3F2-)F5;-=3z{wheu0_9d+(eruIExzP9)n=KB`{tB$=K@2iic%XWd`Bm7ig@3Z;dOT{_$EETUzVSL{eIR7H1K<*`k=Ln2V<@;Gv zN%PLtgxhXm?)15pWn{&buM4c2Z$d>| zKc6YTZT`CXrgr=tgcl2(eg{K&PT;@=bbn{zodxZ+a~6$VRHU7BC)20?9)>>RUc%$= zV=8UEk6(3tDDV*IAELW|<+sn8T8EW%AGxycN>e*;r3r4=i_0>B>jdr)__M&GRiuvz z9I=YrCI~!BT&@tfXchUty6UM_PwHEtH8HiXSCMn*ImXKZG_`@xk>+rDzrH=+uM(FM zDP4=iWxcq3`5a5N|9O_@F3*=gZ)$zqZYN-t`WFY;2MEj1pXk<_X26E08OpO z3k+*4U`U($!er#~kTuNZyVu;Z26?@PzJCgwJ(BP3UnJ}!aHPPqUSxVU3cUVBrt@NP zU-9DVf*-UuU(~c8v=0QT*!@R*BQHI*%GBn+O!&mh46Af4)1+=KTf&8FS$ZE?%dnmo z_{v(+T)6Jef+FqyS6C~T3w&Q-;j46MBe0XeI)Ot4P5_K(iC0-$FBf=?z-GWAZL83H zCa~r;mc!#-XSmZ|XHGpM?+3iW+Pd`(y4SzOny9a5T`OA8+IrL5e7_$sq)mK>c|GMF zwkH=gk83uy70pb~^#VT;_=mvJLzz~`Y}jq(YgcX{hdF?zws8YP>A8{h?vRbI7UpY{ zHqyP|T~ao`%lGn4Ectymk@F#&7}g1!q!zqKmj?vC0+_FT@E+-lHvjYLz?0KWpGm7{SMD2S0yzUBupM-{YXGz7kdT0JNWaf{;+&4AzK;@1ba$Z?c&Bd{QR zCTmT=77Nb<#bSG*_5iTXSc%6%68x46HbR>s*b9P<)TRpdIjpLR= zZ3nQRcDQz(MCTvCeA;MjCZyK1A4TfZfca8VpQn8xQvV6cgK+j*VIdE>G-zSZVtiNX zsQ`VWR^nmY2Y49wMy%^Hwg6jT7v0t)pO*9jr>eyUf9&g5Bm|JtTyOfHAG= zC&d{%fZBxop?qG)tW;xhc4^VB8eiBmR8tr89J5v0v z2gVqk0>5&sF;4_$d+1kyxJJ8diP`e3OJ75dKvlHThb(w9b$|%f+!ic ziq!SM)@ZAE$`X{*jd}2Uk^9eqJ&Es#z3I6NIrc0tO-J{30M%=?Sjn#He7pOn=jZs-d@Hb z+6UU5^4&A?-G|x(68f9+-G|yEBIl=G%DGj03Rt1`C$QPj6A{z2A|L%e(w-H+uE5H* z&mHUlV6##FpF?<_|_oXOj5!7Qb$u3&d}z_;vHd#qVhG>+az-)`i+6@$2rHD%hpKf?5wxlVH~Y zJJ-|GbAwSK`+PSRraOFy!BGVCCA;p7vg1#|t*mGr-IAw1FL@ zP4o=(dO8$pjldRYXLu$Hc8g$Vdg4O43|Ospwx`K^1-PsR76f*MP`)9QaZj^QekOi# z&-+68qn~+uJuYy$0^$7$Y>PJC)78hi62gQsh}$Kae3Yd+(92lsxyf_2FNhHO0;_~| z|JmXNHx?vU>e$9JP(IeoMEog#koJX-}j3s@m6U;iZ76krFzW^)Kr*+T6~p%3ddGN!Q zM6FW$m*-pYGehL^qi45Z#lY5Tzk2>KS(ds0^J#y2yy%z7UW#BTzy z30h1)#80U&46zK>>Z1j_R5L2liFsANG!N%#g`I{i;TY{aS-!GKA z1Z&hE@Uy)9h=E2>yGmapA^ZtHpEgZjCzSa)jKhtYgVcFrjcM9eeXH=iMJTuGu#=4M?i0$bIw9EtFr%cRTf;gy(O0EN36fXl<$k*ulkumrpp)kjKgpG*+RKn{PK*mg>sKz zg~ml9OMU^RE;Mcs$~M5J0-GV&e!zm*g0UdT6s!X_4cOhnWq-%-USQDjIoK28H&L)s z<14|=6|AlClVC}~DvX>E<-DPQa#k4O5KCR%ODtJk9c<^z#A=Lk@%ve@9!8~LeP5$r zA7ekkngr`>L~C}v>}0_P89fBMS+E0)x{U9J8odQ8eUslEWb_qm z&|AcgG=>VcOt9mOQG!icPrr%AF@l-z5IfyCUN9x+8ODhjerFmd3s$m$lxG>I2zKd4 zVv~(Yf~^tkY~ysaNSZeJUHYA4oSDJp+$`)oV{(Sy`Nlbdsn9Pl&J(N<+rENY!hk_L zq_qltigBS}7mDA-MnbU7f=x9p60FS@e%D}JBG^#DnvAJ}T_@O8#$|%77i^l*D46*H zzq`(85^S(wGmI+*8@GdgHyT$9rgG(G<66N!5WicE>4NPMY_>5&uuePq-5g_ zYL^xFMrF9VcmUv$C6@!N=Jr9>7%9eX5&+Gcwrf16LK%UhCUlrIa@WBGQZ< zM}d0;7L=2wjlfF4F-_Iwuj@Uuf#m}bi{S!C3mgwv2}3VMXkSOQDn-|F30x4n@(y^v zsk}4bJ>?eQ^70zMb>++9yH((?<(H?Vy}ylRjBR>M;0prZ61YX+mjZtl=xUNapf_9|5p&cdpSG%v_ zlGC2>NP%axzrkP{{(w-fY~LC1dVvoX@coN2!m47zo5X#-z(oR=DN2El30xs?jlgvR z-xBz~z?}lW68KMn{|4-#{n0++t<(G!5wDxGstnv$(iLOk?iEqMX%&3{Re3nGGBe-1 zddD`sT1MC`@WBGUZ19HX@xnq>32Xw zo8I{)z}p4h*ZB>+zub8fzP+&vL%CbvN`dcp`NecOEUW4RIiCV_U0$nt2Bmaugm4?6 z>%P9~KDfLq@O^=w0J^@fRYk#PH(=VOlYeZ}g9U_Nlo1w`cfv@oCPLV^?Zc>Lzg5li z_0alu9e~l{kgh}FUSzTMwG$Y%enBjTTl3&D)_N8+mskIS7~LuGx$2kj{z0`5Beov} zmPUhk?<;Vez>5UViRQz7d6Xq{hq&BcQwNu&0!w1#P!}V&V`6UrULMl!;Ca2KW1)`q!cB)CIt|Dh+tj@`;Q&C7 zHn;aFfKT;4Bd=2Xt@q`4-_Yj=yzkeyAm5|)?pp#lqHjCE*?rk|J=u3yex?Mm z+w+fZ8am)rz>@~N1(+PL0dV$!X@HLn*bMmgfF{822dprUZps6U?g03RB7pXcbN*9JZV_|d@So;vN%fuH5qY59ZhW{XEw!k=jJ%~BwAN(rfQaku9z+(q*25cC-0dVo)X@IW`ezU-%eLR@)%^$KA zu=|i*fa8X&K)f1;ybIquhin0SX~=fK4~KjVxO>QF`D|B*6|w~wQ3%SRM*>b8dMx0K zp%VZn1y3#vYdPzR4h?Ig)>R)`$$liaQaj?n?fB}r13w4NZwIn$R2=lW9@ef~$6C2+ z-NlE6wTf3fhljOOUuk!^n@0@?-GcPLTHtg**Zt;$HpBfkfqS}d&L7jX;2`pR@t|2@ zlm~fd%2aCYMr;jNYPlmj6;)~@NA>|+F>)B-){#dPd9>n#&n#lg@aPeQvC(6i$`4`d z(NSQnz zy}*9}j%oVt&|9R>T2z9b^f2~QWrwlubP`x2u(Uf}1{}r^M;>-JC`TW5ANF{!KH_J< z4M%wX4`Fv6U&Hl30RPO)nYnYbNJ4V6uM!D@Bz7W-SQ|tnvBlQX#uh>BL9Q&eAd!gJ zm)fbNw%C=3EhUteT8a`BrK&}%Jm+)H$JF=rdp*ySKhEpE@8`@pv(K43XHHn(;|E>f z-1V-DE&FWgdYOF|XSR^8uy54sx`^#L|Mx5h=QN4T>I&z~^lC2bWt@_(9xOf8bpfmE z`>s$gv;ib?yDQXQ7z@jOHWt3G zy28HKxjXE8gS*4t_@E2yx7O~k-@fYt`|Xh~u-{(n0{d-oci2C_?(X0wk^S9aFFn^C z_R?G3VK1%hexK!mBL%KRFIfsl3j2l~DIeM@qLm_!5jbjCi^ct}1MI8g6WCJ6w|AGw zzwzB!+9{zwOIIYoIb>tP9;p%OIVi?MA_E7(TKaNOH;+bS_w+*%(jDT0i+MyAa!tu^c4SmIt4!e=mTj5|2&I-Ucu8XJk8_jdY=Bk^Q`fQ{7rb; zj;AeH`hT~nMEpj<7H>9cj~8o=jDmCZNS@9cb%1@dg{P%Fy~%UF=c)f_$k~#oeMcW> zImeH_$&UTvhG*F4d7~lSIU3FzKaPg-Gj_nU&e+Kz**pTs`|k?p1z&3faUKu6~381^}lP@ z=^Fca%K_2{Zjk;k71CKgklyB>AM^ANo|0+%O>FO-2DSX(^5HtmTFBFQy*#zgsIQAN zi9}jVhn4`GHzd-3I^>x;9k%F~{->DB!ua+!ZGS{g5=Lu;X0Cakwmp0?xZ0G?)L z!m^8&$&{9_*!gW$ONpH&Of8{Zki_R}ffC;H(mp<3#*c391N%99K*siMxWdjG4WGr4;*kR- zH^_lwN*pz|J~k}sHU{eLk^^UzFLPk344(7D^%{-{I2PF1l115`Fk><6^7cDV^_lS5 zgQxX)+L@;*Jk8{3F;BPh^cYWX^7L<>R+|MSg!1$gp7!Qx8c(x%x|pZiczTSdS9$uF zr|)^{G8@XN!_!ZAn!wW`Je|PPJf3c3X(MuEc0u5WYXK}Bv`jX$Z(teOHEWKQEpM|? zuxFm06YKcj8DNhW91)OKq(J&3|Ga{yTO8n<2X2sV;osbz1LviTT-aXsau=}u%{+Gz zOGR5WcrLU^yUfiClE@gI%JW*YsO!A-LDh->JZPi(%)iT`5%V7e@pIH5I9E(!>9foE zEdBZX4}+b^Cs&>f{%;Of1w-wSu5?=!%+3J$(29m~{7GCvotpk+P(cJsp$(jvA=b}| z0$6)u%WmVJkMZ;>Pk&=+w~Y5J4JY1(uWE&p28Fb?6X{m?T5}>TijK21o~7YrMbRGi z{gI+Gwf)JpBDhP1)^)dxdqrpDZW({D)SoDe{FD!^g({2S{@QyHeBWl#LpD{XMSIv? zdG+GLP$#nd+Ss9q8Sjgs_Nt2^_2+3MPm@^cM8++i&(5L?c)D%z0zW5mn5X57;k?vw zN!tiWyG7I|$xG%-Dp|_XaI%%B-z*s$;Y5C2GKuB+bSa!^zg)VJePes_n-Q?KkB(sN zy`{fLSlGF@s6L$MT^jiFR+c|$yqwQ7PoXrnm6x|+(HYCTH27~@TxVy47fm4jo2OD! z_?#boot+;Fmyclizgj-NK{%l+Dqz|bFb{=1r7L|K`V*U#)fhld@o@b1PePhOG(FTBD2^uu&mJzz0F-vT?4*h z?E#jut2|3ttAM4fRlri#DqtyV6|j`G3Ruco1uUJM&%fs-Y~U$tC$R5X3xTbT_Pi~+ zcMbf~a%>H3@%n3fHEu*4*S&8Ha}L+IVaFPdg}t}!IB31YI)8g{#^}ThvJv*ik*p`>zL>AuHCwy4jp6-*I!M#7ETO1&Lz&|_i?@#g1B`lRl zo8xe>XVXmj1s-pZ$ME^-?Hd=hmUI8Y$kw);XrtH?wYE|@@#hz8U*9Oa*yhel8~b@7$*EnC798!gG+m*aA6Mor84K zIhcn%JUz_QGv}@(Xyop>Tdait?{Z?w8?bj}dX-<{Isfna8Olm7DTnfpmBZ)L{BuS5 zEmr;`mO}aSdy4sl^|`jEM&5n5iKQZs`vun0AayPrXRjLW;Oi&&;sQU7#?3?7RAD92{Mt}O?%I<7q9m2UB$i^srY8(&#+Ef?t^XmWYbg~y?wVYGfI4p-yO`OL_ zw&b!An<&|n&=4pk->s%^by|fq<;v2#xtx-!kXBqd`e!cXOdV09Tq>C2xXR2KE>|Q6 z(wpm~d7jHPrq40wGM8KI8N@Ku9+!JeX{hrqkJ%Y29d*y;ccyIA-!8AEsw59(vPkSj z=5nqwv$Mrku0}4S0xV8UH&Edg7p9k}mKIN@(3-G(W#*0+U#4+fIeMI>I@1hPKTA!f zJg!VK)Dk8;lU-a{Y#YT%F617Um5j4AmR-oIT2Q8yOtwVH77_!)bTCchg3qizHOo>i zvCi@QuS}g~dHs6+DtSQgptI+W#%HZ)3hC802W5}U4s<#Z=IP*+$^cS2!kAvWC|7V{vfTm|H{>qOau zl%ULR6J<|wo6AZpZW*!{32p?_-H~d$#Yx^IjH^^?=T^ZK%~dABvEoDeaOLO@9_37* zqryBYn1-Xev6wGOLk(pyUor&+N2(vmM!}KlN9GB!y&#NTmlqpqtOSs?hN6_}>)KtHx%pzHAycN>;*N+ zKosm}HAyPh2^sc@n#8LK)LzEVAvMV-Tvk%VmYv1;n;}-Rj?1r^n9p5Y6PgPh@rYwN zD^O=V;+2}@KI)1`Z>1J_i();7m>i?TbhkXB<=UhJ>JeM^+9bK9h`r=mhEhETDYeP& zPejbYGers|uTj-KhbVPOd@B*F?-?i6CCgE*JX4gqWG5=d(^IZXPNEV$N3+;9R2|be zrl+U@o|Bp6)}qW2o*7C#;>IP;d|_lBR}S0K{S@{}XUUesu>$w~w{$|cSr^~q@wBR9R)DD{cl21+T@p@xP;<*JmP zd2M2H<+>yN>$Qu?mkZ`BPHIRZgjgwwOzpWuDUC=cE-2-=(ugE+iBcMoL1H>yN+UAf zP&vyvS4fAmX%n)LOO)A!EXP=wwgQd-bX17d_r21L zRAB75_cbMwTt%JtzQuG0^%IM=AdgU$EY^a&5Mrg=Q=*7-^ndH@6XM2|qc`xmrhG#D zP%V6JG1Wu`SaOtBBplVwCsArenhEhW(V9ea6%cn{FWQbOy~%;iz`<4m!Q3$Y=nzqrPrR6mGiqFlJ?9Z5M?4ymlxn|35_pTc}*G7X@eh~8Pub+TV?8bdasrucnH zJCn;Ov)h-n3wev`@7GxFN;-ED)6HZx#F7ChxXQ$mwWwmh6xxkEL4EBvRE{I&SeUL< z>d(}j*rJZIQsRj{>KvB?>Sr!zu1xZrO&3q@bCpT|vRDFnhBEns-k>c02{eKHgYsoc zBzE1P_A;psQx9S>G+F6Md<~7Ky-0|mblRJQ8?w?qq?w@{nnc2f zV>FrUF(k=D$Yn#P=uq;9p^J1FsT%iTEnTO>Nw}f=bOebt^o*vEk%r#TktENMqNbAD zhV0c*B&_>~GF{ctB*T!uI)+pjs;#mg(P8KYzKt5HV@af;R_Zv?$53Z=Jeg#umpXwg zHZ)kB$exURC}os7iIf`}uTCZp4NX>OGE+}Z}WRN5wc2*2itR%zGr_yw?lB9?O|a>hu!z!SOejM4{mLn@hT&;24`rMj4u{%p)@mji>X; zZbRubkDN1PrTOF^LpgK-aq2DVtK&b17LZ^=6;dH-VJMF-B=Lq8(jqe4&^2ihS!QSn zEhf7Rt)z>|Swm~-5^~$n7P^$EeLmFw4P8dO42@EklRAd>(-owvp<{F<8D(g^x{Bm- z<&dZTqtw;pFzO%wd&(N}vk+@DM9XW*11_uH&S#XmmOK|Rwl9rR*TIaizcN(|h?dt2 zFjWayt^OysfGz4KBjz7aqJB;MllXK}Xuwf*8wnILHwq}1wvk{|Ypz;c;`+CZG!QWY zHEbhETvjqN;HA2g9KsmX_YK(rqf@YJV|u{f>R!^UAFq!X%E zQV(NL${7-gg4$UZMgCW&E(>7)6^&$lRLVtCB&5Syx010utzdg0|viBWF9Gsp@5-e-2-i@il*i9N@|)-v@Nmu9BCiM**?gPsDDJ z$O+4Eoh(AZvj0rha*1WXO}1hTmi;!__R(~|kPbTJs{D8p-d~0swZj>Ngm3E z=@GH{LevK}{7Srp_(!gPO;DJZD@Z!(`tO!p5d#u!ZZ4>`qUCEcs1Xzxe`s!#O^tWSON5Gd2i)~;2P zrQKX*1Ztqt4U7%0KAZL7pE*?IbPLGS%+d|6GQMBiNWXE3+HIx3g!F>y<&v%R4z;d& z1(WkIu?#S0cG6W8)aM{=94>0uSACOKO}aWlsOmj2}uHMmG7K3zU}bhN9*MOx0M z%O~;2Ol>TZW6FOuxJr>IsKG-jM?slB(k(7grms{fql|>XH%)#7*S?HaI&eXnzq$+KD-<)VyTsB<)A}*SyMf9MyouK9$a*I--!wW;RMrY_RIs6#a$GHK()n!ix9TQ0mwsh8AKh;6Zh zT9TAAfyeZc&?b6cX&&lKXcW_F)K4tdPpaU`(VvH&GWCB-V;RLihrpX*?$`P!H<!zP+pY$_;+{jxWWN$1LBzwBi* zIb*C{SgyGc%RFJ~`akL&Hqi7T2EP_AFfTM}9~@RLEtFdDQi@3LuwoXA$1=yTQWi-` zSYLYB8m7S*%Vx1+X#~a=uvoD)PKcjv7E2i-Cs`RbRb4C{Lv3YRBE6o*mxvq)+hkrU z1zLqlxniaZo#z_DRc5XT-o7o4x-q?J;4)H}9(D?h9=)g}0md6hI)Oh>eE zUwMs`g*mnG7v?q6Rjz#E5dPM@R&vaO8uE!}xN5UbYK^MO{=w~fsW+;6cr}|1(qvRP z(1*jEs$aOB&35TAY6Q~`*69)IE7B)3?UZ5+dD?s<6&eb(*(I?X zUd$P0vs;Qa)YxW^bj(m&o4u0rj1M`x+w7CF3=Om?k**pVVY6QfocSSVn#}N)pA&cAFKeQJAA$}!Z- z_L5X!Xt3?~(lSHCZ7)mf42`k9B5gA?$@T~7prIVwAEgt9=G$JCDhw^Py(Zl>w88c# z=~qKLY_ChN3>~t)A+ett*k6%8BmA`OP07j7W!qblkD=SPKT9e)S%9vKR5?NF**#`248hXokmQI+rf9Ar zGAg32-4p30YEr~+woj#qe7;^t28;bBHRH-8*%6)Xo=Lq8#oIlX;D05+bHn_Ia_NPX zCuBYt;VHk6N>C5EZgJ%h*ZSj4FQkWtdfWXWu^)2SU#V2L{%3Z7O4YdTNRdo`NnWV5 z`cCpIDUd6NEU2GrekFx+!8Lro-7BfJh%qg)dm|+pN~eEIgAG~fKT?{ZIrOcRX()&O zD=jdzg}#&47^;xoOWznuphP}oXg`(YbB4yNvV6tRF{;S-3{7SK<3uljr9C0TRZW%a za+T?D9n<6nT>0cp@CrLkKC}>W=938xHrScvm#D%9U)!;fxEG63;7aKrSK%rmD;kv8 zImoW4txS%xA6Guv-{7d7lkBxblv&o`yj?XpjtibbEigOFy}5Gu6DntU5DI>EaF!2= zoa_$ek=aFFwoKFxd#kH_i7TI6YjDHPRi?`!Rw-3BsI+sJow>?LWrL@79&$_6(*~Zh zr<{m_E0Cu=iYtd*k6ze$%F_(Jvh$L2xhf?s{GFY*e3q+}!2aSZ-{86)dMuZ;NCt!f`2v;P*#^{$SOeURL86-cz6YRc^m)wZuG#~PZd){>LB zipa8n2>aS{Dc1=Z)_ka3E^_Lv8n(0#l`nHy_1K1OnQmh2i-s}wb>#b~X$=#ZeiP#D z&$_b1YQp|tUb5`#$)Q|UqBS~h4wHv-RZ7l{=GceJI}8=r*Ozahf*L)wYbZZJ)oZlW zzLESK)u_=b`^NGcREtLI?3>8)8mO;Q>d|4sMP+EAo{U>rKR92&l_O0aZsJV@Pux~9V zp^6$^w{Ig4=E~7mHo9#eEssEzGy4Z>s(dOR z>r{!Azr|Q)+lD$<=`NerLJj%kY2$<{39dkgD4Hsgy$4TSlG(#JzjFU4BCD8G5E>71v@|HG1E<`0o-eX#h z8W&mBVWPYal^5y8v<ULzP!({ms>aWNMrV5l@i>40g@>Nt& ziLY{A($z@LqQ*cnX=tRv0k7L!7Mof1$_u+$)BL055a8t3l#Jrm@TJ$$jSQU z&5@U&pkLk`c_RvX&E?AbQP68HS1v_ej4GGr%Dq5UWj?J3)e{qzT5#d*)rO3ft)F%f8S~XQy!|4EAnfo&r066n$BWt zQ8uk-I~K}kx!~yUO&7|~gmkagN7W+v6)L!OzGIQ>u?*)5U-xvZo`>te@6 z@@-U7>y?hh^6>4Dvy4FRuwpqE1^vj1<*g{_M^-GCqoC(lvHS!DJ;#b=yB(qw=s8v_ zhoYe8Sg{<>WhG-<$1z>r1vy#2H8wBBa_VlOWlW3Z7JG!gW?CXAqPm0^J1&(|QT>>f z$%poeoZ(E%<&7mm2Ura&R;joXbkivl>>(&r!d$-tM?s z9)3tn_gCwEj$g^?DB5P9<61cvRjtht$8~Z!muUHKke>_jmj4FX`7o4n#|$n14e}wr zwE5(Dss8B(`7|oxq~E6-*MM9!mfF$$ji9G6Rv|Ch7u!}Z<1d)xI+|7if5v;UORcI!v6DgUF~ zwtGK{1+b&zzve+fJwD>s*y)h@FvtLBV{U zk)Mm4tZ$kxi~Wl+nCmlgwG*&>m1dahGjb%Cl~ix{fN46$U>VNJhfuH#XJt|=zBja{9UI`((2;g})vF)Lq3Sh5w%k`NA3JhFm`32TuV8b1N6tXOT;G)oP%ziO$m>xs*Z1W8D46T} zaybg-x>CM_g1LSq|A~URek|)JVJ%fkN7^}5eIk3IV6K0YqYb@sdM*zaGQ(W|@nIQM zOZ$2sDY*R$yO;7@o)eCa=2iccS79lT^Dp@v3Ua>sP>OwQdtdprp``!OkoF1mzt}hy zdt>CxX0bQ&HKV@vRsWVBi5kpM=0EaZC@AwESt;X7Ylbrak)2Rb=3ChZ1!caKL%CoX zx>x;IZjLcHI^M}`xXR3Mbi9*eQE)uGle?qfcz7rGM!^yAPVS3>BjBAp00l?DJNa`I z90Bj-p+fu!crTB_80_;zN#n}Y|7hQv{U`2pE~~C|7{HXx1#>;1s-!Fw)9Emuva*<~ zlCKw8S&xGCA}hO4uwG>4TNJDpMLCax^`a;@xU72n4x_75z>WU*5)KJLe z#U*MmD+yfej))yAX5}*!94qWUC!ye2u~pJhaIDxVvrurX*egXSI994C>rim4I4QeO zaI92QP8)Kl>a09P!Ledd$QhXHN~xTc;-=IP;>U`o(t)dtFRiCCk;|%QcUWE3OUdDa z<=enCU*u$MMPJ!lS%!jr!duylg7xX6oa2I0c31ULu5v*s2bk_)PAJ7!`3(i7_$qHv zP>P@8eO9dNT^&wU^;2qbK`Gxc)#obHVZZiQK0!g5{z_*Ql#pPT-Q+gpkS_RC__+Cd$2MY1+@n&bGa%dI7zAPHL>=o`F4a=@qpo(WU^wI)ZKqn!ot3a_LI*pA zId@T>qrU6(iF0?Q!%rgiOQ%lG2};-vp*Nj+IrmVS+!Q*}?hEHWN-@gz(=_M)ir>#7 z=J{!+^XG~c753?D=fTQ)F45cP3*{mgZ1*_nOJy%#+I-@3`cT&|m61Hgdgd@CE7y#i zUpo&`>~BL2nPfoBZs(zjh097(Vh%VDQ=(B5VkRrYlmV#eG1sKwO5q(g8M}X&7n5Wf zp?KXDS{jo;QxyMSK>1`_%rWPYN&_w{IUExwr6~td7h}#jrzximRXC4TJnxHAev0|Q zdA!mDRmn6_$>3rw_?R2cla(i2Wd!bQ(iKxBOefyDNmm?DaJQ7MxT4^`DqZnK!M#(u z5{!a-r*x$r3htfKl_p##__JT*Nl9oYR## ze+cd7v5lzG&J`^78ue4>7tWbV;Y*S8AN{xM(B-@+67|E{uZj*CCQYfyhV94 zWh*iNh**m*Pn~m=N2rc$x*1B zB`Ej>YnE~g1;1d;Ql6mT*RB@R5E6-7#yKbv8U$MLw^U}NPZl*xg zmtEN}CrT)4Le~VEr!+x9Pqlod9}0S^3iCD20Uv7tC=q4EcpRe#*o*JYvNOeDSr|7FX!Q1L?9$4*ujDh*KZdruL2 zcSz)f-+PMK7{Wr{u~(!;%4ew1Sk{kP8HQ>e%YO4v#-KXJRxqUtvH1*gS*+~i5`Ep5 zD5WUqd%i@0G5KMygI?-Ol=mp;!M;RsW$*Pu40^sVQDV46ANi$h^j{H!{_M+?Cm4e_ zNR}(D*qik*COo`BvRsKp!5bvYmHu2-(jzw1Ww|nftBgPo_La(X6!c(UslZ6>P&@Rr zU#V1>JXd&ICtTJ>>+N|s~w1jR^$_=fgTa~+p*3z$)*M_#xZAu{hFfXIj z?aBm0-_RY(LPPuMPGzg1WAq#4grV{3F6Ac_ysNNVabRzG!}7s<6MK|EF4hx>T?6(i zp!eb|Wz{#ceg34f5@T=%D^oULY(I;YDLXI*bA3uF!5GZ-Ddk%c z<8yslIb$e+o>ndyGMmmQHw-zN&MB2#FxNd?zEe!>EqFp;t_QkYQk)D8b-ApB7#i#H zqms-e+8WoDRIVcS%rx8Ox{_`v*X4!+V+TQ*vE3HC{H%nUK#+5t%N?bOp{*`=l|rrp z_8!t+mwU=qLnmAwC>d;=BPeA|w;x=dD1UP0lNsH9ae1b=vC%1@tudq9uP)D(46XuF z%=AK8YUmf2m&#g0FJ1mr%5l2=-QK#qQl4P!r*4wvwc=;bm&JyjG}O;xOK%t& zY_X$GY!oxGw8Jg-w7#J+mMXNXp{^DO+RM-+iz6LmD8o{f#k+SWwZbJx`V5L zbcoBfIMYZrnjF-S6qjLfq3sM6SS&Qw&{B&VO)~VA#e?P=+Gg>l#fJ7;eCb=%?6_|& z0aSAoHO!7XXQ@sb7`kc+qN7nO;~rWr zqi7X2+9H&4CvLcFE9z!wv}+r>3iW5)WY>1|7RuZ`$F(DUXlSl$C+b*Dlw$6_$Tfzx zM0s>y}=^96iP<6T=aAnsZL*Ke4(yfNhx%Q;jQIXw$aP33y8M^73 zM4ubF@7j+xaE5si&yNPugUCtPLbXWhSX7)b+Np!PEJ8>Up+3kA>rM$t4BJpUU-^HA{oZ!|4N!Slb- zbTu}p01|Tx+r+Mnob*|;7RBd+7bm%LZ{FUD0tdAm8PKJ zY3Ed$j)JG1)94x$JnfuDcc9>DX9oQN1y4IO=)Dg)+0#xdwP9mj!j^`oomT3Gf+rl) zX-yP7;h0V%Q1DbXlSZQ8sca_AK*5vHEV>>APeQZkZmvwC#g|Ljw3JKi$=Ni7je!Zr z?Xmz5w`@9-jnT;NA4spJ)!lOFB15&^X417>CzOEr+HSMy4;ZT-pQz>1+lC_C=F(?| zBHiXwlcy-NetfiB9(CqAp|oULK+D;vYfxYJ_|9&H^tz!0w<7wG>x9xbKEbV+CbMzg z;5UJh@kwq==mf3;ra^8?=?;v|4;}5coZjLpVttTjx~-s2zA#-8$%>!pwvx6${nT)Y z+bTL5WgD{9Z8gm>bkyxDI?K>Sx3zSEpBuEYlxf+;*Yv*r*4KC zx$mGC`10kGyJy=a?4;}!BvxNOdCBw*ZHUs&4NcfZRbF2{sZ-u6aW{?RrBs?r<73?S z&@|L#roD74SB`E<=;^+X-b1-Cl~Au>sG-uFlrYGBKaEF?W;#Gwfc=%)&q)~Oevr=M zF=)HRNe5}6p=|R(`do-?ONf&WQMV8%vsAj6FxLGLZGw7{knVn%PC)r5X1X7tC0wE( z;8A*-E0Z)#ob7&;2GoR7%5>-%evH;bLC^4GG*XDI`7=x%QP3Cs7`Q+~1 z7kiKBG;NNWlDNeE42?m-8$f4i&w3&!yp2>&Z=&+8=LNXS}Po;E0b<|O;xYZmRyX=Dhg?dWs{Tj^VC;J0 zF88bSHtIp*F7tKz3Uj_mJm7wVzDH?2rm8n+l?bRIhdA|!lWtNsu1w^0Ezh)zef?){tl zuQXT4T-du@dP3)8>_P8=rYE$Ri;Zp-zRUcSmS8NRk7oZHy@2Z4Cr)}se?+D9d208J zR-*D)&gb+`)XqNd-G8TABfcig7yFb;e^4{ZCJAIGBt;}mRsWz~sJNub%1auAIn$C< zk3VT$R8i7<_rGWq<}69t;{KX;;Hos=O7fKdrU{tyA*++!s))~Yvb`Z zO-C(dv47|r%vs*IT>6K;McMWPy+?K6k{gR{yS$&H$3N7Jy4=s*<6r71WS07uOYdnl zj79ag@pw;NP!s#dvEkUgFy}Y@{XB^3i+a<)22%hkYCt*58H8HN6@vPWt2USDdqC6% zDCm12tDU*T6;DxHafx=Fq9$;a>Tm{A)V?Aoe{!ya% zS%!LhP<5@LfgY;5%}}z3Nj+jHftuBOT%ymjjq2J2)~Dz}YpeQkmGPd%wrZ9Tdv9=; z*y586HmR4lWp@$6{AiJ$zW zMpYfW!Na0fpn{oPRkb;kDYlWD>Sk!0hnpH|Xpe`x+R)Hc)kBTt5^K;?orHojw3k|l zf^(#=8XgHXWRjMH4|@2kU!r<21*l`W#G0?JPT>+;y1JUdl|z1Nc-*79nuj{&R?c)3 zl{)y0IZ%C$)4?_hR2#H_`pR_JMnP&iS0!7!<4wWpM%1;i7*mLPj|;Zg_a3#>;ZZPM z5t$Tm-J`a;8Pzu;p-QM)V(6|%9hJ1?HSj&8o;rZ5l3fF0OyTNCt~=7S!AYk2>J%aK zqro#w4b)uB3Gc2pPP;bO^%w6v8mq5SeqY8(P1vA+Q2QNe z^_MoDP1G<{P_o6dsrp37ydk+9n!|LrJ9E7I5fud6Lm5w zf2gngi8>YaBbOCbe^?yLITJN&SWl)os4K&2czmMHLj@1-$71;?>+r#zt<+*eDW0v> zm8frrr!lSJ5`FU9sQdUHl25vPSG#Alx|7Gs$d0;`Jlm?JsH*jHJUghbQJ3oEdw!}0 zM8oolqa#Lr&SUxH#Ce-uF={Oy6USd?HG)g*yPegBA5GU;?OoL2>R>~x z7q^3sEm1j3Kq%F)D?5$foW^G^Bxn~5Qtt@ycEK0wJ?Nx{D0t$Rtkyum6Tf7&E()IbC9924@Wd}!jY7c_ zzht!omw4irtS-VBJYh^$H*#4?mz05~WYwty)XsjbPbrs%sGdUlK(0`XjZQh?IYcc+ zO--5YK2)th&0rd)I(HPMY9V69iTrl!Zwt1xb z9t9)sq^eD0U|!1jXg;ZG3<{owq^bkC#Iul5>JW^8A{L*LMu>Uu+?)LCkYp<{Hmdcn|sI!CQEG+xbBUvr7G z)Liz@s9|1U^gLgAuBxK~EV<^nY6z;G&l;vLgxKD5&|{vO!*xQ2`>OeBF$(Uh^3+!- zxC2|Dy2e5cCuF!gD^MGwpj}X?4ne_P)*>|x1@~jcY9R{VLMv8Jq2SE7SiQg{&aI2p zOI&cbn?M(Iu}{lsaDP)e1w6y*8>1x{LJ*PjI%VkzC>l&K9*T#^4FgR<$$6 z;0exFH4$U*1m|nDAI9Jb&e!UfBF2^>PTHo9G?YNMsS^yDP21J!h8#^h)m$#|1ZS7} zwTS7RyOv8O>K;_@t`$s2P@i~3d+k@tP>)kOFeBPIEOdK=|7^0jnO zeTb^XVh7dVQIR9Nc^y*UpkhWoqlZ*EUaX}g7CWrkppseauv!h3#$rcQPgDkr9Z>^O zxg*P^qiQH>^~egQhN!(Pc1&%7I>%zi)OM)bY(BqLyP$q&^ZBjX10|=vmX53aQPol< z`M8>l3QXR&y~H+pvIXA;#iTXL#RMmt!nBwSZ|o#-dVJdEZgDVXQ;y7N&g| zo0_`M`>uKvwJ7y4(`g~LMEQ=tsDVkad{(AJ?|bStt{k>@OT8=AQm!JBoA#ae19cx) zKIw3wy!S)(C@TI!SIZ-{R$soB^et(=KEJ9FTv__zw3Iwe`~0oG;xRb)%y#@obsEfT(3g*$Tx zqiM~shKzCS4Q8zsYQwl6Sga%JvP>UyS_6^qbQ6lHIi3fZ_G&YP4TQ3FV@Wfn8O)ZNnpHxiT7{Q&EqbC*+9Z=-bL}!} z-lS@Nk=l$&5IZTYo%F)4r8b)@hm_gn}fQ<)LPrbw^%-TcHvS| z8%^R{C7*ayTuO@8O8I=|llvE2^=qpY@-oFQJnb}($xxrT`)sFG=Q>HC_I6rrBUaC^ zz1EzojKJ?i9kqBAyyMW`l z<!Y>C7@TdA zv`!d!*#y*oZ0RQh#j<#%4{a zV45jnY>5tP1GM6)utb@p+SH|f1GVI7AS>~o8Yg|Gg=Gk}m|CKKre$&E=-+lH}@EH+r%$CarMoYqADLOY5YH7$zi zw3v?1=axcPVT?>(V;itFl`qK zdJ_)Q4xw@~T;$Tm|@J*+)L zRb*`P8>ziQ-Obp}L^5HnS>G-8CV8r+qh7N5QZ*+OjGHz}b4S6rX`{3NlxjU?8m-kr zxm(Mb>Z9sd%cU_|b5v7n1yeMtEsLdTF{n5eOVbii{aI|R))zIL#l~u1peC}|I4uR0 z$718O@u&?}CwaU!4OL>Ds*cxYqM%pj1Z^7%dUa0F4xwPoxQSXR3dW3^sC|dJ9l6(U zl6D34SLC-$w@`L1zVn-`Ric7gTxEKOY8}~DPuE_dk|JZ7NS0XFnRXRQDDP19Yt%Sqg~-T3$9^gJfUU z1pisuE-ot@e{h=rY^?%gx3gyY=W3BTVqL>Hm-Dn}6ts8eX`N9p&gFb90R`h+&e!^( zI(I!{%G16;_3rwH=4m5QPqL1f^0o1(H(76JzLtT~vX7V+Xfshx*>C6qEg$8@Vg=e_ zR4o=O(AJ<}T+KplGYZDlEYx>o>g%&g8;9zUT9auSs#U`k{;RbasMv;^nDS6lQ;(`^v|`kv z)O^P^+G>I(m_v`whw)J;s^px_R3t#$wfcbIFn6R0NHzVbTl9I9=00$rzFM#W|K z_FAvqK=sf5jOjiK?o2mmPf>7Zx_Gx4`l$ptX z^N$QD(E_>Hs01wMer@Xakr^u;4`}I&Kn3LNjOc&^+G#_d1{`Gn1P)@N zRe4C8!j+?6p1nNqkd}>lG5af~c_`>dc34}Bf_`L&wXeCXe4QQ9_6V`HyDRXB_7FAM zav<=i_UU4%FNZkJImXo6(3!wv+F(Oh*ng`}GxT#{skWBOO5Eo>2|T4$paPgqYmQ6A z(uU9ZBk+utg=#+MpTKk4vXvqhGe-|PuWdwiukIXFq3uBRoZ}O8NjtVmK=4Mn}9iC^qE^)1`0->xuwlQRc$sr=w~e-RlV7GrX?sCZR)nR zhD(e#bz9qlv3qk`+TYQ3VeH+UwoHdG=9ZfobXO}yh2_p-`VQ5B#eUJQpa!wnFWPOc zOnqH$xpYsf`0B%&IH=vzy#Yw+vr%}V^l?MH)xvhgT@32t!~xVhMRGYt%Cx*dqi-KvPpGDkbkwjpnAXy%5VG*?FZk zT9{^XS;^wO?`pI(<&}u(w&vZe5p8;TK@!U4Uv}}e)SdOtw3;HhtOWL+ zOjA!(yZP&aGffjvd-AsiXPNGyPUjyDo^2{TFXsBk{7b=krYERh^B)8knzAm4*!%p~ zY|QJ2C^iaW$Wqh46(Uw=L4w1%8?^*b1H!&G=p=+_13L++aLeiD)j zehGPKO1dFbwcu6AZ>HFrLIDLfHUBU<|18v_lW)y8reUbX`88_(ZOTH;$~sizt!Wvm zUBRIm?@YV7%5>;$PW0m_=xr|P6)5O!F6%c@(A!+rAETgGwW7a9LBDN9S8v0-loExJjRe zf_~|`o{NHh>AJq;gIIrdv%UcZ{n^d>9u)MEx6zNIppU$bUV(x>^0xX-6!ej|)gPmv z@421+8U=mN?R4#qSQF4E-(IhVf*^GQPA7mNuP#--sVpF+z&ZfZ}Y195)||{uc~iEL2vVF`W_VjkCgfe z6!bQC)+^fq_V-*9EJb3x;p7TxhKtO+=4v|wsvD7vPrp2T%R zhQ8o#`g9cZFZa+lprH4+mtJm6cTn@uS%K`Y%zj*fi|ni4;ISeyy3nb%ul@*?Tj){S zPyY+`Rblno{<`uD%u5m3Ul>|DKzBs_TG+65b=?o;zA&nGpdOEEx3GQfApHia@50#H zHFV28D20uVw6J&W5IqnzpQ)xE%~eEpF8sW9Eqxg3_`;Ohq52ri`TfH2wd?2^sHaSI z^$JwAqKw-0bjSOmhOnX>re%ia*ACN@E5$N|6&2SG*LMi%8RJ&hj?kMt;4%HPB2YSN zOwl@~JTB3~jnI#X7zr!-_Wxn;P2j7luD;=Y&K+{jA*KWa5=bFH6e&R&ZYBtjKo|{E z2y=iNh>$>-!=OY>Gzw^}L=i{{dLt1*V=IaSZ74Sqks*Bqjg}$k4WNPr6iclrwcna< za*^U|->2{Ue82Da!7uB-roHys`|PvNKEpi+Y=;7Dy^PZ&;TF5!(aZRnq|Z$3YnRde zEY^Uw+d^DMDoOl~$QZ*T627G|&iJ;`6P^__)H#2-TU*8(x3i>rY&hCA!N~oBZ1jDn zL}Ld@g(`l7uWO=FO%h(Gz0|e8afWU1whcXcpm9k&r*6my8fZlS1*7a!b2bD;rx=wY zt=P~!dXSNFo^6k8h=?9yctzT<;nwJ(#>5M3+p^(~=wU|mMV5AM=o5XH;T7rK4MU?x z80lZK?fnhoqDL9$Mfz+*X7m^%_bawt*)S(M%`h&pG|j>M!iTm8()i_Y8ZdTa)oN~#;WLPMv_RYHXeLHR{pdm?Z9{CycMJv3jV?@43!cLlW2iwDBxS*oK#T zK5gu03C<~x25m4Zf8g35+Vp16jYbtoh3e@|f9zRm-1JYh6{;52%i%}?^=QdsKSz(ls1Ydye;q0~5I4siN zHnr%r%?MHW0w~NgO?%0RVoCjDQ~O>o87o8zD!ZdsrGI93gqHQ~^>U-su`IRMZyTk5 zY?|EbcL7pPuU8tSpt2Rcb_7VPdcA5Kq#F2pHm@0VB$cRPWt)1vW*G1VY#b9<-<$CL z36u)e)UwK6ZyASmwqfnRH@e%{wxaBfUVkvQkp#bnhg^0WVRp7{D)aXGqmfS%+H!h% zjk98Vv+Q86Y9qqIF)`1*#$zNsr4E;vPI; ztRaae{UT!)QABDDbNedD4? z?LewCLW3}u^(uOEGuKB(qDVNhjvB*A!h7D&cRgn0lf?ab%m_2Mwb+BljddbnpPewy zHcC0Y>WxIRsb5YSYa69iy*@VHCyCqsiLs9)Zu=+KwB0XZ+uOJr8e7}2w3F*}qjX_u z57+0$agJ%+wK>6c);J~7xXo?#v&I)9Ws&qXOE7kQUC$b(#d+d2|GyX=Ny5w~x&C6L zvZU5-p5;1k6p@6_7S3{AFru1aIc~#6Beqd0bX_zivIO7MEpdHiY!&I%&84odjn_r; zZhp>n*{C6Dy{g~*lIt6zwo%&Y`nyrrDE-0ptx+%1+08YsE5;d-zS(@p^_}r$qg34L zd&3osnU$!UpJ{MiHM}IPS7EUiUH>q?4ME#_cuV*dmoi(zbF9C8Jlmq_C6cav#`qUR%q=b4uJO=hS_ zuaFeZ67=q!kvExLNa8!ozc2@gg!guTVNNCq@9nmZX>LM5__yz-kDdwDL(QVbC|zSh z&DR>G9x*MxB*Aa^pY0P9Wu6kL+p~vUx0+!svA)kt?CaaiXp+{eq-P&) zd7GIp(wJwHVmh0}BCULOSj_E>+vtgBL-j7^L9*fAF(IZ4{0 zTwTp>t*Acjrfh4Z}F`EPA{m_tN5 z+;I3{AuuSLr3yeuZhjBL%hJU;osm{{{ImS{}G zo5w`LF%fTG70*g27jJsPx!ji#Yhx13zmmjbBEkG#q{GkJLlVqiwL#AY^RLfZA$`mV zBDM9{LlVtLSkeZ1JTd*u9U?9CTnO%G9uv=vo?5NH`ISiTdbY;&H{mtLxW%-}&i6a| zoBc^@Fuw#_l6f~v8jgu1^9ixxm>6Jg6$!`00CPV{pP9J*2AB^}*6=%1-))Nqn4gdh zx8KQ_f#zSu^Y!wJF)5~spxVtX9YggLGeRW%nq!I?FVdcJlpbJ7J5*k)rI^Jc)s?4# zw2h?o>TLOU5VPi&7<0Y)d$}`qka@IGY7SCeJGO;C*DiLjSp=_RM9)sob%`BfmQs`w zmEwDM(NMFNJWJFhU%}#GWxN!c1$lrD-G043gHX{?Cnw9ci}i$hl-ZH>y>d8PzCFh#hMdko1UA`y6}=!dxxV zvFBFW#+xN9L49f31hb-1T4|eLzQvOI?73swMDuTrlCSF|vu7u2gTj%VVGbp!P+fqS z8Rq>Y@m-;*=Hue&>@h8Ns#zw|x6dWGrkfQc@$5a_tRiW>vbJQ!PB%XlDQwHaShxAD zNFBGVjLkIDqqwylw-m?DG#?PD>y~w~cbhMW)OSm9t665$t?W5+OIhq}bM$R2&Dydh zHrq_^%u=(pFUIDWwYRh6?6@;_u4#2)>HaO=*m-8_M(Izn3(W2!J-WpgyVxuf$+P9J zu}jVKB6Xc;#jP+?e#KF`PW)xuy=ECnC2Gf(?s4~-K9Tlp=^b~!nco#X;d!YogW?L! zDw5W#D_cgyJ!J0SUQ!!5c9bIEqnYTt`6qGXKR+~vAeFnd6 zc`tm8Ia8z+6F&@p)LbnR{FCl0GxB zeNUU_9o&OS6^r7YHoJ&4ykc40db6KMV=Gq1Z7}DHGy$Yi^O;6zZQLgFut-xXo{!sX zhTZA!C3xEu^{0Qm>z8oN2cHKK8?JX>iffWCEPXw0iy1*t)~oD_-EkG>QIXbG?2X%M z8r?bTS1W4cwwt3xa`q@_^^#d2QdPx?xJt7{5B7Ywq9N{OGon%YJnpyVP?6rRxES|} zxmKjp6{A|cYHkzh0!Xi!UXi}5_$F?rY43?Kd9QlYY);a8)%JNu{F`QLkz$_@j(^L% zTco7tZ;sz(E*5Fz^KIgPZ{{~jQSnt~JxL{M^7Erw?J@Iuan=i;FK*>E4~g_JNY!Rt zqtqk*ZSz}^Ha(vZUt@;3xZI}a2gJW)juWZH?ZvI$H5ZGt1ETCVpApIX{PL~`%vVJE z==s$6gXaE5X?%RGnIFS3zXscT=DJ2{eEbpfEJ-CQcSEQ7! zS@B2B)Ht?H2iplVOQdBW)tmVuJ+^g8{7Lh?NL#k%$A4@_#B;eVTZ7|2F*7B(D@FQjYgzo~=Fr}3`*!Q|@n4uJeNck0!oBcD{CV^D zB&~;QYa6>>G;10qZ~T|0Po#(D9E`tY?oH$D*r$`wud=sZxVf{Fl6))VHV7H1$TCbjb;m!nyW$({5Y8}3+oixowgm8h<#5|*{L?v>2?pV~gJjTI-gPdQbvxUDr& zV)okhTtbAkqEUJ&p}kesD7~K0$$F_COz2^)73md-;TN}ebQ?&0tlLHEw|#lnM60_< zL%`P8iWg}lNd2rNk;a46-x?~?bdZv)(IU+ODcPDRQXWVHEVoDn+g0y@*5O7exc6Yo zK1kZWJ*@XoYqdyQw|DG)mz6k_Z9BJj>pjBC66u}oy?c+e3dplWg`C+wZziSnV~OgU zVOkFu5X5wLK3%crd2Ew);H5yClb~-)4KUVEZ0Ew z&9vIGq+xwCt&SpLeKV~n@x=OOTG1qNeKRdLy=@q!G%d@@W=Rd-|IN)=*3Id~{Um#?wCF1Ct;p-?WrMPRuimQ?jYtl?;Tv^8kA9eQ`%Y%4mFCG4}=mP;h;v)R_! z4rDW@9rC8kw!UJC`fRrKtw`8sv#o_4*%SM0wsjv#+-I|`GLi~a-Jvus+j>i+3nV3V zYRV%F_&y>2T7buwsn}KLUng- znwDct?83F<-jQQ@M8ev0tZgD;?K#$0zv9|)@5r&fWr=Ffu~b)%g0<&Zc`TV&dybV) z64#z%Z6XP-bwTZOtT#ovOj1}fN5T5$SU#4_<$o%jILA6GHXN;Utgl4E`sTpw&6#0+ zbF983aeZ^FRFb&9xmH9PdZH~&n`=d}q}so?x!qiAW`J#;HCJpdu+6hZPHif;z#7kz zTJv7`lm%Avg-y1FR%@12&m(7hEwnn_(_~v@b!AC;-oFsM$a*utw%FPuwsT-xZ2fLS zQ@JJ9n=GlfKM2cQVrBoP$(Cm=WJ&$=gJ&}HtdPGn*_K+ZSW;&{YTa$A^=N=?nf0XD zu7Yiu)tT;dalb6L?qo@I`g7}U%dPSN+X`#D*hYbEh1HJkh;g}ltlL;pMPR$fN)l-k zNcUP6-5+Dml~xOu)E8h|X>AU$54Vy z@}M=5B{lEklm!o3vqUNasmS^`!1EF7GqG*@SdV_h`az`MleEmx8%N|L*8ME0iys#( zc*HswU|VIqFSeUMDOj+|YG*c;TW#IOl8XOi&w|y~;sD#D*1ckz2DV2nEx4&%u@%gc z%KO9$DYpI`(qwzw`h+F*{wJaO;~)pGe$)lr_Y8zZGA@T7xr9lU1Ul9{dCLa>#c8TRnnj(oH@RHgOxNG+sD_| zHdsSN!kK7;nxNB&>aM0T)12$SpX{ytUNV^d29zc5nuPYZ&o9ajUCXJ@Xkp`)*?k1kga?0#KW(YSdq=IYRn+q76jP61_u zR$T?=hE`o&@5%b_DOz9z^Ck2T1?unlK~DW;{i}p7C#YF7-d#S2r40*e>3) zY|2fU^T?SCyiF|wY8O3fcpkXcpWAh#QatuWUQ z`wi8bSFpD@kn*`2jUMB{~qywCf*0srr7gS(w`;zHCZ`x zq`LaPQ4jMo@l5qfv@(ySG=&;XHSyP4zkW#ve{O|~Jb$`HKi}G$GU3+!d%R60QYOQG zMn3E_kvx&=Dif$pWmoDj!{lD0hYybZNQ0hB{)H#%S6ovT`!F#6ihoh+-;4iK_1a~N z1lGts@7FZd#rguu_A#QHfa=OaJa2dQ*+H5&$hwR8z^z$D8m3$dsefz)#^L?0hWt-c zH0C+l8akrk7S|MS_ly4)&!zsIRZ3th{(qjg6!-k!8++crEm*^p=T%;5Fpsm4rkpS1 zb`J%rDV&j*`bShd(lf>0_OC|%Q?mz;QatAB>UOBhrn*s$$m_!QB;Idr+S3EKK7J9{ zKYEe(kEp=Wn?gQA$jbQ-Cw?T+agDsLnCDir57X=SN5AIBvk=G6qL|#J zy}xg{pL3~flhxm%|Ez{H38YJ*UVl#_uc>^Z*Xsi_Sw*FICdU=5uAZh+*gu+jj`$x_ ze=V%XV~4IP$&-1Ge?5;rHkmW|i1X8Bf9&tCm*c-dHS$sW9pae=w(f%fpFsWpd-%^O zLtbxOApSDZz_G{rpHI1UP5!##Rcn(*Q$Ij0x(bG`Wort*$m*woJ%j6NU9~13F8c_1 zUQZ*zM^_!mllQp5IL!b2b>PqUZl22eQfjrmypRMtJs*!VBO?;q+^JKb~tbv-c z01fx&jXcNGv4;DZJ-LUuy@CDtf4aR~JJ-nB2J%}2TEzXpK7l>M8tyS3A*>0c*N;ZF zVh`x5ifZ{O-hbANK5*R${OziSN^#`t^|iY8|)?+{WYmbjI!1T;Ga+uNFJ4pB=J( z<`K>jns|R*KR)ZXOIA%e=nB`OHuby45uz(^BhM>9_VLdKSk^|RuGJiXQg(G1sN)(d z>izy7Qe>pMLcOMb%==n$P{dwj5{MIIoKSE$M z^_m}h!kkQNLhL2x19QGsgGUoy3;Fwvk4@at9*vp%Yfoy_=n8q8nnIfYRGgpQE1UK; zzVdnPKK{Sn@3hlL)dcRX=yR>Lsgx%7wgNR@AH=pWUHT^SKmVA>=h~ckAmtS%U*p1S zq`G>D+QrvPo35SOM9^5?_ZHc|ifWlyGo8L}pD8wK*5)sHp)>&byuj>+|YLKz~} z)!6`^uS&7?M(1?A)%e_p+x}zTe=f$yah@SLGE#qgxyQby+Sz)eGe>S6*BjX9JV$XG zv6uYYC2%|bgW@ygmD2T@@QMrRwYl*+3Zq?nT`sU)fu%UIKU&ij`=8#jet)cm$6K=< z$hRWO{H?_EbuB*o_Funhy29+&U_Wq=@iiRwzfte;R`@wBy}sXgECr4+ZfVmN@sGow z?g4H!-~Hj)BapI{TQnZFk*1jP)?_R5=;L1l2lCvy|DE;8fBMM6TOqLD0(<7idjEK4 zA0F-8QlxP1Nh33m??QUs<9N&Re9l*I{5+1C+i67kHQ1|7yiLWDmHRx9{`Aott$f#v zSMt}cu><4$-{D74E5-xWRp7O+i~tR{nvdXowFmb{oA~FDCvKN(H5^U02#v{~)1qs) z0`@s;I8S_jMpJw}lcO=u+cb~b64(mXbGG*dSW%QD(looXog2iEd)c+M7kLsz3A0<4FD+Eorv zhq{MivJX;S@fGIBNRQO7;bZHQps~@DId)Y6yaW6(w^tkeHN~D-)+YMEBf{bLu+>Zh zXGNaX+4Ef}tE)PS$;VKhXBtRzfvn#VZ+i`U>;m-|YXYr-Wm~+4F*z$d`?jkNp!s*^ zL%uiBnM!ew-DtG1XY|kTyitVzDLuD~=Vx9u@fP9x^{nUpG49{&z5l5e-KbtZnjqB` z&qaJxMe5h!JmbHb!9E;~d5*yS)3gU&JE8^$i~-)ixGeKy8m(NTO*LsWnd{gyE5LIR z@HX|pk2GAb|5+C<#WPGGkNIEggVCUp&DJw(3ycKu$)dd$bBRzr<; zx-#aF>rU6N%sCow9X^&}R)Oc3HdR8Ivk$kFw+L%+ZnV+tYNx&4p|*j)Q~e%j5IqUT zbFY5}J_vdn`PkL*fXF{5&d;k+SBBd6impsKCjPh-x9-|DV!QnLFM}32rEFkt;I^=- z^N_Qh+Uro4DSzHZJRAS>N3C>g9@NXk7l}G)+@e6^s(HP@VgmLirxR!i&0KK-Qn2Eox>#g{_ zt3&-EAU^i6P5oDZrU7`HJQ@2)z}-x~2O4;^<$Wsf3Jh;4UQO{R;;qA3@&3a5LZHu= zP@{iL2KsPcafbgOA1;fLby^kJ6qiM-L-w-fulue3nU*ubIR5b*SW8nT{uvKfO*X}= z%_b}F``5+{Y#rv{lpKCs%HO(AV6;0`#OpZzG0%S|8t#cC@9D9Avyftr>a|+Z5D_q+9c(24-{9}WA=K4$m zYnc>~Gd~~Bvk)IO0(s2j+9Tcnea&>rb|F!oF?bEnJm(y^hw`zN$I?&JrZW*;6;ga$ zt81!>>S{CTZxn|kus{3oUFI7-b%R?+Q+%J1&nWqRCEn|VRXLqwvId_LpEVjhhl#Z}(Q9)! z0D1bK?L;5Ds(Zb8bB8)f`Co565BeKh>uykr^_+j;+3WY@j}*2YoWa4`iOwAP`BLsB zKF4RzW^bV9H#8se*!FAubBm@>qbb~{_!kzs;wP8*stfaN$tN&!poaHou92@8bf$V^ zs8kA3*6`>}B@J42HG%jnqVpShUEK@3O|fPT@T}43j8zvsT6MLKO7WFL?y=xvmtT^%AHF3acCM@ZAOPw9#^9093c(-i;4n(Ipi zj)%Zedi{97di{6zewsf)Idh&rryl}y;8DSuH1YrHiVDvIpFv$V#lJkdMD;dZch%Gt z%J~;`pXD~7x{4Ma&+D0weiM1L!c!1L`3g2)Gikb-t;tms*7v7qxGJ{EdiYumUR_D0 zXxHko798QangUjT+1cdDk$KNTt1giPuQTxV0j7Mu%=G8n0SUZb%C#`PULP1O(39_2 zF~xiCn&PVvOtI(v^IPCn2z(m9N$>ak=~n#fnEtX&(KHo!zb4s-x$$*5&VM=ea3JMt zdO76Dl=nyW=d5^zfNMXSDu4)f^(e(@>Jy#xwrlj80(|)R#iNvuR$Ix6zmn5s-10r0 z*GT_Ipm10BI({E%cpl)b&waj+M(=w8{!KpqUg9$#%-NnF)UJJ1g=Af&K zRa%EUpLU4&ze9U^RcNAx`N7k6X(yA`x!^zfA4Y>^lJxxCnvWtd#nre*S5EkfF7y5;H_+;T zPJ?@uHQb^m-lqN@kd<>6#>C?VkZ9oIp#!1h7AK>w~GZ?4I`mZ#D zz|$_C++$oSpIZGLT`|UM#gGqWh}TSXdBU7|&Tt&%fEt_R9B4%!|J9F~*LiZ!F9p3# z@o|=~c=K5~kCPnwMHrvCFF%F(;FDKy*N;j)3G{l6U2XUYy+f56T{tq|qq=xYy&b^goX@K-jr!2PGQ_oq zCfBccHQ1DiF1?Md)76I*4Ua5-o@Y+hH}U=%Be2wID9fe%)_2~zyV>|xLy2Hg>LKm5&tzZUS9WIF=3BVaoMw&RfFal$n1IFvgM z+vWu5PJr%&O4Ck&?gZ%SL01pDdeGH_t{!w})O`I6=+3CcfX@Toq&@}Rr=a^3bf1Fm zQ_y_|Wj_PmXHfPt(0vBF&((AK=fHmse6V)h5v;WY{21_gz?)RK8VqlM=%T)aH|My3 zwhE3`hdZa4lhhr(W(1E>#l1rHMe4Q~=S@4*@(Fvwcc>30>M2u@2I9)s-YG~n`)@#pWz1}=1V}^Os&-ps7dh7)?Mn!sTLf>-XZ=U zpx>qXOhdYo=)q~t!FqLCIM5!`Q9o}w`oAze4fxNeM*`o?eH+jMH(HMpy*0B|%UAd| z-h72`;mue0hTS4+V-e+FL~SghHWpFNMbySis>K{vTciVlJ~Ss4=)pPd^-C&jF4Ek& zX`p#$?nIzrxwo~sq^9Oh1OCn2yNS*R`a^DB+bZ>$>-eoz@WtWx!V}=Fz3|>#?Qmxc z=&|m|e;MJ4Nr1OFUkFanu-_82Pdje~%|)O`?D)>0V?-N(j~wqR{fxelMS&#rpbK8)Uoi~Miw5u{(F&98d0Pr1X{38|&$V zKKb_TjXkkvS}D*{?RlcFSG_@=iyS+k?PqLZnzyP} z3)ApTx1|nzANm;W{i^1P7~yDF&!j}MA>d_j$ zO|;apAgk1I#L<0sPGU4{o%---$YiB0n%=w}t>Hd$jC!CH^e@?6lxL|nYWJ&&+Z_{k zpNLBYO`5jdacAsjiHTGyQFC^@2-cyo&HJX1{~GXb)3@9)YWI-7rFQI%9QZct55b}I zh1OJ#=?L3$FrfrIm-j7oEZhAu&`@`;mKx=jn0}Z}8{t851X}h9*_FQ_u zLffBqPwQ8%6}7s*-#M_3vqMkrp0AZ_$!+J`%C*$CZS`_(eA~sqf4+Moc+P8EV9THy zGhjUL?3Y1#=8`6tG`XZX;<&o|qke^2%RgR#&t&6#RYW7CnDQ?s|6=O5QU`noyFX^W zynh*O>i-&WA_1F8T%)oX|Z)c z`^KICIyCl7(j@5l?l#Sd<87F;W2+Q>jB~~xmv^1y#J6)6LhY&X!<=WbF!4e5oNugDlssBPWTZh%Y2eYsHk{hpTkG41#-rwqXHp9%DXJ-I+X*)uH`X_l?j zao6TW1CBvoEdza|x4mw{Uio#f=DgMWbwZ+!Uppvu+~F-9kOK8?Xm`Zn@@^Y&#Nq6? z5B&Rh|2!a3$8R8*@XgV$2JC`!xb215fopVE zyY~7T{UdMRfkzx)c(Y>DCGwZvsRNHtZzMwNN?Z^J+EwigukI6*O07Od)&`)@46LDX zSOb}#3eV7SKFrW@mdgOoQ{h>p$s$b_X?oBc-hpP11mcm7vm-TwkTwsxF$`uV~SDYVO0{_`_5kRs3b9LN{^K_j5%^-}EPub!eJI-FDwET;zz7cDTYicQ`YHQI_lBu^p35(puzWP9dMqj?mjSr+N~!}q)oBh8qg zU3;ev8WVJAZ(AM5aGF-BFUVTf=7^(tO;+qqXx*wd)zI6egSI>R#=Z@7N^Fb4+Z{!* zZ3frUR;wdgL3F!gW$c{6JB5EdwrFsf@ator8C)s6v&UP5E2-xvQHE7eOPW>#^itO~ z+HEn-hg@;o7IVvxQb$xx#E>1p9||i0ea9iCK)Vdt1+@E+Iz9K{en78u9y+8NG^2-H z0?$=L)@c1|N`MY0I*I7rKx=6%)k3f8(X~+5sqj!()wI<^VTA+l7StBiJlUt7atPP) zE32V;QOzeq;5-C!+wOR>=KCQ?okP#-dzO~CE(4wAT0_37Q<=R=-Mn z+*R7AuF_txhqV|%g+cGvBn`VKsIs$bn9H`T)v0ioZ6&nYWy6u?vONHNBKWUrlR}y!uzq-8 z7;4hAR2%LQ={DRWGHf^lq}Xtd$|8L(>GNzjK96aqYF_S}XTwpNZ^N0&MG=Z9w<6$A zg%^QUk1hrt=bSHU3Wu*F|8*3hjPw;mD=Cvo8?HKbQe9P4R~5|>Ji6=K zG@y?Uz8mOsgXaVNHDnz`?mXn{;A8seA?@{JdIr&) zA>-`F^ku|9415E%;wt2srs15Nrkx}IbL4+cNB?u=e@;jLOZq+UR*kg7{=T7IgFYMRa*JR)o^zQHZJb>r+Ccm7IoNA1j0^?M8QZy_RXr|`>;U}tBhLk` z-K>ua2i_WWMIYS#LW?W9ZK%7224kSTuGz4cOyW)ALv6+Hw%0>#8;E+|9cK?GYdBfM zZLW5$N1Y48ZE-GWJNR_4eKx4~s4&X519^5J&kp2y2{M^9s)Mcb5cjAnwD)y^OlFU| zO5^#e?dx~bw5u@EcJ_;~<7n?<`wlcwb~+CgjeY+aTZA2F;4Ze%{a**;@%QynE~@c} z<4f<+QKoTg?7@UY(4=X>cH9dR?YP$@+VR+zV#hr$5n`@SNrjk|Dd~3HU#`+J5F2&4}Jm>GP z)l9?LBc>J76r!Q6O0?zs`;lIa$&>tJ{&;j$24$W>*>(?h5AH4+v)ysqf#NZE z3@sW{s`WllHl_qm4j!ev}!H;z#Tvr6YW<91u z)|}f8@DXio+8S+DkM%%tg^y=mo56Ev>=w}6+w;XV%qMpMo`t;$dRR|Fjd*^MZ^xN7 z-;OhFKC}_$BGMF*rie7fq$ws%F=-NPcy5?L5fW_KRj{rAdQ4jrG#1)|=NePSX7HR3 z`OF<#svSJ=N+0yex0h&tK2R{W1Xg_y1N8x4O?^_WojcH0#~Ex<9D1&_Rcn6*O$n@B zA0CS<+g7dc?DB`;9>D()oIo_3=oQj;AifLHOQgBv_~(Han_qG`4!+oY7ip5ox`yVo zT|BeFSlu!fkKMb*4zmqE_~)_ffZx!ri!uJ-nXzT|PA`@^%IsmUybn#okyb&P3en)Z zqASUNC(#~;zidi6u7b|k@CkBkbQE1FI&VL4=)-ZB zCBpVY3(WKOfo~rfciw*L(8oYuCk?(S^t^pH@%SF;^LBjas2#TBN}Jt*wb&gPKiGje z1UoQ?V6q02HQ0eU1Us&@5cj6i-^&ZfZ5g$$5Zd;J`_lY~G-fG~l zPE3Vpm%4V)aJAEgXgbHI{UQT+SjjtRCGWtok>$YkLnTGXa$pbSQl5E~LlLcE@}X3k zR^-6zbw?Zn-pffWqw88_aLsL&tC%9JbKvY+MiD9~LM27m>A?AOC)DLlsdC`l3lvre zHRM@CrD`Zb4d`K&PCh`vrxxO@PpN}Al_~XR0h;V8VJT^Y5sjIs)bGuBqYVNTp4 z5l(DN1e||);bTtQ-~0WPC^~9K!8zus@MtRQa?&vc&RgrlQ>bhzl}%7DEp4x-JFy4S zsT9&_F`&Wq5|zy&eHN73*)Nw$t@|k4+0kpR?V!$38WmGAW`=3hnWS2H*u@k=~Sg6f9a%t*1ieIQLJ@S@ghix0sLi_7S zYBf#Ydjxa%^AS8Y)jkq8txPg0d~fQsHE=fc+i5-QSYr=+r}t~M9`=M$u$RGCY(t^c zmQCHKYx=U?e@m&LQfq+!?X*J8`N3V&qiH2@%xL|=-P4a5%Xa4iZQElRP&{X^bmEr= z3$^GE)=l3@Wh;SBa)rXo4`=;a!UwfL2Yt|1uL6D7m;3J83-EIq`h3j(U5iO8cObyPmdM9c|4sv|V;-nIELPaVGydc%1{U;GKtP zNO4_pp8TsIlT+cBK|d?ysuS17K*4I~bB!R>*n?0LOgvEF!-8;xLk8T{8Yuyf-;FDEHz0Gp@pnROr&o3$CLxLbcKPQz9dDT>qOYyJyZ! zJT4c{z$19^3_NNV&)5m)yn1vV#mo!B^O`)$FfRztZt{ZgyyhJA$?aL^v=be&+pL4p zb+%VNwXTS=Ehf5-B9u|i6_j%&>35RnPU@MeAlz$es2{3=@T&Vcm>bXb3WpU}s2&b0 zu28*}eCnudJ<&4|bA8Hrh*_C(nW9~$Xy=1)pE^VS5jx(#z^fd^Gj`Z!e^`4{1YH4$ z(6NULZ3Q3VoZm7oXm+7(<+k~nX=1;H+RHv{9&`?_I^I4z)Z9~k$Lw$u$9%YnnS`1c zKZVXoE3nn!SA+1|({=-CFwrog5eAOx4kms(GK%;@?d*r`26Ta1va=J+aUZ2=$-pnj zM!GC}lIi*AKA^9DRI5!g_X3TE?FeHA=p>hm_$cBNjc3-s-Zh0{rjkB|^a=K5yWh^( z?)d1V53_OoNcvb&-K@_%8;Zr8&jqQ*11$yfwmg|U#DIN`Z#C{egV4J!1w>B8~F9%$3h~6RY*!fgg@8)%Je5;Po|Q&+WpqxczVPVOo|WQ>U*N7Z@OuF} z!Sf$EJIQmB{>IUMpy7J)yWBes{BA%M_=L@=BA+T_1++Io{~KgjC7$@r?kWSnB2WXK zUFX!0XAODQ&^8*Q-*GG+^cfLkW^U*a1eqW##N{yRSOQmY5R2O~DvDG=X;*a0` zt~Ky$1L4{`#~z%MsfWd`o|A5DKDHDnetWwPJU6t<)IUG=JFw<#JP6b{esWGdML1*N zT$gU(cffH>{xD~l9gjHST8rb3Zs>2!#pB2?=4R^g$6EpId%O$K3CH`)O*inn-(&1k zkEhN(Z{R$csplPE2|TVeGT}6e{=jmZV&DI;~(XAAx#&GoN3oiU@wgw^vRG+`%TE(Tal*k zacy1?4Zq6W13cj#jk#=h^Le{q9)PPEKo>c7nY~Z6nK#MIJ<(y_0rSBV-R2!L)}KfM z`qGKP^Nx|{cDUBM*tVVSzvS4R^|R)MnRs-FfLTkAUStoghoiZ@cRe22N7la|gva88 z^P-^ahIWhWtLwjFu zXn*=7tQqVt0M)FWpogot#2*5_#Qy%t!`eOeizjbdpjqF8Mzd@mbIeu?66`@A-??B7 zm0e>G`?#g9SslTeV80#oniT`QX7wRDi0CMwS*GK6Yj4dmpV-lVK`ym1S9sLtn)n@# zRO;tk6TiZdXV$;?tuxQe+PU`DeDcpHO}>fW;m8*~eubmR-2TRat_k**asNyyCeLEh z6r1=Rj&zE-&V1ty59Hi3&I&0bpEA;vnfN`93b6*q*+VMHT1lEp6TirjK@oOJEx~bT z7gUi?6=|wW{4z(4S^1kMv>J2O=8>)%vtaW;p!hxLS`$||b+C^hk6RWru&t4w7E^EH z+T#q-^Pnjt{j8Mp=DN-ET$e$E{FcqjU3GNl{VI(a;9;Bq5428U{Hs*Uc1Qi@ov=!* z-~0!-CX8cv7wkLZ><54@Usw&-C>~h2!}jtgYkgAC zFH@<@;)72?TvpGFdjh^T)X8^wVU9KC+3yxcSxKGKVxp|w&(4E(;nmax`gUy{m8zrX z4eEH+3QsBS@>mJ7xlv#I=hdu@aw&apg9S-Va}=6tL6U{lWO68y;KXocAE}7tTQQc z21O2sebye52Rz)(QFxayA0ohcB}8i#TulD!ES&AvS-7$-qZ%v7r_#dNdneH<(8R~q zkSAU>HG`sPg|^1Nz*no)QmHzMSx+%5={(|$l?iv@&sgijT(M^?T$`PzGsIFyu`dDc zzJ2C;xi7ANc81{{>SjyMQ=H2b=PJdqH^cLYV4xe?;W<~`lCWl&RYWr!u~E(NZd7zL z9MvxHNz)RWVOt8}`oPS*#AetcJo~sW?=sZeH72E5uZl@=$oGi3O3%z(rDtZY($g$g zVVl;6U!`YeF4K0rOj`Lzc{@ns6)e;)HOk!iB724l(z=H0bZV$3OV2t3qN#! zBX5!A?9mWc4tHMWYrBBv*b24g&;K(H=d1UFaCUk>C{&x0KQj{VyB*Cd)W$co)bFtt z08OwLHN;QFdu?XW8vBL@JnM|@SPS!T1@Qxb&vJI$vZ_rMooV9P>q=WX_0JJU@TuWT zGn!$xSiMU2jJ^kqNLJiNI3$-bykDSP|ULw^E}1;ieg@-nBP*&s}R$!lC;}2yGqe+2Rc;y70^`e z8=GB?)}nz=*S-aQqV^ro47mCa-w)A#0Gg#KyIo~#I?!Cr4s@aB1e&KAKv!rM(0sVQ zZ&w9c2+$&}IndQw3!ueXnB7osY1ji*8uox!!yc&7um|>Q*aNj1_P}8cd!SCk9yqFD z57cYe13v8sJw$!0z2gW`SG5+-5O|z31E^h}=``S(LW~@#W8|U4rxKq|{6yk2bgVIp zG})xdCCx&ewgTz%Nnb?#YT}E@XD#`-Y*V^$kU zQ$`vOXhKwlJvlT))!Eg}A?m2T8PIxr1W=zn0q7a~XrO294*)%HUwyNo3fdk zRyuLZzT(6!yVHqd`z24P)! zL0FeEP-8bxV;HCjHn8^Q2G$;CVC}69tUbcO+9M6Dy^2bCsnmYrYl*KT{wVSF5G_P4 zG}AhUs62BD&=uxFp!w!Xpao_z&?579Kv$bbffk$RfUY&a1G>&MJB6r?W^15jW&%); zIT>h$ITz?QGaqQB`54ew%x8e^gl~3-sJG1D1FbR-0QH*3f!4rR%|q0F^D59<(~JsH zht1YN>&&h|kD3F3)|;b%`b;;_Gv)%IXU#mI=ixi&A?hph(J1Hv3wtTT!d{BBu$Q7N z?4R2$?2Tv(d$_wb^;Sct?n)LsUew(C#5B zvRRiNFp8SdC~8Kds2Po-W;BYL`Jmo2&4$N99P;^!d@hsEx8!pbd|)I5X3s>t!8p=x55|!e9ZdZY91;wBY}W>3ChI7ZjgUzTwWdR@9;uWX z2z%`vfSqi=&PVJea$DQOBzLuKAl$2O?~nFP`U5Kvx9Fb|z63K8%CG5vCHXZy<6e~i zpuf8k@wAk?+4ca%`9R8@(A$!HNN+~?SMmE^Pa(OPZGL_dl*jxE0sGjx^vQ(J6{74D zgoo!z)@+Ph?2w1`{J_0}4>?f2Jn%H&l4gTa9&$4770iTMH-kDyo3 z7Q)+OCLrZ6xJB@^U;hjC^8jMpazU@4PY{*?WKR-w3uX!y2o?%@1j_~C#{pD6QZPx- zEm$sCE$9<$5QInEsk|mQ^JebfPA#!t_GIq`#PQbvi0#l?F?JA47R(eZ6f7647HkmI zZjthW$$|p`v7T~~s|9_4H`})NZxH!3AZ~xHHOGkrM0+PdET1X*Eh2lxei{(BS7bQ* zp9VyKc+{TCYk=6k4uYKk(LYJ-nWEnUh~@SQ`o!KK_S2%*+H$-kK+JET$TI~W65JxV zSMao;ErQE;5`+iVD8HG44+(A&+$(rm(Dq9yFE~(err<+@TLkwCo))yVlk$QC1!oFA zB)COzui$AxTYD)lI8bn=;6s8QKpP;9!=mo0< z8wB0aY%dV>2zmvp1$}}Ig78x&o@WFj1v>~P`Q;w$=k6)>2zms)fn|Z6pR9V3XZ!;BD)2%L|-7XN6;(i6NH~`aXi5!!Gc)Udj!h` zy@J((KEVb-6({W!j1=r3m?W4i=oZWrEEFsktQKq#)Z#gQ2f<{)Ou<6Ia=~iB20<-B z$_pk7x&;das|6bbwcb)rFj+8Duu!mE&jcj&|A%M%%^1seplz7k(BSuj(u zP_W!D_mg;n)q)LzT7R(%Rtu_Ro?qO8<$!qnsTOPygrCgOJfs1lJyPUkkuwDg1wCRf z7uhRvwa7JqI8GZx)&_Fi4uZ*onSzCa<$~3M4T35~@&ly&MD8GRvS6lQpCdSFofeJ3uX!y3YH623pNO9L#2NNlLa#c z3kAyss|6bbwP8|TFj+8Duu#wgh{v09k*ft81hwH3M=)71Q?O95T(DZOK~Rn2@{xi` zf^Na&(QMBYEEI&FVA6Kb1S17I2qp_=3Kj~M3nq=_@@~OQ!2-cTL62a$V6|X_pnIa^ zCs-ip5%dcB1mS0?Jbna|1l@uKf*wJypifXumhys0f^NYAL64wU&?nd+sHSinO)ye0 zNzg4=Am|bF3iwV+Q>WwAX{FiFrYSm4*+ z&3<{=R%hb)U%h^E@B*5YKN# zf?hzJM|^_n5tbtbqX2O}tP%7)%KM>Du;4L~1tTBl@=1RDHOp?n0zr?USJ3CjCpn&a ziZMwLF51%mU*nPd%NgCz@%cu9phwUv=o3_1*e_Br3Xs+#BD)0(1U-UYL7$+ikT`-# zf^IlJ1j@;=UKrdLAPLmphwUv=o3`$OL@U0L7$-dKghpP*`x z_<~7-Zb6@*IwgLBNrG;{0zr?USI{S@PD^>gBtf@efuKjwE9eu1mmKi;5KIzu3l<1^ z1igYjL3kkomlsSD^ay$deS+|^1ojt95_Ag|2zms)f<8fb!2*{TOcHbp76^I-y@Kkj zloL!6bPE;;dIY_KK0lu0^6CqTBbX%U7Az3-2zmv5g6c0)UNA|}Em$Dv5%dcB1l4&d zFPJ3g7Az3-2zmv5g6e{l7fcd#3l<1^1igYjL3L5e3nmG=1q%c{f?h$Np!!nE3nmG= z1q%c{f?h$Np!!P63nmG=1q%c{f?h$Npt>aG1(O8bf(3s4-`LMBsJ@kQf=PmIL64wU z&?l&_NIAhILAPLmphwUv=o3`mNgjZIZGS{hQW}kaw_t&wN6;&%>>Bw;HPdLFk^=~o=z z*Od`&tn>aX=)FVgxl`&9RNX}uOcHbp76^L$_8uJ99n0kk1S1ng2E_G;N6;(i6I6XA zFF@?4Btf@efnVQ`?L~mtey_+r!84*){n;;4Fi9{4koryJ0zr?USFi>U{d^+B&40?v z4v6|lk&^`7f(3#eL9d`sP$f${1(W>p08PCH*JY9f3j{raK0!5*{UQaE1PcT`f<8fb zT!G?73ML5_2zms4f@%=^rvOs>2eYh(FeVAQ1wDdZ!N{TFCs-ip5%dYFVd5v40!Z6M z)v%Z)6Ug;avuW!G({qE`aNWZ80mG%2wzu^Ae z`lt4v+<$ui?EVk*f29B8{mc9N`d{teI?0tZI_W~v_er+okmN4O1Cw);OOszo{(bV1 zat1yRa13w+;N|~N=Ps%$f&Oyxv zg%0X8sMny8gJurO8MI)~eS^TsZ_LwU zs^Hh1=f@n-TcrImEjev?nmcV)+T65-Y0J{`(;iG)llE@f$+XjHpQnY4?Kn1eZ06V{ zWA7RJ#MsiYo5#L5_LZ@F$9^;R>e!Cyz0woXN2HHU&q!aA{#1Ht`m^Z`>359lGw$!> z+K!JIKYje%@%N5jGrnT{8{_wnuN(ix_;1HMCj?JuHz8(1zX_QW7EX9zLivQ>PVi3H zH{t6E_KD3WwwgG8V#dU*iHj%hnpi)v+oWETQYNKMnmQ?G(t=5kOxiGM|D?Z7>N0uw zRYq+_$kaQg_MbX+>TjlQnYw4{k*R;4dUERNsln4C zrgfZl`?Ncz-9N2-+6&VTPa7~jZTghy_f6kA{g2Z>nEusthx?cAB==;u+da!Y*S*Mn zue-oq>3-XN)P2Ssk~uJQO6Gl;#hFiM{wcHTj1e=I&v^a(_s%Su`P|IcXa3hrJ*!97fUMi^{_Wj0cmHzMlv$;-UYPa9tV6TT&-!N8O|v6r zyJjcNcF$fv``y{cW}lty%nr`JExUVmO7^tuhq8Uy9di z=dL+3=2XquJEv~WxVfw5Zky}K9hf^gH#>J#?zY@daxdn_%o{Op;ym}f)$=^_BIggE zfB*cK=kK5Y&3yZU$ORb-mMvJn;PnL`E%wDA1Gwu?#@?OfDy z@vOzKEq-tD*NcBx+-gbulDn3;m#kc}b;;=^j=VN`o%8zUP0X8dBq#`_`#Uo=)u^&C8BrqoQcwXRg#@CSi^D}B4B)IZW+20DD)4xrn! z{sdIJ`v_3B+-aQu#@0+_xwFYe)^$Yb&u(VemA zY9PF4ZHStqhN-z~I6U=smzu9qRS}e03*JwwvG5#Qy7H)T>P2`H+)HYbs#KHJ@6;6a zDqIr#e~5b*_&AHIe|&Z~$u?VffwV{w5G!|SYwx8J+NMd`Zre1aNqPmA&F+(A+hjM{ zXVWzDB9tN*DK}9NxqIOvFCZ$SBJv^#2!bLaNI^uo%2iQNr1<}yb7tmwo_#i@eP7?- zKcDP*<~eibe&)=XGxN;+5GT*wg&2RLQZN{ts2)Jf52;S|2x5N>u|J8}x2bORjLNA$ zA(c0g%3G+bw^3K4BCa|hQc~k1gX$BJA$3G#6ZYQ?t0|GssHu^Y)y&9e)$GV-?0Gv4 z=dgWFwMEWSDJgEfPfwZyb9% z+Hn22v*8{ZcOKwro7YLk;Eqi4f?W%PVNDTUhXt???i^j9J;**u^k$Vqck0kn<2@>if=vH+T4g}nv;iL)JE~SoP*urov!=4GB1b%1&rE)%FzA@1S=GzSK zok%fEJd|QP=FnllRfnDqc;ly%wUmbw0H663)y&HbFQ2wyH>&>uz?-HG0Z#bH$$;OU zM)CiMF?TbJ9KHqk2ig5ghL2C9*!G=HvCU^Fp(F;Wv8QGfc30|!8H0fD&ip6fqqB%Z zY7z_oL#Yi%QQ3!&qO?wD_k~AMY)8)~%&oJ@_nPWEKso)>cLQFUp!yt0ytao@w^jcI z@XW;D0qd$i08BJg?WwSjaCgA>cBeYuyI~C6_0fF+Co~)gcud0~fUONj0`9l(6u^}Y z^?<^|Vcrl97w$cwfpR6~^7FRz2;qO>{QVmrK%7T1oY(j(xED4)3Fxn@xlP0~ZB10( z&ZhnMLN9AN6!1&qxc-~2hI?W&(MakKH2)NsM;WuN`60MpWccUi$Kk$;d)fQ!Tf2a2 zSfGSD`C}B%j>FDcKr|A=TMG`TQ%c|$7ZU!sF$6DXcNpVOYsaZb{F4{;B7VtRIJS;O zXTev>D5cxD=rW6uT%EV*W?-b$LUZ1tyUQ>SFZwkwk{_WQwdYHgM(~m!iD9qgd+?Q7 z6?#9-txKo|e!hfw;P(vu{Yd)0pBsf&g-eASMKWC1N-h3=jQIIImK%O4A#!8YZqxS$ zKP)Fo;jWF#N$PH1PN|DT^`|ZvKX3c_UwVYU@A&g6Ig~z>J;Lk}@&YxoVFNOzo)&t+rNo8EvNxp-f#J5+l`$2~9FgzqfzQ<-7 zKz~|hA*I5Yw-_FhC0|Kh_*~?V$SaX};v2-1G~T0+q;XdtN#ncvym*3?Uj8r36OF$Y z{~%8?)1UfP<2)%EZlm{O6vKp%Jhs15Q(YQ2=P_L7{uY?E3_BUFcZu>OhFh8DQij*M ze*onzE=i21X8Z~6+gyV8yMF_Gn(43IgWBR9mr{{&su_E~WeSLBxUgolWsgxsS7VA*tq*GfP%kj+?a`|v9Ek} zDseL53s=m+j;O&aNajptZS$@xDTap_zIi2ajz}cYNkm?Wr1Hxsp}hVoqOUppM(m~< zefW0)BZuD!=#OFFYwiW+m}{uUdan5y+*=v?W0QEEy5_I&{mv&SPSG)be+{`srb$_5 zah?zUI^iRSZ@_LTe_Db+>>g@;_a34d$^FlVUhXh7ez%`~_eXACZD`^zP%TlMqtu@< zE!b221u%+P9nI|M9Qi%*MMo88hED+EE?wNlgfEb)Yk)ZnFoL%@@OuD`Qb$x{FTDCB zU<4b4Yk}Vja8EU%IsxA!0V6y=jAAZ08u%-!cLV-%K-^}I`C=5OSMLt|Rrm^Ll)4fy zf;r?K!0!WyJ@ljYgzpi6QME7Prfs-m0QW;U+GDjHe${iRVQJqA?`K6Y&D`j zi@9nPTM4GXeJbXxQFRK#(=cz1s4WaXhq-GMGgE?R;*@pV;f|RsZrot_dCX{W69mHx z)Lh`tXLuoU9aUdIPH~3?@`!tyFyD=+i!tMkVt$*1`^%X1M%5(@FU8C^qP_wcRWD)A z98oVbtcx5A%w7!ljkLl2(MSj2ry{FBGd;2f?r98XV5><4v)6UNG)9gGTp39Lvx;Fh zk_INj(1~P#?*fcsChNf6!*G418<-p*>M)XndjrG1$Od5YfKgS5^ugT^2)je10Cy2E ziZ8eZ0MEnR8a05KHA;=SbwquU;l-F=qtpy9iJS!dmjR>dQp~qeYQU(vEOH9mmovN) z^Kabl0T@wNN4CIy6~k*VACIW7GW>evOyIu;7*W?o&W8INfVfpBat_?r0Y=m}F>jAz zW=`IA!hgybqB+rM=k^A zA%>4)wvU^jBUb_bI&ux*gb(->F8Yum5JUBcPC&( z4M*>RdlSRYM1Km*NenNH-Vgi*fDwEz@-w)k4 z^fAEiMjr>wZGchrgXj~0KZ^bqm^&HX72O8Rj{zg<-sm%M-^1{y(Px3V4=}3kk3I+Y z1Aw@1CHhCWA7uFR=nKF+1Q=0|;C%b2dYIuaqOSn+OF-NR7JU`&Ujd??qp!pLYlgpx zz6s3Z44=R$>=E@OU{w7!`ZnB8F?>4uH(<6gd?xxX@V{gD`{+M_e-<#J{t*2q+|L0< z)br8paQ~6v3(%3e$Hv3=6M(oKDRvOt2LndcA+bXM4~-oLcv$QR;HSopgnJ4gBtvW>+|vLd6Jno& zdj`W}VpHIr6PpG&H#P%sUThX%Lu@wS{MgZ;Zv>30=GZZS3u1Et7sVO?ld(p?#j$3< zC9#EoOJhmEWw9lIt+5us<*`=8a4cX{wZ)DFY>%}8cE&mY3$ayzgRwP$8)NH0IRps4 zjU5m7Fd*b}ECu(;u{7NO2^dkQ#4>Pymf_}@1NUjMZona0h@B01W9%Hz-yAy^?wc6i5<4I6Z^bSI{C4aj_92saqD8$qi|0LjHp>vkHI~Y;n7u(!(CtX1n|c& zoLluTO_NVE9ti z-++Ia;h(DB1^yL=uU7p7_}2g-F{=Iv_Zxt?ZK`TJ;9FJy0_M+vQT3OqNEB=A4F6UY zgEse9hVN8W1OF}{BuP~q?tcJA)q7R7aQ_n!Ql)A%+}ij2(7ZA5kRv!dd zs6GU+zxpshxB3XcQuUF5gVhrOH&uTM@TBS~fd5%N4e;dZ8GxUyo&|VH^=!b?tB(f! zT=g-C`3ykx-0Hc27gRR@b0HvlUv(qkW!24q->hB;cyo0UzPA9PuT?LB`&K}VP}MDf zKdNp8yu12Xz-`rSfKOL4wpuI41Tk7t;wIT@G}0C9h7%_(r7$gs0!GcXy3PR$nJ zvkbdxJ_md^!(7do!1pj*UvoC_8yNQ0oCAC>!+g!Tz!w0~jy31QJ;2bdxe%BlAbL&B zMR1n@(Q9hH1ouWj$m*I);NAoXNn3L%+-Cwt)aPq1gZpfT=hR#Q%vOfy)m#PqxeU** zxd!+P7=EGVYrtO!2tBao8*pFB@YfYHk7Ltu?p8{Vj&y zuK5ly-(h%L&27Mcm*MwnZU_E$K=i4aAHe-K!@t$s0nA?+zEg82@b5DGN6lTp|DEA` zHFpF5PlnrT?g9RNh9A`Y6!?Du;7*(_5 z|A70`4C~|n1mU zeEbmL`xqADhXLQuuoyoA_yLA){7B$SfRLr}iEwXZxGDZAV1@v3_gQ=j+{1vlpDsQP z?vogv9G?NqX8|E&cN>;>QB>6NW#H zw*h}2!w2FWz~9gCXYp0QKL`jNCcXylpEG-&pv7n|}0r;7K7!5}azwO1A=2m4Z%H!;k;49z|3XXFzO`W=L2HCHtJ-!n;0$_bqX-e3>S{t z4E!R7i$`q%J_(4iW7Oy1Uc#_t)S1960|bYUIveig3|EXg2bg0St{rtQ+<74Wshv4C$R+5q25bO8P( zu?q073A#)0oy0o8zbEKU!S@m=!1oh$x8Mhf3{FCtFuEFhT>3{lfW^_>fSX3=06#N& z1K@v-?gRYn=mOxWqXz&_8|?y~KALVDJa6<6;1@>It%F}2eG=fsqfZ9>^5|0lzcP9= z;N_#Y0A4xzbAVTmJ`?b(qt6EX`si~2uN{3ZZYX?y^dW#Rjy?=$GX2MHUyp6VxgpmA z*6ntE>`L|RJF02kHG09;%* z8*pjeF@VeJ<^nFSYXDqP*9h2N*Noc=&qApC)#vLj0^C~nCBXCQE&;rt?oz-n)LjPn z#X7p%@Z!3w0KZaq4dCU7=YDl1;<;a4jd-3?pBNhlJa}w1;Gtum1w4H05wWM#C&wNM zIALrIm`P*D!=h6U_ck>hl-txyP;OI4fpVMrG$^;JsfcHrnghzG)gs`ZR!yLMS}g$O z(`r6^pH_=O`LtS!c%D|vK#4mL$3|+NSN)*GJ&2%uUX{kifY}Jj=hY@qKCeCl$`{lb z@O?p@4$2qQX$bX#It!F9sLzA)1+^8FFR1fC`J%d-;l-eQQGFSqUQ}N}eqL0UgYrdn zB`9B1UqpUhQvU_aOX{0rH`lzRt_S5y>Sp-9q`rk1c8e_C8>e$c7Vo`fx7{Mk_I?)b z<$He)?iG6<8QU$=zIP0mm3xnmCeWwHsgJ{^JQ;hP=BY*4tF%U)sCraCcw)0UPhF^f4B|A>4fGCc02qqiLW`J;by^ojL1)IVDvKPG?76USUP z=f`vIoAbz=cjml5CpPzpxwp*y-rPIq-aGf9xxbqG+qr+6yVtyl^OEzNdHH!CZMe4K zriP~)o@;o!;gIjL+qSH!b*S~!*0Wk4Y5hxU zWO?oKam(*r{`2L(UVgx_)ouH>O>BFnt-8Ig{iE#@+CScLSVvpOSsmZ+xU1v!j@Zh> zS01^tV`cx!Gge-_^7d6vuWDGmd39vX{%ek2lUXyk=HxX$TJy-7XV$#1=JhqzYwOm2 zd~L(pt0>=_PTwKJNCHr zaqEx!>v11D{?OxJIllUYwiAv{ot64Z>Za7osqLw~Pn>k(tP?Lh@zN8&cH;L>{KbjY z>5r$6NFST-P8ZVONZ*qFVfw!Gmd?97@5@}1{bu%i*$1<~&OVoYGy6fd&e_lThVu`n zy6dQ}rmp2(|J8k4_m8`O+5Ok({RT;`*1?zqQ`o@aqkK-mqWqgx;aPQ~G}0r}C@w>+|2qe=mP% zVP;`zp}o*m$QRBioLBfp;ikfUg+~g%FT7QV_V3oeU;pg>hW=!KTmSL>H}~Js|78Em z{jq_%fu#c*28IW=3|unsje(m7ZXNj5z;6eh8+dKt?*soDm{VL(Tv}XFTwDA?@vFse z7XMTn?;hb!cAMN@cbhx9G^RAYw4}76bW!Q%(!9Ze!BYmK8}Huu$Bl1q{O88~hZYPi z8(KB=v!O?a#%&tEY09RmQ|aF5YDIq${LcLJ34m4fs{gR6fjvIuxZ|;+S&qA^0$qJ` znC_m1Vch){;#+(r(a|5}?9LZp=s?cm*v&W!zdH2RqcEPfU^FdaB-sc_zEz!rRhCO3 zsjpC1tE;f9@J4kLez&04eha@_@%uJ@KT&t12j35gIFn=`q}WXK<*fQ0e$V3fd#o%y zhu-O*=r!S8MS z{)*q<@OuZpck%l>e*eJlJ^cQO-~0G&S9hon@cS2jDsqR4;1|U&7P%XrWZbQ)Bfn5J z_{AfSV~6A8susUQ%-Sc(4tJP(MRQh!n8r8zx&y)&<8uiF|nNAI4$CHmO> z%c2V!H%C`CUIq8O#9;HR*w*HaRa=|KCbl-eU$xhw_pA2CZ(sZl!0#aZj=*msepB$9 zf!}QWj=}G-`R`XX;Mt5{a?x3PwJbUVzlUNi$!)Q-lW)|Wova#j_~PwwUlchzxjnXY z$>wP1l8Yjb%|D>(#-#@${6ST3F5MP;Z2tCGeGBr`a#{43c>bZ~qR6Xo*DTu{9f#kq z@LS$`S@hMG*Q;J_sjYssWi)!== z=#}#lV^-EDIy;somaUuvTvOuk#Sg`! z-u_VRwN($rK3H{G^qP*%(U#Slqld1kfxjB_*!+5HrLS-S*f+>n@7WbKP+lMb;hnYhJtZv2Dew#PmI{)6MTqK-e0 zUtfIago`52gXa4uJh|tO@w*ql2T!;x+Op`PNXw#CNNZyCQR!7RL+NYBoROXzA4-3} zZpNa6s{T9s{Fu121#|~h?bWp_ny5z-gEt!ti)idbM*IpTcWS@ZH^}L=k2w%`2zgDh~F3RTQR0((Ph!y+b@dj-j3%0 zo&(^ufz8q52fkOgwfV>RyOYlUulnG)eRf+vc))J!jyn*)Z^G{?(0+96D}7f**By6R^z!0mc)nG)?zmB7Uf(!3 ze(2D4@bUq>QM`u^T@-nx@7&#bHtj!lYjX_W3sm7(jh!d^sPX8j0$O>neH8wNZU%qT)tb!-|cK-*YaYa-zk=amWx3d)On@!eNKr#nN>+Cb$J0MAzK>} znNxJRnD$i(z4zXfE~VR?QV`Le?(B6uRO6sqD)coLopdQz$Xoo0Qxrlw?YTaWc7ED* zRI)i=%9VzfIKwSYUni=!?A^wonm6^Q^VxzF$3r6|SJv`$jw)D6!j)tS?qOFrs6g*k zsqB(2&|LJM^cf(NJ#nsON`IJhf_Z{Cz~ z`pJjuVL_qTmoC`^sA`s{i>?#EP-U$xDp8gwDPLBDX~9FXW;tVd!Od~viw)Pbs;`2mwksh9?XmQ%Dj#ay~K_Ze$cU57cNNrP=`xF@YskYNzgoN^J)~AR z1B1DulaspJZ$%PBhfjI+XV3%$slYI3^LgT1A& z$MT}%I>n8k)InU!J5(H&Bpz4jXgEg!Iut=F!K0<%(shD3Q$bDu#Mx~4BoWbSJSP`mlVEV; zh30MERC4kprNNc9iZ%b)J`!R?A~oV(1%=OIX-lP_K}jP6wMZmWUo4)Cx?pNf=b)md zAst1^$bF`)aEyZ{aS>vTcZW+hxQ zYrCN7;f1^>zRGY+OP!3WoCbOZ|tN7&&rF>3m7Vu23y>pjM`7?4TkD&KHR-mlm#Oyy6t~@a+_n zsG?#%-OKuz%_8>|H{4^0%`_FXXtVkTp!EkskMBRNz`g z)J;yW(~TNjfL>iFqW6hTH8O$aH6vI_lUr&z)hDQJ!;Bo6Vo{P5 zstkiyTe{0>L)IKn5Q|X%w|#4VE(>i?RPtW0d>{pXk>(?fLE$ulL`PC8#IGNFySu{OQ@uFc;dhclOze!l9|`&IS9vx zA(OP?ayJsy6YU_70JXyrVEV-;u%5`BfVA{8_C!Oym53jqR zL!cjuJjT2puR4?|f(;|~2FjbiRFXu182P0*{gYlq+k(keE|YdkM$D-|HH*|WGS6#Q zlI&?{oe2+Jkl9o6lWQhtP$*X~FjlX!?< z&^ze%D0D_xjyOS)f1cCmGK!Qh-QCz%WR?W#D0Ll0Idh>h^kxQoF}k(oKH~)6R^>`P zOPzc-%o6pLvN~r&Dm5R&JnCXW&gsqC(SQnQ%abaRosZ>BiYs2F1_lcy2mD)9smx#z z)BTdj#}o}_LaFiAYNP9VVQ-<+v$!;ZYX*yA8$nF`qEcBDCS*8D^`$p8!Ti*tQax#x zgrSplvMm-#fr9oYEdo-|IHAchV*)T;8UEfkzUEK?vl5M2r z#G1>1v%S$-P03`)wO?{gAjN>Bb%X z#E5J;qTaV4m(RJ-=%t|m$ zs|tmYVxImnNt_N8HBw0&Rqt_jsLuyFg-546ezy$hF`tx2IE=Z=a2974`deRruLEuL+OiO?csQmjnPLIK=Fl870AMPQpVu!2ToXdl`I zwOhNUS=V$e^NF{hakAv1XQwCbQyGd^M8A=9+7u-+t`pj;ghwt>T0?~F^NgJ%T~R1V zsTy1{xun)3*fOUyZ3YHj7};5QD&;!Kjy&v1zkm#;&P%%Th`~ru?2v$BpuC2%Lm?}A zpi?;MKJK2n)a-7=)Nz%VMmd~S`_Fd5n}3qM2c|}1+^2$BZX(DPol_hr4e9v z&$Sd9&H{{x)YzCS^()=w(X@kPZ^p3hVl0vNayj0n!XRnmlq~mpe(I^u)NwcjBRR@eEi;QeD;ykyB0ZRSQ00Cn72iu z=C&gN1{ks!Q%h?nd0WLH%iV^2%TV<~9TFM!LAsE?P9#W$-q8b-A9A7^vQP*;)ef3D zTH1RzdYPwQyORt#+7nYLKXIyLhCgD6Mi@z?q~049Hkr@#4rU!)O;pw(rrwf=N>d-8 z40+ptDnQ2rGDIWUrF6}Un{w02%V;j+jT@EC1fc}#HATq7#BO4sn8|X$(OQQ{)Ovak z#Zb?lAvA|wHppw4x&vC%s%nLHJ-<-sb<(m9$Z9HhoYr+Mr!ym?9s4>9y*{Q!6_r2; zQy*r7=m35FYH0zAcuOu%GXaQlday7RS?M|39ZWGHI@sRhq1B`eYt^YPUXJ92MXCoL z$XW+W0o6{wlYct|2-87S^HK&XvxhNS)n<84gSAXjtu{=7^t_d(5X4EoSMnvjp)3$l zRY04hiY48#8G-KXe??h~SZ||Mb>r=OV_)BJX=y?@GZb^2bYr-#Yp%f)D8SRMEpX- zn8z#B?_KB(7~WN?UnFd*Uz;bmk|E}_BwXS2(Rd?7KufmakV@uUNtk&rjDxx>F*iNw*BsmlLF2VegQ9K7W6pqSdC71i7sz7yO)7_|*(^g2 z-5-zw=awnhrFCDL)=z>6!aTU>nI~LC2dQMl;dp8CEW# zyyP<8;*+a2Vs2UR38jt)Wve|`f}TSNaS_hgl3@R4AOAb~Ct<(@N6XSVcVmt)giYmK zPpqfVbNZ6y21FM*Au{>=~-{5DA)88qpVz3I&6Vwq;}A@^|YSXcLMjRJee-koT!z(1+@e@r^_t znapH7vnJ>kEZL;HX`tYp4dRPYJX0*tMm2A!Q{ZCv+#qju$Bl3PLR zSy&F~XLFhi20$ChApM({OT0B6uwQ!tT7-*DDpnkePQU{=&!uR4Mk;GJF_F4SvI!Fh z%nGRn_zen7kzQay6S?j=2(70Ro@Ah*4*^kD_C_8c#@H#+9m0l$ybnXkv^hd!SWdMU zhY^v;I6{KRMHG#bd5a_)vh}(Tij8_#)n4AV(%~-jvAS@Em{>N zImZYpDJ^aD3#DEbfcU=*MN}g2B?=<(zq7v)BP?ii-p~l-XRIe4mOGhVul2B6l7nr{ zb}m^rV}7KFTCt3WDmNy0ilq!yPG$5nKN;bK&Tu_gPU7+*f)rjnhJ-L=bjHkuNR5m} zry=V!MOTIjQ&|CDf!y@oyw_@O6tA-;F`rBp<6Y7Qe zkVmlEwWekJu8h^TTicpc{!*hY{jb#E9-pwMuZTwJ;O3;ociF3_Uu^*pgYX59=}1@h z45qNQlI|smXHmqk0R;ES-=?kba^*UmC4b>fc?~wHeF^^df8lh_)umXr|2!&v&2xSo%j2_lBod_5&8F|-or#uDm)FInKDHsf; z0Jo;=Aj7Gx951CHUZotnR>^`IGcfEuBF++*G1zjc6mTxo_FP_EjKnC`yb-I7G%Y4` zSji1>fkcJbh27>$oq%4n3B|lxGG|9SJN-;3Y6tSI6%2}D86`{g!w$k=ACzQ?Yt6hsrE2KHM83`G z?IQhZzSC7GI`RfC#Qu5g#P=wC-V_aW49=UZ5p(^(x(f|W8wgi8{k>!rXfJ5a!#4)5+$M5Koh`34(o5lp#BZzJC2;{k*ih)XVUt> zz6*+lK5bjjN|z6X8rE}bq9#(|eW>g(A+$Lq;!jq=%JUZ3*gnb6{X3@Q#`c(a=ZGzr zgTt^BN~|W{M4wo~x3NJtl$N%WM&8mw%@GdgZIqeB-9|bO_ZxW+bu;c_UPt1-WBZNp zIIUj%Z`+sKcE=S)&84NzhZEXbm1TWBL*VI$^eL}~+0V*bJ?0prny{PhOQ=$Gr$L89 z;6>0Lie0iN6I)40zPZ$Vwh!n{L6`-~7DnBezAZ-BEya1nM9_1I(S%Hf4ZTBYJ*Co9 zN%}ZLq*sCV4$&(s?^9(=@R{t)R$V_io1Cmiy%%R_ATWM`5Fsirg1}VQrjT;YB&W!t zjy7L#r5P1~cL=h)XfGIn1{bZXwHIi03=fieWCbOsUYmzYmc!Z$kdaen!V6EV>hlvz zVi2}Ek~S!fuqU+_It(Q_n3No#?IuxU^hlb88U>QYdnJ$hO5~x+sYFC#NGibamJ%(1 z2;Mo@P3I=2>gl+PfBXjsW5UDgbP0YrTuKq&9^e&UdC zAS?{Vn(L&~K{!}NjZL-4o)j5uVVrF}g~8sesar?Vw4StJSWWZ2!vPlO z#3%&mp0>wPC-Q>(f@)6H-x&IXXlAv#G%>38;?u#iq#SrYSP<7sp|VbgU@(*RgWX)c zLjYO>Ep_05uAEA-LH#Pxj+3Y6s!tAQhFU5}xR(%r*id3?Kq8dM0P< zK41pao|X6fYfrK%F^^f(t@hB5ihk0&xSn8lE)R(@(H-G~FC8iB)h+*YQF~FF2;b^Y z8jZ!M(%#ZZVv>X~fUK95L8nM74}G1z!)>KuNVl?Rji*o>Umcbv(VE_~ZI+kL$lSor zFJCC0UX%xF>~S(1&`0>w#&j>rk8glVCNX}6My_Kqn{2R>UNMy2BiDv)Rm3lqTb~%G zvJdlQ#ScN4D=Yd?m=T(t0*&BBp~4(S0m4|K)in@gIwG&=K_P4xmBHWlO1?W_MT&I? z-V{2-ixeh=^i!6xm!H1OOXoe*4JZf-5yETw;3rF(IEW-l+wNB1Akr|FX!W$32(*)T zXEO`)S1Cj!b|In>m&uM9K@AHtzB1c#W-EKu+no93S7>mpuPDjFWR;mQOc&z8Fi9o8 z3sZSq7xo*O$HKJbyfrdKkekAE6ea~#-e9$MC5}X*!+EBEwOtVd7-nJAUMz#nT z1a%vl)X>Mhz~S_Vq`THB7Hq^uqvW+c+Um*^G8h?QNTwx06Hzc)>9wjIW+l$1&Yol( zD`rxbU6Nn&yJOb}<>^{IOV)xC3~i=M0j*u29q25#BX9)rpBg2cZftL;0z6KtEMk()v{^hWJd}d_d1^ zLvazq+ZSGz=B6euHa?QSo@baNG2|7>8}u^rRt@+TKc8iC<{gTGcN5WWBZ^7y5@%wY zpqH30A^UZgOJ+BdKp;YYWctH*ScfSe}&E zDr;PAPRT~YC0mG(7r4l+UAES!(M_}|*b8~%7uC^9IRk~$x8DE}JJ}ba!XS{(rpaE; zRv_Q23GYLd)k!Mr9jIV-v4TWSBGD%+sMMyuUM{A)L+BPL8? zm!u0@b3x~en}|qZ>6Rja*Ih@~8^a~XM(mDyu^e+(<2-F9wyK+l!fyx*|iPj(9_#-{5N*Z@*%z#w-g4e4k#tFc@xC3!be@+8E8x9hU5h?FUy`FpAV?;)r(G14AdDea2@vWA zcQ~K%kI6a`-}u*%FXV^&u#JUhT0Red3})3u2dBjB+KivhCJ+6hTn#ZOk0wOH2rD+q z3`exz#vNfnBGp&X+D&UjMpk=52uRX|XtjX|g4QTc##wVzsx!y-C?+ONn~X|g?$I_R zdBH~Cik7N2*!N8Z+K%k2Xn*@ye_KmllUl!pv=9fbL+fk)giu9<7(26kUQ>r^aD9i1 zDf%=6a)J)M@Ee8wcrKKW&X~viC|dc*cSGd}L}IZVh4-fG#zTy73`Za`Z@-StFGm{2 z>d3<$Bu{zHjtM&Jx@ctT1f*7yg5}cIa@Z4BI1t!HY{DBRh1XXsJ}j{{Z;}2=;;d={ zf5q&mWSTsjQ#2i|9=W`&0$Ko{45E=*0%8ycg;@4T+HY#@B9jmlD6@IJp+p8kjpS`u z>?ZAw94_s@2f(g`j(kQqz}oF3UKA8INBS;aQsdg8I+3j~a9F+*ZJ+iXnQRJ1kEU85 z#)_`apt!J`ozmy+N~}Ukx%u7HfnDC#(#@`N^Eon;yrW=f6A;xrkCuM7Q3I$O$my0| zjho5+4r8V2(vgszQP-*uW3y(Ck+H`FP2vM=cD&t7Hy;n+Xhttf|HIfI2}_8KAOE|Y z2{VC_tmA(dUpMJL#HIhcXh=2r&}h6i-f``Ni+7lvosEYlDcE9$smi}6KC%5^5+=v@ zc=_-#mxtVOA*s{zHYH!ZOte)ynd&_v8_tS~_I%FF9bucoGE7R0%%ti$HMnPii9glziHf_PTtFl6lM203^ZxGl45h=X9vvXt` z64g5;UUyB7?vmKt74gNAZzrV{(`w0NYhYvQE;1E_E9l zNOuprUp1A78CA*7f0)Pm`swT`I{84ZF0eb4Y35?eSZTsv=Esxka$HgN#gwB1@958g zX?wY6IAW3jm0~8mnP3KD!6;D?PXP=e+eUY+JbRyn*J~aT1L6d5aNwpE7(Tr(e`sEs z&gEVDDBSP1Y*s-){m)V&(aj%@|KCKt6E);1aHfVlj3|j#z|1J-^G9}yrC;pGQfY^M;!|MO5y3nIhtG#Q&7#hnk zBxh_*1c$6jM*x#yN{c0JJ_^3E4a~?bHnrRJZ;#)1H9;E%+pBzUyO{CD-n7f>^knw( zUUoGW^J$7P&RKgKBdE}jrDA&D)slJvDTg)|9)vuT->$~0_r`H7RP@06E|y-0HBIb` z&Z2fPMw(AzeHi)DuCmhp&-sQUVxG~iUCfy&QR@(GTS5kd2pikKZIt{!8X^DxA02%% z(QI6X9Tsy2bQ5;87qCBs=T3aio7q@JOkqxaBYLPx1*{YiQqlbc_FL>gC^;OOV-w@Q zKv~$rhb(%RmXZ%j>FBm3Z4J(OdwqF9-tNi7Nr1V&!9L$PjX_K|q&|)bET;)zh^8sG z5%)>p!^HV=K$-uYZ6e0f*=Yk$ z``D*KSmC7#9ujHT!{d>Wf_fAq#o=d`a0;4_x#`2chHJt;I}YG+LO5ilhOa<15*LI? zi4($D!wDguKm*fJqCOenYd)M(#uCO*;5vh{p6wwd4iiGUk-uWGB}#WV@e6mPN|ho9 z{8jWZg_9lLSZB^-Qy?!`;<6pOFpEse`qKuuyyhUhe&f|=$`9f2AMV5)6K#y(m}PLl zr^4Rgk6j9`1U?Uo3YAf`U>8j2#|OPjg$)q!@uVk>SL z%F(&%{9VonZg0AbU5AAdZ*^l*X&rX*K*KImT^=oVRgyQWmT;TRBFEAhEOcTWd*DbJ zGa%^8Fsc0JKs@s_C*Cx;wC*6cW3U@%BFoK6^PTQoUXx*n)h@k5gbW0H+avajxqPk< zr)iBh)Pndn!)mRxBLQ0!>0%HG$oEJo-uDtfVNcNp>=4zF2E1$(X;d;Nrw`DeeMCH! z63Z}sN`;vW9i=IsMrbuvzQ4iFLo)S>FEP=`zEp2^PYNma*sxmE3E^f3{;Xek>BFfg zt|Z^-XK3kA0=D*a(LpkllO6e24sWMFBZT+-7h(#*^(N>4iyKIPZcK^FzTfrgpG@nJxyWoe;$sdFuT9zK$67OP;pua*X%{PHelOWo;lp5O1`*PZCF|tKh0=5m zy)(lkZ%H9ExQil2W>h@&EDV{`P0lgVZdBQohb$Rt8(Mb;oWX*dymV8>|VGsJXz(+P{C6tOyARKmfgQ9Sg});MdQ8Nvw3|=Gi$x3c+^&n zy<9fCH(z4*$#g*oXNaZD9EuVk#a&-wKCn!IIP~Eu-aM*JUwBF_Y6;1->tt!ohwiG? zMGGD?L0{d`GysNlb8@E~ui=_jG`wQw=$bX`c*J<@$LH<8x)b=ML})OmH=PFjQdua3 zgY2Mh?+mf6kPvZY88~8LysdR3Uz^!72IDRqYEc;uFIgC$f^Pv*S&oWduP+Dq{uXYla_eH|k zPH5w<4~7oabG?KQ<8=ffk6?UCCvTFYYm_1?1sXR{%^tC@nmwe>e5ms3JrbKp zn8=s0kf#@cPQzEXHcC24*cO$FZiKc)Qu#wju2lX65gMOYodFEdc*mBqB%!#tkQY2YW{) z2~YY`=n80})`J0;g~dexK@?>g9}|`1h;CtEm}Rmu6vq~(Y73(5H!G%fLrkN;CDpAO z_U7+e!suY5hW!KW8TR%!ZrHc1Rl@|jiNhYIS;Ic2S;Icz#thT=8#3%$)`DSzVB3ZL zgRK_wH??IN5&QA!V`0-1gKa@uum|ZPYEk^k>QXBmICI_f22(LATn|Xc`%(+v@&!&E zBgNIH3YKYxqSoSi5LZ4YFhx*CU#5fma&+SYqOqRD)RZya)ndA-J-lpDE{hM8xHD)c z(YIrxy_>^UcJ}bzBrZNwLFSIyPAF4V`JxXy9Viw1LSb~7*~7RA-%NM1V`@SHjGOSj z!w9q!vugRGO5e%A!vGy~4AY4zU8s%grAT4CEm7FZlql?DN)-0dMGAZ9GKD>)R3W@6 ziPCLh^9k0{wQh1D_t~TFbOre;#4Jo`dk$4-;7|{J%a2%lz$bLXfY4f|(OA9k3Gze8}J&KxhsM;7kVyAo;?M0LH8!L(dQ3r7r|fnlS@7+pPjv zpBX!Vm%bQ48B1~isXI#mmkiF+rO0M5@z_)FOVgcBZy>m}&<3#dEu!>S;&Xk(BdhZ? zYGDFoY{g0Mnpu*tBl{Y=APpRHJqjGYN@hILg0wZHM&9r?Y)s0y7aC77v1$2Zkd^H~ zNGMny#kV6=EJa9OYO8q&-;kH1IWf40jB7I5RQ4fJNh`U<9AAK9!t(f32~YIeY8NsJ zQjL$~N0;mxNz+QVD5r5^-AOZ9kcOHy4jpb?7!n} zl^+%b3W92rgVL?8<*NmA10YUou#-iEp_-$m6xzZ-Lc&M|Ur1m@EJJ_u!iu>?4sO@B zm&H;X{l>k)L`PBMxNMxRKb&sT{0zK{wD#XXYDbE}WDzAcJ+;wGmdoNoA6O6Zey7 zZbh?MQK;?Dri}O$)#u9vb9o+wdg7{+bWuv(O30yh`6>{0a+hzJm2Sd41}kRffE=8@ zf`v89Q=Xm6qNGN3-h3w{>$<1;7)}V$=N9^rrX2E-F*4nlE8?njI@!cfmj%X68Jdml z@`KHWOvJ*RpzDQWlG5{mGICG?Rg=wzjY_A%CKQY0mb7n`IU?A^mUslTX?)>P&LB6N z4d>%T&xuvFA{IuxMGIeJq2{n!jk7vj(|oeJERqx}Pp}x3(!6PrQwn2H^`<`9;Kj8U zz;Jh#N)6ymPtyl0$>C+nF0IhnG<1%eNs`jHMkspWME2hP|?qm(SY z1LT!G2wQHoL);^vr7%Koljkp=ym}CeBeOsyWMC!DRFZ8LLQv2EqH+rnsrB(UT_^>= zr>zo`L5slIi)PU>uyUX3f)+fCQ&n8^!5pnU1`uFuef=6;{DT94oCO#=3+PG#QcBV$ zC;Vl&Tn^&zEAK?c8)v$kBfpd!dPB#<@Q1I)k<80IEOOKpVR6Eh(^Vn`OZx;~`LGR-8jpEchfpvGc>lL3Ht-flagQJJeGl)qS%cumhz~sE?(Rm!Hc(} zlm(Uef<9PzD}^JLI;FcLM)X5CVHv6c8dw6aH1*+a5L$zg!uhhUTa9_gi^uBAEA$cf zW=$CaYhw-uCT_DfC=R+Uz54T57^*T>AT@!hXwRD!8QoN11+!bs$2cpokCwD(03WsLl9EwJY_zk~Umn6tcCPWqV zU#&3dylFBS5NysRP4V;MOfI$A87cM<336#$Fe8ixU@79;P%ZSho-eR>@2`lNg^p>W+{ z5l2uLaE30r1NCxxwijejf!2+>m_HnR)3i7Pffq1oM>;VMHM73L$M0h=c4fLoTnnRp zX`hxfNdQUGo3xbHBBAw6lH!Ks%ys8QHJ5WhNDnd{lH8Np2G}Czs-#)e#)UsJOG&yk zt))XnAwBp=HD=2c>K1jzZmPSa&yU{QJ#W944^32FfABUA_+*L?iE}McD6<>F=dluc zdzXAX$eE#PgWaJ-wWej#LI{UaMow|#(`)?*IzJV4z&9iXlt0=KOZOn@c>!;DWLz-g zJ`v}Y#)mXn_Ms{mPm-SZNS`$NNhk}n8ekgHs}C1foY~usC%HRGhYBHsHwho`_lM*U ze8yj|ei$8R@=P zFZf`%+Xx#9jCUAjA;^WmcrJt_q@A=n61$$m3`( z!}f=yZ|e?Mniie*92%oS=uysg9)m~RSU|xU6B+t~Nm!q2UA4Cr28-BGY*M#m$as_4 zJ4VMu_7BtSZE?CAC*-vkDjPz?muu2AE2K|lTB<~k6}XsXuSV)f7352LXhU_j7ZzbM zfrT&n=z$Jo!Nf>gWVuw@jcEkrL7vY3Z|&l`^(=K#Q#+!-_$M1f6%v#C=e7XflHEkfWIe%f=J(^BPMJ-@1=7<+=fn!X0UC+Ni$s1%lXSxeRHX& zK+CRa!yK0T$WTJ-F}{4F;u>&OA#DSqymBuCLfV!tHWcxyg@PT&G@9~DpVndnOBtno zhZK@oIG>EXk#E=;qJ@K^!agX~2?;C4uuQs_mIz?xlR1!|7R0GCeBq49N$)7?#CRqLVgNHs{jNjspx3hm-EZ!7FS+rw1LY#@)F=UnY>%s`U~u z1}~RTIK)gNDd|BalvGK^5FNz3>QtEmY#b^N9#T42ng^lQqkMVX#7x#%7rs0pY2xg1 z=H@%Zk-gY;mQ@~t_#0cd)Oy-&#>o!3NQK98)R${b|Ej=ejWfGAn|Rdk7U{$l%y^EL zT^KsOO%Ywxt&5l_ZBkHAptiYb=p$@!@kY)Z#04izMejw2Wy=7H)uY@_WfUe?ZGZs) zP1#2^1<{LW$O5R92g-(jU zsM19$0o(fEr0OM+?kX(T0qvs7HLBPORgI>}sz~SFavH08ocyu^9~`XcOGQjW54-&i5jngz$Og82QtViW(Ur^I=Zw_j?BzxFo*mCduR}sS(B4zY z^d@_M4Jw58xgj+gT+M|YefmZc7EP#aufyn)@S)r~W-Xd*ikwIA9<739RE912=p>5I z%U5nOLqB~wdlu#a{PY`HA2AYf5VK(fZ38igLCUgDp{onCFrFlJ%0&{KP3CNj5ps^d zrDnhOf_+DWw-#H-GDISUWDHmn-LwSNKXC7-K`2R2Z9vDOc9L6}bMe28^G|H7J zj$3wsvk{J{Q$7}&I12IuxAh84vcS?!ED{u=OdQmI-BLq_xTSz0-Si|3Eap&2M~o3P z5aXyo(xZfNlw}P_B@BOsq8;7)vm%G|SGTT$#P;8mCu{YnIPPEQBQQ1NK0i|sWKP=xAn*#k=td@YqfG6%OBm!`WG*+lE{;O0F#RJcU=sM zt52V>E=rFrpA}{zame7P_je#R(NR31NFCdI!-z*)Ak1JUp58lq%T@)O2)M^Az=;?W zVM#XBPTIqOuD7uvKq2Muf+6EF+Y*_8L^&dnec0|e*x8%QNK@M?m85iW_@$&ZZW`*K zn(@WF-1m)#H$=;3mqPH1G#-GMtH49Nu7s5})W6wbZWGZ$ltwLaT5~7HIOH@};;rU9 z*!#qW+{;I!vT!h1sM1Bf)I>PejW-TSTUm@Wvu1-vGZymb$RR8PKvl!dFc2vifwg(H zUo*cKY!LTB2DB3&i6q=zAcdz<+EX$uD-Ez^*b34ZwhK(h8l|!CX`Z%+j?beo;eoQ zVR&`SaFWqMc@~Dw4n8qG#xZ+AJcJg5FrP!r+tC_g$@U7}P{;s}?!umE4lFi@*P2Cg zFlTp}K4u(xW!Su~5Iu}JyKNALBUqrIp6JDVu#0p%|AJo5Og5O^QK$NYO@5WOhQemi zB-u6%o5e0PnaoX8u9xREYzelKg5q#Fu%^Pm%d=XHAiUDYi5NCy4(g&wFT09-*%4C| z_(-R2S?6N8NV1fvSo_!G1~C|Xd5xufFCf|rt(*;^nOJ)ob(5!ZdX^ykVi-hBs?cY> zC5^mRJcSU$2?im~G!MEwx{F$Yg?BLq$P6Ui%abPY(=(NfSj=3Q%0jV|aufzj{kXrg z2Z{;J38@k3c84ZxpTtXgib_vaShG#bop2ki{KfnpW0c};B4N`Aln#;Y*l-Ggm&@3h zu5ad@GZrp0ENEJufBWb>na%YBG0RU}JPCu)3djZ)$}~wqMAY+8r)(cHi4(amKJFBR zqxM1WI5socVWSXuOSil>&FDAuD^gH-faXy?_?Z>>Te=;D^JJPXq4tX1nB=5kT%l{R z&>Dk~6SQpxNuai6GR(C|x!~5}pmng_JZijZ^C77dFdHQ7wxr_sF6i@&uKYAm?S!$=ao!&N*l z9_@GsIR+zqn}-7FT7*HmG;Jyjd$9gtoZ}m?V4d;bO9gEug&9nfnby#|o{W(b)-jPs zWN{+%Cq3CJ=9!>6+7}#UuU`cT2e2O;Sj(4ZPSKSN%jW>rjd=Z%rVQXfoMNG1TeCKH z+)QLA)L5KAFMw^56d0O6%$(jPR~w3Xp{+FBi>wv;Q)Y}&ZDg5p*__%;_bGxNhA%J5 zrUDdQM{nI6CR-QP*v#o%nN%z>_|i@^;%0io>I=;?#rVcEPLgzOTs^uhBtuZewD7GP zo@9tjWGD)HqcUhrhcpsBka8QCitL#A(v+EsaCk`USnS6ZAkvVn_KV2M4EnTu1JgBf zfEGXz6bnTN`X z*(79WH&~fg3phe-jDl6ApjBPeAuCRp?`SJ7v$w`kTlt14+9Aif4&Bu=Nakmf@N)Sm z*`elirc#qtW81;?b7rSfJgdY#O8P1_QNf^v@TSZus=b)&gTY$37fgtpDj9^-;sO@> zh@E5t;`Q}-Qv#FqLmLHa)M~VG@KpCCmi1gDkH0&BM#MN#9m% z%wg*on<}Us!4I@%LJT2Y8`;JHv@|^ooym(w-nmbs0cioSye>_96VrK_!(qB$G$A!eD9PiT~TPyCY-uLTLoc+t+Wa&Lx)prD>?o2UBzH`kC*BChCIwGXc2c# zmN=!X?Q&O}e3(~)SPH)O? zChCDC&EiWv%~JkM`6KbCS3hTZDpl&q;bvdxyqLtznUPB2a>5;4a+Q}jrGSdd~ z(WO`Y(lJB;$sF8=kxQDhf?zaZ0{Lt`!5 z+(aC1*tm1@Y3c|u;8d%f5vbF!kc#Krj%?aX8t0PbktEFxg={ z3EsWi-zh-F%iqZZwOL`=Vl^9qxoB!N$E;TKm`}x)0fqBLX~O1!Z!XC}o;IgUUZLQV zB_=M7A|h6xC@bE}3Wv08T)~V@uWh_6gf47jR=6K|!(hK&Ey3ALY{0io0QDE4N#bTw zbaE~X^us*mhG;Q1EL`xDbtuGC9hnz7zQdCwsWd$7g(89|BC*5C>Q>@5ohfx9qofyO zD10VxCA-NASd<4u%M=_Z)cKw1v|T=Jp0sJs8#E(P^@V5GI>iF#P}WlPo-%u1ImfUF z>m4|y0-7JTNMV1stN3PQxb!EM<_1q$Z;biF=Al@(E|K0$@IjeIt+(5P13K)hOd!G&Cd84^J7zqmr-wp-AX2eE zNQ{)fG;HhI%wZF7Rjb{+15U7+^r0P}>9sYua_uMg4Me^GA#T8eK3nX`plzx!@D(}b zls5TM-OM(paX8q(k)<6le9s6-ObwzfF;l`m7uSV}hIoPZ_ke*1~SpeS>&Zi_vtLwg{2f577bq;fbhnXS3wq+~dU&~^BAyu{9 zgrO}PEUmoC4^?uPa)U>}`D?rEbM|)FAE>TrzF*#Rrz+PRAZ&yQ_=>a`|ABHM&ZW~# zA;yyxM`Nak=9=d3Q^9n!ra^Vdm1+s7hP8G~!C5E7UiJ-4<#9Dsydhc%prL{H>sqrh z+u!xJ@HrY(`8>#zKHxA|9~RQ(jHR?Rpy*37s6XA!v=p#7ea~Sz))3 zS=yoVOd7GqgTtG>DV5#>%%+8+d?IS>**?*x4aBdFLq4k7G@jK{!yb|p9fospymmn(ZZQ; zXinhQGtF>78ZYdmP{)ZS3^TxTg1ESeyLiK}9_URQPg?F2`*OSs(+9sTtRqWV1Cc;G9G3}Tpg5I#FVaJX&yY`Nmu_w^B*=g-sGwTQ( z4H0sTiS3TS6ZB4d!_10U*xuj&`|inmZ&p^7gy|l8qoH)~x#ynqo$q|-JKyV^bCYF> zX-WvyZgHR(jI>>VdsAAiqP%O?|+5j?44Zs-e zfKD2~k8PLDuNI?(w1X;Lp(S%^BQnAT&ZmktQBD)Y6^5AV0b=%L8z9)!2~JkI4Z%iZ zicvEC4FW5^x!G3B+cu5iuBfr>XA2BULe%WbHb9WO0%F`xtlO&3HjxO~ODm3HwyUC) zhJxf)kvKq1`;gtHA{0?Y=Za?Cv9V^|)EjI^NR&DQZ#Ea!u9_RW$Ozw)V8QnemJPwm$B7c*oS9o-4>2V7i=Iq#;kRWG&rBi!`00<7zhBvPS0Z+=i` z!oGJA*#`%#ySolDu!O_}N2W!bX{R5s;rNJv0^)obKspo0OFoxH=0Z9s*RbQMVDusiyT1FzcXlmJx=)?Jb5Y}^~91qU|9z>2}^B;@{!D2mRYnPevrKY)^bUcM2J3DE&s&~wJw8isKYskPK5((~WkAgwHZItETEu|7rYUWEvV9i87F5lNL5%U4ga`Gh zNzFG_LNT{n?eZ}N{+y0J$|@Q&R=ezGX$HLIWTa}Lio&3@d)+RMm>@uB1fz}LKf9#R z%+jtLObS60L2B!VEGdN&W-OW>q~c#qW6vpZ@5#fy!9$c!tT#&8$)dP49$?}Q+D3x- zg{5yIFdaV&=y=4Q3`{?^*my$wH`t|doV`2K$CN~fAS;w=hL88f#|)amXy+KIr^M=X zl-bX&Y+IQ#7cUj{N}fmAZ^@R;m|u5m!y|`hRnfduM>IYLXgmFH5_M9cmnHl(&OXer zS0g26Vy;NScc1b-q-uekjLlWArBxE2EmdWb`SXxWq$9^MqCajQsEM6)A>W=iM>JdF zwF{d<7OQH~(w=-@jc*^Mv>6Ib@epj<<~B%)1I=mMthj^}xF&$G8G9;ooYl#?!b@VY zpJa9a1mmypi;{$*9y0OMDq_Qgi}MAW2}Hwgv#NXIKXq8|d{NK>#+j32Mppe|X z`Vf(AReO}X=;p+*QFk&ny{;@-Qzc@8Dkp`rYO5Qmf|`0U6kBtP)A3PLZ*E68Zt9QW z$Z7nfq~_f;|~*j%1=O-RPkuk=Qg*qwjKYBm+VH z2%%zI8aeHD-A#uT!Db@NT0+Yq$r^~{d>s5wEr;M>h1|9~L}K!6Y7_bP-Zb%W0y!N+ zMCqay7Dt=ZO;^6iD8=Z6jEmER6^|c0y-6FpHpNEdrc;EW^k2v6D7y1rwsX&Oj_(B5 zS7W9-%e$kS!>N*(`T9v{Oc> zm#c=adg(nB9jdfD%{w-ol7E!@owQ9nlGN!`-|5Z0Q$W$#*OSx=y$G=8Vknz`qE0gA%fkb+Pp#D7q~%NR@w*)9Oi<^)^&flMo9*ClW^~~g^JUM(D{E!K!&H#ibHR{^NeL|FhpD8Yc0uD}MdEQ9w*3sb zE^s)FOBt0Hdq~*Lura{}bd|El$a{qAQo+3x$ww)#t_qffo$85rf0~HN8>qvMXWiZnHjXvC7;HZXEAq9uw7N(k%8d6TM^CSfo^{h9% z4@S`gtHE1Ihy}&vV{$O2hUhbI6p0G!8O^yU+SR_5ASPW2Wk)B7y+A{$LW#4`=}l+MCw9d-3uV>Jyf8f$S)$kWK57Tk^-p-OXdY-x}0$7#s!0&^*sFmiX?1)D_Vd6(?lWDpyO!kfK`y>3q zgbsbDtxvZv9q?RUsRh*>=<9uW1Zu0LlQzYlY!5t*%CFNvHJVytg^6^DcDR9o;?y-c z3|Q@-{{5pfW#fN~@j)wvGRQ4sT!fKI&&)@mZrY^uu`-^#PVz_+G4N~<%n8Y@+_;xZ zOR1zp6+_Li;FTpM7g`ADrLP~fL)MdQ!#?>GjLWNsq;94CYI_&(kTZcNmR$|t-Y zl!f}97@?YBr_3bPplX%}>8^Bo*4!4G+F4xyj73qKX4$^(OVx!q08>1XXqK1Q@B48dw+ghkfvHqJn!1JB z$N1l8PV!E}>HdpP`=e&t3rh`x+6ig`GVi%qC>jgdPl@no1MTMJp{cKr(sqK|5?pEv zQ#26VjL;!*jGVH-fr*6Iu!pXsoigW6cY7YSSt!TKt&2M|7KhKE9oFhJ17>`8A4P+w z=hl=sL_BhYH^e(^1f6RR8u*08HHL>NA+;u69goJi&ZJ5uaxaTMpPHbKMkkDDmiOH- z%0f>_aq7KCeRDMN_lNpNchK#u3=mO8!d7Q{G$v_q|DrXTR($pf@|^@qw9R3qM|#)A zLAo((g1ZKvhP1oEY&{}kx%j`OtdsQ;?br0d#_1?P~Inz@&t#|V_Y@cAB)n; zvx(A!?J-Kr+h2=pcejVH`5Kg2G8DlS41EbkZaS(E)#|rEYe|*kaN{j>P8P5HAPIc8 z8^XAV2U`WXO1V17iu9l!+%}b0AW<*7At)KQo0!B3qHsI);me+VT+OfO zON3eU(WL{K2xF-;_eC^>QeD@@Tyz~=pZj2YqPkTBep{BCIkK%pDZzB?_JHG2M51~c z-MbQ8r;pl5e9SOV-WSPq3C{Ff2b+i5Lv7Cj*?F}({L~C3C?E`iz|KOFAXiYX{S0+l zB%^Z|kPbr;(Q@fHgc-2xfd3u;qf%OAYp{^llvwJqu&e zI9f&}wSy_IPCb%m7G#m`>cwZRCkAo0y@YEAQIj@A@Rq~UY24Droe3{!66vk%vBaWw zeW6K~#jw2)h_0Jr3QPJ(y9D|ytsCvV%O;ojWvMP&jaQrtZ)?#Axg9IR3=-Vun%kXe zentb{xvMz}VFpOVNEVBCM4iNWoUu2enF}H<>D-nwjF@eo{`KLx<>3M*am%DZ+QDAE zkI}|3Tb)ld>e4hm>yFx8eU(2(D=qe^Tv<7{?o^8t#dYGCv;+%O)uI|OS{z2%KWgzJ zYxgA@J^GmI;>3Mw)yA$THAb?K`JgHPOL9nqgGuZNUu^vl-P=bmTbIs&_R&kjM&orl zlE+2e9hX+O6%!y_A}w}8g=BGw`thh-JS{X2JjVKN`z}ZM-PRq2a+i+vy^&M>-PPV3 z&jWGLyKg)0^(E3fU>@_!CDz^xrv-xq%;PZ9#g27wkYs!XHxDQs$I-UG$K2Qa-V06A zUW}fi+o!C&+cd3i*KH|lMUhPzSF#I25bqwFr;@Q|AwT-w!Mc*&!P$g?>{K3LE) zKqXP6n{P3nQ+DNNR7pwA!D99@37~+;V9(?`5nHtKN=Fs~05lUZbnY_O*!yYFdAj?JcOJ zWD`9c;ypbiM97&`jSRl%mT_J7neQ6(&5iNWy zg^4V2iwb`rYfT7R6Q66-R7henfvRqIL=Py2B#G&>y44=NgVx-^4O@P~*eX(@I*KZ} zb>ucwvU<#DFT>4=ebknlN2_sU^WwZZ+WC~*CIL71H^e=HAdIwvdX&Coy(8x=$pMd> zIlqND0^D2Dyd5kxw>v{ynq~4GLug&8#JvZ`jbTK>ObV8(BsSmWw9%Ab6-Ucv#UBrw zeA1}MQqA(5{8ZWR(sb%y)&frJsq`FAqy;$5C&5r*BhHdu6E{guNN0rJN{5JRg^5}f z6&21<{JXVI*d!Kj(>Q+dtvF3(wS>hl@tY{=vg@MS`&8P7$V!RTdZCsz`tpr64}G(n z_aisGJlu=N``xy%GzOs&;Aa*LQ*nT}{Ig)~zH5*YErF%IyKG#;)~Aaf-?a42(j}@r zxjaxYuvoht%Pa>{EG_3$(??7vr6R{pVsa_tIq7}v&y3v%mc!=a2WdIXm@*gNSxJC| zUzY>9T4%FRmUQ-0D|a?Xr+Fh@i1SP0{67Cg)UfwNc9ggwp0l;51z18&EER;n^1{DW z{Dl$JL|Q6*mojrA{zQ;=W^52oww8G3C*X?XHUSdsR-4?*4S`1WOYH&vXJFs^+hOwF zuP|?q=8`o*#YNf{;U<;ja=Q+-28X0_WeB(C--#j)JHHj!U$VILaC=PC24<@p zyE0~JRo}M7Hp^fEqI!{bs**V*N%N0ZNA*%xRzjm9@ID&8=rxs7tK)HLB+F`|wnVGd z-|I%FOiRh_UAhCPEehN2Gkc`{NeMSK_cLvFL(cRlGIAe1gt>K^DfyA;M*e@){@=uP z9PZYTJw)yp=P~sEjZEI7=qO>uR?)uXDeCwLXA82heh-}FUTGT2fq0a5)Fc1wzrxv? zT}OfBf+RTXf*rzIQO9}$UE2wCT|;SSi)qAw+%j#b^yR1AklqTG+LMVNb$pB^`H#i; zMmJtV4c{Z=i(&4Ro(7UH)kqj=xy<*9<@&AxhBPmbF2AO2nP{0k75l;A2i! zB{HSeX_s!0rJ-=3Q_Pl|`Vt2t8rmMa)9Qt27_HrIJyow|_((2Amv5&J+7TifN4AGb zveEfnW7--L3Gy#s>^nA?{n<`CT0ePpsa7rQwt;*mU?) zcB^cuo_N;b`YJb?CowBBuoSKAGnik@LN4WcRbHmCdo2JNWQ_NXg z64iHGdca6SYHV45Fhq^CCrE2}8uK*MB!}h{IZ|a^lj`Mwq%hQ@a6Tc4vhf zg@U*f*sYRGF;VYfR$hhZBiy~r`IDtQ;t@U#_{u{X1hfs`z>VPL{ocUNqwA%*w*{Me zquJ9N=@~zGYj*TU;O?Ug{Brj5KVEG?W;uRLFTZ$DQ4XM(KyH8!PS9m(5#sVq!zTV# zm)vE5aLY_C*Mh2%DQ!nOe1>@7&55Gc)1pH|zSK?8&}%!6YC4Pz?3+Ihi3KT{Dq;mm zYhNG|TgdTt>a<|iabQ_3t@47Kp3SW$tY-dU+6s1rhltZV-Jw1aMYKse#;2bFZ6tCdHcc7kjkPvY5y=QA$$&t+#2q%cga^0Bni^p%D}Dt;V!DA z0k=am&4sOWT#87Lvh8`oUC!3+foY_2huh2Ziyc*QjKr^0FR zfh@7T6o!knOCtWsdey6f35w85P`*SZ>4E#Zc9yiO=`U2A*X`s$Gv( znv3n>XL`{!!jy_QQ5sH+NM&h^W!8w%Lr5e9Mx{QoCn4OK=Jz)lU*GN;mNtFjiWi!j zTQVnfTX|miCVo>pJ{Ru4(|%w1GRE)4jzhZLXj^(ouN6ye?n<@}rHwlz+xSW~+ieJ@ z&dn>;k=T;}N-upS97*lWl5Q)m;?ai~7YQ#nTQt5wFu5u1#NVtp2_IA zqqTioJ_!QX@s{nE#!@R3z8&9v2}P?CbIOe@31`(B!LyG%)Sec`?Zr`A@m5Viy14WG zXjy45=Dg1s-s6giaBNpvj*jZf+Pluuu1G%wdbxF)ZgTHGMTwx$qmIuJG;k5a4$=;+ zr4H@Wy*`SrTPj?`DcE#$D(bqCsS=2n`4D*V@AhEF{ra)dT*rS2%#Bg5t4$FMDEvrwpMK?6){TfwIFO^Rr@SyUVaPDlj+aw&`>A;!#$=H23 z4SD%xDwA|~FD>hqzIZb@pRTW$mzlTNcu8lAuO+tpG*`4PNhj?@lkIZD)(bhtts4yt z(??gTb?G<3F-;K!!QPD!NBp(hFr0t7)bc1Cwl@BV#Jdx+571W z!^tFRnOsw8b>8YE2SYK5Z-tnFM3^8;z|g9FlVPbRm+gm}uF{NR#H@kt3)6{v-gLn` z*k^h;jBmTvbI}+1kOm}bIsPqchH}Q5F;V#8<;*oZ6nUu1$J@! z2ZQEMG;kRAFh)K$$$mO4i7(s%y>!SrEaitft`NMYyKi2*y~t}duT)BrQs<+vpCJgf zz%7hy?O*IbiiSe~-q3B$kd+55!>1?Gnjjko7R#oMH9yRgE}!;bsumc{4nx{b^+6TP zAe~!TPl$h83Q~ObTY>J1pQl>B2dmD^+P_+9g1>vf3R|W(KZ?u}rN?ZGW)KZ&wsldO zo=7eb+(b`&<%AO=j&r$4mzW8Hm63I0V5y8-8hi*6EGzY@(Om${o{dd-Kge6{FLWz9 zglVLBRzIHDVn){fwA~EKs+mM2{Ce{y3w0?ul8&^SF;6EmCJX2{0=*@>hhv@z?TB-y&-R6L8XZM(7PjU8hfcIiMJI=Tl;1^ z`H%+lUQNF=%uCm&|1^;fX+Xab$Sw0Nv7p{G0vZcV57|$?b`C2pv%r&fSobBR*Sf+= zL*oaqY;+T~rj;&DShXZs#BXCa!*sHJkHQh@NfIVzv?J&$ImC&(E=Sh`b4%Ag)3m2I znX?;9<=|4Cx0>*ZYXAMpQ}xn8{`wPk=^8_7(h{doL|tT_CcLCTUc`}78P9S9qs!fi z(qgTzSj78XhD0s}{Pe*F$<4@eWXH&+(UFm8Kv5(OudI@2t!!TnlooE?rHQV0b6l-C zT$u}58uJ;Bn8)`-5z5uj*| z%(OsHHpKL~i!HZ48WQaEF_37Ddhaf#j$A~0NaHa-TIxi+k-U^Png{_D)NR zP)WNge+pVUM?IDa7DTh}CFFaI3gQD%Mtb?bVw-vN@E&+Hy8)uT6`i#sgGn1S@-4>I zt(Nx=`sG_(e6y^b45%&a0s)sa9v9buwHEW!*J>uc+eP-WN5zvfW^xHUWEOTX>D`!p z#KYs&F71>%9zN~i2ME$gNbD-I7d}U-;Qbz`Bowqx?PxfF)teNx6uY~a4&ap6{_s9} zp)VQuL5+4z>omO91wsrb-CONE*1N2vcaL5Z;-p0?d|6%$9H<(o)NTZFk4ZnL%|DfL zF(jdzC6|*Y;L&bG0{%(lK&+@9OEk%KKMr*JSat2Cm6}d#koN+OL?NCgFrt-9UmrNw$d%6=Vbpa+^6D)`L`z+IUm}pQ?SR!F* z*xLyrF{XC3+2jwnhuDuisc^PbT6I z`_kxGi1tZ7xL{SwetI(#{kp$hZC_N;>v)h}$F&#grJ zv@?|sQm?cNBv?!72RGkXxf5HY;^?6 zy?4MJ={{&IT1AMQC3mMT20lFjg+no1VP6i}B zU<9XI!hD&Q=7rhCYb96`qr36>9r!b9rs5ha1Vv_^|-`U`}CiM~2 zpKIpHdrQ-%L+k`9?^*^Psg;D6D)CAkoxe*!e3L5~7v)yD!YRM#%D;>rzSdGr;3e|Y~qV3YyTst^!#-*pN z(`Gjt$j?a5G3&f`w%%YfZNA| zmai)dMuFeN7D!_z^AhNM!2I1p&)OLp!<9Bss!t&XoLiIry+5La3s1gR+9oX_(z2^n zu?NYtoMrkCS|u^|+!IMyIOr)&%rw27{UsC9WrH-9>E!3swa}pH9<)$T2JgSp`ag%`OVf6Y3xl$ zoXXBd>4M+_xZH0igacOurzW^LDx2Oq;v=HbNkR&UP`qks&0u3_L}VFMS&muy#pNJY zC91`P?K$xxTRyr{%W1*>p0u_%4bc^!XsY$|(5tjl5tNQoHx7!0vLljhB_USenmpNj9O?$UdT9VBthz?^0Zm3<3{CV+wtKCnLZanD zL$VBHWQYAi`oXBG8IroU?|eE0Bps>l?TdAqa8fYT$*XH+G#qqp;p7(3vAiyXX}#}>E*q!$0ci=g-E7P zqY%q<7I9XP)?A(r-v6)}T0gGr=BRL#->)Y>ajRdGdoR6Xv4OrcD%L#~vy;3>pO8Kh z%lA&!fPYk=)$3l4ZVoqSq2>IoFd9K5sU6?$c=2AMx6}$LXwCLm2M@G$q+GOVROF2Y zJ>udo3G3X$`{05?#;|lZ3a?~zLwAyx#eHdAf zxGTJ87Rf~miB=l8hVmacP4p^`PyO+g7(NVaR)A>#t4Nq=xU7emUUqX0)2dQs9_|B5 zyRed6l2#LW?Fe1`QBUp#v~Fe#R!E}wMN0QBWEl!V zE4Kw-WyWBKz^BL=Hn=8)Xea&CSP3^*xG0|wwjYo{ULD?E+V8|V%WlF-n@DbbrVS0r z3LOB>GOIh;@V7L2qRL#{Bn_?1JK}>N7M3^rbT%a8u|OE;wzI zxjuBiDh=Y|x+YP7m)R}8daceSYrKB6V(F03-G#IJV*e$LX*=zp>MLonFuLsom=tB& z=yhZ8A57QxZeiyiOjk{!Rw>$Qf&Bm3bj@A8be5gWoC%NGmdJc#R%tTj< zvTXK{mO9lwjc`zB2O`>KT4Lg9$IKqe$zBQGS`al$Ba~9T?_JA+cAtry5Dd84K6^b0 zPWoWVh;7)_&Ke!)ai8*LdN6MaO7__iD{&Xk+8wVz(e1o_%*<&IstDpJZx3?c8cp)6 zdFto5{qEpA_eqx4Tl=3JXbO~w1|&Aa4xOk^W`{Oja4_r2eTdA*qE8wP1u2{n2yevP z8jsYQ4|*N>Q`)B^J2CTqoxgYEB7~}B&UVi5C?LkEY5dIr1FQoe3}law;$BTRo}j$ zk#)T(zh6-K>PhX*JvQVD1IUHd$2B+MkLVDFtiBUG-4hR!N1eQjUOoJ*y+4T+SA*7$ zT_>8X`d+c?3~WD6Uncptg@2>`KgZJueH!OqRQo@~7p-Acjd|k7x7z=~Y^p~0TV1W( zY7N4D`>>Ydj-H>-m7UXS;<@Nnsntle36woj?=FUpA?eIk+OW%xZi2BSQm#I*dJ`*+ zZJG;q&~(}Z5R1tU{Vf{v`sIK3C5A-W@u92L&|X<0q`4+7 zD}F0Uv$l;&;sDwbWpv{m>^-Ayo~ey<{` z)g{yush5Ne-W@>saqed+78EqIA6=JQ9;B&k4#k&n-bd3rd_pWKc!-jg@)A9QEbT;% zHQAi#gC3K5Fy8d=pndx?sS#Z*-RkN{TTKr0^ibyDnSYI8`S8tAFqLWT$9tn550mIi znh)A9EGP5}cxS)Ku03c9Te$fhT=fu1({D7d20^Cn3K00+-K7w`)#XDmOYkT-V@G?I zdeVs#ueFDj1GDMgqHzj7HKKtu6_@@ZXHXu|T7}JIzs=!pyF!W9B=nTNi^kg>v{Jp3 zaGzEzJQyOX&63vWN0)2a?m=LB*w^>G>t|3rf6BJ!yREAbS9GQL#5YgL9=;DA^xsR3 z9@|G+s!wB*=vVD=ls(Xnhm&Y{y1ZlQkq=?H5xC38NTDTPcTHMu+R$uI_2_NFeS#M3 zTiGHZu99FV8(S8K>Zs*VCYc4kg@{(+&z0dP3!eeL!wwLld)x7+0ww9u@{vlgUKQ%c zG_SM2y5bhsF7{S>kCWbTsP>o(L2%^~fV0RDSUCCxC&<9!>`6LPg{O=~lX3#a=NHfc&eN&5MLI1ReX1%0L=8VJNtNH}+m zzL$|@JC}xmBCtc(0Z9?A$LxxRB7M-VGj`=?Fa{1lXfcSQCH|zJ9~(=HJ7 zE$pkYcf_QLCW?lF+zNO`cQ2LDiS_Qk%PcvUmJiyV6D)vMCW0~ewrH!&Pea@ZKCPRF zE&+P&1&J>W`bJYfz5}=wjdp@IF;K+-IusQGRLdJWVp9cN#3ae;tm-E%CS{hc3rj8p zRhHZ9gbDH_F-&|B!(~qP43pl3AxpRE69Qs?Aq!Je$;EE6O-3++s@66TeP?@?-W(xc zCV|wK!VYeJU&_89*!RQw4qWm{ne?;@6Q+r4E}G2BNGXZzg6~f7_q9)FS{WG8{mV;n zjYJlv%jGOoal=x$V81b2HwiMf#pCWv!y~;!y-fQb4bw0YajoKFIXx0xRNZ!>5Uw$U zx)~JxLONurG125sA0%+i*Qzl;0Uu?JZ3Q4&9e@O$o2*laUWvcciHSaR!c;}F{1)Bb z9-}n)o z#eeY!2kyIa;^$xLURNHar?7P+1a(OyeC)j{DmTo-y0fP8?DVX8;Kvh5j_kz>~-aZ4OF21!XS6*-_0%G-PO@O zRLn)WTrQvM$aUpvo!#ZybGm%HqkFiks~Qc}p6{;aa`8?1RctA8%Io{89l26*-B9g& zxnfr}Pr9?3D=Jwm<|$GvukY-pV%G*iA-OP-@2=##J81MW9_wG#>+h?z7nFLo(CxtT z-FZEKqX#@|KcwyNcY?@ew4A4fT%JUS5*>!$vyR`h_V5jV_(riBIjkPa1r#GNpl*ed z<=PoiMgEoS=>^pT4{kJ9bSU37kl&^8;jZ2o;85+QBzZPTp0g?o69ouCGnMWrm*-v- zyzi3egb0`MOEG!=br?mSwd*&E8)8iL2!0#DZ-e2t0sJWqLD_PZQPyy5=U=6xyIgfL{M2th>1Bk= zwV&o0K2QEcNgMqtq=P@;jO`4C4}BMT1N`gNa4B1SksI!UFQW2#z^@k-wsR@34;b9k zEzT*gCkO~iuQEezJiZy;Cok5kWMyc(SgishMCA#?gewqAfESU=@K|TAGuNFf{2dbpKYd+_yC13v)_7qh#${&Iy)Z zd&VE0QO{r-7-mp7l?TNyVYC+}7;u&7(FIcEa(%k=>oTBAw=M-;x^(Gus4w~LtlylS zYCrR**P2}1(@ga?Q+>@;e={}EOy!%Y?q;gcOm#FAVU1Ll`(u&uTm=ZjT?|bGB4?Obg(?z{1jat z>U`Q@=#DhdrLIV$P79#g?WKAXhq$MjXM+5KzoPhJce(c0me@(c>RbU9q|1YYnt;Dl z7ZJ%(zEtY3=He82;=eCD4bQ|vF^@2mq#bJPYo^{7i#GPDAUAt>+aKQ6EI%V^ldmiJ znr6db2m)^o)!r&b9q6Z*OC>e-U2p82-Y8d+21EvSgW;ZBsn-#eDwAjncOFZOZoWiC zdhrUk@T%yKDnaM-C5Du$%0WM3z;F8@NIeHFtxS-)c?pdD5QulmvzH>> zi)y9zqP0?cu_@&n`w~`f>`SuWPG!F>aMX##Is=d--v&*Qx3o6ut9It$$9hj?umY-< z9vG}J2`o7@oXTG}ToENz{K`;ZI8~tbR8sM3<%dGo>LIjr{cr^`SxdFAHQU@c2yA+e zHi(JnDGe%rd67&xMjj>TDmi8>Rr)q0X%YBGq8&q5u5U#p>8io{kq_37jHa(}9jd?4 z6XoL;oW`#hXPD_l20$t{jwHHAa=EJ_@I_75t=Zm@oTsmfdX$8qS4BS0hRgfm@Dh@S zluiBf0s&Y1O>Gvu={&E8YUjx4V7NkV(%s(y2$ z>oh>ZyG~Kkz4R?)(e=#Jxy;i`smcRhx!Z3AzZFvjilND~sm$I~x<3?1gY8ZgD5TOo zsdS$=7Gu!wPbI(g_^prb(SN}@KcT^@ZA0a9JUwnHt$ZGL-6Sp&Ls>(Z-Br!M`v zlyoWR(xXeC%dW;>2HB;QB$nFNUN*Cq52iNR0~wv@4CHyQ&8bX z;i39XYLlB}W9@Z&;ElNFCS7Z<1EH}`m)*MDC4k$NLeCG?_i(Ab)dcyiX6l({>e*)M z8)~Dm+uCUC)pvt@N*Ha8hEAb{T2TH3VYb&4}0|B)(bZt z$_=M)10pdud=}NQp-_`wQXOuR?&Ugg>qS$gaoRw=WpHb6X^8D(*R^q%rK`pWhO;Pog=Oy174*cf=5K)zX)rO~HB79?TNn?6)&^!v-MGPQi3?&S zdo&`H8-AD3>3gaGtVmRn;%Zp5$?; zam1$75ExuAl=sVU!R;`L)GsK3HCe*ehmJy?s#5C88vp@G4bL~;!~#(fb=3#$xQ_4HAtANKUahT|jt z@Q7YKV&ERJ{Kq{1G3hmR;bD9Cn7w=4-#uj}$x!m@m_)W2j| zU$U$xz0{MI^`vDzFOL;Lj)!d^#GuhG?F)Umqnyu1-Z6VK4PYTOvu;px$>4 z8-=urtLpmhi+{#q(=|LCW_dv?XbP8lQ0_DfPwk2qKSt9>iR;~S2tcO+^AUcf_QvS< z;()aFP%88pwsrYZuMTxPsy9+YE2h6k8R2%y>T2`Xv50;`TZ~pb8qxS`viv;7D-Anl zFutW{<=0fZ@Z8GveUwzO)bnnhzlL{FDi1buV@MAD0M$y>yw4FzQQTlVxZS0JYG=8A zfGYb0sibD(mS_mi3n!>FD5anoygR<--}zgy&DXgsY?Ux~*--zw{G4IMw#e^|x=0uK zv)~$GwR|y8R3*<1H8fOv4WEkU7PfkcdSIES-@rh6Lf^HNsEn_dGvC z?OsY!TQ?|zfv;2^iQ22SN%t}l?d4fAOL|l4=;BiDQnIK^w=M-;dUWa4rB9cBT?Vkw zN&_V&?PB!^xv66>`R!+ZdrdcDAF5F5Pz8?#)_3p%%j*p2m2gbIWp~^Z2xreEEvsC= zA!L#4!4oOh{{$%g5e#T4DzAw;k_U>>PNhWk3JiFI-?38$yj<1*Cq+=cm1ZIQGzkyYgE%N(m3}?xav@xV+2M`%5Ic@L^cK zV5GS5z(NaGZd{3vFjBc;K^3fFdr3(%{jHoJG03}y>SuvbEbo#@%7eVXUBSKpe+x<# zJ2&7&FnlV2NZh5){&{S3g--rhxRi!v|HJhK@$!$&FjK681s4pnA?|KBD+Q3+4+QBP zeWUa_rGMh-_=bat0&t_b{<@J>dP9BzSGb-S?43Su{W%}^=e#-Z_45_$)_HYnfEpJ0T$q4=M8ESI z-U^z^ndiJxvVd98uxJNV!hapmVn<1rHM$JyGQvSHIxyjHiug*!-~%#p0lb@Pdhs#(rzP zeu36y3><-VtR2N+g&VgR3LFU@nCy;+Tk$1xT$&{S3#A%Szvx1oxq(KuoK71owbEC$ zY~D2XuZ5rvzkwtZlt$+o=3z+lyx&%U8l6RwMt7?iplK09mE4j0tDM0%9TKNw2ZJL0 z)_-{$p}YpJ;j0cdh>cEBsv($qp*F0sUQ~kSlQ5uPbpzcDP&YaQ6M%+@;_v%{Zvza= z_SVeE=?pSUy^BZ1d^1`o#WS6@oWkVc3+@zIi$&;#W!Wf}AQHAwpdIm5$goqx=Pz(n zhZ=HJ>%X$m|COl&(lGE9#>VBwWoAD9f?&gC<@#U8^PUw1c=1JMmm;Z+N<5G(4tsQZ zsQydi$oek_Z2JB(@2^UMy8fuiV>GQ#xo%<}P8mT@go*nmi8V5AVciDS@|#3(j5p{X zk8i=j(2^KC<$S^ktM^yC!S4)aZm#v8f#1$cOKgo3wYNj!LP-27B;JS=|jEgf>HxcAClU9$OP^%?$$s>P%>9Y!P3* zYV1Tf+5%8xCxq4WP@^kBv2nztg-IKvk>;PLNviK!_VvPrQKl0VBfOqY);w6chL#DQbOC+p;dp z?hW#v>*#fdS-%ZBs12U!uV{QoPINeR(*8#wH~7X~0SVucYyZ2GEx>8bkDDe-n5CnD zke9AaRYxNp)4vQ^RZKve@%*C+zYnT9l9rTjTObW#(Bba_Rc-wN18*V8C}sOw_V>Ff zt^-5bAxf6oOlKAK))3Y?l0b%-nxc+ef9-GW^|e}UQhJ|uJLv~Pv?nX6)bIOo)$Hl0 z_(9!s4Omh@fr`Irkkh6?n)*sN4z@a7w`BHkp*p_Y>!0Dp;;8 zY6(2#l5WX6;>QR;#Mcr1)vzd8rLI@`3*xSEBBW}+V#xtJ(N>yO-YWu+iU+%IIO*vG1J(=Vd;YO)guj+3~*u2>kBnFZU_1)s-rjISvOGu?LVN$fO+JysF zdr=bA6Ms%MgH51n$SwFs}{VV6f8Qf z_9Lzm#L(@S)A2GVGpseV%#3II1x2MiM{PyIoH%Uvw$ zfPu28FEc?;+T13y6H}((=wJq7?fsKLio$TQS8a6 zCYgiABB}+QHEN;t=Y>jhjyG21_36qn)X0_8xxI%3_r7k zm_%3bXVaUVN{)9qYTzb(5nM;k)_;aee! zu=_rveb7VS(l{2a{;iPMVlCI-fmOo;S|T=IzZxg%I1^^j)-@r_vi+kt(HIH|X05$y zT#3nyr6mg+^%BPi>g*XJ{N*hvul{OW-kOv1LUoHsB?(**&#Aw|?z_BsIOjWxq-2Yq z?{j+_m_$$_f+nQImcyO9rE56S6G?usu@D=LJE3oB5H{$pjRqwI>!WKi=ImKphZGn> z!aPYVLTXfruW^kt>sN-vK)=7OUrP|_$?!0gez;l>F_1dbunA;iC_bzb_|9C*_3QP( zUwFAr&+I+~!(Mh}a8t%Wln+UsM8w9`<;JxisIqJ0NvvAXsgL3{e24zUx63o{C>G}< z9hcUz*?hePELi!&3rPq9X2e^6K^?iCfe^p2DPO-fP)l7XDp<0yG*~HkqS6y#uxll8 zW9^^Gc9i+G+y_p6Grq!5`_*cAuKd}B^rsfoqt&4OX7sw=zZ#w^_d5Nti5-mbZ}%rk z>hJrzr^avNXE^G;?;Tyz^W?XY7OV_bhKm+d*eF*@-o;ZU5^GN>{WVXs&}&lOB)lXf zN~S(qZj4G-y`sycX|~BuHkx;_;0Y-I>!g87x2eF2sk}**-q!T2wh?PU3EYf-!EFaR z;tWqxBK7c$&OrQXPYOF+Zw6PDFE^%|;ZRIeEw@>dCdcEp5%}oB_@OjnG1{A1A5>^8 ze%zILBv_@ljU5ACxQkUG0A#8*hO>`ZNR5`qVfFUsgApFyE@5c>i-U`e9qNv(Z0ob7 z8p9#4G1csBlG0nPISjKmRmyCbu2>kA`!51zj2uRzIy>&mjW>$b{95$saK)pqN~sz? z;#!FM3(SV$4pilEM@&(jrcsi8Zg$GX;#Khj{2*BF+3RhbB9DkAHQuCp9Bl3_H40Faw{-RzM_5O3Pmnxeeq@jc`PBsDe_oW)fPM4 z%`>dQ%ga%c^%u|ApaYz-yc>)Kgs9}S)~K{jERB-`@oQU?pr9W3r^H%6&g^p>;$TVB@-d_w8> z^1vdhhF%!RPPz(H7OtKyuPb2SP5V$-0GLMtz%Z)i609bLAIKlW2oMX+s~hFPTu1Xk zOx4U1cr~M}_a&vg-Db%=Orw&6XYuKv7iJIbNEN9D6k57nsI%E#mV|-=fKz@J|D|Gu8VGd&R z|3dlf(xlbK{iTX+M4c6kSBU;u-QJzVqctM{~sVEr_H^oze!5tVu?JdScDJA1U4C}_((~Vvha{X zMD9j0d{Z<;)hVN1eM`8WlcU{CWI$?*UR%U)NImPHM#ifPboq)NtmS}6jR zHNt8Lk*Q};83ccW9I$K_5E>MqGFSg=7Djg4OV}w!y2Q$CZKZ9 zKwNdjDKh=-u!%og9Bxb#_UE|baK~lvZ%DB5^qX+}?a zlw9Ek5{w4Em}Dj$q{l|h@L(lvYm4@qST!cRD_?fUFhNBYO?b8yQlJ8o9UP3&xtfJJ z3Cf|y_iE2X>+xJ`QS?=u*KQr(dyob)P@dx9jnluZ(?n@Z7)K zaBT1AyFR)8|Nh%&-gnE?fBNw6&Q-7fi)Z`)?Cz(&bnn=gZ#)0rbbj%g|M->f{JX9H z;qmYM#r6N||MfqO|JlF%*TwIQ=KknR@yf5A`O5V_cdgH7vFhCXiIelQ)2HX>s)vtNPam4EethqpcT`WEn4dj-@Gvh9A3wIK zdhaRn4>@RdA51z;Nw-Sn5^MP%#gFFta(mCr$o4fSk4|82mkw~yn zk6kb20!McdhyHH3i|r8s`b$U_Hms?vwKLTCB}v+O$=Z1-ZfD6|)&zktbMmw0Q>LqCuY*|)$T$E zYZ;Y7p`%>o4gl@Br|e}zg#u89wwJ5rYEh}nP)d1O;b3Ba&lel@J4i$}IpX-Hj6mTNg)Pt2-dq+{He%qROrifN776%H%gWe$&MJZGubxTC2 ztWtl0t<-v@|MW%&k2`w{ol;i%Kkm;>pkBU7iy%V_U1-yS-OD${uQ|1@{POyEf7TC8 zm&bg@NmisDvTJCehoK+JRoqyrIE(VyPDVgBlKux-pyR8ym8OHNs|r0j5WC#p07C*? zcvjpjD&J}YB9^xC`Mxw7v}=eV(Jl3D-38cYVS<}TySC6%)F|?wM#M*wA-z@SLv^m1 zgXx;9SkJm)ZRNLm|9_YE;a;>j>|>cII7Ic-OVG zUT1jcYY=fgzYW!X780+ysqk0Y28uvq>nF!tL=Nm?zjgYJ)i7li{01NCsmpIYe(UvH zpWpiZHoy&c6Pkv^OG>a}(b%J-HNCm=z5-ACh8C`c&EN`2gi4=APyz$;$G9$B3x?%| zNrXmu0q3<^o+~fhT&{hy%&GuR=)%ptOfKFi+lub6tEYESrcz$u1WI|~?knJOssdtR ziafy(nDT&Cm~wD?{5I7ORuo>ClIaDf9)jKR9pEZ1pnsxBvnO~boi8)R&9;(d$93pQ z1y;Y8Ly53~40&w|0~jm%m4Sk-Wnnj3W)(wbnDYRl1u6ThcH`vn%=EfjGv|r|OMOjq zNd>VJE85-1v;+ePdRKY3=*kgZ9a7++uS5>Io&r}$g>-P~AS%snKwcseN<}6_?H3&- zUNISpw58=sZ50_V4R`Qp2dA!R*_s)fGgsw0dnv3Po!EY^Upji(tSk`2r6C5bOAd-5 zA$ZI{5sOnFkWXFlR}imMUU(q(UrCkLzzFH{$1cfTJxG@YyC<3Ed(=E+F_$i|HaMaPVZ*d%2c;w2Qea9dd?aL4B zICA9pqkA4Xa{BOzBlA(vvv@9=!#YeGYhIEe@9iY-ZI%;CfU6=)+JF=94K38UA&xZ! z-1Jcm6Kax^uS&WNigfRg2pK)#x9jvg-;mJdw(uHV$TVhoPMHgb?0UqmCkn7f?G>yaO`BKfi=W$NTH^%U(^WXw z2$%Y{9%$W|F4w;ywa?DZA<_Q44Yuold0mJ(DU)@{J93;MIHaoS=rv>@rOPzU8020k zGeEal#5T*5T>#iwNeySHVk#%rGN~L_CWTZ^uVK;)-2N7L{r0AxH$5$H7NkUB&vE5T?i)zf}FE{JLk8bAww6Q*M?Z}?DMijs(E%?D=wnauiaQ!%M@>#Qk>a1 zCo={W$RApdKMNbZM(Z@EuV54hm=Xg6W`Mm!9)If!J)RgC=-?-; zU*dUyf8G2m@~@YFo&4+PUx9x;{OjYNq=oOA1D9c!-kknqB!&qcYAZPVqfU%6~{R#ps{Lug8-deOp@g=E&#uY|pb`j{0!KmB0NcFjnO<@o?^eC-d=7`~7 zIG?Y&mXCj3zo3GA>%|h@NG z3;D~J_=V_DVsFO^Z1#OS#yCOTJJfPj%Q3y)?VS)0@)Vtt$AFd^_Xnga0nVlQ(giBa zs3c{Jy*RzCxuu@o7?uTRf0!$+F(VUg<+f&N7>#3u<4jD-5RV_sRf*%erS;fL?j^P@ zYn?A`DGa#C9f-q+nOI`GJZpA9ib9+1o$-K@Eqakq@FE8W^4$ZPEb625d>$EPy?vF> z0x=P4FKasjgoE04w{}@7$H0OpIBXVYlIdj3;8`-NIQqNBBGgF;frbpy`oRutT-v-U zca;MP)dkJqT!o>AYA1jk4>s`Dq=uVEz4HNI`VP_yj*YR3_QvB)I{T*77mvB#m>GNy zJ&u`+V|{LbQx-%q;t&S0RXs`1*6+7hc-Q`9ug=B~c<{`|GcZqA?1WQ|KiLQ906^1D zc|pROb7M?@5G7IOl(5LAguU7g{fFug;2V)sUN~p9exg?k=i*um=i*wHP=WfiT@RZO zo3^?DoVG`uhc7Su)QrW2SN--gzrE(Szhaj&&fQULDl|ZO;TNV;%k{(d$jytL^S4k& z4bb+&xgaig%W)UFf32-L>e<3y^Bhk8Ec|uAT)FD6y@oL)4R`lo5qnA}r@%s<(!!f+ zRd*~2J*jm)x(#>2=<=rZ@QAhk#d7`0(0cvJa{Y^;_4<>6+R8O*D`AbirABZp-m|#a9ZlS^Fgfc&aXwR z2G=9z{=D^OH>|3O85#irX(F=CIu6;)b|hJNxE1m0J8%zW(UCR zv+r*`q;r!1VO;GtG!FcR@Kh}sd3;QVM8 zy>VfnP-n~YS-8oB08>9-?9f)x+G|*Hy>TFtX=D=THE}i);TTsGn8{h(B99F99Oo8y8h6RVKgn2#$9n9r#gZ|U9X0` z?MdEtK_xWT2CB|55e!uj`z)4{2^i>3)D$8fpM>ud|tD? zA{!dPy~8BP4LW8laaDVVzAI)^|AErxC~BVFV8mZ1VaYl4p%L4}@Fy0FAj2Kcg_>Y3 ze4DyVpoK+`D=DU`2RWju%-XQTr{y>}6OapEw5XRVbD9%*UH@iz(G2^AFB^(q!CIFg zT>lDxIy;T7j1T<2U$H1Z``da~U~4}e1+1=(&+j1gTzkQ06*P&28dG$WMUHFzcZ`rE_N;}JFMHGv8S=$s$L%$s75pK#nn;vQe0t=9_g(hpVmg&lw**#{p~pEa%&n1M}(6a-O%G=gW2dS;XU&&~r&YA_dbo}MRWVWUkn$Ksu@AOJB5{z#>U7O&<|V+Z$ZE6B=tG}NjM3s-$+LT~wM zlA>sf#Eof~HI5E_CMIB0LV>MgWlyz;{a#(*17r;Ik1UWxf>_dd1e$n+D*{bE{bOt? z|buL49I>{Ikm676MOUbllW*d=ij3xDhbxX9jJ4f5hfkv={KU*3hF;b8VU88TF` z2E&7({ZyCNproQfoVLdBR}*1ozFvY?ZBD*!@mx-pTer@~-QttSCRY|FY{YwXu3GCLdluj-StS|WD3eJXwb&uHHpPG4Y z-stFW{el4|5)dEi)xb9N@#Sl|>$AxSF?&Xeajv`2rL)CFg3bH&FBMy8>`xDfP&D#2 z_Fsu+jHBaeNMFTC*f7S^>ISS^U|!`JEs? z=h|%8IN{3~nJPl7_9E$2UMiWd1d_8^Cngvv6E0IRK{?Uj1I&IO%v})o_kV1hdgVt7 zeL6Q`NU$p<+{=x1&7|$B(L48?ns*E4+k%yGptdg|B;RbJ^rkhW6Sgo({Y|#t1Qh*E z{Y`^Vf0LI?49;dzeS@|%)!&44a*lLo0#QY5_Ejh_1X6WcPyW0sn1jEJ-?4m2 ztNi1G(wc_b?YdRh+S_(j#L-SwujK%QQK7uJM{9e-LyLDaVe}n9_Ft4aH$~4E_&g{F z>s9>?1NCKH>#wpf#il9#*R~^>o-9#CY=&#>4CHR?l!}+wBz2{QbK1=|n~pn+A8I{f+@Tz9&x+8Kt~8jj3b-swBcD8;7;73X+H*TreO&fE3ygN3z_%ph?b=Z}fO=gW(S zjixZ5$W{;<0PQqtkf1mk35(QEXe3)roM^mB{(;AThMGXV0wfe%F}A0>;p& zym(ZnutDZ1e=15ahm~jfDMv{&-I^!p#XO5gU9tL^dJ}NgBA=&+_~3AcN<}SQPiu1p zBO)XGP2qJJ{GttN_FzNIBg2mrW;?7b7S+`YG8ZajYT#4F6~mX_*l9z*Gd^u@+f(Bc z=sR78P-HDtIaFtVG$C!a6X%0f4l4V#+&Ca3X3(JZn-~RWQ-!D`;$q16{bsVFCba%5 zbs;X|F2P7!e(bzYYKsi4B1v}FD*O9GI92l9$_k#XR&<}K+1UvD0P?1(bGTc*H zn4CP}&&s6*oJBf&OXc#W@;B9`6fw}{pJ1dFZ7onQsV?B`P*##-p>6Eq#z{NQ5Y-{f8m%YL}ktlSK^Mm zeX)011>{!tEwlLLn@JHDHUXKiykvA<%vZFvtRBn#a8L9@xk=L|od*j&75q?k5V8GW z7@mf$w9GU;UKqsgVDJq?2y40JY3(J{o}}`0m;f#ewaw_-LO;NgN`gw!mV!kLY!P9{ zAm*6_$eS$PQD&Is@c#0~qKq_7_S!4jceLa&pd9OOH9ZDBAPw=y-U=F{{#GT#+{vw^ z;_-TnO)3>~wPNt%2|;d8FP5{QR(#@tMI|xNct{y&JSDR@1)Tgil&?$^21)?Nf0;xu zKhIjYW)hN!C%aRm`7A?^d{r}}Pig&wtc|T~0P5$@xr^iJ3s?r4JJIY+}M*D!Ny8Eok@B zB-<<-7cDU2KEBPuKao_i37Z@oNoRw`A2AER3O^{(7z&AXraI1G`GlM+6%~|Ke5Iyj zgT63NHpnz;3^8`t8tj?pl@w8Zy<}#6y&PK#?~mVWmfQQrS6q<7z+YKgC@7kxS6A8I zu;NwGm4zP93nqH=4fVkP4CWZJotVhi{q{}2J!etMZ>#aeZ^t}nNX2Pu1%{`uMB4(= zmNdVd)6eU2(e`*NQ_rqrhvrWnW+yf~8=8Aj*}TJm@*mEA<9hoPk&d8UFB=EH-@=`C z4q66C$XNK1zi8+{vBy7^1Blv_)LYOwYP5cwf`gt^DB()I`f;;{Qp(m!=z_j==YW(_ z_O*8O!oa;uR(v43_N1VBGmY<(zg96R!-Gr!sjR9G3F<36I8>#SeYLXBH?x&ec8{`u z&VysERKR+pUj1dWhEl4bts4ukH?x&e_VvnsgNJezUqOh*_>yu=^in0)spQ`@0VpN$ zwD>$FgCGLHBEOb{t2C-T6})3?%of)8+FJ{JS}~dW&+BBz;`b$)g)Jz8|$9y77ZdbZWzxGVjZrfLQ#Yu&HBV4XMIV z#C+m8{BfQ|&`}AzUVK6LC=TAZo5 z7;#|>A3oJmtHL+`49wzBI}MC9a5K$JTHB$zYgrouwXd}nwq*jQ3wUa~rAv@u#Or08 z%!kA{uPG1oeTtVzsK}Y&bp^K4!5b**u1Zy#?yNvuOygvQ;sQGS2?d=YZAC(Kwf(G5 zmK%R=lzOr(Gcb7+?{YXPJ+80}qxvd;l2PTw*K{;=@vq8@KO0*71(6HRtZF+06!{t1 zd3MyxR}+GQ6ed}GXV^Xg-neh)DVx5M0X#25klBz5yy5hI!QyV!FpEoY~0 zHPCFu;%E}|ZtMa%p(!=}gwD$ewIqd)>sYhZrBhwvmDtX(P+dWL0?MBWSOZF$@lD!; z%AE4mK-Y6RC&(r@o{@Bo9k2zMKAihB?cRES|||RXZ3JRvY4SSov(ILpx&QT^sCk zU~wwEy(=*N4K%BsK;Ef9pvXr8l_4Is9-H0mkvKV@ z=>w*}Bb`sFbYAwUym*;Sn99c3>0YJu6<*q7(;;a6*42gH@-!{^A9nwn!VK|er6t`= z$SE4gOt$Xmm^8Fu8)n=^9+Lk0oZ=;76!YH)#_B=&B7<`;o2Pv(m2=X_OxET&9L+XI z9?ijGgNqgvIa(@$BN8Z2Q#w~&x2WV!28!Ju0|Ns{Ttvi6nijQ}G=@6ejGe;{kG?{Y zQ+y1hc8qBI2>&UfiVoZ(L0x;NgUu}5Sa)W(i9DUR1V>?Wkv=Af$iOxYX+I@x0?x}` zd19!-Az6)}l+`e4tVCp0lUw;91i}OMAg}bnc<2eEa5N&1yy%xw1Ys*E7P z5;i5{M@?hMDMs5_kT}-MFo;mU;f-tu9l~!ixneeHF77XARN|v!mse3?9K|tv zkDA7HLyLD0RB1=JHRgF|Gf|(0I>R$&pNs;sZI6XhfjBQ2ahJWsFd5=LMGuFE;;By( zkDU6$VjXVr5H*HfpvbdPELL}@sEYc^EeRx2RrR!h&sa&N8DTjVDc;EuGK9qI%_MsV zxuM+^6j&Rv^Q^om*#a`@4E$grWzzFA6&mnw6SD%*$P8yKdK*adjLncLVG=~$}6m74N$ zcTDa3#L4NS^N$`s`I#H;n?HGqGt)Q!{=}w{8}2%J{NUju^Ecme>7De@ka#4Nyj`>GVA3t{L_`%bg z?A5;cQ>RbeP`&GsnIng1Z=Zkc=8=)Hi4pxbvDI$d{Apxl^T?QG#P27^CdVg6$46Dt z@|EJ>!O6{|a|g$^Y?<9WJ2Eq|ZOh!|v27#cV>1(@BeQd}2gkN*VxiNVsi& z%jU_sk?GkjvvZJj^VYd(h&R85F`677ncq4#1|3F6N46atot&7S8J(EkHZeLov5gv| zlasS^qjM7nXJ@8I4o=U&2#oT~#606axov!AWOQ(eDNhukw+C z>FSB&CmuO6eX@G!@I!|-o|r#*@c7B2)5m7#tGDU<1P8->tCC;!d9fxJ^(KQAMH_O_ zHMbl;@z_ZqoUZ=Q&sA?@s-3EOk&U+>KK4+RiLf<_uFpm5VY>0jt<%#R$49r!Y@FCO zHo0-@^xX8uiRrOz^V=rIr^h#sM-iu8`X)9_ZrZwObaHHj3{Ew(d6Hk)))yZvQMANW z%HNlN-=|JapSa`rv8m6_&Y#ey6!slDdHm5+b`&~_F8tS(yHr|rE98CgFS?>HzR<;I zBX;hsU;FRB_n(IL@BEkl_^GS^m#=(uqpHk)8A{E_+TQ}d?|d79Bk`d;H}5{HD1hN36i#UJES!h{QkqXB5a8F|LTBT9zQj@zF?|e3iSEfBS#l z75$ily5YYccTAAHFWMVD$aN~Zht#g<&gc%FcX9m$Y5n)Z&j0xTYA146)EUiwwAj3V z%--^O74AOI;tXy(`IiH#ei`}`e56vJ3*W^jRP||a{kPs~?c=R~3|!yq4j&!20?~Im zZvfXEIO&t&`ds-#Z6Fn`%n1GV|0nqBH#CU;DEb(6{ZqE#ch^ple;XeQ*O$yU(Z8u^ zAFQSCidSj9%7=0F>2rOjTv%86PP%?@?GQh)rq9lwG~7?}X0lGXwloHA&4UoHuauM%#sTTtTp9 zwVvUF84^cg^LrOTRk@J2sw#e!VSCJ)hhsQnRW+*aH!@4S)f3j?^*}F+9p+UYTPuXQ z=s?}6M%_GjVfP*HG4al5FyE+qT4A7@@6hpG_i3{JiSs~zGt8X&T)}yyo29vLd6Mc? aEBrlbrhfn17c=ne(@~fNnE&>347>nZR4A?h diff --git a/src/SimpleSocialAuth.Core/bin/Debug/Newtonsoft.Json.xml b/src/SimpleSocialAuth.Core/bin/Debug/Newtonsoft.Json.xml deleted file mode 100644 index 52d6762..0000000 --- a/src/SimpleSocialAuth.Core/bin/Debug/Newtonsoft.Json.xml +++ /dev/null @@ -1,7631 +0,0 @@ - - - - Newtonsoft.Json - - - -

- Represents a reader that provides fast, non-cached, forward-only access to serialized Json data. - - - - - Represents a reader that provides fast, non-cached, forward-only access to serialized Json data. - - - - - Initializes a new instance of the class with the specified . - - - - - Reads the next JSON token from the stream. - - true if the next token was read successfully; false if there are no more tokens to read. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A or a null reference if the next JSON token is null. This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Skips the children of the current token. - - - - - Sets the current token. - - The new token. - - - - Sets the current token and value. - - The new token. - The value. - - - - Sets the state based on current token type. - - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Releases unmanaged and - optionally - managed resources - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Changes the to Closed. - - - - - Gets the current reader state. - - The current reader state. - - - - Gets or sets a value indicating whether the underlying stream or - should be closed when the reader is closed. - - - true to close the underlying stream or when - the reader is closed; otherwise false. The default is true. - - - - - Gets the quotation mark character used to enclose the value of a string. - - - - - Get or set how time zones are handling when reading JSON. - - - - - Get or set how date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed when reading JSON. - - - - - Gets or sets the maximum depth allowed when reading JSON. Reading past this depth will throw a . - - - - - Gets the type of the current JSON token. - - - - - Gets the text value of the current JSON token. - - - - - Gets The Common Language Runtime (CLR) type for the current JSON token. - - - - - Gets the depth of the current token in the JSON document. - - The depth of the current token in the JSON document. - - - - Gets the path of the current JSON token. - - - - - Gets or sets the culture used when reading JSON. Defaults to . - - - - - Specifies the state of the reader. - - - - - The Read method has not been called. - - - - - The end of the file has been reached successfully. - - - - - Reader is at a property. - - - - - Reader is at the start of an object. - - - - - Reader is in an object. - - - - - Reader is at the start of an array. - - - - - Reader is in an array. - - - - - The Close method has been called. - - - - - Reader has just read a value. - - - - - Reader is at the start of a constructor. - - - - - Reader in a constructor. - - - - - An error occurred that prevents the read operation from continuing. - - - - - The end of the file has been reached successfully. - - - - - Initializes a new instance of the class. - - The stream. - - - - Initializes a new instance of the class. - - The reader. - - - - Initializes a new instance of the class. - - The stream. - if set to true the root object will be read as a JSON array. - The used when reading values from BSON. - - - - Initializes a new instance of the class. - - The reader. - if set to true the root object will be read as a JSON array. - The used when reading values from BSON. - - - - Reads the next JSON token from the stream as a . - - - A or a null reference if the next JSON token is null. This method will return null at the end of an array. - - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - - A . This method will return null at the end of an array. - - - - - Reads the next JSON token from the stream. - - - true if the next token was read successfully; false if there are no more tokens to read. - - - - - Changes the to Closed. - - - - - Gets or sets a value indicating whether binary data reading should compatible with incorrect Json.NET 3.5 written binary. - - - true if binary data reading will be compatible with incorrect Json.NET 3.5 written binary; otherwise, false. - - - - - Gets or sets a value indicating whether the root object will be read as a JSON array. - - - true if the root object will be read as a JSON array; otherwise, false. - - - - - Gets or sets the used when reading values from BSON. - - The used when reading values from BSON. - - - - Represents a writer that provides a fast, non-cached, forward-only way of generating Json data. - - - - - Represents a writer that provides a fast, non-cached, forward-only way of generating Json data. - - - - - Creates an instance of the JsonWriter class. - - - - - Flushes whatever is in the buffer to the underlying streams and also flushes the underlying stream. - - - - - Closes this stream and the underlying stream. - - - - - Writes the beginning of a Json object. - - - - - Writes the end of a Json object. - - - - - Writes the beginning of a Json array. - - - - - Writes the end of an array. - - - - - Writes the start of a constructor with the given name. - - The name of the constructor. - - - - Writes the end constructor. - - - - - Writes the property name of a name/value pair on a Json object. - - The name of the property. - - - - Writes the end of the current Json object or array. - - - - - Writes the current token. - - The to read the token from. - - - - Writes the specified end token. - - The end token to write. - - - - Writes indent characters. - - - - - Writes the JSON value delimiter. - - - - - Writes an indent space. - - - - - Writes a null value. - - - - - Writes an undefined value. - - - - - Writes raw JSON without changing the writer's state. - - The raw JSON to write. - - - - Writes raw JSON where a value is expected and updates the writer's state. - - The raw JSON to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - An error will raised if the value cannot be written as a single JSON token. - - The value to write. - - - - Writes out a comment /*...*/ containing the specified text. - - Text to place inside the comment. - - - - Writes out the given white space. - - The string of white space characters. - - - - Gets or sets a value indicating whether the underlying stream or - should be closed when the writer is closed. - - - true to close the underlying stream or when - the writer is closed; otherwise false. The default is true. - - - - - Gets the top. - - The top. - - - - Gets the state of the writer. - - - - - Gets the path of the writer. - - - - - Indicates how JSON text output is formatted. - - - - - Get or set how dates are written to JSON text. - - - - - Get or set how time zones are handling when writing JSON. - - - - - Initializes a new instance of the class. - - The stream. - - - - Initializes a new instance of the class. - - The writer. - - - - Flushes whatever is in the buffer to the underlying streams and also flushes the underlying stream. - - - - - Writes the end. - - The token. - - - - Writes out a comment /*...*/ containing the specified text. - - Text to place inside the comment. - - - - Writes the start of a constructor with the given name. - - The name of the constructor. - - - - Writes raw JSON. - - The raw JSON to write. - - - - Writes raw JSON where a value is expected and updates the writer's state. - - The raw JSON to write. - - - - Writes the beginning of a Json array. - - - - - Writes the beginning of a Json object. - - - - - Writes the property name of a name/value pair on a Json object. - - The name of the property. - - - - Closes this stream and the underlying stream. - - - - - Writes a null value. - - - - - Writes an undefined value. - - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value that represents a BSON object id. - - The Object ID value to write. - - - - Writes a BSON regex. - - The regex pattern. - The regex options. - - - - Gets or sets the used when writing values to BSON. - When set to no conversion will occur. - - The used when writing values to BSON. - - - - Represents a BSON Oid (object id). - - - - - Initializes a new instance of the class. - - The Oid value. - - - - Gets or sets the value of the Oid. - - The value of the Oid. - - - - Converts a binary value to and from a base 64 string value. - - - - - Converts an object to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Gets the of the JSON produced by the JsonConverter. - - The of the JSON produced by the JsonConverter. - - - - Gets a value indicating whether this can read JSON. - - true if this can read JSON; otherwise, false. - - - - Gets a value indicating whether this can write JSON. - - true if this can write JSON; otherwise, false. - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Converts a to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified value type. - - Type of the value. - - true if this instance can convert the specified value type; otherwise, false. - - - - - Converts a to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified value type. - - Type of the value. - - true if this instance can convert the specified value type; otherwise, false. - - - - - Create a custom object - - The object type to convert. - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Creates an object which will then be populated by the serializer. - - Type of the object. - The created object. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Gets a value indicating whether this can write JSON. - - - true if this can write JSON; otherwise, false. - - - - - Provides a base class for converting a to and from JSON. - - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Converts an Entity Framework EntityKey to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Converts an ExpandoObject to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Gets a value indicating whether this can write JSON. - - - true if this can write JSON; otherwise, false. - - - - - Converts a to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Converts a to and from JSON and BSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Converts a to and from JSON and BSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Converts an to and from its name string value. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - A cached representation of the Enum string representation to respect per Enum field name. - - The type of the Enum. - A map of enum field name to either the field name, or the configured enum member name (). - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Gets or sets a value indicating whether the written enum text should be camel case. - - true if the written enum text will be camel case; otherwise, false. - - - - Specifies how constructors are used when initializing objects during deserialization by the . - - - - - First attempt to use the public default constructor, then fall back to single paramatized constructor, then the non-public default constructor. - - - - - Json.NET will use a non-public default constructor before falling back to a paramatized constructor. - - - - - Converts a to and from a string (e.g. "1.2.3.4"). - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing property value of the JSON that is being converted. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Instructs the how to serialize the collection. - - - - - Instructs the how to serialize the object. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class with the specified container Id. - - The container Id. - - - - Gets or sets the id. - - The id. - - - - Gets or sets the title. - - The title. - - - - Gets or sets the description. - - The description. - - - - Gets the collection's items converter. - - The collection's items converter. - - - - Gets or sets a value that indicates whether to preserve object references. - - - true to keep object reference; otherwise, false. The default is false. - - - - - Gets or sets a value that indicates whether to preserve collection's items references. - - - true to keep collection's items object references; otherwise, false. The default is false. - - - - - Gets or sets the reference loop handling used when serializing the collection's items. - - The reference loop handling. - - - - Gets or sets the type name handling used when serializing the collection's items. - - The type name handling. - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class with the specified container Id. - - The container Id. - - - - The exception thrown when an error occurs during Json serialization or deserialization. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - with a specified error message. - - The error message that explains the reason for the exception. - - - - Initializes a new instance of the class - with a specified error message and a reference to the inner exception that is the cause of this exception. - - The error message that explains the reason for the exception. - The exception that is the cause of the current exception, or a null reference (Nothing in Visual Basic) if no inner exception is specified. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - The parameter is null. - The class name is null or is zero (0). - - - - Specifies how dates are formatted when writing JSON text. - - - - - Dates are written in the ISO 8601 format, e.g. "2012-03-21T05:40Z". - - - - - Dates are written in the Microsoft JSON format, e.g. "\/Date(1198908717056)\/". - - - - - Specifies how date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed when reading JSON text. - - - - - Date formatted strings are not parsed to a date type and are read as strings. - - - - - Date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed to . - - - - - Date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed to . - - - - - Specifies how to treat the time value when converting between string and . - - - - - Treat as local time. If the object represents a Coordinated Universal Time (UTC), it is converted to the local time. - - - - - Treat as a UTC. If the object represents a local time, it is converted to a UTC. - - - - - Treat as a local time if a is being converted to a string. - If a string is being converted to , convert to a local time if a time zone is specified. - - - - - Time zone information should be preserved when converting. - - - - - Specifies formatting options for the . - - - - - No special formatting is applied. This is the default. - - - - - Causes child objects to be indented according to the and settings. - - - - - Instructs the to use the specified constructor when deserializing that object. - - - - - Contract details for a used by the . - - - - - Contract details for a used by the . - - - - - Gets the underlying type for the contract. - - The underlying type for the contract. - - - - Gets or sets the type created during deserialization. - - The type created during deserialization. - - - - Gets or sets whether this type contract is serialized as a reference. - - Whether this type contract is serialized as a reference. - - - - Gets or sets the default for this contract. - - The converter. - - - - Gets or sets the method called immediately after deserialization of the object. - - The method called immediately after deserialization of the object. - - - - Gets or sets the method called during deserialization of the object. - - The method called during deserialization of the object. - - - - Gets or sets the method called after serialization of the object graph. - - The method called after serialization of the object graph. - - - - Gets or sets the method called before serialization of the object. - - The method called before serialization of the object. - - - - Gets or sets the default creator method used to create the object. - - The default creator method used to create the object. - - - - Gets or sets a value indicating whether the default creator is non public. - - true if the default object creator is non-public; otherwise, false. - - - - Gets or sets the method called when an error is thrown during the serialization of the object. - - The method called when an error is thrown during the serialization of the object. - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Gets or sets the default collection items . - - The converter. - - - - Gets or sets a value indicating whether the collection items preserve object references. - - true if collection items preserve object references; otherwise, false. - - - - Gets or sets the collection item reference loop handling. - - The reference loop handling. - - - - Gets or sets the collection item type name handling. - - The type name handling. - - - - Represents a raw JSON string. - - - - - Represents a value in JSON (string, integer, date, etc). - - - - - Represents an abstract JSON token. - - - - - Represents a collection of objects. - - The type of token - - - - Gets the with the specified key. - - - - - - Provides an interface to enable a class to return line and position information. - - - - - Gets a value indicating whether the class can return line information. - - - true if LineNumber and LinePosition can be provided; otherwise, false. - - - - - Gets the current line number. - - The current line number or 0 if no line information is available (for example, HasLineInfo returns false). - - - - Gets the current line position. - - The current line position or 0 if no line information is available (for example, HasLineInfo returns false). - - - - Compares the values of two tokens, including the values of all descendant tokens. - - The first to compare. - The second to compare. - true if the tokens are equal; otherwise false. - - - - Adds the specified content immediately after this token. - - A content object that contains simple content or a collection of content objects to be added after this token. - - - - Adds the specified content immediately before this token. - - A content object that contains simple content or a collection of content objects to be added before this token. - - - - Returns a collection of the ancestor tokens of this token. - - A collection of the ancestor tokens of this token. - - - - Returns a collection of the sibling tokens after this token, in document order. - - A collection of the sibling tokens after this tokens, in document order. - - - - Returns a collection of the sibling tokens before this token, in document order. - - A collection of the sibling tokens before this token, in document order. - - - - Gets the with the specified key converted to the specified type. - - The type to convert the token to. - The token key. - The converted token value. - - - - Returns a collection of the child tokens of this token, in document order. - - An of containing the child tokens of this , in document order. - - - - Returns a collection of the child tokens of this token, in document order, filtered by the specified type. - - The type to filter the child tokens on. - A containing the child tokens of this , in document order. - - - - Returns a collection of the child values of this token, in document order. - - The type to convert the values to. - A containing the child values of this , in document order. - - - - Removes this token from its parent. - - - - - Replaces this token with the specified token. - - The value. - - - - Writes this token to a . - - A into which this method will write. - A collection of which will be used when writing the token. - - - - Returns the indented JSON for this token. - - - The indented JSON for this token. - - - - - Returns the JSON for this token using the given formatting and converters. - - Indicates how the output is formatted. - A collection of which will be used when writing the token. - The JSON for this token using the given formatting and converters. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Creates an for this token. - - An that can be used to read this token and its descendants. - - - - Creates a from an object. - - The object that will be used to create . - A with the value of the specified object - - - - Creates a from an object using the specified . - - The object that will be used to create . - The that will be used when reading the object. - A with the value of the specified object - - - - Creates the specified .NET type from the . - - The object type that the token will be deserialized to. - The new object created from the JSON value. - - - - Creates the specified .NET type from the using the specified . - - The object type that the token will be deserialized to. - The that will be used when creating the object. - The new object created from the JSON value. - - - - Creates a from a . - - An positioned at the token to read into this . - - An that contains the token and its descendant tokens - that were read from the reader. The runtime type of the token is determined - by the token type of the first token encountered in the reader. - - - - - Load a from a string that contains JSON. - - A that contains JSON. - A populated from the string that contains JSON. - - - - Creates a from a . - - An positioned at the token to read into this . - - An that contains the token and its descendant tokens - that were read from the reader. The runtime type of the token is determined - by the token type of the first token encountered in the reader. - - - - - Selects the token that matches the object path. - - - The object path from the current to the - to be returned. This must be a string of property names or array indexes separated - by periods, such as Tables[0].DefaultView[0].Price in C# or - Tables(0).DefaultView(0).Price in Visual Basic. - - The that matches the object path or a null reference if no matching token is found. - - - - Selects the token that matches the object path. - - - The object path from the current to the - to be returned. This must be a string of property names or array indexes separated - by periods, such as Tables[0].DefaultView[0].Price in C# or - Tables(0).DefaultView(0).Price in Visual Basic. - - A flag to indicate whether an error should be thrown if no token is found. - The that matches the object path. - - - - Returns the responsible for binding operations performed on this object. - - The expression tree representation of the runtime value. - - The to bind this object. - - - - - Returns the responsible for binding operations performed on this object. - - The expression tree representation of the runtime value. - - The to bind this object. - - - - - Creates a new instance of the . All child tokens are recursively cloned. - - A new instance of the . - - - - Gets a comparer that can compare two tokens for value equality. - - A that can compare two nodes for value equality. - - - - Gets or sets the parent. - - The parent. - - - - Gets the root of this . - - The root of this . - - - - Gets the node type for this . - - The type. - - - - Gets a value indicating whether this token has childen tokens. - - - true if this token has child values; otherwise, false. - - - - - Gets the next sibling token of this node. - - The that contains the next sibling token. - - - - Gets the previous sibling token of this node. - - The that contains the previous sibling token. - - - - Gets the with the specified key. - - The with the specified key. - - - - Get the first child token of this token. - - A containing the first child token of the . - - - - Get the last child token of this token. - - A containing the last child token of the . - - - - Initializes a new instance of the class from another object. - - A object to copy from. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Creates a comment with the given value. - - The value. - A comment with the given value. - - - - Creates a string with the given value. - - The value. - A string with the given value. - - - - Writes this token to a . - - A into which this method will write. - A collection of which will be used when writing the token. - - - - Indicates whether the current object is equal to another object of the same type. - - - true if the current object is equal to the parameter; otherwise, false. - - An object to compare with this object. - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Returns a that represents this instance. - - - A that represents this instance. - - - - - Returns a that represents this instance. - - The format. - - A that represents this instance. - - - - - Returns a that represents this instance. - - The format provider. - - A that represents this instance. - - - - - Returns a that represents this instance. - - The format. - The format provider. - - A that represents this instance. - - - - - Returns the responsible for binding operations performed on this object. - - The expression tree representation of the runtime value. - - The to bind this object. - - - - - Compares the current instance with another object of the same type and returns an integer that indicates whether the current instance precedes, follows, or occurs in the same position in the sort order as the other object. - - An object to compare with this instance. - - A 32-bit signed integer that indicates the relative order of the objects being compared. The return value has these meanings: - Value - Meaning - Less than zero - This instance is less than . - Zero - This instance is equal to . - Greater than zero - This instance is greater than . - - - is not the same type as this instance. - - - - - Gets a value indicating whether this token has childen tokens. - - - true if this token has child values; otherwise, false. - - - - - Gets the node type for this . - - The type. - - - - Gets or sets the underlying token value. - - The underlying token value. - - - - Initializes a new instance of the class from another object. - - A object to copy from. - - - - Initializes a new instance of the class. - - The raw json. - - - - Creates an instance of with the content of the reader's current token. - - The reader. - An instance of with the content of the reader's current token. - - - - Indicating whether a property is required. - - - - - The property is not required. The default state. - - - - - The property must be defined in JSON but can be a null value. - - - - - The property must be defined in JSON and cannot be a null value. - - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Gets the object's properties. - - The object's properties. - - - - Gets or sets the property name resolver. - - The property name resolver. - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Gets or sets the ISerializable object constructor. - - The ISerializable object constructor. - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Get and set values for a using dynamic methods. - - - - - Provides methods to get and set values. - - - - - Sets the value. - - The target to set the value on. - The value to set on the target. - - - - Gets the value. - - The target to get the value from. - The value. - - - - Initializes a new instance of the class. - - The member info. - - - - Sets the value. - - The target to set the value on. - The value to set on the target. - - - - Gets the value. - - The target to get the value from. - The value. - - - - Provides data for the Error event. - - - - - Initializes a new instance of the class. - - The current object. - The error context. - - - - Gets the current object the error event is being raised against. - - The current object the error event is being raised against. - - - - Gets the error context. - - The error context. - - - - Represents a view of a . - - - - - Initializes a new instance of the class. - - The name. - Type of the property. - - - - When overridden in a derived class, returns whether resetting an object changes its value. - - - true if resetting the component changes its value; otherwise, false. - - The component to test for reset capability. - - - - - When overridden in a derived class, gets the current value of the property on a component. - - - The value of a property for a given component. - - The component with the property for which to retrieve the value. - - - - - When overridden in a derived class, resets the value for this property of the component to the default value. - - The component with the property value that is to be reset to the default value. - - - - - When overridden in a derived class, sets the value of the component to a different value. - - The component with the property value that is to be set. - The new value. - - - - - When overridden in a derived class, determines a value indicating whether the value of this property needs to be persisted. - - - true if the property should be persisted; otherwise, false. - - The component with the property to be examined for persistence. - - - - - When overridden in a derived class, gets the type of the component this property is bound to. - - - A that represents the type of component this property is bound to. When the or methods are invoked, the object specified might be an instance of this type. - - - - - When overridden in a derived class, gets a value indicating whether this property is read-only. - - - true if the property is read-only; otherwise, false. - - - - - When overridden in a derived class, gets the type of the property. - - - A that represents the type of the property. - - - - - Gets the hash code for the name of the member. - - - - The hash code for the name of the member. - - - - - Used to resolve references when serializing and deserializing JSON by the . - - - - - Resolves a reference to its object. - - The serialization context. - The reference to resolve. - The object that - - - - Gets the reference for the sepecified object. - - The serialization context. - The object to get a reference for. - The reference to the object. - - - - Determines whether the specified object is referenced. - - The serialization context. - The object to test for a reference. - - true if the specified object is referenced; otherwise, false. - - - - - Adds a reference to the specified object. - - The serialization context. - The reference. - The object to reference. - - - - Specifies reference handling options for the . - - - - - - - - Do not preserve references when serializing types. - - - - - Preserve references when serializing into a JSON object structure. - - - - - Preserve references when serializing into a JSON array structure. - - - - - Preserve references when serializing. - - - - - Instructs the how to serialize the collection. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class with a flag indicating whether the array can contain null items - - A flag indicating whether the array can contain null items. - - - - Initializes a new instance of the class with the specified container Id. - - The container Id. - - - - Gets or sets a value indicating whether null items are allowed in the collection. - - true if null items are allowed in the collection; otherwise, false. - - - - Specifies default value handling options for the . - - - - - - - - - Include members where the member value is the same as the member's default value when serializing objects. - Included members are written to JSON. Has no effect when deserializing. - - - - - Ignore members where the member value is the same as the member's default value when serializing objects - so that is is not written to JSON, and ignores setting members when the JSON value equals the member's default value. - - - - - Members with a default value but no JSON will be set to their default value when deserializing. - - - - - Ignore members where the member value is the same as the member's default value when serializing objects - and sets members to their default value when deserializing. - - - - - Instructs the to use the specified when serializing the member or class. - - - - - Initializes a new instance of the class. - - Type of the converter. - - - - Gets the type of the converter. - - The type of the converter. - - - - Instructs the how to serialize the object. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class with the specified member serialization. - - The member serialization. - - - - Initializes a new instance of the class with the specified container Id. - - The container Id. - - - - Gets or sets the member serialization. - - The member serialization. - - - - Gets or sets a value that indicates whether the object's properties are required. - - - A value indicating whether the object's properties are required. - - - - - Specifies the settings on a object. - - - - - Initializes a new instance of the class. - - - - - Gets or sets how reference loops (e.g. a class referencing itself) is handled. - - Reference loop handling. - - - - Gets or sets how missing members (e.g. JSON contains a property that isn't a member on the object) are handled during deserialization. - - Missing member handling. - - - - Gets or sets how objects are created during deserialization. - - The object creation handling. - - - - Gets or sets how null values are handled during serialization and deserialization. - - Null value handling. - - - - Gets or sets how null default are handled during serialization and deserialization. - - The default value handling. - - - - Gets or sets a collection that will be used during serialization. - - The converters. - - - - Gets or sets how object references are preserved by the serializer. - - The preserve references handling. - - - - Gets or sets how type name writing and reading is handled by the serializer. - - The type name handling. - - - - Gets or sets how a type name assembly is written and resolved by the serializer. - - The type name assembly format. - - - - Gets or sets how constructors are used during deserialization. - - The constructor handling. - - - - Gets or sets the contract resolver used by the serializer when - serializing .NET objects to JSON and vice versa. - - The contract resolver. - - - - Gets or sets the used by the serializer when resolving references. - - The reference resolver. - - - - Gets or sets the used by the serializer when resolving type names. - - The binder. - - - - Gets or sets the error handler called during serialization and deserialization. - - The error handler called during serialization and deserialization. - - - - Gets or sets the used by the serializer when invoking serialization callback methods. - - The context. - - - - Gets or sets the maximum depth allowed when reading JSON. Reading past this depth will throw a . - - - - - Indicates how JSON text output is formatted. - - - - - Get or set how dates are written to JSON text. - - - - - Get or set how time zones are handling during serialization and deserialization. - - - - - Get or set how date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed when reading JSON. - - - - - Gets or sets the culture used when reading JSON. Defaults to . - - - - - Gets a value indicating whether there will be a check for additional content after deserializing an object. - - - true if there will be a check for additional content after deserializing an object; otherwise, false. - - - - - Represents a reader that provides validation. - - - - - Initializes a new instance of the class that - validates the content returned from the given . - - The to read from while validating. - - - - Reads the next JSON token from the stream as a . - - A . - - - - Reads the next JSON token from the stream as a . - - - A or a null reference if the next JSON token is null. - - - - - Reads the next JSON token from the stream as a . - - A . - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . - - - - Reads the next JSON token from the stream. - - - true if the next token was read successfully; false if there are no more tokens to read. - - - - - Sets an event handler for receiving schema validation errors. - - - - - Gets the text value of the current Json token. - - - - - - Gets the depth of the current token in the JSON document. - - The depth of the current token in the JSON document. - - - - Gets the path of the current JSON token. - - - - - Gets the quotation mark character used to enclose the value of a string. - - - - - - Gets the type of the current Json token. - - - - - - Gets the Common Language Runtime (CLR) type for the current Json token. - - - - - - Gets or sets the schema. - - The schema. - - - - Gets the used to construct this . - - The specified in the constructor. - - - - Compares tokens to determine whether they are equal. - - - - - Determines whether the specified objects are equal. - - The first object of type to compare. - The second object of type to compare. - - true if the specified objects are equal; otherwise, false. - - - - - Returns a hash code for the specified object. - - The for which a hash code is to be returned. - A hash code for the specified object. - The type of is a reference type and is null. - - - - Specifies the member serialization options for the . - - - - - All public members are serialized by default. Members can be excluded using or . - This is the default member serialization mode. - - - - - Only members must be marked with or are serialized. - This member serialization mode can also be set by marking the class with . - - - - - All public and private fields are serialized. Members can be excluded using or . - This member serialization mode can also be set by marking the class with - and setting IgnoreSerializableAttribute on to false. - - - - - Specifies how object creation is handled by the . - - - - - Reuse existing objects, create new objects when needed. - - - - - Only reuse existing objects. - - - - - Always create new objects. - - - - - Converts a to and from the ISO 8601 date format (e.g. 2008-04-12T12:53Z). - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Gets or sets the date time styles used when converting a date to and from JSON. - - The date time styles used when converting a date to and from JSON. - - - - Gets or sets the date time format used when converting a date to and from JSON. - - The date time format used when converting a date to and from JSON. - - - - Gets or sets the culture used when converting a date to and from JSON. - - The culture used when converting a date to and from JSON. - - - - Converts a to and from a JavaScript date constructor (e.g. new Date(52231943)). - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing property value of the JSON that is being converted. - The calling serializer. - The object value. - - - - Converts XML to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The calling serializer. - The value. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Checks if the attributeName is a namespace attribute. - - Attribute name to test. - The attribute name prefix if it has one, otherwise an empty string. - True if attribute name is for a namespace attribute, otherwise false. - - - - Determines whether this instance can convert the specified value type. - - Type of the value. - - true if this instance can convert the specified value type; otherwise, false. - - - - - Gets or sets the name of the root element to insert when deserializing to XML if the JSON structure has produces multiple root elements. - - The name of the deserialize root element. - - - - Gets or sets a flag to indicate whether to write the Json.NET array attribute. - This attribute helps preserve arrays when converting the written XML back to JSON. - - true if the array attibute is written to the XML; otherwise, false. - - - - Gets or sets a value indicating whether to write the root JSON object. - - true if the JSON root object is omitted; otherwise, false. - - - - Represents a reader that provides fast, non-cached, forward-only access to JSON text data. - - - - - Initializes a new instance of the class with the specified . - - The TextReader containing the XML data to read. - - - - Reads the next JSON token from the stream. - - - true if the next token was read successfully; false if there are no more tokens to read. - - - - - Reads the next JSON token from the stream as a . - - - A or a null reference if the next JSON token is null. This method will return null at the end of an array. - - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Changes the state to closed. - - - - - Gets a value indicating whether the class can return line information. - - - true if LineNumber and LinePosition can be provided; otherwise, false. - - - - - Gets the current line number. - - - The current line number or 0 if no line information is available (for example, HasLineInfo returns false). - - - - - Gets the current line position. - - - The current line position or 0 if no line information is available (for example, HasLineInfo returns false). - - - - - Instructs the to always serialize the member with the specified name. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class with the specified name. - - Name of the property. - - - - Gets or sets the converter used when serializing the property's collection items. - - The collection's items converter. - - - - Gets or sets the null value handling used when serializing this property. - - The null value handling. - - - - Gets or sets the default value handling used when serializing this property. - - The default value handling. - - - - Gets or sets the reference loop handling used when serializing this property. - - The reference loop handling. - - - - Gets or sets the object creation handling used when deserializing this property. - - The object creation handling. - - - - Gets or sets the type name handling used when serializing this property. - - The type name handling. - - - - Gets or sets whether this property's value is serialized as a reference. - - Whether this property's value is serialized as a reference. - - - - Gets or sets the order of serialization and deserialization of a member. - - The numeric order of serialization or deserialization. - - - - Gets or sets a value indicating whether this property is required. - - - A value indicating whether this property is required. - - - - - Gets or sets the name of the property. - - The name of the property. - - - - Gets or sets the the reference loop handling used when serializing the property's collection items. - - The collection's items reference loop handling. - - - - Gets or sets the the type name handling used when serializing the property's collection items. - - The collection's items type name handling. - - - - Gets or sets whether this property's collection items are serialized as a reference. - - Whether this property's collection items are serialized as a reference. - - - - Instructs the not to serialize the public field or public read/write property value. - - - - - Represents a writer that provides a fast, non-cached, forward-only way of generating Json data. - - - - - Creates an instance of the JsonWriter class using the specified . - - The TextWriter to write to. - - - - Flushes whatever is in the buffer to the underlying streams and also flushes the underlying stream. - - - - - Closes this stream and the underlying stream. - - - - - Writes the beginning of a Json object. - - - - - Writes the beginning of a Json array. - - - - - Writes the start of a constructor with the given name. - - The name of the constructor. - - - - Writes the specified end token. - - The end token to write. - - - - Writes the property name of a name/value pair on a Json object. - - The name of the property. - - - - Writes indent characters. - - - - - Writes the JSON value delimiter. - - - - - Writes an indent space. - - - - - Writes a null value. - - - - - Writes an undefined value. - - - - - Writes raw JSON. - - The raw JSON to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes out a comment /*...*/ containing the specified text. - - Text to place inside the comment. - - - - Writes out the given white space. - - The string of white space characters. - - - - Gets or sets how many IndentChars to write for each level in the hierarchy when is set to Formatting.Indented. - - - - - Gets or sets which character to use to quote attribute values. - - - - - Gets or sets which character to use for indenting when is set to Formatting.Indented. - - - - - Gets or sets a value indicating whether object names will be surrounded with quotes. - - - - - The exception thrown when an error occurs while reading Json text. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - with a specified error message. - - The error message that explains the reason for the exception. - - - - Initializes a new instance of the class - with a specified error message and a reference to the inner exception that is the cause of this exception. - - The error message that explains the reason for the exception. - The exception that is the cause of the current exception, or a null reference (Nothing in Visual Basic) if no inner exception is specified. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - The parameter is null. - The class name is null or is zero (0). - - - - Gets the path to the JSON where the error occurred. - - The path to the JSON where the error occurred. - - - - The exception thrown when an error occurs while reading Json text. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - with a specified error message. - - The error message that explains the reason for the exception. - - - - Initializes a new instance of the class - with a specified error message and a reference to the inner exception that is the cause of this exception. - - The error message that explains the reason for the exception. - The exception that is the cause of the current exception, or a null reference (Nothing in Visual Basic) if no inner exception is specified. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - The parameter is null. - The class name is null or is zero (0). - - - - Gets the line number indicating where the error occurred. - - The line number indicating where the error occurred. - - - - Gets the line position indicating where the error occurred. - - The line position indicating where the error occurred. - - - - Gets the path to the JSON where the error occurred. - - The path to the JSON where the error occurred. - - - - Represents a collection of . - - - - - Provides methods for converting between common language runtime types and JSON types. - - - - - - - - Represents JavaScript's boolean value true as a string. This field is read-only. - - - - - Represents JavaScript's boolean value false as a string. This field is read-only. - - - - - Represents JavaScript's null as a string. This field is read-only. - - - - - Represents JavaScript's undefined as a string. This field is read-only. - - - - - Represents JavaScript's positive infinity as a string. This field is read-only. - - - - - Represents JavaScript's negative infinity as a string. This field is read-only. - - - - - Represents JavaScript's NaN as a string. This field is read-only. - - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation using the specified. - - The value to convert. - The format the date will be converted to. - The time zone handling when the date is converted to a string. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation using the specified. - - The value to convert. - The format the date will be converted to. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - The string delimiter character. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Serializes the specified object to a JSON string. - - The object to serialize. - A JSON string representation of the object. - - - - Serializes the specified object to a JSON string. - - The object to serialize. - Indicates how the output is formatted. - - A JSON string representation of the object. - - - - - Serializes the specified object to a JSON string using a collection of . - - The object to serialize. - A collection converters used while serializing. - A JSON string representation of the object. - - - - Serializes the specified object to a JSON string using a collection of . - - The object to serialize. - Indicates how the output is formatted. - A collection converters used while serializing. - A JSON string representation of the object. - - - - Serializes the specified object to a JSON string using a collection of . - - The object to serialize. - The used to serialize the object. - If this is null, default serialization settings will be is used. - - A JSON string representation of the object. - - - - - Serializes the specified object to a JSON string using a collection of . - - The object to serialize. - Indicates how the output is formatted. - The used to serialize the object. - If this is null, default serialization settings will be is used. - - A JSON string representation of the object. - - - - - Asynchronously serializes the specified object to a JSON string using a collection of . - - The object to serialize. - - A task that represents the asynchronous serialize operation. The value of the TResult parameter contains a JSON string representation of the object. - - - - - Asynchronously serializes the specified object to a JSON string using a collection of . - - The object to serialize. - Indicates how the output is formatted. - - A task that represents the asynchronous serialize operation. The value of the TResult parameter contains a JSON string representation of the object. - - - - - Asynchronously serializes the specified object to a JSON string using a collection of . - - The object to serialize. - Indicates how the output is formatted. - The used to serialize the object. - If this is null, default serialization settings will be is used. - - A task that represents the asynchronous serialize operation. The value of the TResult parameter contains a JSON string representation of the object. - - - - - Deserializes the JSON to a .NET object. - - The JSON to deserialize. - The deserialized object from the Json string. - - - - Deserializes the JSON to a .NET object. - - The JSON to deserialize. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - The deserialized object from the JSON string. - - - - Deserializes the JSON to the specified .NET type. - - The JSON to deserialize. - The of object being deserialized. - The deserialized object from the Json string. - - - - Deserializes the JSON to the specified .NET type. - - The type of the object to deserialize to. - The JSON to deserialize. - The deserialized object from the Json string. - - - - Deserializes the JSON to the given anonymous type. - - - The anonymous type to deserialize to. This can't be specified - traditionally and must be infered from the anonymous type passed - as a parameter. - - The JSON to deserialize. - The anonymous type object. - The deserialized anonymous type from the JSON string. - - - - Deserializes the JSON to the specified .NET type. - - The type of the object to deserialize to. - The JSON to deserialize. - Converters to use while deserializing. - The deserialized object from the JSON string. - - - - Deserializes the JSON to the specified .NET type. - - The type of the object to deserialize to. - The object to deserialize. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - The deserialized object from the JSON string. - - - - Deserializes the JSON to the specified .NET type. - - The JSON to deserialize. - The type of the object to deserialize. - Converters to use while deserializing. - The deserialized object from the JSON string. - - - - Deserializes the JSON to the specified .NET type. - - The JSON to deserialize. - The type of the object to deserialize to. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - The deserialized object from the JSON string. - - - - Asynchronously deserializes the JSON to the specified .NET type. - - The type of the object to deserialize to. - The JSON to deserialize. - - A task that represents the asynchronous deserialize operation. The value of the TResult parameter contains the deserialized object from the JSON string. - - - - - Asynchronously deserializes the JSON to the specified .NET type. - - The type of the object to deserialize to. - The JSON to deserialize. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - - A task that represents the asynchronous deserialize operation. The value of the TResult parameter contains the deserialized object from the JSON string. - - - - - Asynchronously deserializes the JSON to the specified .NET type. - - The JSON to deserialize. - - A task that represents the asynchronous deserialize operation. The value of the TResult parameter contains the deserialized object from the JSON string. - - - - - Asynchronously deserializes the JSON to the specified .NET type. - - The JSON to deserialize. - The type of the object to deserialize to. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - - A task that represents the asynchronous deserialize operation. The value of the TResult parameter contains the deserialized object from the JSON string. - - - - - Populates the object with values from the JSON string. - - The JSON to populate values from. - The target object to populate values onto. - - - - Populates the object with values from the JSON string. - - The JSON to populate values from. - The target object to populate values onto. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - - - - Asynchronously populates the object with values from the JSON string. - - The JSON to populate values from. - The target object to populate values onto. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - - A task that represents the asynchronous populate operation. - - - - - Serializes the XML node to a JSON string. - - The node to serialize. - A JSON string of the XmlNode. - - - - Serializes the XML node to a JSON string. - - The node to serialize. - Indicates how the output is formatted. - A JSON string of the XmlNode. - - - - Serializes the XML node to a JSON string. - - The node to serialize. - Indicates how the output is formatted. - Omits writing the root object. - A JSON string of the XmlNode. - - - - Deserializes the XmlNode from a JSON string. - - The JSON string. - The deserialized XmlNode - - - - Deserializes the XmlNode from a JSON string nested in a root elment. - - The JSON string. - The name of the root element to append when deserializing. - The deserialized XmlNode - - - - Deserializes the XmlNode from a JSON string nested in a root elment. - - The JSON string. - The name of the root element to append when deserializing. - - A flag to indicate whether to write the Json.NET array attribute. - This attribute helps preserve arrays when converting the written XML back to JSON. - - The deserialized XmlNode - - - - Serializes the to a JSON string. - - The node to convert to JSON. - A JSON string of the XNode. - - - - Serializes the to a JSON string. - - The node to convert to JSON. - Indicates how the output is formatted. - A JSON string of the XNode. - - - - Serializes the to a JSON string. - - The node to serialize. - Indicates how the output is formatted. - Omits writing the root object. - A JSON string of the XNode. - - - - Deserializes the from a JSON string. - - The JSON string. - The deserialized XNode - - - - Deserializes the from a JSON string nested in a root elment. - - The JSON string. - The name of the root element to append when deserializing. - The deserialized XNode - - - - Deserializes the from a JSON string nested in a root elment. - - The JSON string. - The name of the root element to append when deserializing. - - A flag to indicate whether to write the Json.NET array attribute. - This attribute helps preserve arrays when converting the written XML back to JSON. - - The deserialized XNode - - - - The exception thrown when an error occurs during Json serialization or deserialization. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - with a specified error message. - - The error message that explains the reason for the exception. - - - - Initializes a new instance of the class - with a specified error message and a reference to the inner exception that is the cause of this exception. - - The error message that explains the reason for the exception. - The exception that is the cause of the current exception, or a null reference (Nothing in Visual Basic) if no inner exception is specified. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - The parameter is null. - The class name is null or is zero (0). - - - - Serializes and deserializes objects into and from the JSON format. - The enables you to control how objects are encoded into JSON. - - - - - Initializes a new instance of the class. - - - - - Creates a new instance using the specified . - - The settings to be applied to the . - A new instance using the specified . - - - - Populates the JSON values onto the target object. - - The that contains the JSON structure to reader values from. - The target object to populate values onto. - - - - Populates the JSON values onto the target object. - - The that contains the JSON structure to reader values from. - The target object to populate values onto. - - - - Deserializes the Json structure contained by the specified . - - The that contains the JSON structure to deserialize. - The being deserialized. - - - - Deserializes the Json structure contained by the specified - into an instance of the specified type. - - The containing the object. - The of object being deserialized. - The instance of being deserialized. - - - - Deserializes the Json structure contained by the specified - into an instance of the specified type. - - The containing the object. - The type of the object to deserialize. - The instance of being deserialized. - - - - Deserializes the Json structure contained by the specified - into an instance of the specified type. - - The containing the object. - The of object being deserialized. - The instance of being deserialized. - - - - Serializes the specified and writes the Json structure - to a Stream using the specified . - - The used to write the Json structure. - The to serialize. - - - - Serializes the specified and writes the Json structure - to a Stream using the specified . - - The used to write the Json structure. - The to serialize. - - - - Occurs when the errors during serialization and deserialization. - - - - - Gets or sets the used by the serializer when resolving references. - - - - - Gets or sets the used by the serializer when resolving type names. - - - - - Gets or sets how type name writing and reading is handled by the serializer. - - - - - Gets or sets how a type name assembly is written and resolved by the serializer. - - The type name assembly format. - - - - Gets or sets how object references are preserved by the serializer. - - - - - Get or set how reference loops (e.g. a class referencing itself) is handled. - - - - - Get or set how missing members (e.g. JSON contains a property that isn't a member on the object) are handled during deserialization. - - - - - Get or set how null values are handled during serialization and deserialization. - - - - - Get or set how null default are handled during serialization and deserialization. - - - - - Gets or sets how objects are created during deserialization. - - The object creation handling. - - - - Gets or sets how constructors are used during deserialization. - - The constructor handling. - - - - Gets a collection that will be used during serialization. - - Collection that will be used during serialization. - - - - Gets or sets the contract resolver used by the serializer when - serializing .NET objects to JSON and vice versa. - - - - - Gets or sets the used by the serializer when invoking serialization callback methods. - - The context. - - - - Indicates how JSON text output is formatted. - - - - - Get or set how dates are written to JSON text. - - - - - Get or set how time zones are handling during serialization and deserialization. - - - - - Get or set how date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed when reading JSON. - - - - - Gets or sets the culture used when reading JSON. Defaults to . - - - - - Gets or sets the maximum depth allowed when reading JSON. Reading past this depth will throw a . - - - - - Gets a value indicating whether there will be a check for additional JSON content after deserializing an object. - - - true if there will be a check for additional JSON content after deserializing an object; otherwise, false. - - - - - Contains the LINQ to JSON extension methods. - - - - - Returns a collection of tokens that contains the ancestors of every token in the source collection. - - The type of the objects in source, constrained to . - An of that contains the source collection. - An of that contains the ancestors of every node in the source collection. - - - - Returns a collection of tokens that contains the descendants of every token in the source collection. - - The type of the objects in source, constrained to . - An of that contains the source collection. - An of that contains the descendants of every node in the source collection. - - - - Returns a collection of child properties of every object in the source collection. - - An of that contains the source collection. - An of that contains the properties of every object in the source collection. - - - - Returns a collection of child values of every object in the source collection with the given key. - - An of that contains the source collection. - The token key. - An of that contains the values of every node in the source collection with the given key. - - - - Returns a collection of child values of every object in the source collection. - - An of that contains the source collection. - An of that contains the values of every node in the source collection. - - - - Returns a collection of converted child values of every object in the source collection with the given key. - - The type to convert the values to. - An of that contains the source collection. - The token key. - An that contains the converted values of every node in the source collection with the given key. - - - - Returns a collection of converted child values of every object in the source collection. - - The type to convert the values to. - An of that contains the source collection. - An that contains the converted values of every node in the source collection. - - - - Converts the value. - - The type to convert the value to. - A cast as a of . - A converted value. - - - - Converts the value. - - The source collection type. - The type to convert the value to. - A cast as a of . - A converted value. - - - - Returns a collection of child tokens of every array in the source collection. - - The source collection type. - An of that contains the source collection. - An of that contains the values of every node in the source collection. - - - - Returns a collection of converted child tokens of every array in the source collection. - - An of that contains the source collection. - The type to convert the values to. - The source collection type. - An that contains the converted values of every node in the source collection. - - - - Returns the input typed as . - - An of that contains the source collection. - The input typed as . - - - - Returns the input typed as . - - The source collection type. - An of that contains the source collection. - The input typed as . - - - - Represents a JSON constructor. - - - - - Represents a token that can contain other tokens. - - - - - Raises the event. - - The instance containing the event data. - - - - Raises the event. - - The instance containing the event data. - - - - Raises the event. - - The instance containing the event data. - - - - Returns a collection of the child tokens of this token, in document order. - - - An of containing the child tokens of this , in document order. - - - - - Returns a collection of the child values of this token, in document order. - - The type to convert the values to. - - A containing the child values of this , in document order. - - - - - Returns a collection of the descendant tokens for this token in document order. - - An containing the descendant tokens of the . - - - - Adds the specified content as children of this . - - The content to be added. - - - - Adds the specified content as the first children of this . - - The content to be added. - - - - Creates an that can be used to add tokens to the . - - An that is ready to have content written to it. - - - - Replaces the children nodes of this token with the specified content. - - The content. - - - - Removes the child nodes from this token. - - - - - Occurs when the list changes or an item in the list changes. - - - - - Occurs before an item is added to the collection. - - - - - Occurs when the items list of the collection has changed, or the collection is reset. - - - - - Gets the container's children tokens. - - The container's children tokens. - - - - Gets a value indicating whether this token has childen tokens. - - - true if this token has child values; otherwise, false. - - - - - Get the first child token of this token. - - - A containing the first child token of the . - - - - - Get the last child token of this token. - - - A containing the last child token of the . - - - - - Gets the count of child JSON tokens. - - The count of child JSON tokens - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class from another object. - - A object to copy from. - - - - Initializes a new instance of the class with the specified name and content. - - The constructor name. - The contents of the constructor. - - - - Initializes a new instance of the class with the specified name and content. - - The constructor name. - The contents of the constructor. - - - - Initializes a new instance of the class with the specified name. - - The constructor name. - - - - Writes this token to a . - - A into which this method will write. - A collection of which will be used when writing the token. - - - - Loads an from a . - - A that will be read for the content of the . - A that contains the JSON that was read from the specified . - - - - Gets the container's children tokens. - - The container's children tokens. - - - - Gets or sets the name of this constructor. - - The constructor name. - - - - Gets the node type for this . - - The type. - - - - Gets the with the specified key. - - The with the specified key. - - - - Represents a collection of objects. - - The type of token - - - - An empty collection of objects. - - - - - Initializes a new instance of the struct. - - The enumerable. - - - - Returns an enumerator that iterates through the collection. - - - A that can be used to iterate through the collection. - - - - - Returns an enumerator that iterates through a collection. - - - An object that can be used to iterate through the collection. - - - - - Determines whether the specified is equal to this instance. - - The to compare with this instance. - - true if the specified is equal to this instance; otherwise, false. - - - - - Returns a hash code for this instance. - - - A hash code for this instance, suitable for use in hashing algorithms and data structures like a hash table. - - - - - Gets the with the specified key. - - - - - - Represents a JSON object. - - - - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class from another object. - - A object to copy from. - - - - Initializes a new instance of the class with the specified content. - - The contents of the object. - - - - Initializes a new instance of the class with the specified content. - - The contents of the object. - - - - Gets an of this object's properties. - - An of this object's properties. - - - - Gets a the specified name. - - The property name. - A with the specified name or null. - - - - Gets an of this object's property values. - - An of this object's property values. - - - - Loads an from a . - - A that will be read for the content of the . - A that contains the JSON that was read from the specified . - - - - Load a from a string that contains JSON. - - A that contains JSON. - A populated from the string that contains JSON. - - - - - - - Creates a from an object. - - The object that will be used to create . - A with the values of the specified object - - - - Creates a from an object. - - The object that will be used to create . - The that will be used to read the object. - A with the values of the specified object - - - - Writes this token to a . - - A into which this method will write. - A collection of which will be used when writing the token. - - - - Adds the specified property name. - - Name of the property. - The value. - - - - Removes the property with the specified name. - - Name of the property. - true if item was successfully removed; otherwise, false. - - - - Tries the get value. - - Name of the property. - The value. - true if a value was successfully retrieved; otherwise, false. - - - - Returns an enumerator that iterates through the collection. - - - A that can be used to iterate through the collection. - - - - - Raises the event with the provided arguments. - - Name of the property. - - - - Raises the event with the provided arguments. - - Name of the property. - - - - Returns the properties for this instance of a component. - - - A that represents the properties for this component instance. - - - - - Returns the properties for this instance of a component using the attribute array as a filter. - - An array of type that is used as a filter. - - A that represents the filtered properties for this component instance. - - - - - Returns a collection of custom attributes for this instance of a component. - - - An containing the attributes for this object. - - - - - Returns the class name of this instance of a component. - - - The class name of the object, or null if the class does not have a name. - - - - - Returns the name of this instance of a component. - - - The name of the object, or null if the object does not have a name. - - - - - Returns a type converter for this instance of a component. - - - A that is the converter for this object, or null if there is no for this object. - - - - - Returns the default event for this instance of a component. - - - An that represents the default event for this object, or null if this object does not have events. - - - - - Returns the default property for this instance of a component. - - - A that represents the default property for this object, or null if this object does not have properties. - - - - - Returns an editor of the specified type for this instance of a component. - - A that represents the editor for this object. - - An of the specified type that is the editor for this object, or null if the editor cannot be found. - - - - - Returns the events for this instance of a component using the specified attribute array as a filter. - - An array of type that is used as a filter. - - An that represents the filtered events for this component instance. - - - - - Returns the events for this instance of a component. - - - An that represents the events for this component instance. - - - - - Returns an object that contains the property described by the specified property descriptor. - - A that represents the property whose owner is to be found. - - An that represents the owner of the specified property. - - - - - Returns the responsible for binding operations performed on this object. - - The expression tree representation of the runtime value. - - The to bind this object. - - - - - Gets the container's children tokens. - - The container's children tokens. - - - - Occurs when a property value changes. - - - - - Occurs when a property value is changing. - - - - - Gets the node type for this . - - The type. - - - - Gets the with the specified key. - - The with the specified key. - - - - Gets or sets the with the specified property name. - - - - - - Represents a JSON array. - - - - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class from another object. - - A object to copy from. - - - - Initializes a new instance of the class with the specified content. - - The contents of the array. - - - - Initializes a new instance of the class with the specified content. - - The contents of the array. - - - - Loads an from a . - - A that will be read for the content of the . - A that contains the JSON that was read from the specified . - - - - Load a from a string that contains JSON. - - A that contains JSON. - A populated from the string that contains JSON. - - - - - - - Creates a from an object. - - The object that will be used to create . - A with the values of the specified object - - - - Creates a from an object. - - The object that will be used to create . - The that will be used to read the object. - A with the values of the specified object - - - - Writes this token to a . - - A into which this method will write. - A collection of which will be used when writing the token. - - - - Determines the index of a specific item in the . - - The object to locate in the . - - The index of if found in the list; otherwise, -1. - - - - - Inserts an item to the at the specified index. - - The zero-based index at which should be inserted. - The object to insert into the . - - is not a valid index in the . - The is read-only. - - - - Removes the item at the specified index. - - The zero-based index of the item to remove. - - is not a valid index in the . - The is read-only. - - - - Adds an item to the . - - The object to add to the . - The is read-only. - - - - Removes all items from the . - - The is read-only. - - - - Determines whether the contains a specific value. - - The object to locate in the . - - true if is found in the ; otherwise, false. - - - - - Removes the first occurrence of a specific object from the . - - The object to remove from the . - - true if was successfully removed from the ; otherwise, false. This method also returns false if is not found in the original . - - The is read-only. - - - - Gets the container's children tokens. - - The container's children tokens. - - - - Gets the node type for this . - - The type. - - - - Gets the with the specified key. - - The with the specified key. - - - - Gets or sets the at the specified index. - - - - - - Represents a reader that provides fast, non-cached, forward-only access to serialized Json data. - - - - - Initializes a new instance of the class. - - The token to read from. - - - - Reads the next JSON token from the stream as a . - - - A or a null reference if the next JSON token is null. This method will return null at the end of an array. - - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream. - - - true if the next token was read successfully; false if there are no more tokens to read. - - - - - Represents a writer that provides a fast, non-cached, forward-only way of generating Json data. - - - - - Initializes a new instance of the class writing to the given . - - The container being written to. - - - - Initializes a new instance of the class. - - - - - Flushes whatever is in the buffer to the underlying streams and also flushes the underlying stream. - - - - - Closes this stream and the underlying stream. - - - - - Writes the beginning of a Json object. - - - - - Writes the beginning of a Json array. - - - - - Writes the start of a constructor with the given name. - - The name of the constructor. - - - - Writes the end. - - The token. - - - - Writes the property name of a name/value pair on a Json object. - - The name of the property. - - - - Writes a null value. - - - - - Writes an undefined value. - - - - - Writes raw JSON. - - The raw JSON to write. - - - - Writes out a comment /*...*/ containing the specified text. - - Text to place inside the comment. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Gets the token being writen. - - The token being writen. - - - - Represents a JSON property. - - - - - Initializes a new instance of the class from another object. - - A object to copy from. - - - - Initializes a new instance of the class. - - The property name. - The property content. - - - - Initializes a new instance of the class. - - The property name. - The property content. - - - - Writes this token to a . - - A into which this method will write. - A collection of which will be used when writing the token. - - - - Loads an from a . - - A that will be read for the content of the . - A that contains the JSON that was read from the specified . - - - - Gets the container's children tokens. - - The container's children tokens. - - - - Gets the property name. - - The property name. - - - - Gets or sets the property value. - - The property value. - - - - Gets the node type for this . - - The type. - - - - Specifies the type of token. - - - - - No token type has been set. - - - - - A JSON object. - - - - - A JSON array. - - - - - A JSON constructor. - - - - - A JSON object property. - - - - - A comment. - - - - - An integer value. - - - - - A float value. - - - - - A string value. - - - - - A boolean value. - - - - - A null value. - - - - - An undefined value. - - - - - A date value. - - - - - A raw JSON value. - - - - - A collection of bytes value. - - - - - A Guid value. - - - - - A Uri value. - - - - - A TimeSpan value. - - - - - Contains the JSON schema extension methods. - - - - - Determines whether the is valid. - - The source to test. - The schema to test with. - - true if the specified is valid; otherwise, false. - - - - - Determines whether the is valid. - - The source to test. - The schema to test with. - When this method returns, contains any error messages generated while validating. - - true if the specified is valid; otherwise, false. - - - - - Validates the specified . - - The source to test. - The schema to test with. - - - - Validates the specified . - - The source to test. - The schema to test with. - The validation event handler. - - - - Returns detailed information about the schema exception. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - with a specified error message. - - The error message that explains the reason for the exception. - - - - Initializes a new instance of the class - with a specified error message and a reference to the inner exception that is the cause of this exception. - - The error message that explains the reason for the exception. - The exception that is the cause of the current exception, or a null reference (Nothing in Visual Basic) if no inner exception is specified. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - The parameter is null. - The class name is null or is zero (0). - - - - Gets the line number indicating where the error occurred. - - The line number indicating where the error occurred. - - - - Gets the line position indicating where the error occurred. - - The line position indicating where the error occurred. - - - - Gets the path to the JSON where the error occurred. - - The path to the JSON where the error occurred. - - - - Resolves from an id. - - - - - Initializes a new instance of the class. - - - - - Gets a for the specified id. - - The id. - A for the specified id. - - - - Gets or sets the loaded schemas. - - The loaded schemas. - - - - Specifies undefined schema Id handling options for the . - - - - - Do not infer a schema Id. - - - - - Use the .NET type name as the schema Id. - - - - - Use the assembly qualified .NET type name as the schema Id. - - - - - Returns detailed information related to the . - - - - - Gets the associated with the validation error. - - The JsonSchemaException associated with the validation error. - - - - Gets the path of the JSON location where the validation error occurred. - - The path of the JSON location where the validation error occurred. - - - - Gets the text description corresponding to the validation error. - - The text description. - - - - Represents the callback method that will handle JSON schema validation events and the . - - - - - Resolves member mappings for a type, camel casing property names. - - - - - Used by to resolves a for a given . - - - - - Used by to resolves a for a given . - - - - - - - - - Resolves the contract for a given type. - - The type to resolve a contract for. - The contract for a given type. - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - - If set to true the will use a cached shared with other resolvers of the same type. - Sharing the cache will significantly performance because expensive reflection will only happen once but could cause unexpected - behavior if different instances of the resolver are suppose to produce different results. When set to false it is highly - recommended to reuse instances with the . - - - - - Resolves the contract for a given type. - - The type to resolve a contract for. - The contract for a given type. - - - - Gets the serializable members for the type. - - The type to get serializable members for. - The serializable members for the type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates the constructor parameters. - - The constructor to create properties for. - The type's member properties. - Properties for the given . - - - - Creates a for the given . - - The matching member property. - The constructor parameter. - A created for the given . - - - - Resolves the default for the contract. - - Type of the object. - The contract's default . - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Determines which contract type is created for the given type. - - Type of the object. - A for the given type. - - - - Creates properties for the given . - - The type to create properties for. - /// The member serialization mode for the type. - Properties for the given . - - - - Creates the used by the serializer to get and set values from a member. - - The member. - The used by the serializer to get and set values from a member. - - - - Creates a for the given . - - The member's parent . - The member to create a for. - A created for the given . - - - - Resolves the name of the property. - - Name of the property. - Name of the property. - - - - Gets the resolved name of the property. - - Name of the property. - Name of the property. - - - - Gets a value indicating whether members are being get and set using dynamic code generation. - This value is determined by the runtime permissions available. - - - true if using dynamic code generation; otherwise, false. - - - - - Gets or sets the default members search flags. - - The default members search flags. - - - - Gets or sets a value indicating whether compiler generated members should be serialized. - - - true if serialized compiler generated members; otherwise, false. - - - - - Gets or sets a value indicating whether to ignore the interface when serializing and deserializing types. - - - true if the interface will be ignored when serializing and deserializing types; otherwise, false. - - - - - Gets or sets a value indicating whether to ignore the attribute when serializing and deserializing types. - - - true if the attribute will be ignored when serializing and deserializing types; otherwise, false. - - - - - Initializes a new instance of the class. - - - - - Resolves the name of the property. - - Name of the property. - The property name camel cased. - - - - The default serialization binder used when resolving and loading classes from type names. - - - - - When overridden in a derived class, controls the binding of a serialized object to a type. - - Specifies the name of the serialized object. - Specifies the name of the serialized object. - - The type of the object the formatter creates a new instance of. - - - - - When overridden in a derived class, controls the binding of a serialized object to a type. - - The type of the object the formatter creates a new instance of. - Specifies the name of the serialized object. - Specifies the name of the serialized object. - - - - Provides information surrounding an error. - - - - - Gets or sets the error. - - The error. - - - - Gets the original object that caused the error. - - The original object that caused the error. - - - - Gets the member that caused the error. - - The member that caused the error. - - - - Gets the path of the JSON location where the error occurred. - - The path of the JSON location where the error occurred. - - - - Gets or sets a value indicating whether this is handled. - - true if handled; otherwise, false. - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Gets the of the collection items. - - The of the collection items. - - - - Gets a value indicating whether the collection type is a multidimensional array. - - true if the collection type is a multidimensional array; otherwise, false. - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Gets or sets the property name resolver. - - The property name resolver. - - - - Gets the of the dictionary keys. - - The of the dictionary keys. - - - - Gets the of the dictionary values. - - The of the dictionary values. - - - - Maps a JSON property to a .NET member or constructor parameter. - - - - - Returns a that represents this instance. - - - A that represents this instance. - - - - - Gets or sets the name of the property. - - The name of the property. - - - - Gets or sets the type that declared this property. - - The type that declared this property. - - - - Gets or sets the order of serialization and deserialization of a member. - - The numeric order of serialization or deserialization. - - - - Gets or sets the name of the underlying member or parameter. - - The name of the underlying member or parameter. - - - - Gets the that will get and set the during serialization. - - The that will get and set the during serialization. - - - - Gets or sets the type of the property. - - The type of the property. - - - - Gets or sets the for the property. - If set this converter takes presidence over the contract converter for the property type. - - The converter. - - - - Gets the member converter. - - The member converter. - - - - Gets a value indicating whether this is ignored. - - true if ignored; otherwise, false. - - - - Gets a value indicating whether this is readable. - - true if readable; otherwise, false. - - - - Gets a value indicating whether this is writable. - - true if writable; otherwise, false. - - - - Gets a value indicating whether this has a member attribute. - - true if has a member attribute; otherwise, false. - - - - Gets the default value. - - The default value. - - - - Gets a value indicating whether this is required. - - A value indicating whether this is required. - - - - Gets a value indicating whether this property preserves object references. - - - true if this instance is reference; otherwise, false. - - - - - Gets the property null value handling. - - The null value handling. - - - - Gets the property default value handling. - - The default value handling. - - - - Gets the property reference loop handling. - - The reference loop handling. - - - - Gets the property object creation handling. - - The object creation handling. - - - - Gets or sets the type name handling. - - The type name handling. - - - - Gets or sets a predicate used to determine whether the property should be serialize. - - A predicate used to determine whether the property should be serialize. - - - - Gets or sets a predicate used to determine whether the property should be serialized. - - A predicate used to determine whether the property should be serialized. - - - - Gets or sets an action used to set whether the property has been deserialized. - - An action used to set whether the property has been deserialized. - - - - Gets or sets the converter used when serializing the property's collection items. - - The collection's items converter. - - - - Gets or sets whether this property's collection items are serialized as a reference. - - Whether this property's collection items are serialized as a reference. - - - - Gets or sets the the type name handling used when serializing the property's collection items. - - The collection's items type name handling. - - - - Gets or sets the the reference loop handling used when serializing the property's collection items. - - The collection's items reference loop handling. - - - - A collection of objects. - - - - - Initializes a new instance of the class. - - The type. - - - - When implemented in a derived class, extracts the key from the specified element. - - The element from which to extract the key. - The key for the specified element. - - - - Adds a object. - - The property to add to the collection. - - - - Gets the closest matching object. - First attempts to get an exact case match of propertyName and then - a case insensitive match. - - Name of the property. - A matching property if found. - - - - Gets a property by property name. - - The name of the property to get. - Type property name string comparison. - A matching property if found. - - - - Specifies missing member handling options for the . - - - - - Ignore a missing member and do not attempt to deserialize it. - - - - - Throw a when a missing member is encountered during deserialization. - - - - - Specifies null value handling options for the . - - - - - - - - - Include null values when serializing and deserializing objects. - - - - - Ignore null values when serializing and deserializing objects. - - - - - Specifies reference loop handling options for the . - - - - - Throw a when a loop is encountered. - - - - - Ignore loop references and do not serialize. - - - - - Serialize loop references. - - - - - An in-memory representation of a JSON Schema. - - - - - Initializes a new instance of the class. - - - - - Reads a from the specified . - - The containing the JSON Schema to read. - The object representing the JSON Schema. - - - - Reads a from the specified . - - The containing the JSON Schema to read. - The to use when resolving schema references. - The object representing the JSON Schema. - - - - Load a from a string that contains schema JSON. - - A that contains JSON. - A populated from the string that contains JSON. - - - - Parses the specified json. - - The json. - The resolver. - A populated from the string that contains JSON. - - - - Writes this schema to a . - - A into which this method will write. - - - - Writes this schema to a using the specified . - - A into which this method will write. - The resolver used. - - - - Returns a that represents the current . - - - A that represents the current . - - - - - Gets or sets the id. - - - - - Gets or sets the title. - - - - - Gets or sets whether the object is required. - - - - - Gets or sets whether the object is read only. - - - - - Gets or sets whether the object is visible to users. - - - - - Gets or sets whether the object is transient. - - - - - Gets or sets the description of the object. - - - - - Gets or sets the types of values allowed by the object. - - The type. - - - - Gets or sets the pattern. - - The pattern. - - - - Gets or sets the minimum length. - - The minimum length. - - - - Gets or sets the maximum length. - - The maximum length. - - - - Gets or sets a number that the value should be divisble by. - - A number that the value should be divisble by. - - - - Gets or sets the minimum. - - The minimum. - - - - Gets or sets the maximum. - - The maximum. - - - - Gets or sets a flag indicating whether the value can not equal the number defined by the "minimum" attribute. - - A flag indicating whether the value can not equal the number defined by the "minimum" attribute. - - - - Gets or sets a flag indicating whether the value can not equal the number defined by the "maximum" attribute. - - A flag indicating whether the value can not equal the number defined by the "maximum" attribute. - - - - Gets or sets the minimum number of items. - - The minimum number of items. - - - - Gets or sets the maximum number of items. - - The maximum number of items. - - - - Gets or sets the of items. - - The of items. - - - - Gets or sets the of properties. - - The of properties. - - - - Gets or sets the of additional properties. - - The of additional properties. - - - - Gets or sets the pattern properties. - - The pattern properties. - - - - Gets or sets a value indicating whether additional properties are allowed. - - - true if additional properties are allowed; otherwise, false. - - - - - Gets or sets the required property if this property is present. - - The required property if this property is present. - - - - Gets or sets the identity. - - The identity. - - - - Gets or sets the a collection of valid enum values allowed. - - A collection of valid enum values allowed. - - - - Gets or sets a collection of options. - - A collection of options. - - - - Gets or sets disallowed types. - - The disallow types. - - - - Gets or sets the default value. - - The default value. - - - - Gets or sets the extend . - - The extended . - - - - Gets or sets the format. - - The format. - - - - Generates a from a specified . - - - - - Generate a from the specified type. - - The type to generate a from. - A generated from the specified type. - - - - Generate a from the specified type. - - The type to generate a from. - The used to resolve schema references. - A generated from the specified type. - - - - Generate a from the specified type. - - The type to generate a from. - Specify whether the generated root will be nullable. - A generated from the specified type. - - - - Generate a from the specified type. - - The type to generate a from. - The used to resolve schema references. - Specify whether the generated root will be nullable. - A generated from the specified type. - - - - Gets or sets how undefined schemas are handled by the serializer. - - - - - Gets or sets the contract resolver. - - The contract resolver. - - - - The value types allowed by the . - - - - - No type specified. - - - - - String type. - - - - - Float type. - - - - - Integer type. - - - - - Boolean type. - - - - - Object type. - - - - - Array type. - - - - - Null type. - - - - - Any type. - - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Gets or sets the object member serialization. - - The member object serialization. - - - - Gets or sets a value that indicates whether the object's properties are required. - - - A value indicating whether the object's properties are required. - - - - - Gets the object's properties. - - The object's properties. - - - - Gets the constructor parameters required for any non-default constructor - - - - - Gets or sets the override constructor used to create the object. - This is set when a constructor is marked up using the - JsonConstructor attribute. - - The override constructor. - - - - Gets or sets the parametrized constructor used to create the object. - - The parametrized constructor. - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Get and set values for a using reflection. - - - - - Initializes a new instance of the class. - - The member info. - - - - Sets the value. - - The target to set the value on. - The value to set on the target. - - - - Gets the value. - - The target to get the value from. - The value. - - - - When applied to a method, specifies that the method is called when an error occurs serializing an object. - - - - - Helper method for generating a MetaObject which calls a - specific method on Dynamic that returns a result - - - - - Helper method for generating a MetaObject which calls a - specific method on Dynamic, but uses one of the arguments for - the result. - - - - - Helper method for generating a MetaObject which calls a - specific method on Dynamic, but uses one of the arguments for - the result. - - - - - Returns a Restrictions object which includes our current restrictions merged - with a restriction limiting our type - - - - - Represents a method that constructs an object. - - The object type to create. - - - - Specifies type name handling options for the . - - - - - Do not include the .NET type name when serializing types. - - - - - Include the .NET type name when serializing into a JSON object structure. - - - - - Include the .NET type name when serializing into a JSON array structure. - - - - - Always include the .NET type name when serializing. - - - - - Include the .NET type name when the type of the object being serialized is not the same as its declared type. - - - - - Converts the value to the specified type. - - The value to convert. - The culture to use when converting. - The type to convert the value to. - The converted type. - - - - Converts the value to the specified type. - - The value to convert. - The culture to use when converting. - The type to convert the value to. - The converted value if the conversion was successful or the default value of T if it failed. - - true if initialValue was converted successfully; otherwise, false. - - - - - Converts the value to the specified type. If the value is unable to be converted, the - value is checked whether it assignable to the specified type. - - The value to convert. - The culture to use when converting. - The type to convert or cast the value to. - - The converted type. If conversion was unsuccessful, the initial value - is returned if assignable to the target type. - - - - - Gets a dictionary of the names and values of an Enum type. - - - - - - Gets a dictionary of the names and values of an Enum type. - - The enum type to get names and values for. - - - - - Specifies the type of Json token. - - - - - This is returned by the if a method has not been called. - - - - - An object start token. - - - - - An array start token. - - - - - A constructor start token. - - - - - An object property name. - - - - - A comment. - - - - - Raw JSON. - - - - - An integer. - - - - - A float. - - - - - A string. - - - - - A boolean. - - - - - A null token. - - - - - An undefined token. - - - - - An object end token. - - - - - An array end token. - - - - - A constructor end token. - - - - - A Date. - - - - - Byte data. - - - - - Builds a string. Unlike StringBuilder this class lets you reuse it's internal buffer. - - - - - Determines whether the collection is null or empty. - - The collection. - - true if the collection is null or empty; otherwise, false. - - - - - Adds the elements of the specified collection to the specified generic IList. - - The list to add to. - The collection of elements to add. - - - - Returns the index of the first occurrence in a sequence by using a specified IEqualityComparer. - - The type of the elements of source. - A sequence in which to locate a value. - The object to locate in the sequence - An equality comparer to compare values. - The zero-based index of the first occurrence of value within the entire sequence, if found; otherwise, –1. - - - - Gets the type of the typed collection's items. - - The type. - The type of the typed collection's items. - - - - Gets the member's underlying type. - - The member. - The underlying type of the member. - - - - Determines whether the member is an indexed property. - - The member. - - true if the member is an indexed property; otherwise, false. - - - - - Determines whether the property is an indexed property. - - The property. - - true if the property is an indexed property; otherwise, false. - - - - - Gets the member's value on the object. - - The member. - The target object. - The member's value on the object. - - - - Sets the member's value on the target object. - - The member. - The target. - The value. - - - - Determines whether the specified MemberInfo can be read. - - The MemberInfo to determine whether can be read. - /// if set to true then allow the member to be gotten non-publicly. - - true if the specified MemberInfo can be read; otherwise, false. - - - - - Determines whether the specified MemberInfo can be set. - - The MemberInfo to determine whether can be set. - if set to true then allow the member to be set non-publicly. - if set to true then allow the member to be set if read-only. - - true if the specified MemberInfo can be set; otherwise, false. - - - - - Determines whether the string is all white space. Empty string will return false. - - The string to test whether it is all white space. - - true if the string is all white space; otherwise, false. - - - - - Nulls an empty string. - - The string. - Null if the string was null, otherwise the string unchanged. - - - - Specifies the state of the . - - - - - An exception has been thrown, which has left the in an invalid state. - You may call the method to put the in the Closed state. - Any other method calls results in an being thrown. - - - - - The method has been called. - - - - - An object is being written. - - - - - A array is being written. - - - - - A constructor is being written. - - - - - A property is being written. - - - - - A write method has not been called. - - - - diff --git a/src/SimpleSocialAuth.Core/bin/Debug/SimpleSocialAuth.Core.dll b/src/SimpleSocialAuth.Core/bin/Debug/SimpleSocialAuth.Core.dll deleted file mode 100644 index 77afba7ea0849eb2f9d59f87ca2937402126e8c0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17920 zcmeHu4|rTxb?141=FMm%jWi=!jvU(=$8tQjEJd>A#7dOJvLxGbEdP<@IKd9`Xy!?p zcrE`|a-cZO5MT?mg$+bI(2ZoO926^EC3d_mDwECcdw~PV^YA{Mjk+ z&A|f5kt_Z@MZ1dxadl6v_yZt z(nI(H&mV(!zJsVy{+F+QSFz9z$Q|SM38EP`#L~|KQ5|p}I7YO3DecYraiUNKJ%s+= zihgIoK2t#deSH9+$y$BA(UVUcT6Mafn?g@?JAnpo)J}XWK0ATwbnUDIM%I-U@MT$p z_*Q&&678z!N;A)P#fNp%DL`Evn5&aW6YN_DyY)njC=6l7-B8t}%|uOII$Z-%kQt>! z6UZ)_d8Zkz#0r3pR)yVIg>89FYu8%B?PNj5nnP4vRCJU(>)*7wR}bE#Y(6 zI&(vPj1ny}do{;OI)@2OJpqj@ZzVVuSOU@a8!aUxSd+Mn2R=hecx^icH*0Vmotmh3 zKRXex!yq^m{0chgck%LE_)gwwhuA_C%wbDu)nrD^j$=#LTDxSGb$SA7um-}vmVzPg zdLY6TvMpx|FhuQjItZDt zb2WhbO%TMj>)Orcx^@a}X5VG!4=tVFa=I|WcbS@KO-BtiH-&b58@jsRg&0Lobc0DW zOKe4}Hpp6s>p~6|AFi+Qw&T)d5|luYg;~1<))H>AJeb333Pyub%N;eK)efMYUIs9< zMMAi>ngCP#gvn|GEX;(a(D!#lIrf@Z-w-Cf4)W-knj$J#<6}Z4OvuMjG_+a6&gpa; zo%|DO#xl`9Oz->)!e()MA3gLV)#g}(rc}c|f(^04mWm#i)xyxQgHXX{E9`wGEb=M4 z0PphVwJI5@IME5I0W|nPvv&hpVQe~17;uYUmYF$U4T2XZ5Mt_$eFXjk+gl#C)~XF! z4(7C$`2hBx{qHE`Avd!;sG-Kxg<=%b9E5?@VKle*$bQw=#I(dsP%E($Ky6fw<;cF& zxSzs0twcXlWJ7A2%y#U2X{C3R(=TUMi*z%Ae1|Dugr+Wy*F^QuL%$0+QCP~&9ksf%4_D;6(jme6W6_+fu|6!@ zOxz5X0*mmE5u76d`V@GOt#KCZ2iX|`I0rv7JDQqbvycWY?*LE>jA|#LB(TNpa1`ed z2r&6R`2ArtYdx&Xs;8iXd>M9d7=+!`ShTwZz!^ukt|oXlYjTd)8mf8Cf(8 z04+=hz9C`T@yPd)N;qr~!xgc`d#BE#UOM(Z6*s&W2mrAW=@4krDVJ8v^#-~0Y3Sv?7yAF-%cbs*FnwhTu880N z{e;Rskl@^T8|A-M&Z+PIUOA_J{BNprDzazP!&z0zsn-N9l~YGcSU;z-wJXB3lurDESmb7ihO9RhjWrsyRQBy9QNHZQO9)>!%iR3g zid@_Sg*g{rBiBFzCo%dFGlA2Sliz*6ig$VbMwTnvi#sKIVrAG5WVkY&J0-f>4@7*K z&Ycn+`3mC^&1E`wK-c9QL-<8?ZxUv_8?J=18l$ljhSc&Z520FZ2o@8OSxwkjBIrf} z2eB9iCm!2jiBCb(vJTuS>8RF#9WT?lBRWDIJ_oo)XZ;MmFH+~u9X`r*(mmn=3)gEa~ANE*nsut zh??OB=b_B{v4We)O?%Ao>^j_Q;WS-;WQ-Cx!m)9*e$SC%t~Yj|kK>8f@5(x`u6%HV zpdG#9qct@!F#U4FHgqx%-&KL zsIzEO9qW0puGeVsSMkBRncym4=RdFGmHq(KF#Vmt=K7hSMPv0mYNDR;X9WJGKs~}% zx*^hQtfKMAOJ)nrMkXVcv?KIcv?KJmVE!_45%`}8)EX{E*3$J2S2e7q0YJ!aVENMx zZ2u1cTJ%)IW5B-*yhVXVUf2FcZr>yD^8y1=#;lFb)m%xpM-N9W%0+oE9t6gsi_!lC z%=5w%jj{as7_a3~wBZK+-Ybu8q&E0b062{v25p>90tRs3qQOt^Loa}T?1+u@0pYYL zBDBv4%>te|zwGy#Xc1-0)AR$8ahb^cIeL62)Cx{ya!t`z$+#67&k&}#^fpMZ7CNym z+rWvZP1Fw9NCR3As@Mp1NN-en4an0xdrHPNQn%0+Kto}QTFHPey$H7e;$jfbBTnf} zND-gVSAz3D=$F$vI6s3DFdq%$!__XvE zLqF6LIMYAr_jF?mdRx{p=VGWCdg%0o^zNlQjBC(q#*H_m(4uhzo=+5{_rPUsfj`1} z)#n?57mTrr-Y<>YpuztT&gV6z1u4Crd7syq7NYO9agQ}i<38*I(o-^P=&z;syw+vT zfEM0R=B%Y==_#4Dl=gcpvyT3>g0r6fOR1N~e*ReXLc7f~$XUi!EORk5YTk`ro%HSv zz1_SAd%WJK-DzHl-WKUSNZ&Re#6GFdH|l?2ei#|@l+cvcG5V?MQ9JAsqsKNf?}K!0 z;ES9~QAKfYSKzDgm+Pdb*1m$?=Z|w5yNneyC^WUc7W$mu&RCb{YK`8J$SY zei`*CTIg+o^K==F`8_*u0lnjXFArKP@tq)~gzg5dm43tT-3Qt#`W?UbLC{vwhgDDZ z2#iv?g zq))4!?AQkSn)K9;ZJ_f$jd$!S`tLrCckC+qu}^cX^R$uR-1sbp7OV^C)k*K(&;ypC zC1|}*d&sIoZ;PTqm#ei+^d9LwU(*ykkG${)KIi)21@u1W)3$-Oh5pp1?FMZNT~IXb zw%~THgI@M~UkP5Pby5wd6hy$E2X|>*l<<3j&_3jm`@{>BPi&|2szTJTZ-3cxip1|gCAK*Mpg1$Um>So+KO`@+6Em3G$|$c>uXHp zgaDRd;aZDtRQ|1?2Z*!I2LUf2|1*3<;O7NCF7Qc#-x7FH;M0IdwCAM#qQF-K{z9Op zJ)^%(ivlLKRzS{b4A*J@t=7>tX)n}n*SfX;Sv#loYHRDxX}zGn1MRlD`?Y@XU!Y+c zsQZ{UtWDN^8t|^VN5S)G-IukD_Cno%)$Y{H`lo@}QvV}uQ5&lNsa8iX)N1;>wA<=K zdbiB=0OYJd``z_x06#A9Yk-f4KHU_LwCSyouwC!gMj|)p!=iaBW*N}?X)!XYAEx^w z=b_2(MNaA$wOxTc;MXIk^{2HTM();Mgq(ZySG2l@^YjbM`#btCu&xj3HM9?y8hxT6 zjpE&HxB&Q0z*hYk{RzEQ|HFnq)7R-wH#`Sz_cgqL*lljk)5DJYzc`YZWn? zWi7q>*BW;jz4~_=Zw7q6F+sih&jAnX4bf5KHhp9C?SOsJw6Pleb4F61iQZ+j(QiaQ zhLFE6`bFbT{oyFf{FJ~)qhB_9gtM9cIQlJPUjJS+L5tAg0y6SH0@F-^*h|K{fcY6X zJ7QlnTETz0*-AaJ^=3x2%Fsyc&-4sU0QL!{Pj=w}{ejqdTBP3v>=S8y^oOw<%@4{N zWAKGTh<}g1V0O}7^pAk|P$1BWN_ztBV{|v*N%{l80m1xhih#Oa+Sii}{N>VaqCvFV zrM(U9C#gw)U4KsCI*r>&fr|nk7O3frUnj6%;DErSzy*O134B=K69S(U_^g5kOIR=& zJ|yr7fzJx00OR8VPgue!@F9Uu2z*u`1%*@KPJs&o9}@V4z-I-X)!wUpNPAAJ*SF}m z>JRH*(l6>y>p#;?qsCZa+-6)f{=o>EF>|H4$?P;aCk7GsD$;{EwZn*X+$hn9jUm9t zjA6iU7zY5qV!j*j>*fQ1FPL2Y{e9ps0ACeoS=_GVc~LNbZ>`mc4u+U|43P7$A>RO? ziP=#lVSau_Sc7&8@{NWQyB6(MR3AFEq0Z1~1E7vGDvI_-Kplla6WW^u_F%M5+XQaM zXbqJl!yS;J)3pM7;RzaD2dKl-)}Va@ppIv!SD<|p;4igR#!2IMjn5iiHLf+y1w*Wtofc-u#xN1IC)mP%Cw6nF$k2}fIMClg#$d6=pgI9M|qlXR|bZI#Vdv z?tqi?=4Ng84LFNrkA``;ohxKg$wJ1-?M>#=**6^KQ$5<_IMZ3X$jl-fH*;1bjJwIy zNl5S&De@e0os{i))w4kj`FZw8A(Qnkttt)gEfn&j_MLOKS0EnlOWd7I6&!b-aJ45L z=VWoBT}dyKI^x;xV6u>;;W12#b&Y{HIc@uj7nffeTtXaj?R?U;FRkWqZp5C&oa4?( zJ2#TdL7+>sUdnN^nMoR(_X_qb9h|(wP8Dd-DIBm12lIB0Wi9D;9%STJ8Xm}IV0-Q? zv)@sBa?Ey5VJn5_k`g)xX7Jm;ogK>Bvyg+`EH0!<#o?-6wPs2c;;Awz8@qHWlZNeV zFXd+P>=D?O>D+McXr?gZZ>i5)$pdAJGm|I$Z_pjiWeWS9)JdA~syC*Scax^=!o;w* z#D^hjDltzO%OhxP zI^t$%tdMjI%N9=K?)>gdF5}HCC%u{0)f)dwZ7Y1R==T-TQ$$Tm2$sw&aa?jD=wE=d z+tse6ux#U^5U--m_$AT8uEH;bUP zWh>Ff24wwULR!ma5lwJIuXB%`v)xRJ1~Y<4y7MQt((buj>O?n9APzWhdDNK_M;b}y z{e<9Ae>z=E4g;>uhMDqnM#*}-c6OfOH1V4KW)XWJIct~j(qYOW=mDo>ZFx*Zw@-~< zW&*+U_~n%H=w&ot8NSHeWmeknB-8L!{rs&m?{<@wZ|?kDn^0h^LYvCa;L9it;?)fA}W=Z z(JRJMvF%&Ht4_|TWHvjAU?-dkww)6C%Nn7{j7HCJZeT9UxvNYV zaAt4Gc$vw{1?`#3q{|$|32#B9BOfm(?9OEEWyGTOd@u3oeDsbdT?FTD-n`RJrH=lP z!Ax>G=XfYgJsPwp=ccEVRoW>W2N>RTMDZxqSIHf*o;>tHH6V432M1?_n0?gFCeKLA zE3d-$V`c+sGLy{|Dz?FwUbTB1Gv&Q3mV+hE^1(Hhx4BNwoJ9e{p>qqncll(K9M+#l z=oAWAj>>7nTuQ2+vuM~mFqh39bcbg1h56z_$7gVqrP+`p4r(gYPD31l$S9ct4d)O- znKY_TSJpXnCS|K)&dE;<-8ly$B$dh_F26H{46KMm=qDq@=5E)S#TunTXI1it=WKVr z-<`&d1&U3s2vMp`WzG!ne{0pX%|`XzR%&W>+g4d#i;MZ21tflFs?fR5!~M#Ve&_y7?oQh0-BC57p9c98(JT?7g?!m9koCd@r$WOtt7f6H?9J6jF znJf4N8s6==v&jNnLT<@Ob^SzUyHXCLn5{_BEM_bXs zvPsX|Mp8@o2dcFDDoW-XCnqMl@wA~_L^Gy~&Zv5OD-Ddb_1)MzF)@(Dbm{(_lbfG) z<~(&yBUJ2ZXttI7q{{MD1?&2ZkIH035Hi*T@z*L9~ z7OEnJr)H%F=3Ey(fwVC@i8}|5DMm|iH16zoPQz73ZJ3;OOQTL#Csa9{aJyb1a>O}> zq7Uz?7ZWTe{c_@Fhmu19_n^>4&X5u-imiiFqsiQ~T^;~`Ld_%2TIHX`=QAvDdFHBO zt;kMXKJi&lUDNVcwe|cHeoZ# zp&XtH&(W;(Zw8#l%YbjrH3qH}M%$1=2gj=LF$K^1&EJh@@lo?B5EEK7L~@8r!1`uI8>R>LV&jj8@@%-6% zK@<2U#h}zMCz`mxWiUI9%!r&k9-m%~f7NDIbI$@_mVLFD`A*El#w$Qh0aRr;y7{e3 zE9%U8@_JIxlwIN1la<1FwW(ElC5w7_{yI;?x~E~aY3Po4#ZK6mH;?(*mb{z1>Y{E} zW3|d<*xtNTo#1tG=43O1dSouieNYgXPg%&%Wxu^i7{R`glQ6xX9XMOmv8ax0^vY`aRmJ*=VHUhI9d zSOtgJ)%f|Ri|!VivNuyu%|Hz^;Na+C3%mTxKFEHCba45USb#mxMSlcXjzfn%`lcfo za}r+%nsFQzcd^>T)Goy_s&Wp*(b3{Mi@q|AIe4`*&`{0Gamjvjvcgw5UA^hPEQyVO znp9;OwqDg9`s*+2QL&Hfm+Gi!ReQPcz|uu3hf*o1AVE;+4&`liuwB(IS`Po4uz74M z4rC6$d8lpUx0vDv@MdM`EczVioG>TgUc6}tps{~Gjf(Tpv86KqX+|%vk5j;<1C5US zbI4Zdx@Z?zVdc_;#6SPmEX7xCCyvqN`)|DcKR$MG|2sasQXl&5#2AIXc=q@$tv%1a zE3|Rp{KfjCkM1_CSS!A3bZa#(J%PBU#d?f5UXzVeYz>1!E3U=X#Wn=vy51OR3>kPQ z%1kg3U=RZ$v7OA)6=MlIFjfO=Y*TDQ1XnHA7VBX#Z6dmjn?2xbZosSRH=Z!s~Ln=6AsxtBYWKALfae&^Dr55vauN)sX-ujIbKpBXLuv z#<*TR5(&i()eXf-VQMf|wSt&WcoIH|5l}!$W5E%%k{e?EL5PjugT+LLBJv9#E1|;x zT6EzZ+zy34chkggM!yrjESC1ESQL0|bufrm{nzNLYl4B; zU?dV7)bR_c9@`MxAcG&lZ=|t>NAN$=5;tNCpFwLyY~k}z&c6g;wuQ%ovPBDD2?d2| zoi6AnYk0B3?Jp5(Hfc@xB~c4Sg3SA*F8V~G3s3P9Vhi7bC~Zw_;bJJL$6C3;vNy#R zp2iQjymF|q4nn^NGe8-c=ebxgDEke?*RW!LrNJ~{u&`STFTz;R@h1XbQM0@f>iW#V z=O6vVXMZ9ruSS55Eozb0V3_B65$v&rS7Hl4#~iQ1v$}LMsKs`uJ>$8Rm`8$8aHPOWln1d1ESd9zItCPt)tT?R!rlvH6eRB0>t&N&4mRZYN z@>d#PAagD0fiQ~<36=-)o-J<2E&+urOONAMZ-{}i(1fFceW;0=v{rUiNCOl8M`C-6 zL-Y`$wTT*=Gz*>|Sskej8fs{)PKQZ~+r^6a!8zgJ2$1dK*jlWH(c42oKR_^t3I`1$ zSK+7oOa8))B7^NqEAe(^>A_?CtB=IvTf4gPCiEta+Io9>uh}};lj`W%-rLjBleVwv z=i@=*B;yJsPd*JTNp~dKkFHe@=J+Pso9R>uZou;<=6V-&g31(7DuXB<4DSzXK|M&T%_l>{VZje_ve2 z;&%~uFq<90Et~q0+E#A}Fvsf~D894I`Y)~j!xrH8rwMPP(n9sb>iuwp#4G1ozVX@8vGXtx8TNb0&s{%(Hh1r>H+kJ0e7R#pRbsI^O}15rReqQdXrGqnKAT=PD`O78k z7oINM45)uSD6?S$NN&N{BL5&}S2wpA)R)CdlIIzNZnMC#eq+!rg?#4&Q}FFo7IyV-tKY)hopM8y#T4zhQ4@~AsScX;&?MNj(=OBU$^|-$#K!`pg)dpQCYX5y-GKN zzm|^s#rB6Fo9pyB*tAfw>bGX|9zcBq6_u5f z&%Cg4YXFQh|AST@pNq&N2zFX$?C<-51OM-w($v4dGX@_}4%AMneBm?2R*>KPfb!sj zT|swz^e=AYsaXKwJ$J4Lu>r1&!i?`sa^YyV5e+W&ps=Hbe9RJ8WQV=d9W$&QX_ zcUxC1-X3jD_QdyBv?hXuiFoV6_Rg+YVqx3zmfm>J&9T;GqNO#_5smk@?27JfZ}04G zNp$Y%g`}soGuoweT8P!h(`K_b+1ZsCk(6EG6O=O68;!?QkXU!Jvo)IR?CEap=}yM> zB}Y2vp4M0*(QnS@!1o!TX3;OM`iN=cf294Yza+xPuyeza-k z9rr!;*<||$wAD5=O%la31tm2Dyax@pNs5Z+4z!$mHOxCpEP7lTW{rJ&~3%fRKJ)cuv<3UDR3 z3S14=f%RYm*a$X(YrwVOI&eLB6?iqc0o({~0=IyhLG95rgV%wVf~N|FYX7z4A1Hpj z=@;LsSyS`-Yo9uzqL0BS;DBWR=?MLe&Lw$Ozmsc#8ABU=bsI0If|_vT_Sr)BNn60N zzwed{3#zo1yUjMg;x4b$1rJ2De-)*_Z;=eZ>D3t#H!rwG6o%!Xp#~%6k z%V+=a=X-wi-jseUmv_s7Lbd--$NzLe;~78u>v2av@%>oY^P1v}!6@KBq1ylMsyQ1D zUj7%yKk}dd=YL=Q$d*4C1yvs_A{;1G`~Sly<}@As(@*`*xqtQ8r&}H#uRWhhe4zY|?`iLG3`PM53f2BA_r2T_|MLC!y%D*wWz|)KB*180G=LG8n9pI!U#+GqEB^!fJN z3%S=WdxC5UvJ=P-puKay|E_)g4+<2j{m1tIN2kQR{p#DVvi%=y(2TvY?;(%1?vTe; zbI4<>Ipk624|(KzRy61=NkdO}V(*?%#dPlZUUJ@+fpY*7o%5>WYnIEq0k4MzRj; zyEn%6a8RkaXLqc7W3)TE%L-Sa+oQ94kI5&geD-AWDRi4O-`bf>#^NK{C`p?|;ag>$ zJvx?X@g2l@6s~`y&v*Im;XDf0JJNNqonz!`V7tc1mEQ@{$W_3JQNe4V;lh;~Ir4`P z3)7!9Lbw7WK|bxm^x^CLsm8(-HGN33Fr{-GO|)#XCnLq>%*ja9jXxP#n9@5Y4}K7{ z;I%WSFW`@dHIrRx9TzpsqEG4*#Y)!7m8LFExIVz?euH&1*2H$VML(TWeERalr-b@#Mu zI_hSLR=g0c!oswwr>DLA>gQe(t?DmYg@tLwOHbRms(FHF#cR*P^k9LJ^yi0P(Jm#t@{(n*dA7e zU0qxp;2eIUVr{HD7Vm83@OmbELudCbV$XRYzb&zL7f1U}$j*+=Xcp0r=yv9yJlzBsk6)=dFi+PlRvOEL z`BN405FP^ULwRU|=F{i{6LjUqXs^$G<<9Nf*)%#YIAiJ*0uOnr%1oN%Xo!fC^J8tqEd7=DZAL+87_RN?tv?fCwj6b0T8uQ3L%wpy)kKKeAEtZe^pwmGJ=yJfJhn9xkJd-*ROvRQu$WU#o ze9sNFt($oAjp4;xqMsUO<@8cFwg$yYfjU>`dL--1_OeLHnw&|~}*?>K1tStQ;6rr_rf zz?BkD^2%K6pz>fZJSD!!U52alBoBITaPRAJ*)LCBh0C6KN@FSe=BX~+GTcMBvv3dN zD&CiHmCpUn{SNMI{B0d?p`O#&W7o-b^&4UWletDTmDA;gYX98xALzf7&fhP<)tIE*`mb<&=d$^=+bTXfI$MT4FLWR1fib2WaIsl9p$ti01q|j?Ud1Uf1I4 z@|5!Y5H5U9&B2AwDas=mae3NfYEy%5^0~<5bCPhnhM9xnn7NZ&+R@0!Cfp8CZSZyQ zA@FJNMQ}7iq1r$9{KsJ9|9p+ ze_q;+x^K5D2GLOTX#HSgEFE4tL}%jV3gqU_5&XD&Tpb&bjCnxk6pzQ>1g(uF&F3rGA%jinw`flb2<0*s2wv}!S*dRp)=njkrbYk)Ol%r7XpL_n} zIhUtwejX-~XBBz!pNlU0dOPE>EwNkn#uAoGb=_@S*_er46T7vpRW~UO?;t&uxsk8C zZ==*d!=WGlb3YUG4M~o2>-6f6`Tz|Xr9dFOEV6^1EZ5D zLrUWoG%0C5>8dhZ^j2yXE@Oz%RT{r^pGe^vFEoxxZ)zNC!qxb)5ts2Lr8_{hF}m$$ zblJ5=pG`J5lf1rPjh<6#{=K1K?Vo%8L$W1ac$rf(X#5k*ql^U0)|;Z-x|2njH6E`q zWfnizfmT)`8UqceFQU5*Xxva53vtC~(l&f#Y;|eXklyNaddl0jc_b|h647!{P~*~D zoQ_{*?xam5OzUs~Xi{Hk=8{VW)9)l884BxnHI;OwWX{W$ zm6TV15}J+W27CE6AD| zhrK@AY045YXJL3WvglprcQG`4H}mmJRk{TZ+_o@arxL5;t2LDu$W)u%C* zd4aj7%^FhcMYD2MU#$YG!9`#V$XGq>yVjZyG6zea`MQ|rIiUKC`c}Vth%n3V!(9>T z-(AEx2WDyPP`L%lV}~99`r`q;!^@P$1&t-*Av{fqSDFu&;i3b~J_9^vY-x7={$j$f z051dQ8b9fj9pG}8r+6s{uZN{elqYRu^3+^XdD2!UPueTRtAS6bp#ksOx6EJJLj;O{ z6k&N9d=bpD#QEH{&&+)ci*hKh3$Va-aXXO$9=mUOV#fat!&Vp zxC#r?$}a6`=e_k!V}q2A*)kS(d zTo;91yHnravV4*{4u|Jk4{4qq#(Z;E-~WHG;P(0I|Ki1|z*zquJ@)_KRR8CratXB+?Ua>i}Tt4n2#47 zyeB}>`tb06&tUuir;q*L@{OtwYX7f?=07|yhG75qwEeX4Fzo-?ZS42B^V$DddlfJD zayWqf|GTuGr&BrAu9?1LWO1>#MJt>nbHk0SR^jjKnTemar|{%B69_mQywTe&Kj~b56LG>&empw=D z<8D6t|8n>>myTdq>21sX*#AA9A2->L3zt2uW3`6Mw|1jwnX`>#SQN44RGTTzK=%KS zK(o}B)0^GH)_Bq$PM%x***Garz}s&1jIE=1v(K~O_W$g<`!-tb7PM~rQpM0WIE#CH zIeZ(PlKnqBFO37oz|q+Mb=FFI%U<8h9%bb+qA}ZmSXk+v=Qw>|j;p=kxkm5HcAuSw zm92MY|F^PIIQzeC^Y_O7uQBj4*AM-CX;r6o^WwJeRw<=$R6zHnAk@0>Oa4C zm-xpN&M#^sch$(ws`@awOGKTCs8O$$ZLmLyV z{eLv{{~dIIBzPxyFBrD#S=p;MvNxHpPfzBgfgdOCho#RzFFD*IW&_fBUpG$}JCQFn z$w6Gn*zLF)gAd~+`TIQYvI|QdHAna@-erUR0xn}r@FkL99uwS!y8-tr_;14fDy}^X zA)9C^SOv}|#Gh%qi1$U{a`1w5dDWli7(EsV+6;Ae-(xTRD>vXzN~u;{l}qO)N`h+) z^-2DsQ_VdqdCbpL%IW`IP>I%u54Ptw+$i4Z zr#h>w(zmLktzTweKythT6!2{9`X$JX-ye!y-f$d^FVfeolpKF zG8T(9Myr0H(~sF_lobvSa>LX6KwiIQ;`43)@LYnpqETL9n!)UUuY}5nI?9SWkp1sp zT|DK9TF4u(Kl|TXp}6Wl;qne<|0^Q) zz)jXMf0+vuZ*=tyLO000Nme!;rJ*yhisxzj%mvbS0lV8fckPXvPr^WdcIJ#|#rkWr z-?{#~N;c>p{mQOnASXO6yNa(m z=7d*jU%VQBFWZ^$zOt<}#NIFs2Uojx@=+YTjh%Klb0V6ik8bqsIYWg8)Q>$d))xCd zO?#&A%!k|aIp|-6A!GeNzy1IH)c++H>HD#?dlAT(rFp#>1N}IA%*hh#h%_`n^MKQ5 zVcTFCw0DA{_2IscFgCe9m^;6&GJRlZC5j`Z;F>@0q#g z3H)szi=_LWDt%lL0P;0uneWP?b)TOLYYxo%FI9%iS|&9Q7aemuyw-2Zm^*>BxSM&` znoe_8t>r$3%buQ@yE4}`cLi4l!5vTHuewEOSGnVG*ASkm%OWUzJ!VpmYp@oq0Gq(I zyz8FeVsHtlQd&@a@x2nXZ5%P}tx)OOayO>zKc1 z)5q0LCTM{1e1X_HhL^fCqIjOx&q3%<1J*wi9s~()9mcw^ ziSCJI&e(**_a?{=?*-zRf(>FIdN|2`MK*U|sl#jhev;VT^den+?2`G3Q? zSGaVZgkhqe<;LU5E?(5d`=U$#i!Oc93JFfH|Bv!4kdF0$9xPtWLPNCu?f?1kK7Bsl zom~dA;r2DjXn*?vJ4^xXogQEICd$4gQ}(?3e?HvLPYSvJC*FA(mn>U84QKy*f)JHUP5`fj_QFWcsiV0Z^KYeBKs>rlM=)j?{bobar5 zl=MhWc(q?gX)QU8z$d_Kpp*VnzP@cT@icc#Y~Rk^zunDIKFetD|B2T_(?NEQOWLM= zu5mWYHtH`pY#s9#uj23Vq;dqiV#)1WF@GeRWAQ!Lp*^>9OPSBwgg-$EnOPH4(MlpK zEgxU}Q~kky`KKb}gs1uE`H%@`t`z$EB~eY@%@8agp^x+aEEsOPa9rtl<>%-4elN`x zjt~yg0`+4Lcoq9TZDiV&d~4^f?y>&=!Rr6|Q1jL9yGh7&NcS**cJpI* ze8u#Mq08eV=P+NCTpJzhZOoh0xd6$Z2fT`FAml$kXqt@1lU5S1?@V?$(KP+117$S> zV#W3JeoP`LZ~sxa>Xj3o)~Wt{VkSHY;`XByroKZPPwak#uWP;28;wSD+TUtb)dYAI z{}*4^=J@_K++k02QTu)aCr>H2zolL=RSGxubM-oDv&_G8Gz z38tE98=KzPhbaEBuXE@O`8w+M9M}ep5BK%MJ6u1r*Qz;>9|JSt?|vW2x0~NDP?@z~ z;0j>o$n2>Ym>XEz%O$u>Ewu||?rYD(E#X&v?Y>Hdah0CpDIKLJy)TeTR$Tc`w396)TN<)A?;ykpGR{$?GGt$y|eFZ_K9ZWYM*EhE@exx$7I5* zaaZuJ-5}cQ_I0@RysyV?z`Y7r>9jcaM%+gHZ^B)J+m1^a$zS_L3wTq#RZ7{Rs=@Qv zA*(U(7cj!lgj%lrJ&1lP990_P-CLlYJ4MoSGS%ZX7hxm$iFeEu51fy?nfEeWm9rdo z3-7d-ek1vS_VhlA+l0%WnXx5{PHRv0&dj${m@gery{J>F2X{MeFRtj~xKZ8{xI3Zy zG;WOd&*1Lj{dU|=-fjK6s0XuuKy{kVFE&r76w}R(W${D2*a~)-XVF=|grT2`lzSc= zBFyT#NLpu>;I~hafIZ|X9x!cBN#Clh=ipL)BLkHG_F23qc~{$i0y(R~{UrY41@%B~ zb$&~sejl)Zo4?gVqsQiN^~!JF=KnQ#t9DxV#@sR-1NlE`$-L42szF8eSNek`)%8p3 ztC!Ksfp^|9j`_Xj@VoUrKWLPa0bV3i<@>q+$e(W!VScXo$BF>3ubPHBboboxHjNmx-+@Rn6mVAdx_DQ8lqCQRRy|JrJFeOn%3jk;PP)?NilplV|AHN$fHp~~Ecm5VSjo#YTx269Sw_#M zF2F^v9@IEanVqhj%bVAgvYA|J#(OVgx-%`1j3s$K0?tFgWFPn}e*Z>Um9N@e{D;o* ziapyr_lMhvTMD5J#c#W~{{C<{?r_czD1YDor>GMFN$Z%u@SwQLtAjI%b9hnL5t0P6DqK0Ymogdmn`N}EZ!_ewpzv8HTJZ8lWuZyJbUW1^F zc=tf}s*9&QB|G6feZ27bq0_bhQ*;CQ>^aiKVI108*y>^F4aN2ALi14}a$-%AhEo~@1bAAB+oAU#!adm#64!0Gz9#>;$ zBj*Pm!&Tk17L)sH+zo_h>Y^D=cq}~i^8>bx^PeAJ{@CyNfrpS00dvFPeiYe{z!RYM zAj-g6(A(Eacor*T&Q;&n`+CxlyOBR~y?yRq-JI9k@9rX9h5yRYEpzFNcXYQn*W3NP z9nkB)|LVg3&dIyC_epk?uDA1fyWm`xpSSyc!_i&g@*l3f?@?FZ3tW0)q3@$1S;yA` zovrxGE{?bV4QHOI)bh>In(?>kXYLBYsi1#K?E;?Olhan;cDROWun3yL#O}je%l=UEQC1D`_ zptsD6DTAfR{Tm@mBOj&+xuGsBk9S|MelmFnxUgj5uPVvt1@M;?OQb8DyuRe}h~X*! zXP}Y$dH25Ag@4n%f5*w~qfXAJJJ+uZ*Sq-M&iykN?;l;fe|Pkoo$K}gX4l{Da^+j> z+?QN>k2*K%T%C8~|5*R`{BZ4*+y9?&{y%p7KkVN3x_F;=axmAu?{##Yjt(BLR{tmy zv!My~pGcW#yqMc?vnPdj|3DgHQ2cQc{=VrOG868z&50XMN6-0!mFx$(|Eu~r(4VR? zWMw(T{*^Vd8HdYpD?zQ7*MZXSJHSKW5%BBa{osS3<})Y2S{k7d)cLa(umenjDezA4 zYv8@$1E7AlL~G6Gz!$)m!8bvTEn2_M0Ox@<;A&9cKHmnmfxV#4WPJ{N8hjqq{Qo4V zP5DV+DOe8bn<`g=ozX5`Q)o%VTU!$5sCmNt2C6(OTJ>|M?n_1b!LxyX5{&Hw^BGJ^ z8@#xRO?coL#9LccEUPrc1-B5$5w&1GS&RPHxD3GtHFEtqMLiq$dg6TucMI>@^1mB8 zb-feBS5tfyWN6fM)JS&`{>no@k2X+uSGDdo&QC8Tp6}?saGQ!YUz>XR8gy(}Uiiw7JF}S?iz2=bRa&>&{y2j=M9e{^ zfe&H%Hna4uK8#IXuOCmRlYJn{$Ft!s9{jKNV+Ui6&42L2fj+Gw6UU{6EMMZ%(ixXX ze}`Z~vSaC7eE2rs#n+jUNHD;`l296!)}^r|(^fi{A>QY;m^Rf=$XMJx91}LMHdT7|L1o#cQr7W4Ls*iWl&kaY*Agqq6Qy- z;JnL%B3Jffrf>6mUG;x5&&SQ5xBJCDeyY;^guQzW7B6k6Y^trcyPbp8`TSs-Dhg=* zqsJqE`Q#w^X6*i1!)tS#8=`zmxMoRxU0uTv^Z#&=Le>RGLFIqX9dDHCT`)+!9m{>i zYa6Q9EU9m7vT+CI_pIPHOJ;1Z%C~m>a;--U43clCWA^!d>Y!n9bzS9<+x_D7UAsf% zta3~ov>fJFyo2ics`_QMm1qqM1J`$Y@SqeD&;`Gh&;5hSms;2H*8R$P&`{sh*wDCW zXtH%t@PNtDuCJBnYj6JTAhOjr&x$Kowr=0v*qP|o`2MWx63Z4<*VR^5O1)h1 z-z#KZF<>?y+_QHSCV!>_eL!Jr!Hzy5mS5k)|8PHHHAGh2Tu_=i@3tj3fOm!IY*|}B zVX`GAU6^P+=vg))lR(BX!6u9`*DIggc={fd#$SO`@8(%_xJ+zSJ*!jcCMpls*nbS={u^IJD=Pz*#V}zFgGnQZ;Gey zsD8Jfcqa(6TV{5n%#oS;>6@Sx{lwFq@S9xNL>~!P`RR_f|29HynC>+DcE}CW_pWBT zw6w|QL22rHQrKq=F3mbKBn?d_f2ExGF4?EmI^nx7zV@ftnRk~3GWXiXF- z3$MysvZkbkOFvVEd{fWD<&&;Q_7rmjG8kwsS-9-Xl(BHh<(Z`wUWEKa#I;4?N}my; z>^as*OFcd<7CM`6fro2YCC{w_la|6xu&}0HiQ2OydZuf3{&m z{QH%Ps>pYKP@~Uo1Xs*!d}%{!d(%UI|9>~W-X4GDYR24!d~0d<`tJ6gU|}~O5=aCK zv4kz`Fu!lJvy1z;)}y_%E0$Q;)>onKatbw(V>=tbpw{XSz_&!h9|%j@g|K*H$}lon zw!4LiFT@CEx6AA?yhoXJcJDFsZ*ymOPqaI_D;6K&`Xz7eOeSOT5v^cHw7X3|G1KDP z&UuVT)zX>SmU~aKa!ee_ywuZN`f!mSO5Hyq+}oS%>`IJC%IS9LjmLVUe7B1VWmdb$ zUoy5YInp_gLi_(b^uFw0@1W~zai8VXfm{PDM09Rq8!xAVN^=7Xfo-IjWYC&I8akJ8 z59=)rGI_vQQ{wIl32K@ru+lcE2vr@vf9?}|aJGcXcTzC1*+D7HN0o3_b z?(YRH;EkZxAzCY+50-)#fLhaN9i=?9KGFJBYoHk*OC__nz_P@wKx7w(73PaqI&h&n zT>)yHsdZWF&zxk_R%_a!F%*3YG43wP4&JUU6 z_${#3qy)F_wAYUmcr+?GfvtUQ&m|V zb@$HcHhjlIe;-q2m5BzZs9PndOHf;AL_XsU&lgYvn_(z6J*jYfr=#l_etC1Fj=4_L z`}}GXk1o}p?Ui-VPpK{pv&03M$`>5uWYbbiRDcO{f19a&Io=e$jR7GirUW#&RHA*V zPop0SC}K0%@2u};Q4r>$O#g5&)n(cJl7QP8m`eF?S%N4qS z8P@FrRypt#ccI(mqNPqyq&B1tYg!^Pgff{-(ii2QBbByP;9`p59GQxeMt=hy2yW_c zF#_)kySq0u!K~h4P5|4Ci}&A0O)E-puaV2T()5MH>!59?)3pzaA}xwpNXdNh6T3GJ)^?irUMn<X;cldx%-o0cC*;egC}z$Nw?~X<*xDrOCrO`;{K?L1 z8LUl(`Y9^8k~`XGSQ?``eJ(#&SWe%={}~D{eYMX?=q>KKmPX7crCW}p-49D}1R07y z#Z`NN;+OserOC_#)*ydFBBeb<)AjzCuH*D{e z5aK*R92FlM1;uMcs&e}Y3iOLPAxtU3F1qHVDUlx<~m`-zCsu~UYNJs z`<<{-wB-zVQXEufz?1rQeyfE$_#U2KT{*HR`5!R4ci6c-LCxQ(XmP!K5FMN{>E7tt z192RAf6FQSZf$fl{R~&V-jgB1O*d)U*C@*UUw1P^=0kvQu#nooE3hQ-`jG9P8wnA8 zdNLu|$Ab18#e?JGmA7vv+6&Z99sj^RMb}Up0x$dU9XZinV*Si<_3FE(_KEf_>icnk z$f2Ey<1%Xz!=$^Y6YV>!+Wr`(cKw;+l;dXTs1Qa_$3h%aM27`>?u7F}Q1lG{HCS8z P>rQ&GwnX=gwef!e!U+oX diff --git a/src/SimpleSocialAuth.Core/obj/Debug/SimpleSocialAuth.Core.csproj.FileListAbsolute.txt b/src/SimpleSocialAuth.Core/obj/Debug/SimpleSocialAuth.Core.csproj.FileListAbsolute.txt deleted file mode 100644 index 1728c14..0000000 --- a/src/SimpleSocialAuth.Core/obj/Debug/SimpleSocialAuth.Core.csproj.FileListAbsolute.txt +++ /dev/null @@ -1,8 +0,0 @@ -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Core\obj\Debug\SimpleSocialAuth.Core.csprojResolveAssemblyReference.cache -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Core\bin\Debug\SimpleSocialAuth.Core.dll -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Core\bin\Debug\SimpleSocialAuth.Core.pdb -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Core\bin\Debug\Newtonsoft.Json.dll -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Core\bin\Debug\Newtonsoft.Json.xml -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Core\obj\Debug\SimpleSocialAuth.Core.dll -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Core\obj\Debug\SimpleSocialAuth.Core.pdb -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Core\bin\Debug\DotNetOpenAuth.xml diff --git a/src/SimpleSocialAuth.Core/obj/Debug/SimpleSocialAuth.Core.csprojResolveAssemblyReference.cache b/src/SimpleSocialAuth.Core/obj/Debug/SimpleSocialAuth.Core.csprojResolveAssemblyReference.cache deleted file mode 100644 index fadac44a62f716409e03d9fb3fd8c103ccc01a2b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 39478 zcmeI5349bqzQ?D+WRh+ILsS%2!9hSkFq4x66gd)(C?F8zSi*+Rq>~IxX2Q%QfP#Q{ zfTDs2;DMt1RzZ%33MwKBizs-YJaIjCpMv5Eo+}E^>-~S7sZLdT@;EeadGn_8>3{nF z&wskQs=r3VwRH@@stInxNjtuh)cwny-gzL`|vB>$yyyF*-0s_xCAH&nnL;&n?f$ zD9cILvb02`)ggKkMKeNSy{agzg>`r-X()>V~J|Y;X^_Ju>{dKVFV};*-=n+wheCQ4mAoD*HVe0S5c%uV z0>LT8X~PGOuGercizAm;qz7xg9(@>P+Lu=5^EpsPrA?6DSg*e z6QolW@&tlDZ>f=pLWxu~K_X@ur{xz_YQbtFF|~&21Zu3=;HU0KBfCy~>R)l1Wc)q0E^q|lisHge|Qfi>XOf|4k2x+KO``O=1Z{ZozX zw8RZ5=v`bL3{0kKBUJ1O;bs*N)@sVjz5e1NZ&fu_F#(TP^YyO@R~CnY9*dDGouFP^ zO6~=EX-!3OK_EO_4_{ub`|%MY9VewT`9#toJR6=TD=mj=)QrsZtlSHOdU;R}Rb~}O z@k1H5qV%RTT^Z&F{N>(?nxKY?*2rKgC3tegWgdgL)9B1v(`5xXpu|q6WI|1s%%~cF z*juHiQDsUfd9SQ5xictXZ__1=hj&zzseP)b3N!Nob0TDa*_E6~DP8bpyEZUBBeO4)OwmHu#jT9}?31lN~_sB+Dw zT0hUI=KXp&JH5E!-+_L6N~kHG=@Hb%5cNh~WyXd^p`J@AHbn>+i8zcxrJS`wpbJD5 z7X-p!@FczY)LpglBGMhfw{e81JjJJl!c=2;%e{J8idGka&lpZIcS@N~@d4E- z9ty})LLMy~)`Ldi-ZEI%R7Bo9T9oq;9UrqLBqXqe7I>ktt)6k@tvg;BqN=K+H>oOO z_Oz_@tc+eNLrJ-47o9F5RdPZ}x@Z@jE+$oSLP@)57oGZ$Dmmd!xM&xhE+JKPO2nP| z*B79jN-&{CkA^oAF}hxs772chTVy`XC~c#}pQ*@qT=nV@r7yBZ8v}PP+QoeLBUQ{d z1D7t^MW_CxicX2(_7o@_yMyRD;lfEfk&r+ zx@Z@RVKk{?F)%dAF4{$>D@c``&}6%47oEnCDmkG^chN37jU`odN*PCn!n)S{WO_1l zbF~~#PS1>9S=oAeUav$%5U0RRq)OfXzf!4piG*+bWj7MS;9bKE9}&f%n88Tl=Jakx z17P%Q{*f%o1QL#762g5^CX&t&iMePOZ{VLu6&zKDNXeIQ$;=M zh5kV`c*};9;;pKxG5Wewf_jx!U9Fc53I?j0F-pbWp5GR|JkmEV#W{?z$C+6i_1))# zbw71hc#LjzdbydDF=4`qwDUb&4ZVNYVSNf(;;nyPG4UJORobB$80U8aE}0 zexC%Wchbj{B@jy?mO}TYgBHbcFNqe?IF_;;_WL06Y2?cvR_&-Pj!_|| zkV|3-Qc_FI!AfWSp)qcmQW6>1EcBNLloAXHV&E#dByvS9OE8kx-&YX`dc&1fZDe&& zAV_`a;b6dbS_#$p0e=OOqY=arnm5>*pTig^411|7i#i@1C4+ogMaXHKsQ&XTDapo~ z8Cz09LUMz0$uaA7vBSQ8h{tRQq>DYdPj!r>MZ-Y6nXzQ;;^V!ZNGVDs5G4Vz`80|r z!Ery`JzfftM^;%uHgz@$#{(pa!BcOy+nwLr9c9eaZMIu{gv>3Ckh$xN&mGB5Bpq~( zDGyQ#_K7rResZOVh9s#LqsS#Cwq*MpdSZ*|WH=%H#irUP(9v%yMmYs&_CL}&kEe9y zkEY^!5=%+`pNt=x(S=*a_mlIrYRyBBo6T-Zw#4pHdWra8KAQ66NhGi-57+&+F$5tR z?T(csTFQZlvWjfVBP0woSJS~{j%Gn`Hy@L9*NsWKBV&^8hGUX$8k4jbjWJ0#jY+zV zF-f zeu`0nP$m_)u0ciI@jNTVqB(SbqaewYzh8s-nU`9qiyY8vJP-24&D z2tEz-$K3o0%(J=qQ*QnY<~iK_IX54Kc`i2};^r@4zJ{B>Y8i^9sRZ@JM$P#b`qt)j{G8U z_d`UXt0V5dC(Y#UFeξhn+c?qRso#_;Z-(e7wLXKt9YmSj_$BtVd(6&?Jx++`ml zcd3*D`%=u^7gFvHiMcx{B@Iqp zHx_DC9>!RxyW!tahn!6bvIAmnKa_I&ftcIw=P&1rOC$2$&Z zED|>3jml9nOq(1C(l4(czl^DxO35g_){9;v@~|b-23KrUn;M&Q1u57QY@O)jb8I#g ziz9&q>7$DJXHaBBk2kYz{AtlA39~D1Xg{s@t?wZZF>9p z_ipQZM(cwc`>sjNSl9fGtQ}uY>QHgv(l(!GtX#LH#fl_%=eK7)9oXgkdHgMV-_1EN zwAaFc`AMICc+s`zpV4RCuER^_1(xpoVep8LmKK+N(B}Su?|nDrg6^jcUb|iIet3Iw z;>1<#LAoYnz8US}mWb!@L}E88MOzyWjk;q(=O{g_1uIC<#8JFb*ckH8oU2H#p#7NT zvR1h`SMNM?!NaWOb$xrx44-?{y>iXIs;jOUUEO1C@zKThg4v$ciAOdEM(%DgcjvA? z?%fMrkNjFa;FAt7Kj44lvm2&s?Y>Cex_alL7CXvk-?dR)zV=Y3zrX$MuJ)JQ_=fGP zvTrtQD)JpX^Tz`9Xs^SyomOqQ{z%1~nPqn$nAdXk{1>+NTIPI&t}+={+GWlwds>Wr zY!F*R8ZW6tI>wghrd&Nr2PiFOe~e_Ty%#6M-;1eNA@W}ACdwUk@2jekP73O0Rmq?u zwp*wo*{g!0vRB0V^5sZ_6;QBAo01@G1$S9OT;AeIn=6>XQI># zD7_%i!*&RY%AOZd+Ag8Ak)W}n^h6vb&JWEJ;)gS0r?0Lr5!2l45)A69($A!+KWKVZ z0Elf76qP+A(zIEk>B*=xJr$>kBNUr74JKmFh|nZW*Hx7vCRT;O>Is1)woy=2wn4<| zaS1DQL|H4Tr{h?~HddDlSV>=eP?ZrTRwIGcI)Nm%R!~&7M#O5hgcUk6tyrN$Gag38 za2Pd~h*9guk5pxx3DbDM^pL<0`-`Bc?B7I~{w%??B`Qql29LuO!!VT)F|DIc*H@KE zCRZA`x=%ofEf*A(-79i+kHpn;QMuY0=PI__z6v6SS5ov%IaR4NVe$f|B?3R}PC-%G z9U@G(OE7JV3e#WXFvT`Z0V3w~NQ)ne$?7o(Dec_eYNVwkKOh!{R@8<{|; zD)UXC767PPfgx5SC@Kq!K!qfrF!RXT6224%Dz;m~TZxz?U!WqJW=E*XB9o-WAjvPl z!>R;DWj>LlDH2JTtY#$%lh)!@QwONp4~!g5TivdpCEF3?mi0K{}bQCXQtlSiTn za~!QS?T*tF+x61@L=11}B5RMR$_f*x2LRNc1cul|K~Y(;2-E}#D9nzv0)<(!@#-mt ztEY#FnAY`O=V|6j4Ix!oX>zp+T#XS>Vpj-?%0`P^6-iv}iOLnGS;x7GVXpq2h&fH* zDza{ts;oDmdK6F%7dT?W1Vv>-MW`;5pu*&QYh|@J4pnToeoqoHsRC5PjHRhmbqo#I#u<3`a|7R)qQjn zuZLr}9)6A<2y?3HR`WU8hUerG;n84y1Vv>Ri_ghL(sQz(kTIVVkc7?t0f{(BF$~g+ zM2s+1b*G8aE}+y?poirMipsJ@l(Hn0@KrG@N(bU7#db6P8WAH;Rejy0X%A>h698ft z3JNV%CDPPgqUockG~t_u@ro&iE2g)Im`0|mzHMUl4zN03Ac=Jr6qR)nvFa#c^+{B$ zK8<4)+m+P&0#*&Cs_rwf+7GPS3na02f}*l>M6Ax1u);T-t!>}uajaq+t51j+J`2nk z_Wsm_=`+A|roaztEhs8GLxkyc2_}3m-U<`GA0Kb}Vz}x1iil}!s_NG!SKolEmI6ww zg`lV`MdYfv#1$4+uyXZfoU7Qbq<$b`cqL^_RXt+DbQCZ-1b$eeps36)!qiNH3CnR< zVZyQ;@k%O&E2&?JnCMegvE*dkH>a^K0Q=?V`n9>(&w`?|pGY%T4f&B2tQtb#&^M>Q ziAoh#b%|3I!&D^^F~^vynrz~w0I%-_qS#?UQQ3DQUjLNv!m2=}v}04u-p=nxi{ll; zcsYrf#;2;bGRaB>Szih;u`dKgWrswv4oYNUVJRzFSYRqnRt%GM77@c|@R(Co+n7ML z1yCOg46%;{MP&y>pgxpRckGeyXa=B&h>PdQX6d{imR)>>naY zf0szYDt1P)!1q#b&#(|1qpmK?r#-^&~nOyY( zS1$-Cu^oa!D`$yZZI`%0k3uQ!*y`W)Y}9`d=PHJ|>Py5#ovPZ;gsMNFdRE|wZ4ne& zKud&bvji0*e5_Dm_1-vCF$~pUA|~2Y)gdNRg<$Fl0VB3iP-yimk*UWerm*C*g()YN zd0s(P*DxXJO`(#d=M`i+<+I>)(v=#sZ8M(B8?(0O@En#J$rLT= zD{am;$D66c+WTE*`kEKcDqWPhq1CIeb@dm`OdQX7dMG&V&{=y<+r4G;V-L<9GHdteKQ5p5$nDO|R(+ps*DZCxgdO322`@U^@=T?# zz5L_H9$NPW!xGTAQ^-`JkS%)$`a`?|i{T3Fa(Xz0`JN+4tsAQuNk?p*P*t(DfH{pS`W;6phEWy2L?>?O84rM2s}c zrP74S3z(J&{IEL(g%)HJVY*#{scTf2y2W9NZI}W?j5G4pM4B>{Hq`5%N{g|XL`?-z zw+Ilin+1gyV-tzGNg@jW$E4H}HR1o6#M`+TZs(>EF~^wUGTp>$2JpIGAc|clD6|-x zh}S#`FZ@3oD_;1&IB~pU7_Zqx3=hf+w6I1Cu$eT?1x;5A0I^wuLJP2oG+iapgny%C zp~;y}R-?D%$t#P;w9VePfMt*+Y8OzR#kE&suKg^o{UfgUH%4N2g>#6-wNP*sIyP+1 z5!`is-;&v>Z>qi7$cQVIinKY$SzO0A<~oVHn*Bvu#I@nSTyj=&SF^CZjh(gH;ySgl zvrf0T&S=ba4tF)Lb*|tlmFs+q>w<_Y{gO84BJO&2!T!DHr;h8u77MN@TQ%|l=Q8eU zUcg-uS4&~7;I8J~dLZIzxmzo_t9jN{!dazkt+%*7+L-H8+||5*O%Yei1#IQ6=8fIf znCni9>#oLJU$?mKiMU#xg10TM?+C8q?Q-tpu4cCOM_eu0`qbk3S!1qWb64{gd=qiC z+}I=B)hw)|jhz+!$a3w%$b#C%a#qXrFs~fK7-NNuXTN>~bI=2zm=Kl=?&ui5H diff --git a/src/SimpleSocialAuth.Core/obj/Debug/SimpleSocialAuth.Core.dll b/src/SimpleSocialAuth.Core/obj/Debug/SimpleSocialAuth.Core.dll deleted file mode 100644 index 77afba7ea0849eb2f9d59f87ca2937402126e8c0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17920 zcmeHu4|rTxb?141=FMm%jWi=!jvU(=$8tQjEJd>A#7dOJvLxGbEdP<@IKd9`Xy!?p zcrE`|a-cZO5MT?mg$+bI(2ZoO926^EC3d_mDwECcdw~PV^YA{Mjk+ z&A|f5kt_Z@MZ1dxadl6v_yZt z(nI(H&mV(!zJsVy{+F+QSFz9z$Q|SM38EP`#L~|KQ5|p}I7YO3DecYraiUNKJ%s+= zihgIoK2t#deSH9+$y$BA(UVUcT6Mafn?g@?JAnpo)J}XWK0ATwbnUDIM%I-U@MT$p z_*Q&&678z!N;A)P#fNp%DL`Evn5&aW6YN_DyY)njC=6l7-B8t}%|uOII$Z-%kQt>! z6UZ)_d8Zkz#0r3pR)yVIg>89FYu8%B?PNj5nnP4vRCJU(>)*7wR}bE#Y(6 zI&(vPj1ny}do{;OI)@2OJpqj@ZzVVuSOU@a8!aUxSd+Mn2R=hecx^icH*0Vmotmh3 zKRXex!yq^m{0chgck%LE_)gwwhuA_C%wbDu)nrD^j$=#LTDxSGb$SA7um-}vmVzPg zdLY6TvMpx|FhuQjItZDt zb2WhbO%TMj>)Orcx^@a}X5VG!4=tVFa=I|WcbS@KO-BtiH-&b58@jsRg&0Lobc0DW zOKe4}Hpp6s>p~6|AFi+Qw&T)d5|luYg;~1<))H>AJeb333Pyub%N;eK)efMYUIs9< zMMAi>ngCP#gvn|GEX;(a(D!#lIrf@Z-w-Cf4)W-knj$J#<6}Z4OvuMjG_+a6&gpa; zo%|DO#xl`9Oz->)!e()MA3gLV)#g}(rc}c|f(^04mWm#i)xyxQgHXX{E9`wGEb=M4 z0PphVwJI5@IME5I0W|nPvv&hpVQe~17;uYUmYF$U4T2XZ5Mt_$eFXjk+gl#C)~XF! z4(7C$`2hBx{qHE`Avd!;sG-Kxg<=%b9E5?@VKle*$bQw=#I(dsP%E($Ky6fw<;cF& zxSzs0twcXlWJ7A2%y#U2X{C3R(=TUMi*z%Ae1|Dugr+Wy*F^QuL%$0+QCP~&9ksf%4_D;6(jme6W6_+fu|6!@ zOxz5X0*mmE5u76d`V@GOt#KCZ2iX|`I0rv7JDQqbvycWY?*LE>jA|#LB(TNpa1`ed z2r&6R`2ArtYdx&Xs;8iXd>M9d7=+!`ShTwZz!^ukt|oXlYjTd)8mf8Cf(8 z04+=hz9C`T@yPd)N;qr~!xgc`d#BE#UOM(Z6*s&W2mrAW=@4krDVJ8v^#-~0Y3Sv?7yAF-%cbs*FnwhTu880N z{e;Rskl@^T8|A-M&Z+PIUOA_J{BNprDzazP!&z0zsn-N9l~YGcSU;z-wJXB3lurDESmb7ihO9RhjWrsyRQBy9QNHZQO9)>!%iR3g zid@_Sg*g{rBiBFzCo%dFGlA2Sliz*6ig$VbMwTnvi#sKIVrAG5WVkY&J0-f>4@7*K z&Ycn+`3mC^&1E`wK-c9QL-<8?ZxUv_8?J=18l$ljhSc&Z520FZ2o@8OSxwkjBIrf} z2eB9iCm!2jiBCb(vJTuS>8RF#9WT?lBRWDIJ_oo)XZ;MmFH+~u9X`r*(mmn=3)gEa~ANE*nsut zh??OB=b_B{v4We)O?%Ao>^j_Q;WS-;WQ-Cx!m)9*e$SC%t~Yj|kK>8f@5(x`u6%HV zpdG#9qct@!F#U4FHgqx%-&KL zsIzEO9qW0puGeVsSMkBRncym4=RdFGmHq(KF#Vmt=K7hSMPv0mYNDR;X9WJGKs~}% zx*^hQtfKMAOJ)nrMkXVcv?KIcv?KJmVE!_45%`}8)EX{E*3$J2S2e7q0YJ!aVENMx zZ2u1cTJ%)IW5B-*yhVXVUf2FcZr>yD^8y1=#;lFb)m%xpM-N9W%0+oE9t6gsi_!lC z%=5w%jj{as7_a3~wBZK+-Ybu8q&E0b062{v25p>90tRs3qQOt^Loa}T?1+u@0pYYL zBDBv4%>te|zwGy#Xc1-0)AR$8ahb^cIeL62)Cx{ya!t`z$+#67&k&}#^fpMZ7CNym z+rWvZP1Fw9NCR3As@Mp1NN-en4an0xdrHPNQn%0+Kto}QTFHPey$H7e;$jfbBTnf} zND-gVSAz3D=$F$vI6s3DFdq%$!__XvE zLqF6LIMYAr_jF?mdRx{p=VGWCdg%0o^zNlQjBC(q#*H_m(4uhzo=+5{_rPUsfj`1} z)#n?57mTrr-Y<>YpuztT&gV6z1u4Crd7syq7NYO9agQ}i<38*I(o-^P=&z;syw+vT zfEM0R=B%Y==_#4Dl=gcpvyT3>g0r6fOR1N~e*ReXLc7f~$XUi!EORk5YTk`ro%HSv zz1_SAd%WJK-DzHl-WKUSNZ&Re#6GFdH|l?2ei#|@l+cvcG5V?MQ9JAsqsKNf?}K!0 z;ES9~QAKfYSKzDgm+Pdb*1m$?=Z|w5yNneyC^WUc7W$mu&RCb{YK`8J$SY zei`*CTIg+o^K==F`8_*u0lnjXFArKP@tq)~gzg5dm43tT-3Qt#`W?UbLC{vwhgDDZ z2#iv?g zq))4!?AQkSn)K9;ZJ_f$jd$!S`tLrCckC+qu}^cX^R$uR-1sbp7OV^C)k*K(&;ypC zC1|}*d&sIoZ;PTqm#ei+^d9LwU(*ykkG${)KIi)21@u1W)3$-Oh5pp1?FMZNT~IXb zw%~THgI@M~UkP5Pby5wd6hy$E2X|>*l<<3j&_3jm`@{>BPi&|2szTJTZ-3cxip1|gCAK*Mpg1$Um>So+KO`@+6Em3G$|$c>uXHp zgaDRd;aZDtRQ|1?2Z*!I2LUf2|1*3<;O7NCF7Qc#-x7FH;M0IdwCAM#qQF-K{z9Op zJ)^%(ivlLKRzS{b4A*J@t=7>tX)n}n*SfX;Sv#loYHRDxX}zGn1MRlD`?Y@XU!Y+c zsQZ{UtWDN^8t|^VN5S)G-IukD_Cno%)$Y{H`lo@}QvV}uQ5&lNsa8iX)N1;>wA<=K zdbiB=0OYJd``z_x06#A9Yk-f4KHU_LwCSyouwC!gMj|)p!=iaBW*N}?X)!XYAEx^w z=b_2(MNaA$wOxTc;MXIk^{2HTM();Mgq(ZySG2l@^YjbM`#btCu&xj3HM9?y8hxT6 zjpE&HxB&Q0z*hYk{RzEQ|HFnq)7R-wH#`Sz_cgqL*lljk)5DJYzc`YZWn? zWi7q>*BW;jz4~_=Zw7q6F+sih&jAnX4bf5KHhp9C?SOsJw6Pleb4F61iQZ+j(QiaQ zhLFE6`bFbT{oyFf{FJ~)qhB_9gtM9cIQlJPUjJS+L5tAg0y6SH0@F-^*h|K{fcY6X zJ7QlnTETz0*-AaJ^=3x2%Fsyc&-4sU0QL!{Pj=w}{ejqdTBP3v>=S8y^oOw<%@4{N zWAKGTh<}g1V0O}7^pAk|P$1BWN_ztBV{|v*N%{l80m1xhih#Oa+Sii}{N>VaqCvFV zrM(U9C#gw)U4KsCI*r>&fr|nk7O3frUnj6%;DErSzy*O134B=K69S(U_^g5kOIR=& zJ|yr7fzJx00OR8VPgue!@F9Uu2z*u`1%*@KPJs&o9}@V4z-I-X)!wUpNPAAJ*SF}m z>JRH*(l6>y>p#;?qsCZa+-6)f{=o>EF>|H4$?P;aCk7GsD$;{EwZn*X+$hn9jUm9t zjA6iU7zY5qV!j*j>*fQ1FPL2Y{e9ps0ACeoS=_GVc~LNbZ>`mc4u+U|43P7$A>RO? ziP=#lVSau_Sc7&8@{NWQyB6(MR3AFEq0Z1~1E7vGDvI_-Kplla6WW^u_F%M5+XQaM zXbqJl!yS;J)3pM7;RzaD2dKl-)}Va@ppIv!SD<|p;4igR#!2IMjn5iiHLf+y1w*Wtofc-u#xN1IC)mP%Cw6nF$k2}fIMClg#$d6=pgI9M|qlXR|bZI#Vdv z?tqi?=4Ng84LFNrkA``;ohxKg$wJ1-?M>#=**6^KQ$5<_IMZ3X$jl-fH*;1bjJwIy zNl5S&De@e0os{i))w4kj`FZw8A(Qnkttt)gEfn&j_MLOKS0EnlOWd7I6&!b-aJ45L z=VWoBT}dyKI^x;xV6u>;;W12#b&Y{HIc@uj7nffeTtXaj?R?U;FRkWqZp5C&oa4?( zJ2#TdL7+>sUdnN^nMoR(_X_qb9h|(wP8Dd-DIBm12lIB0Wi9D;9%STJ8Xm}IV0-Q? zv)@sBa?Ey5VJn5_k`g)xX7Jm;ogK>Bvyg+`EH0!<#o?-6wPs2c;;Awz8@qHWlZNeV zFXd+P>=D?O>D+McXr?gZZ>i5)$pdAJGm|I$Z_pjiWeWS9)JdA~syC*Scax^=!o;w* z#D^hjDltzO%OhxP zI^t$%tdMjI%N9=K?)>gdF5}HCC%u{0)f)dwZ7Y1R==T-TQ$$Tm2$sw&aa?jD=wE=d z+tse6ux#U^5U--m_$AT8uEH;bUP zWh>Ff24wwULR!ma5lwJIuXB%`v)xRJ1~Y<4y7MQt((buj>O?n9APzWhdDNK_M;b}y z{e<9Ae>z=E4g;>uhMDqnM#*}-c6OfOH1V4KW)XWJIct~j(qYOW=mDo>ZFx*Zw@-~< zW&*+U_~n%H=w&ot8NSHeWmeknB-8L!{rs&m?{<@wZ|?kDn^0h^LYvCa;L9it;?)fA}W=Z z(JRJMvF%&Ht4_|TWHvjAU?-dkww)6C%Nn7{j7HCJZeT9UxvNYV zaAt4Gc$vw{1?`#3q{|$|32#B9BOfm(?9OEEWyGTOd@u3oeDsbdT?FTD-n`RJrH=lP z!Ax>G=XfYgJsPwp=ccEVRoW>W2N>RTMDZxqSIHf*o;>tHH6V432M1?_n0?gFCeKLA zE3d-$V`c+sGLy{|Dz?FwUbTB1Gv&Q3mV+hE^1(Hhx4BNwoJ9e{p>qqncll(K9M+#l z=oAWAj>>7nTuQ2+vuM~mFqh39bcbg1h56z_$7gVqrP+`p4r(gYPD31l$S9ct4d)O- znKY_TSJpXnCS|K)&dE;<-8ly$B$dh_F26H{46KMm=qDq@=5E)S#TunTXI1it=WKVr z-<`&d1&U3s2vMp`WzG!ne{0pX%|`XzR%&W>+g4d#i;MZ21tflFs?fR5!~M#Ve&_y7?oQh0-BC57p9c98(JT?7g?!m9koCd@r$WOtt7f6H?9J6jF znJf4N8s6==v&jNnLT<@Ob^SzUyHXCLn5{_BEM_bXs zvPsX|Mp8@o2dcFDDoW-XCnqMl@wA~_L^Gy~&Zv5OD-Ddb_1)MzF)@(Dbm{(_lbfG) z<~(&yBUJ2ZXttI7q{{MD1?&2ZkIH035Hi*T@z*L9~ z7OEnJr)H%F=3Ey(fwVC@i8}|5DMm|iH16zoPQz73ZJ3;OOQTL#Csa9{aJyb1a>O}> zq7Uz?7ZWTe{c_@Fhmu19_n^>4&X5u-imiiFqsiQ~T^;~`Ld_%2TIHX`=QAvDdFHBO zt;kMXKJi&lUDNVcwe|cHeoZ# zp&XtH&(W;(Zw8#l%YbjrH3qH}M%$1=2gj=LF$K^1&EJh@@lo?B5EEK7L~@8r!1`uI8>R>LV&jj8@@%-6% zK@<2U#h}zMCz`mxWiUI9%!r&k9-m%~f7NDIbI$@_mVLFD`A*El#w$Qh0aRr;y7{e3 zE9%U8@_JIxlwIN1la<1FwW(ElC5w7_{yI;?x~E~aY3Po4#ZK6mH;?(*mb{z1>Y{E} zW3|d<*xtNTo#1tG=43O1dSouieNYgXPg%&%Wxu^i7{R`glQ6xX9XMOmv8ax0^vY`aRmJ*=VHUhI9d zSOtgJ)%f|Ri|!VivNuyu%|Hz^;Na+C3%mTxKFEHCba45USb#mxMSlcXjzfn%`lcfo za}r+%nsFQzcd^>T)Goy_s&Wp*(b3{Mi@q|AIe4`*&`{0Gamjvjvcgw5UA^hPEQyVO znp9;OwqDg9`s*+2QL&Hfm+Gi!ReQPcz|uu3hf*o1AVE;+4&`liuwB(IS`Po4uz74M z4rC6$d8lpUx0vDv@MdM`EczVioG>TgUc6}tps{~Gjf(Tpv86KqX+|%vk5j;<1C5US zbI4Zdx@Z?zVdc_;#6SPmEX7xCCyvqN`)|DcKR$MG|2sasQXl&5#2AIXc=q@$tv%1a zE3|Rp{KfjCkM1_CSS!A3bZa#(J%PBU#d?f5UXzVeYz>1!E3U=X#Wn=vy51OR3>kPQ z%1kg3U=RZ$v7OA)6=MlIFjfO=Y*TDQ1XnHA7VBX#Z6dmjn?2xbZosSRH=Z!s~Ln=6AsxtBYWKALfae&^Dr55vauN)sX-ujIbKpBXLuv z#<*TR5(&i()eXf-VQMf|wSt&WcoIH|5l}!$W5E%%k{e?EL5PjugT+LLBJv9#E1|;x zT6EzZ+zy34chkggM!yrjESC1ESQL0|bufrm{nzNLYl4B; zU?dV7)bR_c9@`MxAcG&lZ=|t>NAN$=5;tNCpFwLyY~k}z&c6g;wuQ%ovPBDD2?d2| zoi6AnYk0B3?Jp5(Hfc@xB~c4Sg3SA*F8V~G3s3P9Vhi7bC~Zw_;bJJL$6C3;vNy#R zp2iQjymF|q4nn^NGe8-c=ebxgDEke?*RW!LrNJ~{u&`STFTz;R@h1XbQM0@f>iW#V z=O6vVXMZ9ruSS55Eozb0V3_B65$v&rS7Hl4#~iQ1v$}LMsKs`uJ>$8Rm`8$8aHPOWln1d1ESd9zItCPt)tT?R!rlvH6eRB0>t&N&4mRZYN z@>d#PAagD0fiQ~<36=-)o-J<2E&+urOONAMZ-{}i(1fFceW;0=v{rUiNCOl8M`C-6 zL-Y`$wTT*=Gz*>|Sskej8fs{)PKQZ~+r^6a!8zgJ2$1dK*jlWH(c42oKR_^t3I`1$ zSK+7oOa8))B7^NqEAe(^>A_?CtB=IvTf4gPCiEta+Io9>uh}};lj`W%-rLjBleVwv z=i@=*B;yJsPd*JTNp~dKkFHe@=J+Pso9R>uZou;<=6V-&g31(7DuXB<4DSzXK|M&T%_l>{VZje_ve2 z;&%~uFq<90Et~q0+E#A}Fvsf~D894I`Y)~j!xrH8rwMPP(n9sb>iuwp#4G1ozVX@8vGXtx8TNb0&s{%(Hh1r>H+kJ0e7R#pRbsI^O}15rReqQdXrGqnKAT=PD`O78k z7oINM45)uSD6?S$NN&N{BL5&}S2wpA)R)CdlIIzNZnMC#eq+!rg?#4&Q}FFo7IyV-tKY)hopM8y#T4zhQ4@~AsScX;&?MNj(=OBU$^|-$#K!`pg)dpQCYX5y-GKN zzm|^s#rB6Fo9pyB*tAfw>bGX|9zcBq6_u5f z&%Cg4YXFQh|AST@pNq&N2zFX$?C<-51OM-w($v4dGX@_}4%AMneBm?2R*>KPfb!sj zT|swz^e=AYsaXKwJ$J4Lu>r1&!i?`sa^YyV5e+W&ps=Hbe9RJ8WQV=d9W$&QX_ zcUxC1-X3jD_QdyBv?hXuiFoV6_Rg+YVqx3zmfm>J&9T;GqNO#_5smk@?27JfZ}04G zNp$Y%g`}soGuoweT8P!h(`K_b+1ZsCk(6EG6O=O68;!?QkXU!Jvo)IR?CEap=}yM> zB}Y2vp4M0*(QnS@!1o!TX3;OM`iN=cf294Yza+xPuyeza-k z9rr!;*<||$wAD5=O%la31tm2Dyax@pNs5Z+4z!$mHOxCpEP7lTW{rJ&~3%fRKJ)cuv<3UDR3 z3S14=f%RYm*a$X(YrwVOI&eLB6?iqc0o({~0=IyhLG95rgV%wVf~N|FYX7z4A1Hpj z=@;LsSyS`-Yo9uzqL0BS;DBWR=?MLe&Lw$Ozmsc#8ABU=bsI0If|_vT_Sr)BNn60N zzwed{3#zo1yUjMg;x4b$1rJ2De-)*_Z;=eZ>D3t#H!rwG6o%!Xp#~%6k z%V+=a=X-wi-jseUmv_s7Lbd--$NzLe;~78u>v2av@%>oY^P1v}!6@KBq1ylMsyQ1D zUj7%yKk}dd=YL=Q$d*4C1yvs_A{;1G`~Sly<}@As(@*`*xqtQ8r&}H#uRWhhe4zY|?`iLG3`PM53f2BA_r2T_|MLC!y%D*wWz|)KB*180G=LG8n9pI!U#+GqEB^!fJN z3%S=WdxC5UvJ=P-puKay|E_)g4+<2j{m1tIN2kQR{p#DVvi%=y(2TvY?;(%1?vTe; zbI4<>Ipk624|(KzRy61=NkdO}V(*?%#dPlZUUJ@+fpY*7o%5>WYnIEq0k4MzRj; zyEn%6a8RkaXLqc7W3)TE%L-Sa+oQ94kI5&geD-AWDRi4O-`bf>#^NK{C`p?|;ag>$ zJvx?X@g2l@6s~`y&v*Im;XDf0JJNNqonz!`V7tc1mEQ@{$W_3JQNe4V;lh;~Ir4`P z3)7!9Lbw7WK|bxm^x^CLsm8(-HGN33Fr{-GO|)#XCnLq>%*ja9jXxP#n9@5Y4}K7{ z;I%WSFW`@dHIrRx9TzpsqEG4*#Y)!7m8LFExIVz?euH&1*2H$VML(TWeERalr-b@#Mu zI_hSLR=g0c!oswwr>DLA>gQe(t?DmYg@tLwOHbRms(FHF#cR*P^k9LJ^yi0P(Jm#t@{(n*dA7e zU0qxp;2eIUVr{HD7Vm83@OmbELudCbV$XRYzb&zL7f1U}$j*+=Xcp0r=yv9yJlzBsk6)=dFi+PlRvOEL z`BN405FP^ULwRU|=F{i{6LjUqXs^$G<<9Nf*)%#YIAiJ*0uOnr%1oN%Xo!fC^J8tqEd7=DZAL+87_RN?tv?fCwj6b0T8uQ3L%wpy)kKKeAEtZe^pwmGJ=yJfJhn9xkJd-*ROvRQu$WU#o ze9sNFt($oAjp4;xqMsUO<@8cFwg$yYfjU>`dL--1_OeLHnw&|~}*?>K1tStQ;6rr_rf zz?BkD^2%K6pz>fZJSD!!U52alBoBITaPRAJ*)LCBh0C6KN@FSe=BX~+GTcMBvv3dN zD&CiHmCpUn{SNMI{B0d?p`O#&W7o-b^&4UWletDTmDA;gYX98xALzf7&fhP<)tIE*`mb<&=d$^=+bTXfI$MT4FLWR1fib2WaIsl9p$ti01q|j?Ud1Uf1I4 z@|5!Y5H5U9&B2AwDas=mae3NfYEy%5^0~<5bCPhnhM9xnn7NZ&+R@0!Cfp8CZSZyQ zA@FJNMQ}7iq1r$9{KsJ9|9p+ ze_q;+x^K5D2GLOTX#HSgEFE4tL}%jV3gqU_5&XD&Tpb&bjCnxk6pzQ>1g(uF&F3rGA%jinw`flb2<0*s2wv}!S*dRp)=njkrbYk)Ol%r7XpL_n} zIhUtwejX-~XBBz!pNlU0dOPE>EwNkn#uAoGb=_@S*_er46T7vpRW~UO?;t&uxsk8C zZ==*d!=WGlb3YUG4M~o2>-6f6`Tz|Xr9dFOEV6^1EZ5D zLrUWoG%0C5>8dhZ^j2yXE@Oz%RT{r^pGe^vFEoxxZ)zNC!qxb)5ts2Lr8_{hF}m$$ zblJ5=pG`J5lf1rPjh<6#{=K1K?Vo%8L$W1ac$rf(X#5k*ql^U0)|;Z-x|2njH6E`q zWfnizfmT)`8UqceFQU5*Xxva53vtC~(l&f#Y;|eXklyNaddl0jc_b|h647!{P~*~D zoQ_{*?xam5OzUs~Xi{Hk=8{VW)9)l884BxnHI;OwWX{W$ zm6TV15}J+W27CE6AD| zhrK@AY045YXJL3WvglprcQG`4H}mmJRk{TZ+_o@arxL5;t2LDu$W)u%C* zd4aj7%^FhcMYD2MU#$YG!9`#V$XGq>yVjZyG6zea`MQ|rIiUKC`c}Vth%n3V!(9>T z-(AEx2WDyPP`L%lV}~99`r`q;!^@P$1&t-*Av{fqSDFu&;i3b~J_9^vY-x7={$j$f z051dQ8b9fj9pG}8r+6s{uZN{elqYRu^3+^XdD2!UPueTRtAS6bp#ksOx6EJJLj;O{ z6k&N9d=bpD#QEH{&&+)ci*hKh3$Va-aXXO$9=mUOV#fat!&Vp zxC#r?$}a6`=e_k!V}q2A*)kS(d zTo;91yHnravV4*{4u|Jk4{4qq#(Z;E-~WHG;P(0I|Ki1|z*zquJ@)_KRR8CratXB+?Ua>i}Tt4n2#47 zyeB}>`tb06&tUuir;q*L@{OtwYX7f?=07|yhG75qwEeX4Fzo-?ZS42B^V$DddlfJD zayWqf|GTuGr&BrAu9?1LWO1>#MJt>nbHk0SR^jjKnTemar|{%B69_mQywTe&Kj~b56LG>&empw=D z<8D6t|8n>>myTdq>21sX*#AA9A2->L3zt2uW3`6Mw|1jwnX`>#SQN44RGTTzK=%KS zK(o}B)0^GH)_Bq$PM%x***Garz}s&1jIE=1v(K~O_W$g<`!-tb7PM~rQpM0WIE#CH zIeZ(PlKnqBFO37oz|q+Mb=FFI%U<8h9%bb+qA}ZmSXk+v=Qw>|j;p=kxkm5HcAuSw zm92MY|F^PIIQzeC^Y_O7uQBj4*AM-CX;r6o^WwJeRw<=$R6zHnAk@0>Oa4C zm-xpN&M#^sch$(ws`@awOGKTCs8O$$ZLmLyV z{eLv{{~dIIBzPxyFBrD#S=p;MvNxHpPfzBgfgdOCho#RzFFD*IW&_fBUpG$}JCQFn z$w6Gn*zLF)gAd~+`TIQYvI|QdHAna@-erUR0xn}r@FkL99uwS!y8-tr_;14fDy}^X zA)9C^SOv}|#Gh%qi1$U{a`1w5dDWli7(EsV+6;Ae-(xTRD>vXzN~u;{l}qO)N`h+) z^-2DsQ_VdqdCbpL%IW`IP>I%u54Ptw+$i4Z zr#h>w(zmLktzTweKythT6!2{9`X$JX-ye!y-f$d^FVfeolpKF zG8T(9Myr0H(~sF_lobvSa>LX6KwiIQ;`43)@LYnpqETL9n!)UUuY}5nI?9SWkp1sp zT|DK9TF4u(Kl|TXp}6Wl;qne<|0^Q) zz)jXMf0+vuZ*=tyLO000Nme!;rJ*yhisxzj%mvbS0lV8fckPXvPr^WdcIJ#|#rkWr z-?{#~N;c>p{mQOnASXO6yNa(m z=7d*jU%VQBFWZ^$zOt<}#NIFs2Uojx@=+YTjh%Klb0V6ik8bqsIYWg8)Q>$d))xCd zO?#&A%!k|aIp|-6A!GeNzy1IH)c++H>HD#?dlAT(rFp#>1N}IA%*hh#h%_`n^MKQ5 zVcTFCw0DA{_2IscFgCe9m^;6&GJRlZC5j`Z;F>@0q#g z3H)szi=_LWDt%lL0P;0uneWP?b)TOLYYxo%FI9%iS|&9Q7aemuyw-2Zm^*>BxSM&` znoe_8t>r$3%buQ@yE4}`cLi4l!5vTHuewEOSGnVG*ASkm%OWUzJ!VpmYp@oq0Gq(I zyz8FeVsHtlQd&@a@x2nXZ5%P}tx)OOayO>zKc1 z)5q0LCTM{1e1X_HhL^fCqIjOx&q3%<1J*wi9s~()9mcw^ ziSCJI&e(**_a?{=?*-zRf(>FIdN|2`MK*U|sl#jhev;VT^den+?2`G3Q? zSGaVZgkhqe<;LU5E?(5d`=U$#i!Oc93JFfH|Bv!4kdF0$9xPtWLPNCu?f?1kK7Bsl zom~dA;r2DjXn*?vJ4^xXogQEICd$4gQ}(?3e?HvLPYSvJC*FA(mn>U84QKy*f)JHUP5`fj_QFWcsiV0Z^KYeBKs>rlM=)j?{bobar5 zl=MhWc(q?gX)QU8z$d_Kpp*VnzP@cT@icc#Y~Rk^zunDIKFetD|B2T_(?NEQOWLM= zu5mWYHtH`pY#s9#uj23Vq;dqiV#)1WF@GeRWAQ!Lp*^>9OPSBwgg-$EnOPH4(MlpK zEgxU}Q~kky`KKb}gs1uE`H%@`t`z$EB~eY@%@8agp^x+aEEsOPa9rtl<>%-4elN`x zjt~yg0`+4Lcoq9TZDiV&d~4^f?y>&=!Rr6|Q1jL9yGh7&NcS**cJpI* ze8u#Mq08eV=P+NCTpJzhZOoh0xd6$Z2fT`FAml$kXqt@1lU5S1?@V?$(KP+117$S> zV#W3JeoP`LZ~sxa>Xj3o)~Wt{VkSHY;`XByroKZPPwak#uWP;28;wSD+TUtb)dYAI z{}*4^=J@_K++k02QTu)aCr>H2zolL=RSGxubM-oDv&_G8Gz z38tE98=KzPhbaEBuXE@O`8w+M9M}ep5BK%MJ6u1r*Qz;>9|JSt?|vW2x0~NDP?@z~ z;0j>o$n2>Ym>XEz%O$u>Ewu||?rYD(E#X&v?Y>Hdah0CpDIKLJy)TeTR$Tc`w396)TN<)A?;ykpGR{$?GGt$y|eFZ_K9ZWYM*EhE@exx$7I5* zaaZuJ-5}cQ_I0@RysyV?z`Y7r>9jcaM%+gHZ^B)J+m1^a$zS_L3wTq#RZ7{Rs=@Qv zA*(U(7cj!lgj%lrJ&1lP990_P-CLlYJ4MoSGS%ZX7hxm$iFeEu51fy?nfEeWm9rdo z3-7d-ek1vS_VhlA+l0%WnXx5{PHRv0&dj${m@gery{J>F2X{MeFRtj~xKZ8{xI3Zy zG;WOd&*1Lj{dU|=-fjK6s0XuuKy{kVFE&r76w}R(W${D2*a~)-XVF=|grT2`lzSc= zBFyT#NLpu>;I~hafIZ|X9x!cBN#Clh=ipL)BLkHG_F23qc~{$i0y(R~{UrY41@%B~ zb$&~sejl)Zo4?gVqsQiN^~!JF=KnQ#t9DxV#@sR-1NlE`$-L42szF8eSNek`)%8p3 ztC!Ksfp^|9j`_Xj@VoUrKWLPa0bV3i<@>q+$e(W!VScXo$BF>3ubPHBboboxHjNmx-+@Rn6mVAdx_DQ8lqCQRRy|JrJFeOn%3jk;PP)?NilplV|AHN$fHp~~Ecm5VSjo#YTx269Sw_#M zF2F^v9@IEanVqhj%bVAgvYA|J#(OVgx-%`1j3s$K0?tFgWFPn}e*Z>Um9N@e{D;o* ziapyr_lMhvTMD5J#c#W~{{C<{?r_czD1YDor>GMFN$Z%u@SwQLtAjI%b9hnL5t0P6DqK0Ymogdmn`N}EZ!_ewpzv8HTJZ8lWuZyJbUW1^F zc=tf}s*9&QB|G6feZ27bq0_bhQ*;CQ>^aiKVI108*y>^F4aN2ALi14}a$-%AhEo~@1bAAB+oAU#!adm#64!0Gz9#>;$ zBj*Pm!&Tk17L)sH+zo_h>Y^D=cq}~i^8>bx^PeAJ{@CyNfrpS00dvFPeiYe{z!RYM zAj-g6(A(Eacor*T&Q;&n`+CxlyOBR~y?yRq-JI9k@9rX9h5yRYEpzFNcXYQn*W3NP z9nkB)|LVg3&dIyC_epk?uDA1fyWm`xpSSyc!_i&g@*l3f?@?FZ3tW0)q3@$1S;yA` zovrxGE{?bV4QHOI)bh>In(?>kXYLBYsi1#K?E;?Olhan;cDROWun3yL#O}je%l=UEQC1D`_ zptsD6DTAfR{Tm@mBOj&+xuGsBk9S|MelmFnxUgj5uPVvt1@M;?OQb8DyuRe}h~X*! zXP}Y$dH25Ag@4n%f5*w~qfXAJJJ+uZ*Sq-M&iykN?;l;fe|Pkoo$K}gX4l{Da^+j> z+?QN>k2*K%T%C8~|5*R`{BZ4*+y9?&{y%p7KkVN3x_F;=axmAu?{##Yjt(BLR{tmy zv!My~pGcW#yqMc?vnPdj|3DgHQ2cQc{=VrOG868z&50XMN6-0!mFx$(|Eu~r(4VR? zWMw(T{*^Vd8HdYpD?zQ7*MZXSJHSKW5%BBa{osS3<})Y2S{k7d)cLa(umenjDezA4 zYv8@$1E7AlL~G6Gz!$)m!8bvTEn2_M0Ox@<;A&9cKHmnmfxV#4WPJ{N8hjqq{Qo4V zP5DV+DOe8bn<`g=ozX5`Q)o%VTU!$5sCmNt2C6(OTJ>|M?n_1b!LxyX5{&Hw^BGJ^ z8@#xRO?coL#9LccEUPrc1-B5$5w&1GS&RPHxD3GtHFEtqMLiq$dg6TucMI>@^1mB8 zb-feBS5tfyWN6fM)JS&`{>no@k2X+uSGDdo&QC8Tp6}?saGQ!YUz>XR8gy(}Uiiw7JF}S?iz2=bRa&>&{y2j=M9e{^ zfe&H%Hna4uK8#IXuOCmRlYJn{$Ft!s9{jKNV+Ui6&42L2fj+Gw6UU{6EMMZ%(ixXX ze}`Z~vSaC7eE2rs#n+jUNHD;`l296!)}^r|(^fi{A>QY;m^Rf=$XMJx91}LMHdT7|L1o#cQr7W4Ls*iWl&kaY*Agqq6Qy- z;JnL%B3Jffrf>6mUG;x5&&SQ5xBJCDeyY;^guQzW7B6k6Y^trcyPbp8`TSs-Dhg=* zqsJqE`Q#w^X6*i1!)tS#8=`zmxMoRxU0uTv^Z#&=Le>RGLFIqX9dDHCT`)+!9m{>i zYa6Q9EU9m7vT+CI_pIPHOJ;1Z%C~m>a;--U43clCWA^!d>Y!n9bzS9<+x_D7UAsf% zta3~ov>fJFyo2ics`_QMm1qqM1J`$Y@SqeD&;`Gh&;5hSms;2H*8R$P&`{sh*wDCW zXtH%t@PNtDuCJBnYj6JTAhOjr&x$Kowr=0v*qP|o`2MWx63Z4<*VR^5O1)h1 z-z#KZF<>?y+_QHSCV!>_eL!Jr!Hzy5mS5k)|8PHHHAGh2Tu_=i@3tj3fOm!IY*|}B zVX`GAU6^P+=vg))lR(BX!6u9`*DIggc={fd#$SO`@8(%_xJ+zSJ*!jcCMpls*nbS={u^IJD=Pz*#V}zFgGnQZ;Gey zsD8Jfcqa(6TV{5n%#oS;>6@Sx{lwFq@S9xNL>~!P`RR_f|29HynC>+DcE}CW_pWBT zw6w|QL22rHQrKq=F3mbKBn?d_f2ExGF4?EmI^nx7zV@ftnRk~3GWXiXF- z3$MysvZkbkOFvVEd{fWD<&&;Q_7rmjG8kwsS-9-Xl(BHh<(Z`wUWEKa#I;4?N}my; z>^as*OFcd<7CM`6fro2YCC{w_la|6xu&}0HiQ2OydZuf3{&m z{QH%Ps>pYKP@~Uo1Xs*!d}%{!d(%UI|9>~W-X4GDYR24!d~0d<`tJ6gU|}~O5=aCK zv4kz`Fu!lJvy1z;)}y_%E0$Q;)>onKatbw(V>=tbpw{XSz_&!h9|%j@g|K*H$}lon zw!4LiFT@CEx6AA?yhoXJcJDFsZ*ymOPqaI_D;6K&`Xz7eOeSOT5v^cHw7X3|G1KDP z&UuVT)zX>SmU~aKa!ee_ywuZN`f!mSO5Hyq+}oS%>`IJC%IS9LjmLVUe7B1VWmdb$ zUoy5YInp_gLi_(b^uFw0@1W~zai8VXfm{PDM09Rq8!xAVN^=7Xfo-IjWYC&I8akJ8 z59=)rGI_vQQ{wIl32K@ru+lcE2vr@vf9?}|aJGcXcTzC1*+D7HN0o3_b z?(YRH;EkZxAzCY+50-)#fLhaN9i=?9KGFJBYoHk*OC__nz_P@wKx7w(73PaqI&h&n zT>)yHsdZWK)f&vRBgc}q&!l{DX#}W-gGD${~OqiK)Cr&>c2nW3-Ei(pIj4ko!U+9}WG%(Ir)@5v~Hihj9I}~PT7qn~T zZR1U*xEk3?<7-_J)1rWfb~Ld{(H&sg+-4<^)PgeEDIdAe7nH8!8Ta$Cmgg z(MAoJBr^ZgH5Cr#MFDR?Z*P7$5KN7nPFhZ&wA>r?1?$p5a{>jvfx*B8e}ONUM#2#P z<-R1GQ7C1&x1_=sN=T?tBOy7tW}01G{p7Kl*rd5%%<;b*)Uj)8N|iYZ)<`0g3{#i( zn&Dqc3QSQ>=UgPIDCjNC=#5+nWi*@Av3>L0!M;LY&{vl4%jg~o`AU)VzEG~p+}z&q z_e~50$K_@Y=ryz|L}i&9NnTHH*qeEgzifPFK}kspWzc2S7ugVBaDqSI*B?1tV#Sw+ z_{LU4d?Wm21%Zj79^R18ipM}adDRe4X(&GsEb))EA~CC}q*Q@s<_szJ2FtC;YF1Ou zDQbh2Iadqu42_d>Dq$JjhYTddawDG^{fFmdw8>>qMh-i|H#W2Xgna7^YU9YIagO{e zfIYaPEbK4!W#)MEi~VIqR+M!RUs{ePG?4H2mUOQO7w3k8`7t6I)u1nTEZlqg##R*N_6&pv z_`(;L`^xA~tZYk1JpNxhp6J9`>9C?Z0nuG{EYYC?Mkl*XW;}{u@*w#aB0aX-lWs`71!i2cZUFO5guRj*7gX^TO%B~I!GUg>jTchs=?|u*~+{# z5#uju2B{(J)WNZ?3s*kpwLGMJ_L^MHEWz`pzc3&^KI}35ft4#6l9P!r~1HDD) z$4qFA>xTU;B%Cat%)#Ev13{~x&PHtU?k0b&*n0ZPO9GQiL5dY+Q$!iAzD%_mCo)5P z;i&ePI)+oKFJ|h(2Fh@nm35lZ(7miIP+31JuK>-Ff_RO}@npC9n@qx|Us++$8wv+2 z@@a6v%IrTQ!gxJ6^~W*&kfWlh3ZfQ>q&m8zysu47a?Ae_&o4X~RW&G{a}dulU8j$x zgJ5%=u1iA}1f`KlCW}lfGTCHke8Xr%rY)IvWZIMIK&B&^PGmZhIhV|NWV(RmNZF_Z8IgR*uL_9)K~JS_MAzr*NUn#{f;O zP`)=D_64nhoI1hEZfayCsy4W<9I~N5OGr#i6p6KIfGc6e=%`g>-RV+^y<)mEkN?#+FP7RwNx}(qg68e%C7||c? zbZN8`)sASVyeOw+sy)Ah985|9r^lRwna7glqc4$}{?LJC&4L4V_BF=f+qdRsn>5mDTllhORqw@V3iu*FL*bo3_4I9XlmcBlY{p>!kmeylxt~ zY{`ypq>Z9`N_CS=%@k!bmCeJOe!j>m7asyfA(a_ACHVOf@DH4DPb7iXjC99=teNQUQEy(P0`K9 zX=1b!-AG0sX;QRP4;!b+QBKKpBkC4#S=_6_h z`siYrraPK~Zup~}rbjzbhalQ%Mzj-k7^0p28s(Hs9SXOA;}>v3^BT8(*%CE)CNj#n zipyaUGdCFe%r=@EpGZ zVL=_>=p4UMcQgfckfWV$igHS(4zyb=@rxy)@tkL@iZB-$Wy~XUGfc{S7+x&5Ae=k^ z#?8#5$jk-EDC1T#x51<=gyETaJHmnnbfWS7o9<`|8t{pBx+BUdnFfU1V)-A%^4+@B z6JOfV*SHfIWh^3d7fj0CFuYh6Bb-bFYi?%#kIa+}#u8+daSxe$VN&jc;hA|q!h!}U zqw!s;JDSNffa&J=QRMgo$S7kOndLAk55n*qUx9Ek4FtQH89y`oZEV%tx(#^<8D*>_ zvkE5VVHlp7s}ZiX24+BHK#67?{Tc&uH0XLvgN`ZqgF4<2AJR?phK7WL=)KhPhbpHe z(U4Y?Vs8i&F7th%P$1Ynh#6#IOt8YUsD5R=D`*}BIT`-a(h6$|YOSEJ)LUNeE9e~z zl-3Z4CFyiIc;+jNOj*@Nl7$eD2$daGvs(N3$}pWI-avOw z8ZDLrlxs2=^>{!+GTaw31`8({S`~#+&oCR1_B66bOk&8oe z|4$q!H3(xBK{7s%gZqEs&y4TM{6OYMG6!MOLol?73K)Vt6XkMCV)5=@Ww$RspY-?|Oug`kEV*HFlr_$(|b=s-;JdV>o zj6XBz0EQrwNQN#~MiLo%HzR!tMS)FR31ekI3goB^NQIP=MkWWZ9F&DkL1RBwJ{Y8$ zFmZvSY&dSmU0G+ZKbH3Hg@!tA_E6Xz0OJq z%yCwVMwHAm$uuU@gv?nm>2v77*u)Jm)=8cXIqD>vl6&Pz&V`$GlFgx64Z@$XlRD2j z2F!8N+k#?fN#-0fnPjrav?7xYlYTQrflb^3W2Lk;aEr>VCaVNH~{NFF?1x;iA-lQ=aM-OCY{DHXcIJcVI{H)AMg+srNv((pLkY$B~H_Q4Iab41h_$mkx(b+z(@=>SD-IsTxS`m8p6FZdR%WL$gvf z1UsqJ=d)5(6Q9SCs-YCaFfzl*j36_T%qTK{Av2mxE}2WnTndxEoT9}hR=`-P&x0J5 z`Z45Qnfiy|W~F{CG%NM_*h!^MmX-SBtU?781HD~m6p|?-Q%uHB<}#Rc>cY_`R>N2+ z9S1oor6rJ3O36en07+}%eS|(wEx07-(Vd=|r(P5ERP9=C4A#nvyi$lcfB_?qUdE%h zxYF_>cZ7BF=pDN5B}IXtKU`eeKo9l~1aksq;b5TTggkWX0%b)M9p2p===BHd$zxcr z=!N~5h>eNgDS5q1@XCV6I#AW$i`3KvQN!9&6BE;-?n~RLt{Z>1qiV9M>g#EVJ-)wc z9El6>M9H3H%&DDswCRcDqLu?T5%3M>9#X%3EgG`Xw)X*#7RnR>u~$RPr1?qlApP0R6? zd-GA<5|R?qVg}W0rrKGA;+5P)94&1P3~j~)$|-DO9Sk)&DHEa8(ffPGBxuHD7z@qI zv2&S3vuEcl`LutF#J!T8kD-fT!D#BLM zbOdHb0!S~q41Yz4V1rwNn1LOl#42;~7$hop+KlPsfKAYNg>@~M0mZr&{FS1h5e!S7 zDdnq3rZEjmzFNxHkW8Z-mVB+0XOT?f9+o^?%GZ(nq?G4K`FfIRY{c@uLCQCh{IryB zlJZ=VpONxBDc?-;CMnOC@+~B9mhu8A-%9ecQoc>f3rXH0<=dtFHvZmx@?w%-kn$2K-$U{?Dc>vQ`$*mn*&^|Ngz7~@WbtAeOYxlr;{(_k zUtKWTMs6{=j8ZxRoKbt1G#!EAkpNN;CWj%Um>h}#FLu7%CSQhXW!)+q*<$ix zih_ocEP1t**N{wuOP0J=%8!st!%dd_sFc@{yi3ZDN%?V-cT0J_lsAz4s+6CQ@8r4f9EMIKMRu5Gm;7@x~h-%tyZ zh&aT5|I02O|A_>UI zv+H4J-0^01)S)Y1f3`B*di^;o`g_Xx`iM~M=Q+Pm%lXfF&VLrk`N~_#pK)HXIe!?c zl{=^6$W~sSMp59uO8ImtpFy&aa)y)}k(?;yGo{>^_>MVevE=Zgwr}Q0Tu#%UU^L2+LtGJaH!~(4#Zs7$nKT;5t4eg(CnyMhw%}NWISpgi`%JFiFqNS9_ zOPK~Z#5qz9NjXe%rj#qBJb~maDNmI0B$8W6d9su*CplZnS4epZ$!#Fp7F#=fVHMj{ zxXBS+x`9;LR`nXZaV30=X)spVO~+2f|5MpjCBiDe8Hie3$qR6*R)AA@0bZdMV0)Z! zYyozV*>)|CY!%=vilU>GXG{4yk~>Lxj+Cz_xwDjSkn)WrpDX2?q&%18^Q1ga$~TjI zK4jaH>V_|@l9~^wW-$!z9Dc>*Ur6l)- zY+D=`;0vob9)Me2*4|m`3mD6w8p~mVB0kZRXJ?L|FJBP{)+KeMx+4(F* zF-*!^r2HJo!==1c%FmNLLdq{lc^k zBnZ1JuMH9|IV~v3`IRlL}2J&%UiUD=!Rv>d{FOF<6@DWAflk&$>{)FU0 zDSs;E&qywk^5;_CM{=>0_e=Q;lKoOXAmuMfzD&wrN%?D%OCZ~olP7>L7NcL8n9v0M z>*)yzw;+&$KcVp8A>Fg7(@kB>b^n?BdE&I9Yfqop`KI@0cieW`>xobJHe{SOX4Lt& zK6kV4^jUXq?s`(a1M9jzl%Bn+=4)-Xem$m9(K)v@_#%7Rs;6o%PR%-N&(tRZ+dcms zb>r)QZ}-VXov!bdle+KYbFVu4q%Nzre}C)Dz-`-p>@)Dw+j0v&YH)Y2_y0BS&n-^q zvvP~C#rIp%k}p{<#z#(po>1{EnQq&T<)IYZ6B^`WF*8~tcCat(4Hm&*En0e3iViZq z7M@8*n=dPk^E&v>nlk$VQRnKeEvJOfIFz;Qp$|*1`0LQ}mMe1)%}eSzEq_Jw!Ht1I zJ8I9^w!KT%j_WfXJY3%6^F}W%DSL4LwUfN3eU-jx#kRS%w-!#jeVw^z<(Ey~+4GO> zr=Ne_YYE>JeD~;vAteXu|J2hw)am;PO_o1;&B3DSQwsj}$;>({W<9^D(?ZW=q%;j_ zPHZ~;<=wSMtnDqXfI@{$IhBlmv?XWZtfu1&$}N#J16JN1vPaYW$?+fVfq$a=z#r2k zA`kq(0mdnnS6|ck76EE$P2)T4i8`#Y6SY~u6t#HES2NP`5kGkH31n2uM zSfvwIUo(=#S1e$PFF95RG_0<(#cGa=m9w!r8N`@XqhY4eK*7|IVET;lBR*vTQ+&c< z`dEYMdRv%oaA9&bOlN?YdbZ16n?{D>su6MZK0`^o#{#B!mvi-w#?_6sT;1eyTD}BcK29CFV_|m7*$} zsM^6m60fj;DPHDOy`)ifvn^HgU876mMmI%PcOvU)29tP-1x)cICu^fd)~&W= z-R6?zY_j@*n5dbrrqNdc)sKLBj4>qEv4ANa{>dWqAWc_4r9SAylB2gZ3IMqcP5zhY(@V-!$c0_rZtkXXb5rnr*> zb%zGjUA92c>%T5g4hE_S#MG-AI?q(U;}bHCV#Sr8xVn|0Bo?rMDQ@9h&DXeEY|GUW zmn+#iIdeKf0K}ZYxQhHLt7()gsKygiH!_aI4J=@a>p4_&G^p;eh3Z}xDrZAA5yYf3 zs49Ok)-)z5rX~|p*D#F4)hu9&t2k3LHKy*fW6HA>Ds72k8TM%6XGE}6GD)kTxYtMr zUn8dhDmF`Rx}t3c(RL*ROiX0~Q%vEsU7^wTFrbN@@VVMW$=NN~wIC*Hfd(tuiH3)ET{C}#t86Nph$(dR0V<`GC`j2%(R0;VY8AdS;Ndc+o_ zM_rJd4bp8OM$Y(*nwqyzVRbuURmeyZJ{B-V0mmv|!)l!^R*$(@IUB3HL5ymj7AugJ z5J;CYcElwtV2WH0(r68&$8AAc?}FrPkRAXr>?VAfLTNdnG@Q{RhOvMthH{jKXee#4 zMd=9_C1<1bFo=nMYuYqcE27pAQ3Du6qCX4ZCjmK87ivUpv?c0Emndfw^*D&pU%pze zXxczD^=1HxUMygWo}8u}jV4-`GiH#$LyKoF#=z4N-zxvj-=5xtld9uRC+D-OA-b@DDbC~dF_wc8e}S6!@}jn(HMM!uM6y@|0; z!L*-Xs?Ycl^;p0ZCvlig)L?qe7N*x-n4AsMHy|e7+tc4FuD&C#>M)coowX!%&H8hysvW01n3zM^9It*g$ z-=3xgIU{Rk(bAkh|HRkKVgam~g;3R+SqN0Enf10UReyJ>ayC_|Am#{fPt(t2RpMn3 zUOzCR#P=+KwX-;0|J3k$#}==5UA&x)mj}eee|x&FA}gK9`kKKczG49^pT)^Kppiwt z;}tuO{=Q3=v&lLc#K@P*&;iWsKOrAWXepo?5>THphQy~VfF-mzP#cm$;v~JJk+j#Aq>o&ZoJ~?w5Tn06-AvKcoM?KJ z0VLjF0j!$EX?jhg>0?`(K5=PsHceR|MqcRD+taNSP}v034#tppg$1x+76O@>U&rlLuSpX|#ajv##TzziK)jpRiXLHpR#Mr()-AzH& zouGP}aU`B%0W6Zmq1vcHwci%1FI=dc4OJfyWB2xSU&T~EV(Kx5kyyt9SSO1!^@zsQ z0XwEVUqL;psj9#E4a%SRMNSIC-P&&zdE{v( zibR}n^jq!i;hvO+FWhOk4xWa4F)BNoJvmUd0)wa(Sj8&7SjhrdsFNv(^lfkqV|!1k+N+kGP)&u*4aM>0S+{nzk_2a$#~dOnD$C zUY}}=;>t^0-NjH6i&y|FopG-2(738?%T*nhD`#_61Y-0l-o=V0Khbn614t}j0jzJv zX_~LmWDA< zeeeCC>6DV1{icqc+xpSEuk37AHe^b2pC&&ZUR*z?*AFeuFUV;A*0Ne#2F;s2to8L5 zyn9{Jtj6EWUA?p87gJZi)%?YOJl1B*6HlkD&K3(dr!`!#d2aJ3iw4aP4_L7%)NB3H z;K(me-hIN3r#7y=XGY(tJHGg7(aZT6 z{WuNK#P%&tcTsY7Lpu$`=$Gy3il!Mv)0GS$F_i_d{u-z03XP^SY-!4HX>vAA*Mb;z z*`B39noS^0VC;wr7Qnh|9Hfv2QX^ZC&U8U?Hb^&t7&+u&%}1ZBV46oTl`(!qDGOlj zH4f7_4W`DnFg0;uayCr2ff!F@U0cAEd6By{S2GtcXXEt%h>SD{*`7T?|X6r2wBiDqW zmtZAZrm;s+^)^v;HUmkV#R6EejZ@WFqpGVdRoz^woK4jSAVxkWux3Vns9@SlFrCi$ z5vQ>L7HZ=#oua|i-4>=EE=2naH9$xNKAnhlR>N9pkJr=+sZ5*T%HIQ;_LF(y( z0WtL>_fdl@%EJCqUuKRszt~?^WE$Tpu)ZU(>M)i>Z5F^PZ5*tc8d$w-!RqaT zVJwKU_imzk>>|LxfifBT6K*0M>2ec-7GG z>SK#nUl%WD<8>Is#CtV>UT}-7+=e~z^S}AZZ7hJ5+YqW+xebA;mD~E+a&>{rm9x1@ z1u=5H?x=;8(-c+)Vf6zeNqo-&Sh0;`^-m3}3vIEw$i>RpSb0EvH+H8<4Aq1 zA$74WQUhJ2oQ>2OAV#h-Vj(5SO6=waj4$Wpc-Tcl^6z9 zt~U^QKRm%p6JkcYv^kr$ra*~Jh-s!6Yfg;4$*>Y{umIL^QUHoO+1|mE?Jq_(V10{$s(uWj`mu^t39*s|u$CFGA1k!_Q4VNgC)$i#VX`tq^K$>I=(qtDTXM;2m#OT8wlN3#piKc59 zK;mi^!0KO|rkNT|m)p{Gg-esOX_^LN?BB|muBe(pR9(qH5>r_KtAKH;uF$BOVn>zd zN~nu5g7Etv1DS@D>SG`?pxBOqT#GNc<3DB}4@aU~w~E zKSEmlm<4EJ$3SMgC^@^;y$Qsqo58sXqdRv%oaA9&bOm~AAy=Spl(X@nUx|9JVE@1&I zVa911tY3U?hqDEP$oJI93;GSlw)gmFE_ye~g~%0;E*$x!wjv&J5;{?~@kc z3%BR$;GXN_s0OU(x?a_f4OBmRvnnBau>h7Zj(n%JJ}-7ZSbZg!smF{=>-s@^<1|pn6?v4?HNC!9SdOHG7eK4 z4W@f+VY=6a$=NXN1Tk@L26ri}b`w^aj3jXm3t-7Ij#Uc{tNU!Ry5Ggh*;u^=V)Ox# zJ&LBciKep|K;kSGz*1$Lrp6jgOYLa#EQ9*T=vpjCO7*VA3MjS@#n#{pw`<|xuEhta z2CQrGp{gHyseYW!s)RU=1+e-WuOFvq^r0*jnh<9qv8|I}!D-j=2pT$-FslLy2c?eF^3Rh*?0XJ0e4#8)hU zrQbks<;>ZfoeW}B&$WR9sUd;%8DmF$$^uw0j)U~E2GWbRAid;*h8i<9NNJ;q|gDUaz=#IUBF0ASU)_keex@niElPGKj<* zEP#dLI8m=@MD4I8YNtz-vx&+AF?Flfqt6*q>HX*fxQ6yer0W25Ck$Oo( zYL_iiyIrK5jZ_Chiv0#zP|M*drQXZ`uLo*#q^c9y@*S{h;ZTlA8Udj-A{3(Ymkf zY*sd8N^+kjKOSCOKd09ZEzU2)Kw3pb}VT(Eg=^Cyc2%?}S)u_)AQ{nFsbFHhcm!j7jluDxeQ->Eyk z_-WD12j_cQ*X{cBY0cAnjNTgVmiU6_ZKTwC?9^)I#hYnW=+)g(bdx`q5^Yx^9ELoE%E1H=$q`R+8r7g=PRp~ms3$f zzlMX~#t9gCIrt^#9^Q~IEpNCl7{U?js{h43VEypRsFq4O-)FwVQs02iD`8r zSG7ng+C_re4`RrZ_2Wl3yN9eNP?NR99^YRzmOn;Sm8&tQcHYsZCz5_G2W%pc$*0`2 zvL`X+VpIe6*lD1uAA_iVtYTF{tYiT!BggB<3ax&81ZdP_C$&WN$1X~eA7`R80>tP~ z3PviLMiEU*89?HG7QpIpoThsuBNnj$R*vH! z-JyZ>nJq}4yC69mq#_U_pN3mMNmQ(0@)JzAGJeDY7QmWu9H#jiO#5tM+V8^TY?uNd zCU(5GToE;%h`NzMByL~@3nFu1JTrc^bsHHjL+*Azibd={S64`vL7l zqlha$w9V5@x~j}-9&wFHK&u$n?1(Eqw9V5o#)-BChfW z&15P(1EuRJJ@>wTcKXOhVi0qsQ!^vJo{`d3C16y<6(8E>86#a)X?Y{AF_~2?UDZ+j z5m$WZxRl4Zj*sU$NxG^8Opdt5Bw)I9RRudE;!4A7eDlnbu1%-Eyu0>@wY|mch$}u+ zT9dQD>s;xojyf;m8gtZz(p9DP_IR#~rK>vXl89@}X)TL!T^`SMwRBYjjB6sU(F2U0 z_0m-(U;}g2GHX+e>*k1SOj@_axNeWLRiXV|#1$Xf<~b-`RlXjIxW*)aMt${GTR@TRD?h9!EymS|=UP{~ zs_E%QSn^INLO`Q-gvIX z(p4qEAJ4Ts#&vu=*GVz1ljFHgk8zz5&vjOe>+E>0b7NfR#dBR4<9d5M*TpfeOX9gM zi*a2Z&vkW->za73>!qtI*bVVqH^sPaj=07^xJ|k$2DZmL>MrT360keoQTN2Sz8%l? zL+Pr}-Wzenhqih4NmrHD{qbDCm9FZj-^Fu1C|%WQ9g4Wdv{`f!(ckhCP~_t_o>)(s zbX5s3;a?=sxptJUDqlOrbL}Qw zRStBI=h`>MwO>5ffibRw;<=8LuIjW##d94K zVq7Q3bDb_-RRU&2Tw@Y2OS-BA%#L@|xiPNu;<+xAt}0(|kLS8rx~c>$iRZdZx~kJ! z9&wGSv8$!4O2C?UM_n&nRRT7|bKMl%JJ*{qbDCjdA@hp6kIF*F*7K6EKWnwXZ6(1Qh%BRl2GipjVh|UFq!;z160- zP;6c4{Q~_4n%*<8bp7We@?sK2}+~?febNAfiv^EcL z0|2n_{_z8Vv+#*rW+?pkAOR+e$etGgwfr~a&SD&I$hidtvx!U=BalT7BT~uX;S3Iu zLL;&w!->J+M5~pq#4v_GO+#2%KygO3i!}g_7;dnmMc3tLX@h`EP7osqfCJ>s0Gc?M8!{@>I79Zdv)Z&o@Vr0r(W8XQ_Q2hzF-6Q-ecov|BI=tTs;PlLr~Q6Yue zmH-hXP>%4Pb(ukjXs~E>1{6eW1!eF?bp7%u#NlNIfCY-o0-}gt;f0vN1$e-1n8#ld z01V0n;3W*yu<8u)A3TMANVqK8Qr92NI zVNRwpKg^~qjgS$LWNn0ifshOt2-q;H(}kis%b-r^VyLqSicRZ8b5$UkP$lOeHmeBO zX{L){d0-&608zXU(a9o1dRjv$#8}Y$84Vc_o26j~l7JYAS~YDXQXEPO;&>Udh|XWe z3aJ9VC5R89(_q8^URe&Nb1~#0R8~MrM!gKs`cy#~*oE+5ehv{vLL7_7O0tGwf&1}T zDHetcMF=dpX=EPDWEzoXk*5(ER@yWofZGh?g;f`yJB5Qm#j#<-5J*5+ssK$4cmms!t0~kTT zi`dRqLTZI$EQSv*ZiX^^2&w{JD2CS25I*^!92X05EX$sI#&ra=$^tk^Ru*LK$4RkD z&?iF$DnN0xc%^@#=h(m2^L~~d1pl{sxUv7z9$T2SA2)3eg3suA#l`YKC}@}fD;Q$a z#>KVWl$ZFn0@nC1IDkev4YMTl*N?P5Bfu+!k!u#*cU zAS@V9orc?gNt}~roAkIiY0I3l_|#j zFh?0mAZ5hCD#IYdi#Z)n4LX?>NVDLC&s1weus0AdQ91pa=W^MV`u_Ghi4Mtk7#Z z37O{AgTwu4;jjdCLwF(Dpl^Ozt}zq;nHo^Y)X+c{BQo4yoylMaBN2odNz7=Xy0-40 znSZvv|2a3wK>v@TryKr%kQdE~_`L)Uz8Nmgw!#9^u&V)KdpoPu@EHK-78gD^YyhV$ zK}Y}$d$p|vsJc0S7!ue(b0>2EYH|g?li`Q~_?dQIY`Av3g4~!k#$kWRl;&7_a$Fe! zoDF0a4Y-hl!#Ntx)^5Zo9SuDV7|=1+J^+-3?5)h*qSwEPdF#e~6qT&M3%OUQ9jdF_wdqc6@!HIR%~`3MS1UFI7Vn#Q z{=BQwX{h#_oA7|ziHZB2j|v{2_qgw3KO(TStGW2v?NR^uuK^urR7hd${JVbcbLa{I z4>F`qBV^eXRtae2R*VDB&qTHM#ql=79$9v5B!sxkuum!>Zn+<0;LS;=O%I{DO)>zl-LH&1A+JkX@j zfFJ+*cy!gkxzhB|vo8d%Cdt&*PMIxgd0kmfQ_Z}R2)-#k{RsEbS_9BhBsZ01#F7Q1IoYe(0! zi>CwA3ZxctE#!%ZhTxMgI*jI4by?;*NtrKqq4WEH^(3k(kb~mQakXNCm(NDWea(?l zdGlj)&Qg=F>1i_9!8OCa6w+ZIqQj)XQOP;x< zNg8J>b-#_@Xr(N!R{QqlX1t7f`}2(SCig_3>@Zo70@m#UX8!&k7K z;Cq+%SkfKG&v$(@OkA9XMIN{A&i*00^8$58C-B`NvnU;tm~P^-qzOQX+!N2L;=Q4b9PB}4klJtp`FBtyW zNp9O(szPR_P>@^yg4poS{Es!tf@vp=-zo)MHokI0g>QEicXOk~D@Ln;J`W{|k^b@i z%F{(!V<&j_xhy$*tRXH|BJ5u5Rm*VEWW~W-3lF56{-$s!_L-SJ2_MIE`DEe!rLb}! zMMqOj)IIqW$@gwz%U)Ao`IDt@>T?Bitn%Vsmk&4TU!hc)Os%Z_;{EpX;}zGwK>#)^V^G7)g9e6^Uu3@#ECPf}8w>DA+*LrOF zLAKm5)ai}gRX`mMzma?=VSZfon50Aa67oa4Qw<+Ktgj(iJ7mAcB`8!=w_RFVDr~fr zuXJkodS@tahTV>pmEQ#&3O;t4x_){t_7HS_lXjAx%#=(g@%m`>&+Dchyje~05Al6# zH=H+@fM;*K9&0W%H>C43e)rN6^F_G9_zR!66cMVBuHxcz8Rsmfz)gL8^F|UuO>86A z0aBi`!n+eb=dBb*`@Tdb5kTqbz(eE)nc&>+ofAK{-L1-=ATD^;Sob(Os4Lrt+`^rz zNisHBDvxW&rEnSMnJkYAZ>+l>$x}k$)2FY^tS00oABa0xJk=fODfHb)&E~vd?Q&!G zb|Ox1!?<=>+t$kC90%Q&$tP*@+)aDUx8^q7^GqTfY_|3a)n)o+(7d>V?sUlVX^&4T zn!U^|NVvCn;KOqh!v$dTWS803Qt>JMxWH!{uo0h&Z4SM^=bcD!^Y=G6m+&CPI#KO_ zcvhLXLhgL#!8wnzzso9`e`8i+N^|C1b%_{DoYOhjYu?^9XMkjrgiR1_&L1C^^O63f z=c)YamRG63o82S}#;TWR0$+q=miA;V?fAa5yy^>Son1`I$?b+015_=R`|?)WQL4Qb zo-(jKwMqG2x6}PXAL~0UW8cOtkMyPoTE#_%FYk*8$dB^%k1Ym`h1(j-k}5S19H@1w zIK#`wPhzb;yQrAU%0^Ra{Q1<3G=8=09LecSCyEc!`88@3h zceqB*wk1M5T_E*BCgFr;4pH6aQ+n=_?{P|73X-Yw@&fO!JuZ4U{k=Tye!j8Erx%Cb zMI;zMtK~X-|8yonlfs;@px+E0eH(GB7TGj@v~94C65n%YrRtjO_a9C4O$@;LL!a)g zAU{fZEhOVOpY-_q+Z`=wb&RjrD>>#1b;?~!+Y0o&7N53!p1N~EMVsBW_ZRgKelX~= zihZNna+bI?}iE=$U!gxugIW0ZSQc zM}nEYPPu%mkOMjBKsrD7%YZ{}%?0KvLSb`BWH8XNGn1gBoU$)RUP-8|XwPaq6<4lR zyQ+B$hNI)UgwjzqH+5-dfmT9zfP;1Ryq!&5HVQVAFOw|eIp%OhMQQRo9^$Z^?=a!1 z%eYIkGG%^df@RBU$&W9b9C`HgbzPG!&6)e*TC4b~!1aUaGYhRD&#an{sz=f4<3+~*x?K(M$dq1%`vgGXgb=T_l zr~bI>qVDTa{*lj9{?Nys!+YKFF3q0SYF2L+*gI-{(sFNoE$}Je1;1{ZeCyy3UGBu^ zqnG4cpEcwa@i;tk#`j2I7rwi+l|!3j@chv3z(PV@8Y!j1R^e=00a-Qp$w+BNLueqQ zqUm+$?e1Kh}E1qbaX zrMk;xbKirFUAb-D&*W-$o*z=wTdEtAtv`_*ef-U5j~9i7f;o=jPfg_Q2oGPlD$#Zp z5Zv9OheOgbau=0INa{VSsd+NW+v#|S-06Hv?ak!g(yr7Pqa$@Ko>^7vE?KLLT-rYn zI;SVmX|YubMe+DDE8>CuV^syG($_UVep3-VEGxFf`04th6>U+ab|l6 zfgAJj(Zjuh4xWbDxp_V}H2O~ZpYW7zP03IH#@UgFv3k8e&Qlq4H|^UFoZ7*YG7^2o zf~GzSRSlOThjt#nycnnBqk7){N^D1$F2%9bkaOaEE0tATzHXVfo$ZFHZFM25ydSKx z__*}u%Kh02Qv6vHYk+|yR+U-5W!2c-9r0z>)ZUDd?S%Ww^$*z9t|)G(zmj*B_emMC z`=Ze2m1piem8K+YHdYoilM4G0rWm%i;K^g*G4Y-GZr#~u@-t6Y3k~Z@=Bz(O-RL9}D2!S~PKg;0kwHE@xlO z(@V_U%O4*qs|hb46{x60loENk21ob3S!{y6dR=X<{grwXQ_04W70!1h3XP*{4z2OL zCv|Fri=|VWrcus_kwQ z=UqdT%EW;-mwCJ~Iy@1=cNe|LuhKi;>Bu_QcdEvWRM$gl^}agfdRH*9S~QP2Y;nnZ zWV_B5rOoqe5*$wC%T%dHtP;zKjgYh+FLso@q;==T*S3i){L|#Ccj)-8O`pFF$%f6< z5O^zcM5S-gq`l;%0J*&S<%y``4_WGs7D8KSmkSSuHpS*O7N{`e(ii9PSc`Gb8(-w# ztgE-QXN&%eEFs}O!zV*3wZZmc6Q+ z1|^H1w|Xj%*X79Tr4=n0U?^R-h})IyyHF}_@dZiC8%}Q>NgqA8-ZOr>Y^T};eOuI= ziEZaDi`5)S6|@S7UG(GpQXXf=YW(=aH)*#iMB#2XdjT`e2CrdpK7VKKb2n}s)S)~r zEcJ4X5EoCmLtppu<^`bGXip2<*_Rc)>-1t*f7hJxx55KA_G@noRxf(?ur2%RxX`vY zYj%3@_ojbN8A&InefIdCCnu+8(|^UlMfvQyvHJDQ2bKY^-%91KQ`MEtt&Pia{0BvSnctIp&oIua3x;FOZx{s8H{m^=%hz z1Am)C_k#Ah?(G5za`g>QCHw;lcOTu)EhuThO4WeYd#d z`o6`udjHAiHy%*R_Azz%23IGa(HI!1Q4TUWc{r}XAkJ+_ck{~~S zvw?R)$~{Tt&7XBQF4t#fb6cB5@n&5!bTu3Hr3tDED4tOt)~=mzJHLPsXmhng(eR!S z<^7AE56ug?G_Xa6&HQv-{MBu%4=!a$d`QPP^(DR34}aS$rlVQRSDUw_z%OyUEcaM?gz}YNb96gpsyJgf#GP6m zU(Gx%pS;TZ7)vFqCet&$PnBYUt-S;HV%+h9t2SCYrYD?UmLuP~gd!JmBAp-K4IY+;{k%?kgkpUGkLGD$7iB#8zh=K04L;^i1b`Yaz4Jf;{s_>2_r&CUW#EbKhMo z2%9%n_VFo!;&9JlZ~DVS+ujen48ComR2bW8yP8pDLf!vz)g>kV5fk-2eqM7zBCw?D zx%Tb)^3=l{H_aV?C@B}>TZO+Cr*iW6C#Uo>+q1%aNkxKsdWMVEG*RA5W#X@EY>;k9 zD?jjL{B*5+(*A2)Bd0?iZzbXcxw?{eZn2A{$awR6*kj- zrPi$EH~hZIv7{xTAgBsYHx!$DtnZ$Ld`|j%_pST4$7Vj;!t+5cB5{*vg+y;?27weU zBcL@@TP&7)jVas9oMSD16&Uhme7bsROP$rZ<2-eTj~*Nl)-qgmWLu%?j%KThPX|YB z&QV1glYCf@KMNXav+fNLI&xMRR=&A5ZxL2>T!UBJzLz^oH1u{3IhA0zSCKcaQgTIe zqhm!)jD_H(Tf6lxXUiF{_9{3bbki=f#?HrbW87s6*`XRyg@f;M9gBkOgw)!kNOpW$ zvi?n*(p{OPJp1;Epl3@RXk7k@m7cuMw!g{C#%}Rio-_E|zxQ=f%8DmKj%%Tpv#X`^#ELGjEZ1Yw zsteMi&lqv504aYn$$6W|_~_g(a+>~)8?P!J_g$;ze>v8FlUahT?A6REqWCi}Ih_C1 zOR*F#lf!evj^nRLXQT`}$t3uZstI1z!~|^PGmEj!1Zl-<7F}aXHiA>v-eMc2NO2d_ zx3!n?n%~saR;qgFkaW6QL^)j%#~R7s&^VLY7JSPBX&aldmd8yYZke)HMbM?>>F;| zUF30=I2;uhHuhQ`=Psza#rWafCkB**44c)13wViYx@!YGA6^nFae~F`FW{pLeHBGVU^TO;QpW1MHc;!Qc^~4L zH&!K>!C#d~+>>KokN@FPBRP4A*VRuZVT5%>C8N3Uy>xRK#qnIY$-;-BbpyNR)i6F4 z-VRcG=u29gcY9Nwy!rcuS3KV7tNJQGFiau@9qVZKdsU)R?cmRts&&Cr@m?{{k{T|Z zl*_V|UMkgG%{aqy32M7gGVcmrQlZY|UTINdp{Q??{pLVBKKplPR%q!t`(f4IeCM81 zvG!g{f_$rnV%S1kJXNPGO1L7uM$o>fZB_FrPEy`J|B&jXuEdxlJ4GmjyxsMzzTN(QvGLE|k zM}ZZ>%Sf7+>N2}EAHIuz`1JMJ6BZU7J;|mO<3>8e(O)Ib=Xr>2H*CAcDnC-llQ`W=Al@w$b7xm32 z26q(CeP#4I%UO`lqiCHi8^5Q-_b6Vc;AxhGUwxlDo@&-{j4q)nwsO^QiF8iE@r|8X zp_T^x1pN)U(K+YoPgRmO%IHS1d7nJ|#^F7Ff3I`B$WYhmxcjyKSL~&~-dcKm!25gb zoztgkvt)TLL_Xpv9RK1m=JU)U!gpoIKw)fQ!*fE|gHk7>b8kL0_h9FZKWi`vHp-2( z>3?+Lh4Brah=RS}E^buw@+F*ixO$#8%F`F|PX2g*Y-*}AJ-_YhE|cq2HHNq9l*5C?^Usx)CIhmk9emlVMJ9B=0Hcy$iu=K7q4=d7NTHOkGclL%`%$d6`Z#AQ6=}T>z z6a2kC$#&`w=_T1X-riYq``)t;pz6r|MOD_${SH!s4lN@}RqE<*@&?;@^VY`K`ZXwd z3yR~aS6m-mWl7aZEJ%Nuvt>m2Y}8;gtzA{4=j(jO`u;>h?G=Nsfh${;-hKS;Ol@eSuoEXuT);~!;F;{{C?f9e8&+LnUaLR|w`LP8NZplu*SB9viatC@Y|0? z8}9PuFA}U>FhSa?IM1sfO|{;mb95lwzEmaL;hNa)#VaVR-9bGQ$>SCgF49GX{2Gp1 z*LgoWh!K)na=lx)!Z>};NyR&sUW3v%T5ptjWzTKY`Fy4=Z*THbKGV47Y(;59sy^-2 zNqztDiks_t{Id!#oVt=ES!Gl;kS5_jw7ZMPS@)n`|B0|M;-TW>X6?F0Z_{~?q#K=d z^xbUdn$-SkS;Rc5O}6vxJ|E4C$8z-Io$BY0LmG> zlu1k-NK+eK`S5W*;XuSPv7Sr0@09}Tc}d~NQzKtx3_s$h3@)Q(Jo;eUbI@<9+OtEp z)3^8e#Z5yZCH^C4U16&*&o(tAEUi1x@={MCd~|`5x9_8`(M9E+bv*7#DXe}snU4R;uD%X@i3t;{PeD9JUg zA9s_nZSKBSJOdQbJX+#i%RCHq>8g~Qk%oH`ygFF-fTOEzbDbU?rXP z+WdITt#N_aOr7rG>mpg|=J(QL;-2B6EWNF)m6UjfTe7}0W5wdGdU=&@=uK~-#*1I8 z5888gzq$|KC$6WIPhE$->aC-;%=O-yd|PItbe`ef2Y!yt+-eKM_RbSqyfnSbEt^!x zpP=^P(n7+)cW0$cRQH$;o=vUo=QDV1EjqE^YvI}6#ox{ZdN&N|dRI-vIM>{gt&)E8 zEV6Rkqrc5}w{D0u*A0}Kv54pZ@l{}zkkJSE?kTG9#|BH&xRVs45 zFU}l3cXW@j>~o3zJnkPaFkWmMsX299Y@JzEs^o-a$J-C%(Yr&3)I%tSle@n!3t1Ok zQW*7UU%-Jtt+XJO%@sBNq|p~UMizhH;&WS{eN|$swR*k%jn%mC1FLPG7-n#@`c5hWU%GuHf8JZYvMSZci4ALOtb{^?k1gDpsT3kGp5)o1HvEK``jz6h*7~6YM;=94r z()6CuRf6BXx7xSdZo>2(C=*^RR<*CPF5}D*%d0lV1XsHoS2SFya=dhojh}by4xfh3 za+@fsJccBn`apO1S%`_p(}j;7P`(yV_;9xsOP+SfZN_CX%eMQJ&UF>{U%<(DWy^k2 zb9$!_&1q^!S^rvA*t5D}QlFcRdR>@(mZsC|?W!N6WWP>;V%NQQD|80Jc_X!V9FW>F zdC`{G8N|Kv^sU7*Cj#n|b@^_0?pSNBp+LDnv)t72?ES?I(%LJ6Ubk02!p-*%7#Vr3 z9d~>@Lnwsj-9zvwfMvM(%WJ7!jL!$=_i33cq{eL!{1&hN?Q#=t{fDt{*T2{njtSy| zzJ3r`?&-6kfnVv$TJMTc@r}tLH$;<7kF7Y|B18%*^00LxrqSNA!Ab0d1CU*n=(ANd9ry&oAutry#vE>I?cx0oYgPHldL=9eGf|BP1=ohE+0>r zdTw0z`pL!4JsT;@dz+{sUavH@50{_3A7*%=q5HxX%@s188q0#3=^6@BZQ>uQnDYvB zi<>ujISa?0tI{L15u&y&3^nkyKYq{7a_Xwj%FxFK_s^GPvf+uEz(lyNi>hWnx8lOimPFV7K>hm%eGMLoo8C_+ z`20BTk!PcnqPDWVrGlH%e@u8mvi9P+8e5m|SFgWdmA-@_v&VHGM5#xQ}c@l`H$C%amIY-T5rHVArOzuU0NS{pqg1NIxNY z!ff+{Po^u6JFXTy(R)RG+`v}-p5>dTx<8l_+bV4h0<_*YZMIiIvs68`e2r_C=AP=kF}?knjl6a0n^<9~^S9ktaCEV;m$SQN z>fk7XYfK~X-4^{ExSk)g<*VU~u}#>=a-!W=hl}@_h2jsFKD(!r`Ej!HG&afAPD*y* zZ1iGb(X}z1UB;z5xTpHt6tup5HMY^H+*Vhd>rfcccvr$rStqZTXx7+$)0Zr{4E|r-zAJs* zj+ulN%#^Acc_oggccDF=%3sx`=iapH&E7k}|#&e4Fe{jT|$E#ueoHC?T(dG7S~ z_Plv;#>jDhdd;?i)KuIO4UIz`9gfR3eo`Bfl619?Fx9)cDYdk}Rr2F~#^G9nTmgYB zWd()glP6Cq>+9#=EHQ$wr#F)gvx39JCEbCAAAZ9#wym{xTDj7r8Jktm-Mt#4U0Htqd>^~;KAm*6{rN@3D*bw&rh$R;kt^JW+Ub5N zX`&=tjg{}IQ>S=H*4EYw0{1-Vaq37i-9Kk)@j!jU#6}5fxtJZL>xR}T zlCt`n3yx$Giqfxjc1kr9W!N>xKEN=Hz_n)DzLvpwKwIj*y6H!4=d}d)=VPq;lV3Co zPfB|3JV_YoAc%2m;jb<-^fPUqKmcXzkp;o;$EEY1yin)+b} zYpW;P95rqk5J`8_Uf;8X4cpo}JF>%~+Y&D>R&ab}cQ7R{Y>#^Tu07UAFP6x+E(?$w z-goJp6q5Gg2j*6Q8h$OT;L2eIhX=y15&?*YpE-BI50(|yxB@$PngO050SdNj z?5*I_6VgKP8)XFxI)j1;!;1@k?&u-4pPwIobPc{P(m@V4z|T_w{LCErJ|Fpp9f-jj zerAox0{C4rkcT(&0VP7uzL9+JTXytJ4uT_6(@z}80$U(;7;J~|EQBI}2lEL+aR_n1 z1G5E|5|80vBtZehabOtJi-FbSLf`@v8l!Lx3d2#Dfx?3*?B}}3g#+(UIE8YgxO*{T zz=B(s8wVn|Js>RM&gAw5HP8b%Fv#5qIRM+pEe)1HC{spW%T5&vghl<1{gN za0Z3%P^iMIiID@j7+c^%M2bu#bV9#kfDcOT=DPzuivb*zdX9Mlq#(6>hI#?d1#y96 zD7B4HjLm>wq@SJ62Nq(qASEOR;I$iQLW&3U&rnv7!hr&$A%Jbb2cr)y?NXSQ41#I= z;4CV+4RG_cLhBo6B>iwI@N5(xD!C1mLrMs^%uo*@B@A}WP*S`q7!hzx5z(27)@Tkm z^@~~o+v8P~dd^>rSp|?*jsb_Ev!@{!s6_FTf53~7!v&gV@uzdKU=T3iPuPj!g0}i0;WdEJo3|RwMJ3;Z^}LQ4Lx6Z(1D=lZ$7ld?*lRVw4v+&mMkt;I-f(FE85CDQ zp(-k=15%*m3Y6mtN+3=JZ4icn+bEQUxk7;_glw<_!j0eogvsC;mpS0Z|CAfq}I^uD?ocM|rd57K2ZJ z@Js;*%{E&O14mKh`YUfCN>0xjWHcRs11N8{oGG9o13G#kifM3Y?}7+|Z-=-Y_cVSH z;w#|j4B5s`4F5hcW3iR|YkhOgD#zAvB!aEp;^f>2zQj$zs9t0hWw#9u73U)L)6Pmc122Vz?5O26rS;0)s zYzA`5f*nMo&1QO#S@3L2AR8bjNdQ#8n#N{CvY=sz4vR<*2XV^p(qUP@YGFZU(||8) z+DBjwD;TZD8WtVmbP!650q|T(Bn<>XOJ~eO&ZYp?Oc5?*P7owe7ym3`H7$S+eTsz3 zoXw_%QRp#l!5lixoC8-Alt>P=Yldw_W1}^MqJJjB$Oi-mMzY9=rhiHfW0J#T{!DOT z!L~)^{Fz|MV8*bJV=jLtxv|LpGiGt2lHN3M9ju*f5%T_js5H>|5p4r%Vt!- zrUBfL13?@ccmSEUfib(5Gg+*H$${YvHYb?M239mmWMClqFBO>PK~1pV!aDw~AXsH4 zG?_Kq2atgVZZ(Zgjz%%|Z$oE%hvb7vlwf)=XI3C*w4*)nSFiq^8EL&UqXODkX9kL& zMj_qnSGOg@#)ioMg@JU`pW_MIX_0Y&jr3jw(V(Ke8R?pCWZ0=@5HMpi(#Pz`;r?_Q zu%&Sj%7(=Vo8cfv0yoC2Zavexp}kZx2e`qJ444NXg%n!kBCBRnRI5y^I>?u(4S10@B z##!A6%Fm*l$l-8QWBv4;C4)ZGZ`m5IOd2vI2glO<(c#n`83ld|ppG|ZLcel2=+I-& zc8;XeSF)_bn4FlO3LS&PBY<^yWEeCJHm9HL-)h(zsNKO-_@eSl%#Q@j!(-rCCph3* z(u3g~Fg*;#2^IxW;7YtWobYKo5p2)`CdSVxk@f++=h(qaRq<-TqL^rsi3* z^!uPozJTvctdILV-N6iQoERTB5n$lEkr*GAh?y_KL*&AU%*XOUnvc|A;C_6mvmOp$ z#PDJgIKU+$Hcy1Fdbw{r{*J&hn0WyY5rYw1fF%MkIjk}QAT5FbE>sazhr!^<2!jvH zi-Bdpf+7&{NN!%teB><)i-9&GCCtOe;fP#fF(UJ!MIwka9tXHZ;02XHHV%PeF?_t- z$U_W|1sE<7KAePDLJF4%7Y|gNuniU@A_6sY@&07P>dYsIi(rW=D z>yiR=)eUs?wA5*OhWhZ&P*;nj3%4&ZfR_Y!MByL&*%=H_`^WO&|4$-sWPhJN31lXd z9t>A_a5=9TtsX*-B2T~Az@Ny$fF=Jz)jv$Ge8{`5CNj%{Wf-9P&l&%5s^t$xCSXl; z(zV3^Y2=jnul2s#%&UM2vgwNfZX$DkC0PZtnRIdt^2#iVo-F^BLe%AhK0)0J5oG%n zz^yy@R`13o>A@m1of+ZQ(Nr1}skB=Vi?IRuB^vPSH;cF+o&;|h}_~Qx4OE}wy$_^s4m_D}T$bf+0aG$?d-v|Ec&mT;5 z$H0d{3GqQ+QvNwzgXvF!Wx?+K>spB5#9!oJke|Q*^PA}l-$tzHbSHQKe|ignMniWg z5Q!g)0MYEX=>Nn1FY^GhzYYNWA*F=BR&07-3=S86@DVvXczePWQKXU2T%z1?q=Bni zSGXtd4y@st!WFKORsv^8+e2srapby)9i5uqGef%+mJ zbm6)U`T)4W|KP#=lDC4T&t7X!uV;{Q{`0jbfO`36>2ybDYh;y!te23B1lL7cziz|^ zX(*4>dU`F0tO)4PuQTg{|DtRSxOzZVcSszO|K)ImWe1|#ko6@Kt~n471;POZuB_2D z=U;h5a0Cu6M4%1rBS8p&4{F=WnS6+M5!-%7>et%k|C5c5sPA2%ZU(eF60RsYvugd{ z`CJ$E`CoPY-SdC*|!jA!MAOXXVn;!xMNAP1Q{^XO_2mmzB@+)YKFYFI(yrfIRuX zsK(`cya&uuMecVfXrQTR`s)Ie z`EmT@U`T5q)BKOk&Hs>|bLZerY`S*wD;K?0vdb&_u6ZOfQ7&vz#<@F z$?iIry2||yRSjfo{qOw#{iPpldwLsefxZCu%!|I!C$KmGP2uRinW z7mW{hZMpY}p{A#yI-YFJ|G)E!jxHYmV)$tE-sKamxjTodzJ}VkvNivy`@eiBiur^a zSP7g8oCajB!9C+8K;|C9fXp|B11|=S1daxd0hR*C0>=Tz11A741(pFP0xt)C2Urf| zeuX*AWMBob%^TR<9kje*f4~=9(i7`yi$?rum7dn?n`XDIjRk^Hk3TBf7qoRp!Z%y~ zShUR_?eays+d6$c9UXyCTU4@(N_IZOF16CLd5eE`TaRJKu|5M_4|F*)DPGiXJ6dr;2dax`o?QM zL7$}`(PwG9^k3tf^jZ2VeUo-eUmXD~2GVEg&*U>wRFqP4Lljl987z z`Gh8KWo=~*0QGDqT}pdB+iOvu2Wb|Gf`UIU{?9AFUH?wY3sZ~o{`jkBH=;?jilw3s zWdVez+?0`HpdK5 z#HKjo5XKy5{K0tdScnpR;={oEA{m9qs}Qtfm?XjYz?onqW)-8$NLWq>P2T~u_zNfgfA#5CpHdrtq873<uQ!3)-EuHjXD@-N8od{{%1$JCgq?_%0aye2W?Mx(9_RWxJDPi01o_pLirEkuenm3 z!QmH~FU@*E8@fVwajxlO*5Ccc$<}mwXBFru$H<5G*RikDbDiryJ=OHxQk=h=ed)pU za<)19(#uWX!Ez9gGd8YT3R9YTQ%b#f{IPIE@#nm62U5tFu{lh*h;t+SvM)}9bK1mr62H?^Fi(~50a8(}&i=k+kk2GDRUrjOAT)_&)_+Ih>V z&#RIVxr3dDtiW@W&RmAMpgx&X5RhNQnU^4^io-6M*TnUHDPAPzA;%bwysKQ6$IwnX zC3k`!r<3^=0edHz*RUiXmL_XXq`Vh(mC}Sv@GxnnVF7CIY#N2Fu1mzOk zKZ>$Rh#x#*3cJl-j&HVLJ*;D1coPPq^ zS&Zj$PgGyiG~Mh$-~I$?uLM=No@HO=P1y&`$=+=}4j zF-h})r^~%1&al9X@qA8_95X>j9-IS$lgDJuV+u;1lU3L}=Gr{y+e){Iv2Y41fdq^% z&apcE|7qEx&f@eXB#_~qCFdw<{b!srx@LRo-hZ$)zwT7>BJia>a{SB`xbDu?@oJqE zO2ui}EPDvInnT=hoo@+6W4@3d<}26wXHiyyj`M5!nYA9(XSvp^GZFBSYrV1k6IxDV z4|p`k<5qTpn^j?7I|}BQZRmRl$iAlC$cOnmOZhVUW}Eg+V{3Rc?ZT~W5I0^-d(Qtk zCvi?C%c0``%vXxU22Q!X4sicPr~<5;j?<^p4R(CB*NxE>2 z6>7I4+(q5si-ZE9PPvV$L4Vr#EZE!QK-#yVF*ZIdOEwNZ(g)2xs)m6MU~)TNBS&&C zGcu=(EM+|cIs4(Pq%(afE8|hhp3lw=*v`kLw97qVE$Z10`BK~EnP(m9r=T5$qg@DJ zcemGy#i+`a*48Li8+C4)c!m(6@b$i6kF_iu(Oto#4E^Zd&VHM5hT!Y8WGtnewvOcF z39%e?2B^oYaU+`&I`aA>f$kXUIiKY536ONAuX8V`)&X@UjAM+BKxa?H7sKHY`j1ZR z89l24p<7XvREINUPwN(cTHRVCxpKYXY14JS&M4@N4PkBujFYE-mh4X3XD-s~PZbpl z*e8G05A^KbjmuPh#kK~mXqROfoz_IAR zhtE##;}7<_DoV@1O~5t)9;SWyp}J|JmKKk9@15sx$4J!2Tz zCEBqjF@OQi)Rs-m+Xv$&%vXi{#Tkja7&b1)Fu+;h35+2KTGE-mCjLMN&T*W9yrU8-}tg5j6)#h+3-4C z8{{{@nSkw#6Bs!lcz0jj5kLg3&dQ;8 z;uSqbGTVS^Toa}MIRwrjhd^Mz9Y7<#o{4Y&Cz9BYigI8R=9%-}i3wy$h@Q88seexE_*(I)tgm%FbC&G1DKa{601&V4{^pSJji|fK(VS`<&vvGcL+#2)7QkRb0uq+ z_Hvxz+5mfWKR=MHb58Fp48cR@PiEb$r!xRvSB3nAZ@7<{=Q&xr&YfTxW;}~1$egD{HQCH$GGhL!l^625O+df^8H2yPT&aC z73ow?k(utMBsy|P&?*1UOt(IXZe9|d@=F)rxkzxzc>~7B*ugoi5Vy&8%1M1Gzj4`q z#~g$lb(s zAICMAWi4c3`B!}po0a#!MUv%iZ`I|Ox_v(?S$~hd=K%`u|7O~C8PMfr zx@^{T|JD4i)b}l#9=<5~Si1h7x;&`s@6qKP&2Ox3zgFLWsqZb#???LnV@>CRk)Z2< z!1j|soNY<;NjFONl&U0ln!hpAq&D6_+*F7=D_jNT&Rc1>&I-wYl%odYIr)$reN!(p z5GIYy`5aA~)XqB9C#^d5QQ!1E^H{7!q7qmGXk87HPY>T2flQ_Y%9 z%tKUPjwj#o5ryfm>UDoV&+!txT^V@0gzj6*J%j2?ow-t8+!+3A_Q6J$e%V*O&@g>fo$gzo80SV~$Yy;!gGqUv@3cAn=X#+fJ54@nIjb)09$ zj2v=`rmKfcNpz0GLPM+i=x1X2ou+AdmYydDK5#ems-LE}63QuN2L8EY}UN5 zp=d^K)kn*nn|~P_voZh0@OwrW`WdhI?Oh?}gJ9}d=F8I+7wn3=B=lEZ#A7JW_8U|3 zzpbd&g-3Jg{Yj}9`^sohv}_$@I|7`Adah3fcrJsz7~p81EbybGcgk#9SdJ8j^q9z# ztQv+b7-4#(eo8L?BFB^Qn^!TXVP5Uh*-ePh3QqpqOGE>cbifFm+Z7J_+~iM}Mf1}6 zbDNemGUp|n{CUNqTkGin`towr-Croyy&Q&U~Z6>fZwE_2RTMQhCC-#)~KA(LJ@On3JpRP!4;~t#y5K`N? z&wffZrL`SLo3gcZI__0X2ul*)J{c6VlJulCH==L3lR{W;YMxSw4KQe`Jm0#a%54+&{WITkK#(**zFCzgav?|)aJ zzKV$cE712rBnyutc&tO+Hk1sk%o!&ErvqmIX?N3rR{%*%d*i;7CdzkyOa^Il#X#Ec zXdv?wlf#V1H4`c30%gF|zx|$!I@&MumI~lhU?ngIgKL1fU=DH`$Y~&_ft&^|JPrI0 D8j27* diff --git a/src/SimpleSocialAuth.Mvc4/bin/Debug/DotNetOpenAuth.dll b/src/SimpleSocialAuth.Mvc4/bin/Debug/DotNetOpenAuth.dll deleted file mode 100644 index 68bce055caa360df4440936c92c50634fef8f055..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1089536 zcmd4437j59wfEoC{Y*d4JTsHz$qX||21r;En;8jVb!J!$$Rc6i!;T0j2sA!Vf{%Ine(TE#fyb3B_^{UtK|Nc&Ob@yz-eP8{5-uWa?SD!j{ z>eQ*KQ>RWXeZ(m@22l_M75+c#A1fh=#HdtnNqi3^^M)?23G z9gru=0^%tQ+Jg@q76+l%hUL zEd*hh(zNO=+E#sBP!~72UzoJ>md5<_Z3zcStM|cr-(YZYWfS1GqzYhfF%w3W1VPpZ z`v>nW$1NnTvI(>)xTFzo&x$xu8-uAv`&yB#$0OaM7pI7@z5#v)1|i;_bSgy~O!lnk z2#yB@rW^HUhpO$P_ats-4c_3+}aB0dOh- z5H>&c^@3VdLTIQnt|ka=NOd>VH7wq1@UF^^27^Vd0RrnRyjz&Ub}WV|T@Y*^_NMeD zE61|1w>RC!y-+4f9uF?x1g5K2wT%q+ETnDCLa=R>V%sR0+X24nZ8dbM$VSwg^Z~PK z>mA(G(Uv7@!pqpdJIttxQc= zvz9l3!sOx(0id|g7JaM76A@;KXp{XN6UR}^PIOLT#A&A7S zok_f2&JPGBA zTe~WWpcDE@P!dBEq|1?DE^h56Btb1IsS63r90}&)*6u5e6h>l7~0UP=U-* zs^Gz4^I6g+d-G!4z{p+>7A5;QWN?tL!?}}wroyjsuxNwcGsGjqWM5K*$$tFyrO#FB zX7hPUx{~mkI?QBzv?z$_ic7=h3q0*L2s=lh;R^v?6rb|~{@NTLt&`)Qo8v3KjDJ;* zkH*gNPss5VU&g;7$L}lQ-M|q!f$ebAw5(1 zg7=Wmt5gqyO{xd*9?kL4dRcu57H!abR$t)FZS(b7;0ZPf51DV{@zyXd=Q8|JE)&J) zW%O;!KS_U3o}NCGr#~)FulQ-{7qy;KQ6nhPIVq<@hs^05ozqc#PKSI^}7o%=4MCe8~S+pU<6FFyzo)=vRV88}we( z(^qr6qW=jtsopg%F}MYwG+G})bf|^oEOkCeBB_EZP@6=7RmJ*9#I&9EeQRr0c!S9YTan9~%lbQ_C6N$%gksmq&?R zGbo%b6f&|Wy9Y`WAd{m+W^X9oS+q&Prnbq8Jl+}#oy+{{T;_@|*U{BEKITV`-^}q9 zU&eoZj=!MP1`f{Kfa1&epUCksescPc<@6PwQz zi9X5njpFlsz%SY|14fSj{2YH$TlRcW55MyHl7j1ZG z20X#0;+>G=74Hs@s@?Y?+6xc(0i6I<^QI~Tf^9&%XgPtzKYM~HLzkya2@TC ztQ)O&b-6yY4&3xUUg%F(D15gIPbhqk3$IuB{Vx0ph2Kj!OkSxV22I>Kj7^Ijcqnr3 ziqm%!TeFe5mNNdw=_=sW^e}#Re%QKCbwnd}H9Z{A4{fZ}ydeyZ3|36IzEY~I$9)+~ zbtTv&nN4bITa{#S3kJq_2i3;|`{ShALiF z(|rb*&7t9u%Tc85+gGBPz<#R?X1Zywu&D%jy-A-*IW2|Of_x6}5^u-5IY9rWizWkF zj2!j#MwhfU2Po{KXWIUc@{E^cFW4m6(@(CP0Z*{0cz5P_r{-gVV9^G>7yaoU-R~aB z^DV|0!AeSdQ2KdpyYKHs{}gO$IS!ctPq3+YSI&SZ*i^jt&VVP_RJ>o#fG5~gyl13m zdRFWiyo0uZk=$r~oldJU^|fl454pa6o5J68;oB8{#D(9W@V8y~O$ui^<1GqjI^%5$ zf7jt`RQUTYOonm#0~fwa;mt1muL}Rfh2N?0&s_Lj3O}l_o5vPyc-MG(T?sZ-7W?OT zMcoTFweDLp;0ZPr@69=0(MANDn(t?4z!PjL-tT9?6KpEp4%O-96>Jh7dK2rTJ~*(V zJ2;oR-HE!5yl>@sqR=KI#$iS2G2qsRmw*_j#}e)gTNtkOu39xco@dHTqFzf+MV-M<(g1*NmM&Xle9B)@HQmUN*NE0o5VUK0rjTjX^$})W zlk3lVb2M*>g@1JD(6vBbUOebz_|Tv`r(pk|ZzY=T6!QF2y9zeDo5dsrSxm zGo?6-((`#4Vb&fb7Z7rdD%mT~1HY3afFtIIkTg#5}6KpEp-8o)i z=Lt5|e*5YSc!EvB!xs62$6K?gWQ#mP3#5FsA;stI1N@$vZ)Y>(E53}s>(k&XzKnnJ z)8H#U$M?3E*Cq1F(DeeUzOi^q>ypeV^Col309XINfi%HC{pc}@>8cGkn?gt^L4zo9tCfGhNijxOCf;|cnmFA8N??pbtn?V zjh*aa7669N>9?fMSZUr3LGu@{AZ~B*EQd#!E`eq}UX(K1tJjkjzs-+<>NXQ zq6s=UCD=AxZ-En&Kf!YIbSPL%dYN(#f((A;Eb#Zv0{`VK@b3D|^iP@!r@WVo17w}7 zbF4_GR+2II@|KDp9Iqs4HaI%e5JxX+Y#50IgQH5r{HUI-4Nza`G*^cf0LgI1%Qy*Z zII-p3rT{pWcj#U$Tyf!n6^nwu5xYO)CQ5tMt7Tp3d@2X)d$(^nI0ucm{+U0RGcLs z1xCi*%54chi&{*S-Un99G28ec^$&T2`uD{SndBb|lU@%uebSE5O;NBT#Br5iOJLH-^yzID?JZ<6ibQpz z?`&_SQBztqYnmv*T{V;}C?y2njSo>EQiso$HaAiq=*s(HZ#0RNqtkAFyCY|#llSL> zPA>+hy3Gh3DQGPfb8)(iMPPx_2>KY<1^s#5dC{Bu5pJHsPkJ3Z`fA8{YXq+&E#pd~ zb-iL;<4tcMoZiS!=P)KP{*{{uch%CHd2|o&2B;&wg>X-$QAwHT)stKG!!)lxLd69! zUn&!gN5}Qy!QjA)eIM=*UixYmJ|JPljZ=o+ zI6Z_P*Wb1aHlWk!WR2wYZ%VntPAZjX)*a(c?XOdKVmxP=+k^#iVv?kuJ>y20^|?w<9HM-2sjDf?8D4 zr~cHhjNS+(D&{W~rq9-SlOKTZDq-~Sr=EIhdOa+-j_%gh)81(BYrO-y@6cAOTTi$0d`qNjBzxeg1ETYNM&&j&!!n!pFBEPc)n|w1FQ|Ng&KO2vgMtr zKCJqStuu92)Ax$G?U7f;d(BB%E;NR=bAZMlLmDwY#HWwWrcy%|Uv3hv0+X^YX3-Di!8aA#cz! zc`vTln~Qi$KS)73tJk036(%1d*qwZsU-kVCYrWmB+!a^uiYr>{e&MwD^~A#~#8bR* zZ)?2qHY@9TZ(qD~`Vml;HQK8kjrgY8>9=I>asO)Tn7e&BYw0~zSDLD-#r4tMgE{-V z@(i%21T!pnb-4_u)t_))T%(il32u>ugdnnG7>8#Ze7;T~W(^R3pagnPR;Z*OQ; zy$?;-IW+ZQm8yd$4|b7cI%FsqImgSmH~1b=*O&Qg=KSTBz->7wSr1cD`Z0d%VPE*a7!^+(yp4zh0QZd9l|Gh ztnNxa#iOX%p7xolw$bkNl`~=+*h{82?+NDK@9JdR(Ct9coO4^s&X|kc^-@TOtxxki z-bCdO)E9JyY)#q;jX}k_`P!Ib23N7K258j!caYQ1@FN>84pbQomyOn#&A8jg-;J%x zTm`?`6+l{_1v42c=-ox!M5{FDJexSfS}&+YdHkLgD}pts8HUorhxkBVDbW-grTMU; zzAY}(&ynr2sCoRnvJsQ~4{fP5c17vuL90j2OF>J&K)5qY8IP(Ho69arzeq%seu>|m zpNvuzQ{4=NDE$h-uF&L@ewA=v@-==LM83`=-NetD7nxSBrVsJbQ;C|_<_vuUNYs4W zWkLSda4YqjVk}HKR@|4agEAA`W<`rr{A?FiD>Kf zMm7CDkDgki)@T=cqn-aePfi~eyrbdtU!$YP*?JAXudg$BIkLE0bx>*j09<@|=?{6j zlDFeQ=Oz6SKgj~dgo!n!+TB^T`v_6%1+}OI(GE>8&gFK;av}X#NP=2avIwMPfFCoF z@yru#x~4*a#eCZHPX*dGv=*s-ZEDPemu8K63Dp@S`$0Ku{fvlYAA%6jJeTURKa98? zi0W1e-UJHrY$;I||9D3qPh5R;)_;ONCV~Q*>^< zKVYufcXF@{VYJCsx>Y&xH$zz`6)a?G9+QXDGLw_>~asYfP<~`Fbg=? zn1@-w!LINy3pm)ghgksFz=|D$bI>&yoedi&nO6NL1#I3;MdYrmFnJElXa218SHv&N z(7u?XnHzdUXf<`i?7Ysg><97O3cp&sYW77%)>S&?2!f(2&jOKYHGHa2Sg zE-l*R3Ge}wvVh280C#@h<^@J_?T!>oR+BSAG9P=KE&(YUpB@iZAJisnd{_PHfp8Tj zzfm+}OGSI|f)7aVjK~TI)8`V;+I7rJoc`9(vN0-IK@`5pT5uwf`kSG>&(ybZs_m*= z*~)wj&+!S`MHr6hk^YVx+Am-k<4|ITMHKzvd;qoJK)v%fLq2n=e!l)HBW zwJ$UI!(Jy`v%)Y@)khY0$LW7lhV;+;gss2u>zas(ByRl`KxZ{d|A%Ka{hN>`*M<4K zC8L*+*QX>S-!@7EOuB`Hq*HkHA5ek-JFKvwu9nbHb_lZ-k!1YUYW6O8je--`@;m+-1-EWhgmIn1 z&R&ehH|V8xPdDx9M5Gk9+Cizu{VA@Gdb}WIM{_-15-bUVwB~{<3F0`x?}d`3yCpaB zXw`wZyu&fE-~h(Kn10hv5L{G>hYa7yT#7QkO|DX$BVl@C7{t8dy{+&3*k+mskz4v! z(X`x*C+lBU_n!{7|9K!3^F8jw^NXsFvFpjG9#f0*64%$zu?M=sD+H}oldTa_J+AKl zh}yX8`_2dXr739}&mb-R_y)+@*k%D}0+W~rUy;u`K2cOoWL4k_VYum;hz&g#SwX&R zJVKA7!sOfI0!yDpI&OPg-~An(t)Kze$8Yqi5ML`&Y|-prFdi%)dY*xlA_O?qn9FJxDIayYAKtqVyi(>+wM$+{-#s4;^mu z6GrJ(M0F0oj+bcdVL-ZSt~kxp#rD~h$ypDK_nQ=NCkxyvct`Sc64%lf(TbfubBRtQ zQ8rBxLRd>DER)^H#9^=rE6#>ynFh^^$P3G$-*LL(^W-B#;b$aUS542RV13P(gJXKk z0TwkM$pQFbAdLgS?M>Z_!$)gLnq0^a4QMobkCJWZ4jP+l!7IT3R#~3EQ*oV6i7X*b zQ}wpWmaUGUDfD%kKcy0{)!Uu=dAWWnFV*h`{bbGH>bz`NQkxWEBHLK&kF8!Xt9}Gu z{kgl`+I-IQw#Fhnw%gv1@6E>J{J=_Mwh0xu1Xh#N^V(9@M-^EokC-I0{?&tB{VMQ( zI5TZ)Na;He`p6JiQMw0YvokC*XeO@mY8}&@kMQK^2-E?$b+N#MnUMt9*`su1|&|_Nt zs7V*eI(+?fSo&JY|H4?`vtp|Ny%0P)D{n;~+-#zm+y@cOy4jhhXJj2qofi9CEyT&W z+BduW%IhQWC>!);B=j~Y_Lj+6I#l6T5a+|{_CEabB5ayO@B#J(UBdI1lsD6TNAg;> zZA|x#Yz5RpX+Nwx8D~pvFQ9QW_k{o144fieYbm(i-0`-~{)c=0*KU60U%^Y*d;o%r zw60YjmGdTSex?944DhuaU`L|*2E*nLbC4Z`3!A^l0fy5**n9#=awBXMJAT;bV=4%$ z&K9W$sKDTHwSf@^S}N@nWT(?(L+K(ostBjv8!wh&n6YWn(nd=`;#+F@~*u7 z!Q#Dqc`L#0(D`k-t(EkBHssrpM*3Xq0Cw=FtUx&VIUOkd@hoUOS*B6x&-+qx0$JlN z(n$bQp0oy6#(7E;U}yV!M}b4G#3ZBT0pZNqKh>9l!kHZ6Jp7Ha8h$r6uqFGTQ*rsK$AjRx_Veat~{P0)2~u)xiWdV+T=SzD=` zf5|J{)kP&rIoAQNu9`ZB$4L=8GomuGBQLd)1^iah`>?fZ>3JY$d+UZ(cYUTP`jeaB z-kAfaYVjwJ&t`h%kw&avNpJAMf{mi1TO zj*G4}y&W%D;M;Lz>~Ed%-#na%=KJ#4>84$j)pB7SIkmXV6(F(#)Mv$t)AgwGlJ>CZ(XICUrCrnYgtW;`)v|!4*4ZIlfETn zF?N77j^=_h7i?*3wiX7LWcHc_?3R-{j5HL}^+vDMNxXhOBVYGh65w(V*tOzieHK~# zU&uOlbrdabx`53uif3B_ZebtSJKJr)N41iCk_KfhjPNH2BZz9st`+CVOxgHRj~90} zmn_1h)Jrmku$ss6T1L}0pVnFYbk&yN;|@LD*UY09(J#lH;q=SEifw|E$%ldT|9?439xod3@@O%wX>Bi=nlrJhlJ3Au z_wci+R}?Veo=UAb2LAj?!j6!-R#)nTpXI|TMq7PZw)^2LR(q3oKQtd9wW~d|AdNyT zr6Fam2ot>;x%t9P_zk@El0FN3=@M8>CEo^14H9spUF!-x)#)R^q}5C0o=EPu1^a!= z>-cMe53h9V^ONhNJy1iYh4}jThmVDBJDgwdD#jYw=ogbWV)x^WO`V#BvYMnv%(ugS zwe?6PVPhJ5&uq4l97OZ)?m+oIpFk~TDXVTs)s&U1y6sz=+Ay7;APx>7e@K=0)2&(J z)uG!sW2D?>w=jJniXvgf#5_C)tJ@U@scECrbZS)XsEITh@-MtyOTej_Li)Dt3A|za}F$H@gKQZpv<3HL$hh z1}{dN(K?XkMtB+SD&nlG^;FAkr>Ev5e?O=L&R>qxn`PX52D7oz!PHz8L1=*-=^YE@ zvc`elu?Qdf66`#J>2>gHrj%RD34>FEyV}}RTI{ASt%C+EEIe&rDyDqX$Kxg2`vy3D zKqwaq`^m=7((u5c3>yq;HWJ8>U0-t*+Mv6%)Sl~PZ}Vv$vNPVfEzf8zULe^A$3ed% z-IuAs$n!0@55X2|GPaCgop>!4olT=ScXAtqTCDTc*9&S<$#$9!JqK7=!-;bp7;f*J zErWEVqLyL{X~$${03Jh6D_I~RHMN0cwPLt*I;lO_1%?itrR=#FHMyHCMw{DcPNejQ zKV5oFAZJLg^~hI~9=o#8UxnXj2BW2tJV?pv6aRv2V%rkj8BJU*gLsKF4xOPMv4(v? z%9II{bBU4G< zO3s7yyPbnCqjQfd^IVJ}C4HiyEo(mg>3o^>PA!~Gk6UDF0XIuoDO9~qs4j5Ipt_K) z!BPcP(*%9&?Kw^Dj3r)7hYirDRT0*B6Qw6hEw|5acWPN}u29QZv6J<34LsA!X1p4r zspkxAI@xAB9`UTMVVSv(q!jWrlFl?4J>T!5nq-|gJzSflk84gJyYa_#uI4c4++R{i zCrFNK#3KwQUXX5*QgwoSAQz;qN0vp&!lc))wM>|e+QLRP)2y}hY6!a#V3K|v58l45 zvs-#Nuco%CzkFhI!VV})Du0OM3EA~PFV8`YE4PU8bBn(BQ{GwIm=SCX9O-^)rxuJf zX(xP*TC)QySTS(cHt|WR&)@_OPN)54ex%c2u{<{j&CM82Fg)aH<#lk}^wgT999l9&551&uw;lynv+PCMl1+^&cqZqQ)o6c|oEtvE1`W#nK ziz;xt`nxyD7%=~Cf<~^V&*P`3(%aMC8fW(qbEeBEY(vh6$La8Q3VZxsb{I9{F+I#0 zVMEL4TtnLuPiW7P$}Ni{VFo?K7MW__ep)l`$du)!RG6D{xOHtuDl~?q{j2f;#~P6o$l|n zvqmqOS&vN`_x#H|G)!letpNyZ7&^uJcWis$FD}zswbb{OC|O3i!sJvqNms$d-sY>Q z4^!MA3b({>lmJvo+AcC=9{9exO*i`|`O>(v=LA@AU5|or_mve_Wjc0lVDly(&l07- zLR0WE4lCCuksbjJaz4t3?N$4S6gPN)<1)-1S$^7XZjAY#1+pyqiL z(Kf`?V;hmuBZ*2G%{Z5&L8;XR#r4+`@;=1K?nG;{4XwXmayHQoTOi`J!e1+z`U?d!!aku-BnJNO}3+&wXPP z$J#q*T6wPHZ0qrpo`whRGS+g=fg^%5;-~_IyF5wMuo;c(gNr8KZt_^(Vx_pg9#5k7 zY`MK!b&9;61>8*&~`ocLSb{E8&MT1=J0^{sSQn&Y($_b~tTc{twaK||@u zlX=4nU0;8yU|L(<8A-39&T^&yy}ZtBPY|0%FlpHj5W=#r4AQ7RPSKEEA8F?`L1%;X zYmnBlwqQQKDEStz%LapQ%s@OGwZ(w{gm#w2ytc@t_uVh2(>ep<>jsPWGu`{=W~3_% zsLXoHuszXd&WmO0ll?Es&>7F5vZ!0HKy&Oa-^w;kDQc*AYkX<@OH`)WPm73i> zs<22q97=pRy;u*f0PoV7>pL8!H%=B^8#L;+cg7vA7!`u{`?>vMPtsNvdUKDX-&D)S zYJXC}7RQgsy!9(_VA3qkMWIQ9v6<5u zU!+x@t+Ulk=y1xfID1%R653uEn%|ELQ9Z-@!hKQCD_QlWvW(9x*K%VFTjw~Y#M75% zsN8UdnzSTYi}HP|b*|_P1``zaQP>a7Z)*c(aus7(Lf3bJZQ(NGt1lU+9!#=*7cgJ{Bt^1Hx?nYL zkCorTk?IR@#j_INzAZ3Eis#Hks9sA*^Dm=PI}P$V;>Dp+rO#;>Q&j8xInV<9` ziL-qM`Dq^l4)%N>!oZ5f0Y*V^17(a{Tfp?z=>gGFAIdsQ3bfQy{KYC-Zs?4f?*p67 za_S^JtWPMx>=&yvSN2wW$oAp7UAVTu=Jtq|H`ls-xo(H8vm@mP`6Zf#Y2x^*a#X0I^~V}BlbZ-nn`J+9be+aBx> z)B1}>WG6Xs**RzzG*=uuZzV-XJc|@7ww;wog$GHkx+uojQY|JeXjVy=t#pJ!KH9Zx~}h8=Mucb8Qbni)p>Dle2i8R43jv zJyP;xTpS8Et)SfI;)t}nh~p-gD$X=5w_aRkpl{{q)7|pS1uAN5g* z)`6CGCF_7piPvNz195WarwqJHJGI55zFC7yExCf=53AiKunv>&)+7jC8|?fkU5Tx5 zv9_u`f0`G)RXWHQvhahlwxrhYoN&opl$SS9N#pc%MR(B!Z=WrFUt&H}<0i9D)t{NI z1$WGrCXt6Cs-(ZBY*X^{=YX1=6}lwZO4_u!T)}>V6c*d(KI-0V84HjPu=jYF1sv?X z9%catd!L6{z`@?{VHR+(4|tdb9PEQ0W&vQjLyATc+(|jZWDyLyb2MGRviGl2!oe_E zKpeguTRTrMt=$=|OT*R#;qebaIBa2w)yF@qpqpjOM%yOXH{=W#^fMo#OoAEP?E#XJ zwcBXo6A&`1mM>n)d!y25zXRV$o1Dh!D@iV=-u34%Sb2nEt9^I8 zmB{o}L==~IuiVw*`b%*ez_O0GQeC6JI~zs5_238=a2hu144O=l8FaU#Td0qpQTb z6M%d`oY5;sK;qS8)2PE6zl{!fdo$c4OgUKZt zzn^Ht^ASD5@elKGEqdakrE>44a^HeT)(dJ;+-+>qx=zx1t)xW*mH4g~086c&>1tWJ)xtD%#Aq!aSTm7P$IL3$Ow16pcbXO4~Hf`UP9Va zNUs-?pcbXuNB&t=mDN>ea29p=g>s)bcE~ICyc&vT>zZPeQo|f0aa##lt*oT)X5S(1 zt0?_B+JSY+H-cb0ApOo1wT*!l^McQl-&dX{zoI#~l3?T%aW8x%Z`RMZ&`!&SmyxWw=-EO&9(CP3jo{3vo52if z`JS`N#tv5~srqu8ms;hm}afqa89W@G4?yq3q%%*Ee)C3!bD@{^6D zuGKd;3H(?N#$s~T;Jlq@A3vke4GJ>HSRz4Hv+?jP6nkD9=O1Jr_}6Ox>duVh&cCV_ z#*nwkk3HR~W7$+UknY>+$8V-_OQ(IB?v^XFqM^iNitwHG0`Z9k7z$b(PBvxs(Y%{R zDTblc*v;xMZ&StW1M0+srLM4-x&roJeZ8O-rEeNc{{D&lhHK%EL8sArYsTNdlTX|} z{+WW!=FM=^d}q#5JSLn>(%(?rf97$mTQYV(21>Pk`~i`H)z^yEjbasNTfqgDO`9&S zBk_%ipUFVM4wZWjpF68g@8G3{#Ri1~DCXwr5xVu`s9dI6K=}q40x>aQRq(_}y50 z19c4(GpuxbKZE!5^C%s?<9j_tq_l1`z|1JST2fj->}}3pP7Cfq zW;5)mkJg?-Wnpi$#CZB~@bFm_gdD z6ErU&o6L~H<-vYz5!-MwN&Mk$Q(Ei#TJI(`Hm(#&r2Q$O?TVmQS@M>Nn^Nzw?vMzz zQk^~pokc6>T6DT5vX#+cWD@izzeHrE4M6idwrq6*ikaISilbfA=H~<4uklyXKlaa- zDdu%9)BF&fl-V#$PLgje;)4nlGrbqlbjKYj7yHNNa&@(kKEiwQ1%7N3Oon`)$&n4L z4t)Tk%`Z?3CDAAE0msRm<3;pQrV`D*UGk0F-$c^u;4@ZeS)Tr@z)RmNE`LU4W~ckKkuXDJgCHlY z)cjJR@@lI=F7qtnXGD}sCGN6jRv&Iqr1_m$!{{uo`7r;nEcP3I8*GI`B-Fg$`*614 zNOLZVD=4(n|8B)${0sEwOiT5Re_1cl_?Prpl(gW(%tw4?owiqiyo-G`g&{DVR5boY zBV}hUGqSdI($TIYYoR?Ui_GS!26Qp|n}Owae_p&~^VqscxfB`u6_;zf%W3OUVW2L( zjV@C;SsNOY3`{=}mI#0)O&HX3jeCx%Ji`5oo?1Jx0JMO8)x#`cu=Hh0Ck1$LIB`z} z|J3(r56O!KwKQMzX)NIAeBHw=;9#3P%mNPfkcU|S7&=&v8#AyVADj^;myuIg8h7}B zn#wcw4WHHmMla!mbr$zcA7=rV*S9>(0uKLQgs-!J(s}yJ%#P-pXkE?wizb!`6N5&* zE_t;JU#0LBF8oS`U!!os=jfOps!t>c8l{e;t;Mu*@p~=HVbmC)Y z!dp*1%nx(2`xR!ETDN0oY$3gp)U7AktH_F_Z&z-t)IOhEfT5cUUt4i3Ji7CxbW$Bz zXK%XuBBRXTUHLD~C)lvu49%Y-&aUCZ6nw&hD;4ZrA?Th8qW=jh`{n@_Tud-|6}C=( zny7gq5u786IFVsX!n(iAAPYZ_aDNt7;TL9MjWT^%cuMIw zTj|_=X4c1xx_B8hDzlXHPV5D%i~f@jionyfA+Lq)cxhfpfiihtYeAFuZ5Euu5vRAB zZzEzBdEW}Tj#>CX-coGAkS6QwnN58r1lG{l%%;@2-Ln8l=;-8=6qGMpjj?-XS+aXz zHE6~TU!*8y8x=Wn_EKasE#vwxx^zhbg*ui{FI+TAxHt z>jkx_fh-eIC+UejUcI`Hg!zrqnTiLzfIpP3hC z)AVy4tNzY;VSoP7eZw`|*N-1B~f;v7XIz*YLyd8k%rNq0*7iy}MGYb9@vRWqvulg8Ru`u{O2^N?6F9hs%od3OZ$U1zSogQ|# zIQ%=DaDePt6wdD7t@hiE_yvdQXTazh-kMz5lk!sQKS`09`q)|Jp4etLp*Ee2Q(kvkx$5p9Wlm}Os(}#P zo{@`!UEUPTffj%747xuY4D5w?q_>noQkG3oxBkdo)~<_j@-oukSuff{$!1xD-1#)h z#1BfH=RS2FIbhZcYEj97^c$^4{O9BeZGJ+!k35?HO^IWD7;h-~Jjo}o2SkAy!p^hs zk-Uo;SK%JBGVB%_#qU99+&*e~}#no1?uUZmQk{Z2~g>5I^CVeu>0sSx>*IuuEA+#D5B+eu>Nx!xj$0`uKPF z@%CP=m|xj`mda=cJhf9<<+JF``zdmBw>|Q5=l7n8(ae1nwZ1Fr-{Xgo9#`MgGS3Nq z1npf^ha3KlhLeqfx>Bcf;E|Has@~Ekl+-2$V-lyGlbYMMb+VB@n#Hc8t%YL}{>VZ| z&ut4G<>cXl!UQ;Txj)Lt^#HfSpA$bI-)Y{C1e*^?j6`t$q}avu+g!HE z!9;1Rf5!59_>Vg)c7N!Uym18Rs?rjJ?-7H>zWeyXyiiwXO)h%3mAz_Jklh#1Q7IG} zI_6NQWMY+G3mvXhZN16DOZiwllV+fHV#y{Aq3W=kNls8~|Lk>*S+qqoz;%xTn1aSAzGvr_0mr zX&O@>b-mB2zux9idm+IdHOk2x*-aIW-;BBRXT}z4k_r+bKJ-ZA&lz%UziKi#cy@kV z2Xxmx#QL`H5MPA)DqN(GLX*X!U+`$rfz-RyE4!^(cUZ5S`D}J2z}p)fL7qs{R z)2Pm7)WkAluFElJ*4D{W!FEW8YjMovlr8D}wj+*n-5@gy=aZvKocHbb5@lld#B^=m ziEwu^A#EVzt0P@PIg(!@9Or{iZy`#z@UyT4&V;1&pNeI>-Oap|JoO=)GzvqFohO`m zlV#h>)3lv#+2NfPf$Z+hUE8|$ZQH4Ar*RV0j~l(sS?o03=kim?oH`4xuIZ>pYc=cX z%$9 zIh4OYpQ4^iu}ZVa_10x$Tx=Eg(6Z$Dl^3=nejpXNe_!;EA#Lv(htR_$W zd0)ss&d+JBBD-HS4t67t^C+8NgkC<3{ct2dnRBJTzwFukHImQO@Dw|~JvbU#=a<__ z$&Pn771eFIE4ovIU1xRTHd(+4>iw*R7vd&Hp4NA#70W@K^Pk@ZGe_SrVZz7uZxn+^f9f$Hi8cl z$HIp9RUFFejJ}Hhvo+XD=#Q+yu7oP?ZMXa>e@+)yu+-8`%n57hH|+O2{Kjd*WUlo! z%4!RL*-BT%t#q|#D_!lST^-109$A#uw+8S9G71IQZvUh*o$t!DV^*eo{g`{Y;6D8Z z+&jj*-0ilJg6ncK2T%W&sEL zgNIqb!T#uB7I3gXd6)$p?7uzC0>JhPli$OFvz}2PJ$z?Ds_PosgkLWc!sx9ahshrt zZdh7u!e!jN9xb&o=8}2Eb9>}wY>F`X9WPo=`y+LU2~|#{n%t;Fx|v>h8{U90sTr5@ zH`BAx8q0^2qJtEQXJJdo?5@t3vMko3@k*OG9B16dQgCE5S+Nu*C1kc0WE^3dOk!dx zS!T8wCrojT1L^K^9aC?A_Hwp>ll@;j%mTn(p)=lprYPY8TdXcG-tr;yZ0%$0uRfgx zNT+c}>uLIPbyWH=8r>-#RSR_s*$J2V##wXz#pLE}Hi(^r+yW2OJ$(O<&&vW(0roc! zvj8x);c~hMy^%C^@Qc!4lVy}X$#2p@iQIsyeL?hrhKi^@Fuy447N3^|l$YU-J>}sR zaC`;qu(I*k0>H{V>HImow|N{3xOAb1Spe7pst3s+s|Ssv^+kihwP6y%T1k+}R1s1a zaelrzKNV7JxyX+*eVV45nFL(-Y|5Zq-Ai-fkhhzEc9d*TXV&}{8qI=`UtyXvDwCtX zpdTezf%*W+w~%|fSVbsp3n;QuKFBEY^00uDQN_b7;9%_@W&sC_JNU z?>xiu_)2v-tB-crT@;Y;%YDsh6=nNld~2A-zPCF&JWm#IeAYe80uI*cVHR+(E)TN+ zu>S|^=RjXSEX2F|aecnq^KJoGo;e<70SBAwVHN;Z)&obfj$Beg&sP>sHzY^-e2>oZ zrT+UoEekmM{T^lkVD*JsJFN!$6V{(sf7_}f?#7Sr=u7Q7kY!VL1G$y$da{~qeRHw8 zJ~pJ~Ti0!#C@QC9e0|#Y^r;y{$#J02@Xum6n@n$!&Gy|I?^f`5Gvm3tI5b}Drr_>2 zQ1ypQ4{YtrX#wEKV;c{%fP-!8VHR+(#U5q>2V3G{7I3ibJj?>Xs4G`y7(owb<*$ry zFGS+c2*(t(3&57#h+#753bx1!V>*5ZPtyV}pB+8S0uHv+!z=*oyga{>dVHA^`Xal0 z)5)(F+}9TJ>ua7z?PTK1WVg)Iwt&m;SsrEq2cu=UG0OrDwv&fh0N8hYgSt!&>TN}X zvL!nP%yp{u)+bT&$rS{BBci?rJuM43`a>RO0btTiDwF>BwDA}u?7IOR-kDJ8RVK|D zKS%s+l-slOJ+brOIXn6upwdQsba<7F_+3RWxf~EvJXyGv_VhCY%Jm<8_xB>gZ--WP&fsufXP9G89R|G9VhwUAebH?Cp**aVR)Trk zo?c1TW#2(I@9^KvIMFX!CRc%oljBu9V3hXpY~L0v0E57G_Am@o2X;@^9i%soz_;K z3lI9s+8uuG!g%ss;2P!Bx*Jl-YZTG!vkh|jESQ2IK$9R8sZ-(~6vq>trw~*~oGs|}BcGbv=TL^RUeqNZ25%NAD zM^+y!&&FvJSdU+NwVU{K{6O>YMu&aBwNYhV_J73shxuv!jh~b?&y0q9-%kw0>7~%J zHMS_-zknnwX*I;^%!6$l5-WO1M@1%OF*EL;?ms!;2!G~jYkiL)_((|)?e|=?iSlLxqs!{vg4c8J|(QCFYsE<=UgMwFFxixQbL09^{ zp98=J-L;*z;`B$jb3lii-oVmL8DP?KLU9Vr>B9xVW03p!|A`DV^C{Ij_v3wKhv1(>DWTkAVL!Ka?S+~X^$`@8wc%x>3f>QH7EXwhc~=UoPdpF`VA zdqLvcpa+Vr`3iTszEe#vMj!DR_e<%8-L-0u%(bf9Z50wHjmri$4u934p(bHQeCVALsKf<6q$5bPsRF;i!uLM5f!uIqQBoh zm;E14fXsE_dYpQ)_JEYWo{gf*?3B}9b*U=8bP`F)b5aBJqCNz`8(bZ&&@}~ zILcicjemtOu_@Bu@QizVEoo`2_xpCgEgG!@B^mbZzQO1_n|6`i1M=NM&d+e1aLuR~ zCk76Hsh*jKMAx)>lbxjQ<%o-#Ye8?J`RnO0Ol4~QYgU-7fj*=XWsUNi3gaEuQiq2~1{d5Rn6Z?*aOe=!d5R}!SP>7i~vO=PR~VvS<80w3;7#%gU+LWmrio`Y(&)l zk7Tl!^BX01g3DTWm-!k0qeOSgJdX+IT_PKgXn#PMyoHza$5cjVg^%lK;FQT$>rd|? z;uyyBI%v$uuwn=V9obs9lijbMPIgC@WmmEFRn|ymlO2;M>t`L}EK1%92lK*8)Y`)s zE|$tOpK53DaS&N=n3Z19$4^iNnJ%3(Q!ZFw5=3OHo3@~}EK0vlm_j%;!f43=LILVGRrFj9*h&Au#M!8$16 zhR@3~rJqE$GU&zzJ5KEY_2C0^4qR=dKPA^m%Zu8Xldbom@rT@*%A~ZsXRZj%k)6#| z4Gty+YcQ;VX{N=Tg-r^B?ovm4;p1u(d!Qit(~wfNB7W-8R0v;uwUeP4-HjPBJPARI zgGu#CG>R!P=;)fr?(DCKhfHsLktWjoZmu_MDKsp$Q|BH5R|fY@!MI3Yo>-Qyrz}lb zC-$O5ens^?R8*@SF4qfcQOVH=ulWZ!D6NWyX$;b0maq_1^WFpfK7Q5(BbEZ!XxL*s zaNK3SrHY-&tHE1|kzyYQ9#U0d-9F0B-u%PZkeTJkZs>R&`vs?hVy|peZ(H*dY!!5G zAN1V9tA+OrdiEl`YGO}H6Q)&ocK5K!_K578aozBf)Kuc#RkPRK3qGY-yyVUCdewFF z8x(H6())cweh+OkYFyImmF5ix;Z)SS*^(0< z=CWK2UXBr8_}>{XAy4M^WW*2xhdncr~TBuPxs`Pus6b5v=pHI7>V_OyRQ zW5GgXl=!bvALjYvs9PdA}5$zgiVDt0Fyr5m$mm72Mg8*+o_FD-Y4VsnXp3kPbud!*=K@{ z^-|jP;KovCFGkngS^0ewPHyuovTcIy9&!A2tYEwPvj7qp<@=A{CP5|nA;0Rwo%woO z-Um-XqS@RbNR%viCnknm`^JFBYv`6)prWt>5qj}86UCkE}!A3=fMK-0Bmm$ zvjDJF;h0iHwz)Yu27Rf!zBA)ul2f5!mOZF9U>`nEBTG7${ z9Khdwp!qafIvD(C%i`ZlviLAzSE!dwE>xUeNfFGi7pE^L=t`M=%2g({OZI(|xhRL0 z-ijEUn&=#U@iUV2s}Id2jqrYl@a)3`j{4QBGL;>*{tF(~J&j27xq2bf0|K0U!SX_; zjQ5lDW&Wvzvc9~A%nFh3HI9l)5#Ttb=%qR-n*)e&iUOsgHbmRFRzWR^mY;s%Wu=@;-0|U zcx%26iD!PQIgL4ejn0jYImvf0w#dhrzQKJ-CA;c+Zey#pYFk_Jo^mL;Zr@<+ncrxn z{X*%nI}zsh=sL}MPj6#>x{yHMewv9l<~Mf{2aA9#Ys{bD>n;_~UKj71GEvGRtUfFP zQUl=c{4RH7vu8^my*N9v8AE;vXjqqqLXR%Jf6D)X^b zqu=Vmu|_KnLuz(gNzXda&x=qu&evKLy zSW+;Ru!M3nKLO1F`xAc9T z5*B}XJ6o^PnqxD%{(Qa=)!TfVAU43@Y(Ac9feeoz11;OON}xpnooE{+OzD`>fP9 zaXl8}L+Sj|8YV$FV{Ajc9~eYWd5@BA%`EARe0Gem3SMvBc0NS?EpACD9l#N-;*R>q z)Z9#AFaQSXC7MF5JC|RgQv(iql4?Goc}yfi!M8D zZKs%nG=ir<9sj4vSN<#H`vNkVS-vZY@$&sD#WDG&At5~KU*=JDZ7n&RaA`*2C4GR> z$H{iYMr+?s7=f!$ioW1UAgnDmqP3Dx?-qSQ zv3VbixPz{4p*7u)%$&oXZpfL8tkeQqP1W5&35J`JZs+R95caovOv6^c)0Hw^M7K&FJiY}Sjl(_60>E_t-@ZKA9#)in$uW7^3txlnOQad-zJtod zvuVP~&g4{>+L_<1+w8^H{x9g|9~?R$&zCHc-9)`T`_`3e(|_wqw+wRta%Wh`zFhUF zxiuzzxys1_IU}4&U*>l89|ng7OD}QrxB?Zn~$t0Cs|SO*{}ntl6)2o>>{cui@8JH zuBTPAak*g8jmCERW(1c_rm;3q-z7$D8L7lgHiX|st8>tdN}YA4G}g~4u#bhEr8%89 zMsI0UhuN9~fBN)Bl=c(SMF^#0;PO&Av=yk`N-~E}0H?hm9wSSfwrw`t_NLF?r@ARR z@avDIS6k!F@;-BlAiu!7wgY{QCpGgGJ<4LuN40bdFSWECPSOve zv!>mb=f6{BHNx_i*~4xf1D&-OsRx&-L2j>*^ipTAl=6I7_1>#}O}i7p!n@MPZby1G z6O6X)__9NzH`&|M=m>U)hW<)bG}Xq_c7aOsCz8%D;7d&GVFV=0!iFt(u3hQIX!ip_ z%d|H7_6VY!~*e!g1iJ#WX_^HS1 zg=+W|PP{CdI7(SScfAEpOb&*D=5vk5Y8Lo6XMz7_D*TLW(lYU&ZXs4DPSlAt#vbGA z+yYkTV@C`2(a5UTEi*SqPNH$KA1k(xwI#=qy7fZL#C5Eo8oI{!V?8YkI9kVfm<1f{ zcn`Axu!FeyotxqJMeDa4zu7rK#tM#aipQ1;5(t@X~H+enQ z9-wOMFCTAh@Ftc%H7O*3B&dEnpIc;v@|{C86Do_ol{HM2 zVt*Fn`*>c@&cz+OJt}Vo?AAK?R6xmF%6C$Bhx)RNCAk%{6dxo-eg#2^$qk=F5$X(k zAz$o!BNC^3h*o6Y&Co`{?v8XGsvkF|W?PJ+wp7$UzukP$Jxud#(ZZHe+{H;+{7+KK zXL~Z5--Hb=(plW$Rx^A8@13{ru-d|gw&ec`<+_YaZ1v`5x8yYWLyoaqVaT^)IiKp= zgUc4W^##5OF>Vb(g0MbX3ziUO{@4h&(HQq4SYvnD^z991gVE0JQr*yglDickEimrs zaWF1P&tPL5V07)w0uJw;9`E0ByyRUT_U;09nTK6o!0z?1`!d)W6K9Y`ICdt#7bbgB zH8#Iv|6|4O%>0td6d97;h@(B#+QxjrxKiZ%eO@PWw7nO2el1}9j-Bmc7H}|>rYn~P z9PAtqvw(xK-_zk)z`@w)>tGfDhTc@4Ps}!}IK6o(M(TS6+*Y%AnFh`3YIYmbIn_;q z>G$hM4*K?qO#>561640KhpoL3%J})jhAnN^7{5S4zjNWmmP+d(9l?Fze+7B9Cz~*z z!ZF3U+4BA5>Ml!{-su~RnmsUMAEnj>c%rzpGyCSDa%!I+Y9oGqv={Vn%s`85eRpY> z_Da`lu})otNn0Z zFyxQaqcf_eS9j(ktnwaMF%*oToR5Vcj zn%(for#Fpahak2J{v_=Y+wV~4PtY2p1o?|{9TocpU4GivekK`?Yz?M!F5~i)Te&N& z)@%mSZF}>3^PQNgv%#>B`N_?&qcJ;?&(y{P&DmUg9c%e^Y5}OzcGq~A1%PRvx;&7- zQoBnuQ-&MV#KKSg?i)gkb?|e9>s^w%F z7>-7qUPstnAuG34afNI--nqHoh)tJW8vFN!bfoLrQ2@C~8a#l_XEBibGmCUW7XR5u&l!$Ed| z>_;Y%E!idKi7fSeji+e=qnT*zu)Lqj^G-C77%W!6;n_SB8rOOn79j56u&+N_WD~fG zO%X^ynY12hG`e#dW3TaPEnsxVHh7o?fE^G(k@pX8FgsOqiD2!JTT+$ z6lXJ+d}xOwa_bw{`Ft$k^1j}~EC5XQ%OO1Vm-`R4ImNe_e42kq4hp@DwXYqHm*~-+ z?7$;yCB?XC)gakuS=IO#b|&BLJxocb$ovM+rv>1RezlJ3T9dL7-{Fqk=y5Cnj`kh* ztk~AZ4V5P!^2%eqOn>%?9f6dRUC5a5kqYl>;beav$({~=l;FF&@X-oCPmvs2P@-c5 z7Ig$Mz)lvbCb^gHOZTpU^A0?D|jj-1$7x z<5l!bcI>?IveP<0U$u22VVg}RyVlPrl4Xsr0BEXBp7r4!$%tE22-_AvK3S;1bnx$9thxbx)#sOT>* zU(q&jUpeXDKW|!**|U-t`4ojsl#}Jm<-3%?341ah)cvKI^qLR!LEMB_2!;mT!*@TL zjYM&SQT*hCk_FJ*j9LB5Z69LtS zEjH_ew|bZb;2(W?n}=Dz!CvQK7I3iJJdcz|nbw zhgkrazT>u;=U-{Z;h6g6=$CnQEo^c5hHg!2CxPvTZf8NTwy_*;N~6vg*zpKU1vK1G z(KMT-E4-OHKxu>otv}GFJNqtRK}N6X>C{s8byRylgLkGB>7UdsJ`EYCIZDXe=Co>k z>64%>8#W8CbtXw2wv|eCpnCghI3|TNx=iUQwWdU8wc0w(r%=LGpM%-JL?Woh4Nu(R%+4$t<1cj2^oA&9kV zdJd2OkGVI2&#S2Z|8MW}p>{(UviojJ45 zoH=vm%$YOE>z(^pxsQ|Ebi$nw#U%?9tuC$O`DxovO8%g6DVMbmGz2t?aiy9o!9*DA zg`c`@MZ;Kz;p#l6P+VtNaZ3 zq&Vl)%(xsbGmbB^K`}3-$fZ}9?e~f;IXVD#7Xr-cO#M-A{o2xQ`j!$I1lt5Xy9Il3 zuE_ng`N5kr`|eS&i-P%=tvUN`o_6B>TWdrs6qi1`eY(Q@sj%Z!#;(!KQwDyVrL%o3 z-r4zhy$o;rczG6Ks-oQE-M!7csI_mQgst6*Xp+fP@^`knY`yBu$F8~8YuRlS?z=b? zY@Q_W7iOhRE+rf)K+=TerQ{^WW^mRH8=B{2JamMGmy%QPNrNXrZ0ey)v3$ z(-~b91D%^4e2Ook#~fesOUoHsoug3MFhx2TzonHWulqEQJUl9uCyjdtJ>tjxv9-tD z?t7yHcQBdx%SfV7;izVKN}=K(uqv%8+hsAm!=7y+{M%?d1WS*1xWda!!5*uEMWQ*n z7qXuk$-gP)LW(z&=VCeD!y2Xukv3Ad)Y=MmYfIhkP$>WK{yW;nb>uPwLdpw+J+jJx zUuXyFU@*LY<96Ww2K-_>a0dh4*$!M}z%R7}jY+xx%WXirETej}_Y@Vib1?cTK*O(l z{JnH{QRm|sQ1brIrj)o%=R;8~zNa~J$FBtyPC@n4^Fj^T<62!r%VIC zaT@re)4&%TF?IfjO#{Dh8u)$Fz-J#hb^d!z13z;b_$|}G|1u4H)1#&?_mFAeXG{bC z$TaYWrh#+kY0B|BX&U&=)4+c-4SdVjO`ZRN)4(UDfv=th{;g@?Gu^&-KUr}~mZ57Qn zp8L}?j@gYy6+hRbJzgQUV_JI~)A}eyG%BUBZ<56AOieg}TEl5@lkt)CEDub7OxNF6 z(~|fo05R+@N88CtV)QK+FC4nt-rV-F3(_6_B_DS|I;wIKeL8W`Z?gN(PdYt_j^h1i z-Wao2dF>%UcVoP4LIEsARaHX4VwBU5xFgu~@l-!zAXt8&>p$u9h+i5m;zPd2FQwc5 z8?x@o*xK)BAgR>8UmRa(3gs#Kqj`e1%u=E}eb7Lj(OjKMXnGf0Pu#Mqnp+BtyY91wDY zc@>b8;!%F%Gx^buQSD#Ace(17+)?}`+L!GUtHJT4S&{cy z^LVP)9OuX3l<&9Z4FcbigOhP`tPjm3HFhp=H;~*-@bzNpXV%_?xb26-`|X1HuXf{h zmlw!PE;vliBDa#eBvp!E2j*q_mwB8QY{*>Mm3p_n=;z8q`CQRB6(_ZyE6w}Wh~j)v z8owETNMQ#oN!vZejQOmeF+Y6X8FTypuVxH%1{q8kd^yz-P7t(Lr% zYIN7e&t+4cpsrp|P)rBVQx8p!tryShAr>@L!DJXu8R~b3#`0~XjM<(o>8_eq!HEa; z@MQ0?0G!;bF>vC+J&mxtk&KWG%JDUh<9a%~JFT$R-^j41tG{PvIoXn&dS;oytL|BL z-3BumUEMS7v53m3nuY2cLV}Lu@1*MMnb}RaEc3~D#u|NQISJgComOYNDGsu#T0+wN zgYj~s5CFk_!jr*OrSsbA>YGA8}c>f z2D;U)DJf<6DUfC^Ebt1qVXB*|XSpIP&%Kw&FBwKUSf?7~~94I*ckwT;& zDAEOrB&Y?&koP6yA1y?BK#?v~Btb1GraDW;KURqJLq)nskp#6Mu{BG2s*g#ei?sM4 z(_Fjsgq`Lfa5CFFn5U^Jtcrtg(4E@0}63U>zndYgX|wz5Vo2})+Ds$`u#u%^r< zQpeBrHan9Pqr*!+!C1-k!iHqTk?XiB>e3{aP}}5Eey%lZ1L3ltM6#h-PcJRIc669+ zl~L8fuPb^Xt$Cr!09&Ys2TNDCnO}1+FEkyUMezifAw#Cg**MU`bPq6B%nSyIWj%{V zEA@mI5D&Z$?umb0-Y2L*^Y*+N`5Vj>f(=^wGiOfIymuw;MQMhXQR@(TwRGN*(>;RX7qMG$vfmu-pMcb*x$vc zzjYHNaXQL2* zMA0m1B{{1QcjMq0;=V_5J>tzgmBHG8pLTp45qPf*+OyF z@({pFPpH@^U3$VnY5y3!n}nX$#qBG>& z`38Jl);}VFu7{+mORZhIU3W-NS6G~)Po>sPb@(V9Q{6|rnZC232NU{RH&T;EC7*j!EV$`BwESiT>kX!SW{25m z{Itfx^{$)u5pVx0+sI@VnAEh4gIOx^*xSTc><_%lSz*D~wpM)0~*Qv9w3_ffgK|KHYiegIEklU+zIMGs^v0ZU(3iS3h- z%u4N`M!9zIdSMv#S@g0+uqA9^XW!P}spKcHDSzDF&I`zv3)ktGh(-7pW8wy&x6t`h zbhBv#x!3B&<~c16BY`JKb6>2GqYzQwiOI)>SUJ0r$$&%I^~^;? zq3MdH`W)dKQ&gFvwk~RXdjTojn%)Rf9q)NtpDQ~J0oM%DzS`|y*TLU->}?LIc;gt? zF1{2mqeo7AtC&@1gxjlv+(m+-DoB-Q7tl2e*7S_;1~QL)fC>zDwmw1kEo>e`34QS= z&E3S^@7?F)9`J4vsyW_$Bk;N2eJk#H-hC(T4ZQma+#7oLbGSG1?zzq2)WMqfES9J4 zJ^RViFwdHv3Dwe9w#IWJH&eM`Z9==tyLa;G;7_|I(eKUp6Wx!-_<{f<4)8?*?i65i2l$czUlw3M08>A#x)Jm$J5ua)8`_ZGlUpLo+L z+Jwnhl;2(aQ2JNp{+e@tUGBS``yRRPb?$G-y)8u$|310D>EPdz``ga_9l5{j-1p1< zJ?H+u+&^&c2ju>tb3Z8ekDU7qk^O+>= zzbLzn*Y0gLS}BO#1>CINAM11P89=$WCX2ALW~0k~B;jr4dVMa|&ze5{Cbv=x6X=jc z;$p|RU={Gb{%ncz`@?c@6cM-_@*mYlbF2@o7~@GQVfBhq^@^j8Y*hOX>a0@pWxuJw zCFMo>GV8W(|5Rm;NP=HVxiL7jHZCoBmSI8`|{*kX6k4_Vhcz*41qugzJIQ@&=yOG8}3po5~bZ$w>e&dsHW}~3J`#f|Gb;0qjX4U z(82m4tv{(`&OY%-d8bMZr(4}=Q{=Oe?0B; zuHbCi_Qzr$ZJtfc((vmDELorQEq@K}!DY@z4;^G(#M=93ddl6fl2{DtCP2Rl^Sq#P z&{v#2x`ZMQidbhp{cfjS8Sl=x>Hd<|u0Ky#r`Hmg)=7sPQ`PA&S)H^@QYQh{r8Ygp zbG30eG%FCV_utdi<-|f=4#(|#10Fi#@((!wqvUJ;jhtVVG5_Ft4xqX?zL4>#Fs6 zRmIh{ey^Ljy5Mc-f`DPPo|!!GWI*^ICor{>1SUBuKCl8Yiw`t zIKB40y`9w>?OH!b{Jvf?!2Kwtk@rb&bN*>5ea{ZImuH}CUwmW+;;g&%cXiSm+d9eN ztkak0zFv+W1+!98-S_t#a{6lY%cYw&T{_Ms{O$U-bo035^L5(OO*(&m)I6VxdTQy3 ziHPtdViJFwA@H=V`BZ*RRI+oE^gv0GY(wb*X@X0$BK#t&Z0Q!Hh{iueJu7yoRdDv13@t7ZJ+T@Z zOKK6smbwb0Cnatk9)cRf-n87NT`05c``}v~tPSTSEa0N&TF^EWjO0qY zP=Wh$A6J0x?3shH+r=3_W$PX#yYb`Jhsb!Kg^ZyIx#sS;H&Ki7u8go2$>Xa<9=&XG z_Lh)k#Jp483o5O=4!#Ln3;pC8*;A{@rDzWfJin=hOx~5tni|1x$YS#sx}I-RJM>}mnE-+xxE-40i~wodSB+YKpe?H^4$ek{*Pr#Xr`q~i#qDJ>#HWyhW1T?j z%Ei}%(y$JXvr@QjKp?42Zf*)WmrzcYxrs(-fb=gLm;*rvxBt$r44;vKK!8tx2_fgN zTK*T6#y%-;$Jot$a{k2DwrcQaqEG}jgIZtn%0Q1Hv8s&fHy!Y+vdnusTVEntSFJSm zFcDf`!DGkfV~^mijS9GO1sK5L5t~(86nbr;V&_^1hsJ)K$J<%)P=IjB7OtsOiO^b~ z9vpj=Sly8+Es{?}SfeeBQ?@nHUD9Q-=+@w>88@n}iM}j&AK7$Pto?2Z!0r{_rT`qkfaxD<6nUVT&(@2KJg#;O$!x2!hHP{_0T=nTlB@Y z#F!ju9N?c$;c^tE+Z%6&PtK97_#F@#MCn?rlHi`P1w=;~Zqk%B~1<=*e z93!AG_Wg8~XhX^;ZGxNI?)kl$0wKW4%x_5D#_Nc8QyQ+0PL-wkAIgselN#kF_FC3>rUDb##yuCt(kPCcs|6)OmwfogpJV><-2fU z5HAppabHGrh- z-v-B|>f;25@z2RQ;o-hIx>@%KMd#vy;gj_c=n+JD-A+I}Vc_uG#IDcD!-|DJFEFRlIhoud8s`S$;; zz5U}XAK7sKS)vZA zo#_t_q~8vp-+Jr4jj*)=%^ed>bXj#)2bU)s0yE7sj{HpXtVU|-C9Fg~J;SbWYVtmkc2-9o!ZWySPn8S#B8ezVZbJ0HGQ(8!7aO!kdDY;)VoNOl3YWB;(epz1wMZ9^6R0(wH_*h-Z1|stwxpiUja{w0 zp;{#wSJ{Vsobr!e_kJigK&wr%1wW0U?X49{adY}%1r_T*Kqy!5C&PQh>0Cb~hzrHns18|=> zO@1ajajCI^tC>|Ekp@g#hTG7VMQvr2?V`J%qq56!Bxz2fjIxEGqWRIjN)EwhAXG`*(@j}FCyLW=98h@0(FTC zDC3qp>~q=sb*?O@)5MmjIA=?V`oyHt=rk2dOUFqBbM0|5V_+WKYu(*XVXmB7uor1g zoo1XQfGV$@;Va7f`#KjpqMTeP6i~hgh8Rs_fv=~p>qQ!4%|T}iw5jqOsS=*Mw_+p1 zbFPoXRbnHo(mCMLrwz^94$s)f+kEc~HeTv*dT#4g6t)Ul*J*cuVCCqyY&3jj(q5WB zWiR=vy4QQ!&@S1II(i+jTCjrDZ&LmyjjRvNQEtv`K&ia2|Dg3kyK7T%w`^P^elkTP zTpKFEl4Y(9SXQ@!>>-=9|7^e)X}D-xXnM~Wlk4tlJ#0)K*?+~HIVP{1U)PmwwjQ_Y0ZD&Q>UC{)! zpx*IE3lVlvggq2NPz#FRqFf#;MA}u6_EaQ6EvR=KIa1d2-4tOjMG(}2;t6u`G;wKw z4oz@2^C08Z&d(ULk}=LBTER-jPh(Pe2tGUL?`__wSf*8&adhDsDMyEWX`QfOTF-JA z!#)<)@GOh5FUws{9*1vSXbJ?2N+y4Z`>81b=ukxQ9Or&Q?s?Ar3%NIxI~-MhBjOjr zQDv9xP5Yc_D+@~Y!9T{KY?-+F#4+i{zKW}yJV`zy+tG?~&3P9dp7|x*$xBH#g1mri zl`7d6|FF(zy#HnR@4tj)-}VnH*hvJv4Fq04hCrd9?~2+_W&avdW%<`e<*c3g8-6YS z;jNWlZB&3!Nu_$-_5rEXquQrQDuvemPa#%gs?^YRia-7{oGC%tlg5}-YeG;9>di!3 zkENNQxt?cosAcj*A(OqbOavX*Pj9xv*;|3C2@2tPCOU~=fYgEU62H@^bPRoPWgN{2kVB2X>c_=q|6&nv2EPK{E5Bn(R-Ccw+!V3oM1k*F?pB zs9!<2p-q}D-b#^)i!!j*WA+D}C^R3MVctnh{t_D^d_*i^}cv1337o_D*N4J zOSg{FE+H!KLG%azpfHqE@_C%^xx#oOvKdAJ21#1HP+1lP|F9mBiDBp2+@9Nr$`yNS zcLe#7w=;b%BkhES9L$sw@zYLd$ZHU>HnDmMZgq7|d39AA>bgH6w%Iu>uEC8Sg1&eQ zV)rHoFpT!tt3#ADAbBP5$JB2a#(4vU&dE)8xnfbKNsGjES6R9>tTWLnj{!_h(FNYq zyY-%6YxZEgr`Iq&qs!?VTEC@Qk0P-3Y~wL$dm+U?nW8dzm@lZ7mgCR#D~=aa?tOj1 zX3)1R?{~H3UH-q4_miIJyow$fwyEbTAC8KSnUa^(^_|x@%#L5+Jr4*IOID$-p{~Q# z7x!voAbWE6^Szq-wq8xfY_40&l93i#qeS0D=a@) zXdO%twyl~IMe&@~adhION6ortOqPd#0Dj*v%G2v$e5 z`uz|DGp^GZ zx_0$8ugaFPaq)v8?DSETWQq_D;=1*;oydD(BRQJDO8v2o$OmjX2yDtucc>EmpDBhE zq@yXWE(`{D3pRQP?>^zEX#VKU{FIW{k?G>#BV~J_+=pnz;AKOFc!&-wJS4cdy}<{ZaCID#kMbISEK`sp!E);OVfA@_5WdB=k-Pc&(?WiGC_iKU1Rd8;e75p?t2j5>Wb0gey_ToSJidLC z{UNOsEyl)mxuc^sSV;ktEg8oteDyCow9Fs%%-GZS zygB7EOZJjDQ#O7TEJ^c+3NVfo>&AMo=U|G84-isy#0TImg-{#y?5Q-`o)%9R4bM0H zoNlr6adS`)*4JO8FmnLY-gFkKzJxHHvhk06CGFVp*k>G{{DHmF%jWY^S+M{gYtg-hdw3UFuKR{#^yiisF} z`U(^yr~+g~j`gJXhV1iwU zca+PFh4%I|9y6j@;S%B)V|yBfgtCdS^8Ipjb$3~vyRo#mtr~YRNGp$YI1_H}M%|q~ zGu?Ia1`bLMx@Uq@F{!a)e%O;vMIRaEjKhzgp{nz5Vn){`GnQ-*Nf6#G1M-z3?&KHr zO35zN$?ObsYyknNo3d$sp-8wp54p%(_CH@E53l?2GO{f4uv4IPsh}DcA4qGO`}C(% z(S$)Ry}w*mviGyNTzQ0vzu{aCqh}jK*HTb4aKtb=6YMtMO{1~wJrfUa4$(RAI&SM3 z?=PRRg{CmUOuB%UHQW`IxoNJ+c?Q&8Bw`2R%Sz5SsATieMj7xz0}5}W!SyoeMFvIN zC~y+DN`4VN<->FPr`^HZi1>}E`<|EO$*W|~qH(ctw%S`UHQ&zGk$Adl)r5<85f(;I z)@S~`9ddH%?@^~#NdzNm zJpctx-U#(WWM-e%!$LlDmRk4IvCiEnuVkgs0CZ84N?)}#S7A+3R+5%28J=Es1qfq; zA5uofJLNi=8Lm7FA&9{%UMKdFL{UgDN%TszW&)$r>(QF0t5mI-Oxn-a@2)Lbv{~Z# z@-SE$?BH!-YA(Q;1&p>D0L33< zp@qS;1%PWDc7!DHZs(9Tx;!O}yQ@-z*p(SOBaBXsf9cPy6>U2FVf=C;xl4G)>N`sA zz{c%Z25z2t<5Q*hP}0PwGyFmbJAxEBMq$pGJAx+9*DPPg&uNV247*2esq9)3R4{^; z3=Y^jQi-&2|+C=-WUW(UJNYcR(LhOgqjW=Y}pO>=DGSeJkr_z3aV9@?XD>Q4w4&J z`eNl*Q%1TjIYK%1=&qZqgTZEdxIMGq3eB!@RJVDtz14d9{5tPsfN-Tmxgn3&J*gfyxsxQ*LPrhcPLcHWDh>%NO zN}iTm>8Zy*ard3LlctgLoPc&w5X_hG-fpnQuP0(DSwlQF-C=wT-m={*F2lARr(6uy zccQm#KkXFv=O9M~i!aJ#AHPa@GjmWd{2Hv0%kHea2pm$=?TTmb z12DL9NAaHsZ2g5F%64?e=_-@8TZCT-+kNbdC^0#e8hCQ*`?{fff?5E;lMT%_J6cXT zp6q{SO4LiqO6W#%IzP@ymgJVa34m+A1IM>8nO$3lH3gm1r#^$o-X6lPgt1P(8OZ#O z6~V*`v0y&hDuAYfRq(SHS8;zQ)sQy!Yvw-2Z<=D16oqvn;Ptl+jth2u#OCAdwch~A z@t@ZwtsQ5QgKtOt>AVS>s0`NzyR@B*Sv(D8DH+G@n&aHbTk>l7eL`n&I60uWmG^1> zhHDs~L_RCUL-Hu2aUshf*Q?wUtL~w3$4NxSe)*RNDrV{~ePKYoAj3J1AJ`zc9Y5MD z-6gxDh=n*!PtK#E%t7oy$l*Rp&HUO-rfF2a8PVFrHx0RixnGxJb8vSeDq*k3p@Ps!6{`QJ9le~$Oh;{Zroff9Y${HbbiE+LEh z>yK4|F6yfrZQ&f6HBSF#&km}9W^C{3QA*Bp8I5>` zEZ6eL%6*3m&+~kz0Vb9EE&=m6S6ZAxx$hRBt=y|DO0itaBP;hkEtVIpsn2ZS(IYAmPc0Z`(1dR=XC~{RPF}^%;T)KIE8Yr7oe@&8!Sq(T+3q~ zTM5yG4)8Jl1as0BgI>Z;F{9qsPq+HVCRe!Hcfk2g$v46R|Z%q$@Z1 zPXYfg{^quxvsxja)sgYyRq6aLHGiks2hUb--AL`no=fMu9La}VcWJ(x|E5X)4^Q%c zWE#I@9w*W#75cZY^-*FWn`nKEZ}M?|7I7ov6S=3q^~u~bxU6+^=Id*H3U{Nzd*!#_ zV1M9}Yll$p@ATB8)2N3o#Je$iWzcnGP_1i>O16r|w-TM;;P8@N?sLm#{28DwXaVMW zZ}V}aYpG38gSumskzLdbq_t%<_Fas0P0(*=e!YECzoL>bsb5`;V!xuQFh#$%$5X$e#xPx7 zEpoA6+1gEq0~VyZ-Z81Js76extBX;rD+ldU)U`dH>dN{1bal1J|J%B5vJQ1!xQ=z@ zIi7!6*Ztyuig0Rg(97l1{}I8-b;a^ShLrS-b%dGj@w~13g2Um#Hdi_69{IM#P$qy& zas~ceD3hhKp|991)_3A7->@FQ2O;ah_=pT8ies1Lbg zKNs(ANfpX~<2nUp1?tJ}x;@ZT^@R*q&4~AAth(o! zy8`v1{uSQe{1(wCjcj!y1$B(?#_;J>k7qd-352%y`i_clEqu` zYu5`G^B!%yP(CZ08w?^Oz?KQNjeb7w2nTs`)Z}C(=Aa*RMya&|eZ=m*6J4S@kKV)f z*H4VUU(~j!t)+40c)qx8b!Y3Lx{LogfjXh!Slm-R zk_}2W@_lEe<5aSnn(NIdxn59C^)lMFQC#Nf`p(BR54z&rI+6Mp)i z@?hq^!EATFQe~)vUU)|?7<%G%OefN-Hc{$+B2`?(TNBi@)_SBvCq+R|C6_Q~qz4)kWl z#2Gw%N&K!Txr#YtfYR+E|dHLk=z-ObG%;bu=X8>=Ox zQH1gdJ(b5Q)|7oIB18MP}VU+34f?mVEiJLM$M$t=b_xEqynvZs1` z;pn}1`wtq^Cp6Ds{k6ughcTz$b=S`LOp16^Jf3*KFsKHveSO-_3eu?{;5b0{ZSQlL zk9||wE$nnvE5+Z!o9sb>PG1jAnQsGWeTN?;3vXkvyR4w9D+mFQE2lqLvP)V{N3bd7 zysFq{mvK4Si<}$9nx?jUt3eMYmPp2Uxb&}?D*fK;l0FI`q5;R||7oAMSCG8YzTEaD zX&r09tATUkKdFr5es$pY_-UAN63(2ykB5`+eW*IVAK*h7AKGqqCN@Ov$k~}F7HZ?i zdKCt9f{jN4MYgfr{bjEFeL@|#)yITMerprl7mm+_1g46dFQvHF4+)Aj4C8UQhCN_@snn_uQL3RG8EK;;&Z@!LdD>SMyGwxR zGM`@uX5@5=Vlk9MS;<3`wa5jRl85mWd&p6GH!kyoO?FMo>Ie>_J;$o7cr&KF$<=J# zwRLmK(jFmiV_(w3ehi>tL)6>ex^$|$au)=P_f5+!n~n<--G8H8HSqcKpS^9Gf8Fda za+WaVIIUM0rWzMrhEn=ZT3Ym7WZyaQYn}pPx|ift?y)K`B0vLgEc!dVFHt#b&_@ID*M>@#d_E zk~roiz414z97b-W9QxypNL??T_9|Y3Po7f#Hv))~pHhm)L3ozutFL6elH0BrL7 zEy4$A_x<-nSWN9PIi1g5%^k;L zzG@oy-P6GTJ`H@^w@#h^;nTq1IT=28yf>}4IsVl+L2`pLr|##hhaJx~H$dejKyPQt zF-f*X`%ld6&p;Dr$*?ihLxR$2@c-yOBoPr#LmeeVN#_EP&h(z1p?Hqg-vIhGZ=)^J zBdZTT0JM}WBS9%ak1dM(81VSzFqnn2>-Yo)#JD!IlocO~*LEi0($!>O;VymhH0g&I zwgXGaEV53XQr7G7)6-GKX2xE?Y6+*4QGB6D$VI9tI!^A|M(a&fbYTz2DJ0;?|BSYJ z+q%&P{Uxml%|K#&8yn3G%N>rTGCFwrehr#z$(VzRN}i~*^?PxjD_lmSg}27`#yh3{ zP(d9dS$Eqp43H+`f#ez``_m>zOI{*wB5Gm-{M0DfPheQ}dU7_dXk{;HIJ-A?x%p2B z`jY2Q@;*=TPWw}hwEksF%zGHoNjvs@MankYZ)UQE<(03am16_oZn{(%?F66ar1)$O z@&`6Ig_#4G!|^!aLRNq#;R`hWB01praTL;eit9Ys0!coo`F#=eWb98&t1v!Yv;#DR z-mn@+ot06+<6W5E?8ih6k|&wU>}bD5y&+h?l8<3p`6RiUO@d1m&=KFxH1Cd9(jUA! zhq8~>IFx;!vQdkYKdYcU$QCXwK7a~1F|*Wu`k)*NUX3!32DwlxLSSmpp5(EHC_&xD zX}$IE`V{JusGEQhE-~I+$$iLZ-56q;<~JEn=o&Mb}ie7@q52ARJ)t_lz6(l|qKGKQp$KQT+}-M~g$}?(dDqG&)Z) zw4K(0)#Pd1T%FON*7}p@2zGG|C2GbJc|EirOreK1s+r*~<(e~jlmQ<(gCeu7=C9LU zts~d-72&0mye5bMv^8P`RTp8JN3p)i)d2&W8UXc=*KW z$DS9w_)fQ<581Qr`0};KOnTdksMyCDGu|2eBkj=b7i7U@Zom9ZpYqs0^ywHwTFgyj zx8}`bJ%0=7IC@LxyV$kjn&uEcl?}fO6K>Pp?kcVH#C?D)%C@0Nr_I-)jEx~l-wN}{ z&F+-d%;@6g+q$-jcie##pQ3IVJ%88KEEHoacw=vX70(3^``8;3vNAbX0 z5_Ib{dAa0uOJ1^tqg|ew(&+qrexAsu=;#J19W@7KI6B%9ydL*$dB6T&sNdGdN=s0*C*2u9z>WBT6`FvOoxKQc#DWeDi%Zm>T?OR%* zS}un1Gbm$;L9MxF5>NbJEx3;0FTP;?Y5ZRp#aBYvhGU9~n%kX2+x~~?ocv8c#`EZf&oR&`H4M=jmEsgk{;9BLmy5U9^*HEM{ z9Mupd4~aO}35(ChWk*HvS-1*Yj!OJj`h>mAU--oDpwsM>Kr4h6Mja0fSIMDPa&`+v z(?^8{tg@GJR8vi!BcV&4@RCt90^{io{r+q_*6DI`IZ!^A@VWSU&@s7&MY`1b9sX5r z09X->(~CUyX5(V$ReX;ypOa6PhPR=NVjBnXI~K@u`yydJ!Y^p>V%_9p`w`@{2XQvE zXUe%S^W1fr3!9Jub750H`CO=TVGw$@P?>A*V-D(qZiwQ$6@Yq(Kez|@H(oGY`XLZ)rOEV8I?LJuJjD2A>qJ5KwXnP1N&Gd!m81BSlFw2farbq* zMWkD2qFT^1|0;lwye*N#;m!1GJMtKTgfseDD)@b5eb#!%W4&M#hW^LYul0ARkS;0L zD==o!s6K@)Q5CQ2d)pHEaBV=GnXWnX+V~-9_&UPD@F!;^aGty3d-`D1CB+gA6Z*gtaZhel`sJfE> zGfPe<^W1pM&@9oGYZdg(Z@ECXKC{kP%kP!y{=4>G?wnC}%J!kpex^PPX47Y03L{11 zBFCBy_+L~{Qt(J;qAD6Hnm~TR`GlB2K09E|PXui5;4<{rx~w?ve%lNx>`ccRw9w_f zcJs&MLigUJ?)|m8S5OOzFQaB`7)^7-kFL%B33F7vYwMt<+HnNMtJsmM3)F@$3 z77gpL(7eqnX@;|0psh%snFHlf<^EbcpR8~V(1SOFyg27{ckr8>M-JT`g)N4seciz; zj!w@EHw^wxuRWuFj?~ZKW;YG>-M!zW?smPh_68vuRiYH0kHr+-%N2Ap3OZ8=GpgTw z0(2I7-G>SJyJ|W5(}|b}D`NKMg|7dwy52Bb&~g13X7lvS_%BLaNdLWl-a?^co&4~y z<(jCh>~e%Z_=1#Lj%v+JZUt|LrC;GIqqcd$C7>ukkIwvE$Tzj^WKszIPv=#C&vOJ&s<_jCxrh{*}7vR zH3gcdUI;;!aye?B1a}S{q&!QuGN!lreaP}Wq|;0mmN;s%HE2VHn6qXV3`&WLN}i=p zI?Y~lZz>^$>9hS~x4l98SK8al*?C^Ex2dAG@oo54GdjgqW2Z6#((jr^1;k8o8PW>; zFAC%a#7;`$L2soZ7&Z_)Gh_>ltFcZ7Dz;pTi&Z0ZAug+R_U>{NfCxloKaW(b%t^h< z>-U}hJIZTRM%25kG=CK0Uju54o?Ff0#1V%~4WF!%Fgfb(9BBJ68KB#tpZtdpHzwq7v=N?qGiY zqLi%rr%cDUA)Vc@V8NDc`{WeZ1$P^>bLdm#)BfJk_*TSEXnnnJC)Lo*KE#K#FGhv; zjZOmtozWNnkkL5emgmhtB4Zy{QsO*=^qC~P2T~avN&ck%^-&!#IhD%$XOVWB@>wLK zpzV)ZxEFKtJF+%+UmV>1k5q27FnDIx41eEggMeG{0c%%x$#vadXkgu4_vCG`r3C6l zurU4@17!v}YWCJSG*{GQxRVGqx8R9Q>>C`p7IQWBJcFdLm!2@d+I}eA=?&ayZ5kZ8 z_!G<}txna8H+HUp8s69}V^~pr%a3I==sK3UfVaQg*UIcaIQ}y|W$Y&McZ<+xAdt~b zEgL{zBE+?CaK10Gl9gCdiIqZ$1256|Q&LvgsWk8gSA2h3kTu?bl{8)!bQSTV+xwc=4AUO4kj#7DMd1gn90@#xHGg(<`!(Z32 zkkInzi{IIv1$|iw&ZDk#G;dP2Ca-VU`Uu61ZA-6V0K`mllv{PCa@~E@S&O<#{z<_b*}xJW1yP6!5l^gMKDUbvY%PC(%uak z9Q5oEbSBAidWK-(ySZs3H7Yb{f20g-pns?jKW|2eNmzCxxOclJ{S} ze+)-8%%x-}nvr~x4zF8x>1pvJ8RMc3FboR$1YC-6?d;(d>!A0IOsgK=4|*Lziz!1G zGfHNT@AWDqk{FlGDgvC-OYp$|YXA~7ha=Y@?QPv7pY!t`)3VWy?_D~b# zgj(*D?JDeTplaThgZ3k-Er-M|{B|}^x|mgVW7?XUb*S1a;EC>BdP@!rw9QtIN3Gt@ z=0h$X6Yfg?9MTwUTdYr61~wpK7*vQ~tp@ie_rOC^AvJ3Ly~N+)Hh#SSa-!~VBYwN- zp4>bx{@TPS#=Yr!%nj<~CB*ITgD%y}FvbhfJqh zb$6zOcpUW4?5h>Ct+i$A-y2|SXBg2f;_C43uwd^GrhN6>;6B>Jc|>{=-P_FRpEHf& z4tfjbDs%ehg6id!M=(bl(TLUre{k-IWpn8zbgl$H9nL_6BV<1CvNX_(i8{lTTcUT> z6|O{1#ao@u5Mx?1pJ?DxpJUaG;dR(El(p8o!5WLv%aGTp2V0NURRGz`9?n5!Pqb0% zZ>)sc2z5v0)=GlRKu2|$HJDS{sC7XK>aMg-OWnQLdmmmzjFQv%k6M>0(<-@CEqynZ zDOz7iqjLno@E9U?SBs5}CxFL4q9@F_W~q6S+VM;48Es1_^V?}A_S|pD*(Irz`dd5! z?dnRT%*Y58==sx*38_csbI+*6#12-AJ2E-^HGZb1!;+2;8 zViLDk_JXvsBfG9u*~`>q_wb#)K=+o>pNC1ngWx`y(r83_(E2B z`*rAA%&PUEW%SKLw}i`a+0>U{nD%sYn67WC3)>yNiLi|$+3niVkHX*Z33Ip> z(THe7X(hUXm{uySW1kMS{{VReT=un3-o1wGMC<5u<3TGrg8wAxfo{Xl&D- zKgD{!>U!SpfU>@)=jOL$4D;7SWf=`E?r=f%5N_}rOt`TZ!%pWMo!m$L z-O+4w{$)U2!uTF7AGr$Nbf?@Y@0q{-wqEc%N;~WYYvTZ8%D9bMlh!)%P{WdE>F?n~ zh(Kc$!y40BvG!RYQv6>4?}};C?m-q@7d z>g)2p*oMs8$2;DH%Jw#|qb!G6YfG3*`I$~Va*a4$hdkKXsJH&X>V}!C-;j&bORwhE z_?($5^+vLWXkNYOaWn5%b++}y=W2fhn`^sr*Ydkmo2_lbHy>=bgS<*CR+^(UL!0gn zheXz$$v45Fp2*!Lgd>WN&KIE{z>}1kmE$X!PrNqa=94+7Z+%1QG&nt#Q}X`(zdE1RRZrzw>hs1Is1Bu-KcqLncS$|n z;QXDzS?fGGzK_9qKBWqhPoAqOedC_~OGF9&366+<$wr%`&oH&c`xqBo4pKNl#VGgT z%6ixY4ad5BW2qGXh#E9Z{#;P((LPDKq5F`Z{uS<(+>_;3HZeKeOK-DSh$@9Wj;k2$ z&`N|$lP4v#ZV%QSXis&9>YBO)#i()T?q!-|ye>LVZ=t5V9C zYOM&X@egT^GsaV`#P{RzM;CXlEy{BFcMUO>(a^O662#oSeb*zqU~X{e%5)!C4qi+VoB|Z_Cm(NwF%QrYoEc+M69Ulx(C_6GVR|{{aIl?Hm^mCwRaty`3G>sv z&A+K)c#qU0`-*#%+iobpjGC3*Y0>fgJ)<>ZtUlrB9XjDJRz)`UiBX1$#d zBWG)`xLoZbVyX2czd2&0^mF;%DW2DZms2o1AMOtSj7b1Svq$9au*)Dyl#R2-mBLkn zDA6xN;-dbGC{glrC%>Nby14c!fm_Q=R_BJ6HVD1#2rQzV+=4bxs#yGGiv!A z=UT9Wvh;82;dRVxDSn2uVOh6q=6TCh<5Z*`{|309>)_OWp84&!17izZ{QY&vxDY=b zO5w(e6c5Zn9f9qf!ps3och7d_%if*7exkjvpQd_IqTlwu{ycM0zbn6&o-HNa9; zv_9aiDp)ijs0FoZc*kCeH|+0g?FsYSobis})ZX}iXqL)TkiM_dS9LRoD;M#hgPFs@ z4oqR@047`euj9*c9CYp}IbEg*Gj8YTL*-DC!@34*52k|@cX z@q61Sq1GAkloG#jV9q+D?2WKN5tXGEA+QiLat6uhqB2bybV*7VJ8}Ozbn(T(0r8ELa7m+;|GB z$x4uOWUbn-dt$Y#R=0$Ua46n?Da0Y2HV^L+%~26 z#n$sZ)74g%2I}5EVSmOfNt^|nwOop87PJJ$5E>iOILi!=R(6Uk>To%S~VR5$(W;r#Fx=VXZ!8ETtxTM*jv3-AnrMgQ#yx zeFvyXtA{0XLQo5u*dJG}2(qOVLC^-7P&4OT@(D6tc>nI)4~u6rauZtdQa;+JcGy*wQuCWM4|#^6uKJ2cOMtj|YEY|6eR!%#b!VM;Et#h^U1&8`k%C%K zs~7Lsp?IfRClsVNGB+TtBd~M~>&9V%Yuzvh<+29a+NXDc)OY&FyFer>CF@g&v-{-% zeE^KxiV;aIv4^Ep-*ip+7VR&se0ts16xA$B^xM9ssOb28wx(px7;TLLcU@dlzGHY% zTvPHUr@Xcx*_xtElYSbKt|=+cxvso+zNYAoiDVkzR~`JC5{|0t<39-ZTs@tAaO4qL zocND~dcN0=CLG`Ey1kkVP&v;W{c>&Qh(U5ZQBSaNDCLPd&Ay2nJ2%e@z2GLSbwY8T zZ>Wy8dH#Da(V>d*YX0t*G2x4^9zUG+q^P(VY22g{)Pg1s5lVprZVtfIuRRAwL?5S` z1Mhox+Z>of_W2w*x=`?zRxlkiA?Ub%+#EOx*EDlLLCpUM$r0~C6#C!R{U{t&1UFLY ze$9>5qlLKBj@9PW=sy~(s@ZvBQDUwGYj zp8wibF%AslZTN7csEgTS4Uo}%FU~*$4{WEQao8s1V=*zwV;V()s==P`%~bvlkh}m1sx;W61UTk zML-H8YK&!MgIQQtg$*8WkX1_NFm^Jfg{?VIld)6ebk=xmeMB=uZ)$EEtYYu;JJlnV z`ERS{!(1V_*oiD99lJy)vu_|p)IX+#(WpF5Z$u~J&Ha@|dxJ)*Zmp)Yt6Nw6?i$h@ zM5C%2`p(*V!%oBP*#0`zfEJ_c583Xpm7(n|8DG4#O}zTV7?L*Lnl+rECI6yA6rhnhsQ(}v zte!@iVX~3(YS0)HdT3)vAJ~S@_<1v7(SAiG%B@hKyUf-@Tk!q()5yUUWwIZ^zs;Za z@*JdQJip+3;MZON>gzUfz$A-2j4zy0cZ$GkO#_#kzm8V6yGA1&lrkjEsL+O2M>vBTapAHDxtOi_fEU)2jrq8H zN|ai#cY^YFiH9w9)vjz$SasT_&ClY<&(?H`I^m?o81rmWU1^)5PORt7-|h{T{@D$u z&Z76r

s_Y z>+4ohN^7-O?k%R>x!JM_zt)1H)K71W02mB=g?eaHR3VjKzkb>@}@OJ$&9T!T0 znC3@ONV>iv-w4Y4r=}U!6m=YV?k5^q=-wKMoK>NHE;(*%oj00k-U`LIX!E6@yiCPH zq>!iUGS>UW9bme+LJ{fE#Dv2f6s$}N1s2$$LQa15&J(fCBspr89=+q^SEjJTjq{}2 z!wuQ)@2NSbA%sa4cQCV{%u+F+$Ndq51bJ=X-zZJ2(?|QoW(u8*zO%MtXAeastoP`z zaL81{GjFI5qL|5QiY2|>>CrhPrpL2zhgq&AZEu`y#0rp1@!S_P$yac?^3UDd)1o>-s6YtIZP=mkA}TPln;D`$pm!C;a1k_+IQ{4Lt@uStCg&M*E&2z zSdK1x?You3Lw&+ASsQ-0dU)7!LlpZ|1!ExjyU`(fU$Y8enNhHzB3g^o-D<3Tckl2} z&NFRFhsRE-%>6v$oBXkxXgS=PHOMho5w~GTwua~64H6_4FLSm57fo`3oQ-oml(EOz zDfas3z+-04Fz$9?5V0uh^5YEAqOzw)V;0aONM&heOMpIggw8W;SVLxHzreaM^FQ=HT7Pkm~1A_%4rAextZ#L53b%1;JmSU|EUIcpLreMx(e+8`C zsvNax;`>F-8t}mYoxrxxG(VVHpbP^_{z}*di!c?xJ&2==n~HQ}f3pya3Puass;wN6 zbWK1B6H73O!sao40*0xRw~%Hn$n4n-tG!GmQQtn{uH)914E_jwjIjZtxi!gnf6EpD zL9S*f#Eyl8RZ3%vWNCUo&esEFKgv(Sk?jI34B*)uA}Q3YjTJ3>FI?uu1zCuh>^m6T zat*b#bSd)4sK?jj11_$a8*^dcoZFV9A+hbyf9r`|XVEY83_95}AA_?zaLV5;Hke8j zQ0rde>V#x-$o;T;etKoz$8z^hq87sgaU@YqA+A{B=f}e-K55Ufzu}WZ{XR50FxnQW zVC)}udNw&azyxcMyymkGgG{B7{EYrMc>xVQ#h~J9=hz=jBa`f(%R0pu$4G8-}I=J5baAx;F3rGIP{L}Inj;l+r;%q-fGxS_-!_{*_2cXSft za7KOYf7NxcPK%y_?n0Za5m-pztBg8@jDV=Ni8(e;^&yw-F=p%>&cRJEQFKKejwVA& z&hSR!h~mu9@j<&Bf1mc{wcUV=vVvS!24EhN%F8HwrAW8j0YsE5*vyQEsw|R&u%3PL zyrL=_$}Z>`*!_`~%^R4zTujar01+sL_r?l(y$2DkoW=xHkc0`yK9x3YuWGuE5mXc3VO~k6_-Y7 zNTi#E8DnkX8ipRk7n&NY_D>HPlw9Ew9yz-8BjnU^9{4;ZX@&9x&cs8!1P?jP2#Dyv zk2Eb=PQ|;o?Fg)PJp5ONoJnxgk34Y@5lYAQx;s_e)|~e>7c?ZzI2Hk-T&R+8feNVO zPXU3n5QJb`)BQ=0oHx~5gfcjI;;kp*fhu(PSVCO74yQu)+>v)_p?^d7O4DX5MJ*_h z?7Nb+5wRPvsxlm8SPn$# zeO)wI^I_i>LkM|FrCC|Mz^HrQJ#Hv&hHOHEi+-RM@zurF zkai;ix*oh5i>Szy7IzsFYR9sCu$;4^pf|Dv+hL*ceT5>A#l13T?L9$#U9yfqRl5P>(QA zdbDIHF}i6!MMF9)la=r21(JKjI*&yF^bWxtnV+*>Ah%X>MK4fVnI?uUbd+S_vyi^9 z04gFuOn59@qZkK^7dW_9LBZ}@7DmW|M1ePqF~}Ea%!ceISnlJ(iLZ{Bf*pE#W(G4@ zCv03f5S73bXh%=^aiO;^SnADt$N5`$QX%c~NPgJb3>&=W3M#w8^7xo6^~@4X6`3%v zdg|ytqbq9oHkQ~A1-()L(u^wL4QZE@)4& zUa;&C0O1pY0%xG=z)KUGL&plWG5L5GndRHzCA$)FLQ=oHft6V=b&w7+R^06^`PpzpYYwVV|97EJ;*$ z`|qk-S1CfeDW$yva2)zaE^k;?AHlp?QGFz{wR+RS`dsJD+6`aaykTK|{PTuI{p+1K zD{P+Q6v@QADY8AVCQ|T?+3%V`ix&?)Gqlsp<(j13?wXJ^ci*T zkTVPCn7s7pi*pActYg;orGq@8?|8;c1 zb78IV3D0x(wCOChN_tOn6l4 zEBJkj{g8i;*NW7oTPur^zttxp9FV=tbc+|=)wfGT7b?kWfb}=QmGzRnc+;k1FRjVG z>)o?7m0L6|w3aG~D!CXSLdX(~BCXP=@~wV!Cbz4g8^LByL*BwCON2JmZGL5tdLh=W z$x$7nl$isZ6<$bEsp45>Wl9Muk%3K%l)WhDQB?bQJZI?xRHi0br3>!jR;>80{EUOQ z-26>>d)%W@w(E<*>Y?ze+`6bTR<1U~YB zYO|NI8ey##1F;m>v682*LcPL-idBlqD!sS~jcfeWE-e*s0M$lz2}@g_=i|IK&`TKb z_4#>yL>#6=D#d;&)UVH1{q2(SH`{x@GS_CRriDMK5B*|2e=0w#pG(RL!88m&Bv1Y*3~L!s7Cm%TZpLeN*-I*OSE!c-fY7cDBg@jt+%(FQg#_n7)tWdl zQxvP2>_s_0b#s%@d+ z7+l(H$_;vYwbi_Qx#_$-95(vWAnP*Nc#4%sEg@TDdr&7FRhL*zWKT~9Gyjggt-18M zDz%-)FJ4&D!fW;+H7c4pFE$o@@FvZi2N(}ZnykObG6z!(Yds*WH65STYxM5P)EG+4 z9X0hu54>)SHgPMn%uI5d=^iQZSgL=^*Qao{6oo1rDIrxKn&@4HGa_cmtSY~$Ej}$o%$&F05=vMuw+y=5?{k+ljW^n~Grk#< zy=oNs6*by`Y6#U-l?`|7D3Zz#4ihinHklhT+M+(3(Cubl=Z61NbZGjxx_8kYUmlK8ZAZ$GrlGL{W(A_$%Nbz0yio}u`*!kk?>z{lT zMButUSCE%RQ5wl?wNzgmK)~MQV2XurISIllKessTFyah^&cw){CA5*{gueU^5qr#X z^KKk*wlI{;GDDwn85a9|B78IEOk=mr3ANT3+}ak3`v@H#dQU#G5fF|#<&i*itqFBZ zxh!%_rBn$VRyz2%MQEb<~O4Nu_ zAOQzoD%cusrwi>^@DnoxThqpkJE&aBPBsM3pDBUpxdxnqzD`CA zA3i%vmBR|+M&&T@xKTL_nr>7M=HYtiXke{Xqs8IMRMglrH1MeVl8|pUT?t= zyzp@rD+Cz0EZU=4S=f_4#NF*%EN@j6|L^J8#T&KW)&o3?^e?k64lWddF6n3#DSk3= zqjdsU%dj{W;^7?6&t(6KcqnI00@4Iyem)i-r2iPCH>q9F1!w?U!C~SB?Y|U*3jwn2 z-XC1<9J5~`97ds?ymab)hv9y zq#!-P8Nqugzllh8XQ58%CB`rITJcT%EuWJ%Q^ilFO=d4~90(=(*mnNm^*BKAC>|<> zgTa=rAjSc{EEglQRW$hO-Z18z5f9*|K01@Ft#Wdq^hW-T!$RRgs>+JOL}pQ?itmNC zoMG@$*l>gGy&uwc?1+lyuQHlbTTtY1h!BJxasNy#0vk&nDl(~qOV^LO@|3<{XhLP^{<*DN&~73ebm8h#OzQ`@Jm8ta%|bJ}CQCiyWs5m8m)~lwYqC^Jvo(_} zYd(L=^1NTmh!@X+Xbs*tWjB52tT;Qa$yJMT{Czm=BJz`*Nl_VHJXM!oEx!$Q3u=RM zg^&@)Eb{OKEBL|ta9)Q4C`)u+DyBkNBI|@iDOIWPUSN>5?PUkg*INf05G-Sg78AW) zHSiEbd1t#FC{d4ja=qc38S!f}k)5N}@OgFU6?SLaXrIr{AQHNy6^AAI@A}#5;FRZD z)A~FPs@h4Zo@<8d>&dq7+KRH{{oI`F(E7$UM2tM)n=gc+u$(=QI_h^@A$cj`gaqFm zd4b~lLcZPXIlk6OS4cFImR^C|-9fZXJ6sP_7wQv(a zl`j)@fT-bkw6ewF>HQ|1#pzwcfN>ZHvguD+JdoCoE7%JmzaiCPn#yHv4pt(6Q(j=4 zK#VW|M@{Fs3aKi)**(bw=+TH9RI{kGhK+P?+s)4mY3;l4i_QKI=&xg-6xkYCjPzgk*k#>xB>Cq#3A;lUKZ) zC?O1fBcl32p0BdeX;nOd!fx3}#c=NsnonX$+xCTb&A*VJLASKsiwBY#xHhvel{?;b zptvSxwZ4l9&JSiJI-6Zg$%L~(=SPh8L8~f|239eOyaWj~)mXVj~km`#Of zT0KH)P5l!>#s?VvTwJ^bV)T!+w@AVNrnVLl?H?Ui37$oS{6`x8Br*#Hq&`{-!)3lyaC`EolQSrIgC}2x7h= zZwX#P5-(F$n1ow{D4}T})J^uH9(KDSz`Am>7v+Tc7-B24_+GyxVfS(m4o?=0!J(jL z9G&y`YtZkr%`A?_AQk4#CfEGNk)e-JDyFNvdFvU({3%N-VxBs(>|$b8GU^wsgkBb) z;`5;6=C)4j@=1RXLf-+XX$=mcup0|_l+yHF!sGb(M8HN zrMS*^H@c>r2E)bLl)0gZ-KGW{$ri$LGLFsNuvks6Sy=uk)J(aApZ<@@z63hsQXzffmZ(Wzx7Oktu-LQqUAv%8E587j!1Y7zsD5&Dx76hVyE) zXAj|wunM_!!OPekG2)UXAxV!V3osVPV%c__Xr#dwG%`E!x2PCCVMi=7K@!Oz`K!wc z@+@U7wjSRL$DNN~h4Xu^T_Thu)HNclmp#Hbn0zF*!YT#a@EHdr-=NUn-=$8((T_Qu-%QkuyP0QdYT4f)T z&ahBrtEnhz$Di z3f>&P0~bG-UO18cBkVT5-@s8e zo@a^I^e-gX+^l#s1d6mQ!}|qFS)nJQ3260#Y&m9ghC~J+BeBM?)*l?;5m95Bp5+$NOiPNggKPyGUWLaz`!hN-(!!Akl;VP{RIx4wV6&dugQ+)tk+~aIlTUU5%AtFC5G}D5#TfG zY^)18pePWv(dNZ8%_;7tNW6_c?{he3rYp99*%1)}vxz#?r4t_Ftw`wRRX;J{zKi;CoX?y9P z)}qF^u%`cd?)$1v&Lq8P2C_rMY`%n zc+)0t0=&<(rAg;Z6kuNlHPB^sX zLLH1-3fDjwZ^b=&QZRyDSXJKw0WCogqhvZ7T*^|!SIb(2(+%qjHeTO1q%qo_psXV2 zVMn0>LZcs_1b^Fdidr!)G`Em((5toDjChZATk_0gEB0PvT;7c+GluCzh;F ze^svQv0VKYpOp@KT*QgOtL1htOS$=Lxvm?xsN1{&Pb;@lD3>+mX*aq zbPSPZp;?VPtZgPvswpNdjR!Hdc4Y3uCphGhW|9OuG;D;?b|JJGddbgitImLW?!shv z7Cr?{Q@N3#%7yKln~d7r0diH!zU&RoWu8c{fFw1U zlwIu1LSyLn?K)BaGx`c-d z(hc|FFmz+1+SlxC42505)HcLKucg3t4K_>GKTkOKV5?|9s zrlG|q`2xd4UsUF12a}T@xQcwAKvFI;a?BlG3JBsjyZE?V=8e(j>hH96H%xz zNyBrD`ZD=bXvqzn<6tukeces-V>LFH<)%ftl;vhJ;9~B+_8>+)B0VrSDbd?vyhkBI zB^x8sP{0Nlz8w<#@U$qp4k(xF}XYOF&oqY-?y2hr(OhmGm9>xbb& zhNG7aBhL}lC@66S=sdH46gl^DeKrSQ#GQp+LPMqfTWKfe68aiwEVLk#;iv=3YbteT zYSXUItQ&T=ep;K}1VJGIJ7w)&EG+&er+cM6Rlo>HNl?9Jy5}(NG}^HX!0?Pm*QEor zMZC%atYquVXO(vL4=Na&4=|i}8|j9HPlr;-0Q*U%Zi441vLr%8M(}cC^9b5d*?OO$uPNQJf+U)@(%K9ffNr_+g8>nz-b92X z-z04#b&_xJwAx{qQVU`3ZgyY+6-+noWvYp$Ul1cQ z?k61_g7D}nSn?m}W75HE5|55o=UK?D%#(9tI-n5@u8G9T2g-|Yb8kiK5(C65}(;MW4Z4IOCEic*^m;sAfg5%N`iUi(lw}3f| z+KYopff+W&Ve=|iwenQ9Q3(?eD;>T-Li_t{>->{~zTqFGy{^T~7f$%f?j83!-`u|o z?pwqLL0>g_=XT17Q`8wT&Ed2kS34&JYuBNpL zW+`RGfD%&Rs@iMZdWL&xf>pm9u!_@PD|Jvm2ty&nP@2;XhoUMVT?Gu~0jU&@5jQA> zi$rzsHZJ@PugSp+|C*c?J0G(%hV`oPP%{zHum@shZfk3wCS)2^4w9XJzD6huNix5zt{4$#y|7GjlWQF8BoPdY`iU|9^M@WB`ZU7r?7Xmn z1gThQfep+HZ;ZiQ?FjD+RF>hX??rd!Du^uKRP9{fqjSwHDDh6 zOW~G65l%}94#KAey&M!q0uV0ZuzVV;C0nDk6|Qv9XD=O_$Fa;mK1H(m@zT17p(~hz zvnufffkUXY2E&^hB4jGgD0vh|A-t5>EXXhGJfZU@ zM814-k-LIINI-vLyDKJ^<6?+zI4hQ?tNiAq?`Bo@pp@w47-+gdaWRb{J0AlyMA@T6lg8Q#B&qIe$Zn!_wL-1_YDM*)ajzwYh_2 zDOH>06l=PiWNnv|_!`LyJWV{Y^C^YtlCKZY`AF;=O(wqD9Zb(8MxBh!*gXuxBZ}B! zg-6wMA?^YN9Ka(Yit(! zx>ATKa-`OqYCYt;Z=RBQ2`Tx203X(K5KgG#Vw%bY%OD?Vw3PuC<;G<9RUTG$2nPQY zyIT46#aMd4VFuz)WKU80RFc`;g(VTxSQ68_6^f~a;%jg)&)ZP}83?qk8$EXh?Byfnq?lSIPeQUaBVPCk` zLJhG1&Rik#yu5U5Em9R*+l`-m_XJD#>}`R0cT=inG2CZ!yZ9C(a5n8SS((e<-Q4GZ z@DDV6J@o1ug(bId-8Hx4)894eSh=Q|>Z<+CBgx@aTIOADq5%^!orud_vyZb0fxVa? zIy-#8yaK zs3}^P2k4DE7S)7J{Tpk*ylP-^8fwH{^?f$klnutpg%#Ekz~%@86;{B$S!jq=Nu+6W zNDaph@JCX?7s{AhvS$&6Mbrze(3w~;)y4o z_wZCQPFWg!H!K?f$Jd9A)eEV#)Vb@OnqBR?z2#OSQKE{4 zN*`()v`np_p%qs^6$1O1otr>%oq;B4w;9?cl>$S3QeBvHIoXsbP4)c}wJA=<_CqB! zKd}c_6DKcIa5fX-C)3wdfQIF%m}!h3UY#M)Vn~tg1r zSNo?uyKV%}_j%{t$k4pCQll$0w(v$;mCe##TYaaw(zf@;psoYWk*XSKx=?l@nCXZNqtc?`g7kVv2Rv45SG?cOaCJBP`gL?8W z9=|RD$j``*TLRtuE@Dm2f2no30$Ii7K{fSeV^!5B)uG76$YfKGpDLBrFRqr;E6t;7 z^8z|mmq`4~j`sO?gnw;SJX;K7gj1mPHgBxhQl$^UT|Hhd&(3FhufA<#+g8VLxa_WwE*{-laU|vi!r&pw6brUQ zhn|jbv9JL7=fuu8WHt@PU03!GN?XdM!}ap)ck@df?H=OG9?c)= zy7tls2EuJ)7CLx>w9?x6E0tr2=zms)SWh+!v7&4ier7w~Qj9C9xHN62^HAeHf=gMP zoZr-91`Z}jShm-a^8-&V36*z#F>bF$Gh4f^`%sj~zE+D2SJNjnezYJHZ6 zYQni|ttNP=oG5pnJxN3>P1Rwq0EElR%40ID!t#!GOaxXN%6Fa|+8ma7G5lu9u0ZE%m5tWBy(7lJ0DOtzh$J}iTO+`5jR>FAqW=_R zu1)L;Xdsm40>RG&-O$-0j^ofgdUn_zh*& z57D{c*sN73)qaScHSGU3J!{MxD!(6U$QvDN9*M3!Qk57~mVA(Wja}>q;CnUHq#T9n zX=K=sb0cKHLdR$Pgw|Mb@+PLPEQgQ=J6@yydo@9bTxDIAo|}Uehm)mAXxg$ee~UFx zjn5-C2i2BN`|lJI;%QRIPV6j8c56rM45FUyXqG^G2#z?&G?PuBsIuxQi-)#-U3DKj zFySW-b@y{hTJV;&zzDfqoO-29C@DSnb$^S-7n%C)gXQ(nIRe|<+|J=R(L;XnaWGH@ zF;gKzqLn3yg0ifxH5X4zX+wyKXkjp8q*#474YkOFqBDx*RP$!Oo_V;IE$^U6t-`9O zKH{fJ(O(`;&#xMLWWU78w3>vEVI7Wp1Yj#vEl2#=1gb$^+Ls&iLJbRj0gIdd5=BdK z-*nJJ{oX?!{hCcHq$J7L5F+t#vZGSpTORX|wySS{!W$EQ%2AM+puuL{=&u= zqIl#BtVZb%7t+Df_6boeKp{m~^vyNEE(+=MRUED)IbWbrBEbbaYM_Uy)l=>m*pYctYXOSTWZ!euKx5o!drTY46etx10#*G9FiZoP-tJeJR_!Tin_VXYa+}$JS z7B18WQ=&+1V*Ft3jeJ|dvt@ojMh-RMuh{A=7VmT>}Elf7$3K3k=KyS+PX9LJWnvWb{3I@sz2J1(-C1Y63R!_)*wv>vPQbLC5}kh#9p z%R0v(WQQoDy2B^CB9mY9=$RP9bQXRC!Q0~RLByF&8!^rz5ZWS`W58R^NiLVT7!+un zC?n$dc(JU%1>dHx>ddSPosgCYsutVrL>hTU@5&bikr`>hd?odpQ<#W0i%ZZW0>d>| z_vz<@`L}c9kX1~;!W{p0m47)qCI8C&^hyuU=V!0tNrQN9F^&uO;_r};apuDpc4@Wu&@RVUE=o*D5njPcvk~0p1_3Zj& z>5nMVS1zf+E1b@ec*9n#YSSl*{u$!FkRxisa}PkAtSyeCSFYAN;bcs{;ueQD{+TQ| z1X9PifidCMsMDn+ZFT~Bk>YYJ{SxAQ zRvT>OfgpF6@XIk5Bdf3z11*l<32%FSP$Z0NhUBkm`)?GA-ZFxXt6=luozXgT!b$HG z%sFM)Kqy8MK_2^y(kuv`&EUbD(978qZazovlRHb}8?Df6dKIj^lkK(}6>hW?vnn@A z4}0ExX;8oMzR2SCw|ljE*ByFKo=z=#Mic6ns7+HDKUE6-+*lix4-18ec8}L%G0Rw4 zbdWb{1d8`pj#zE6m&gF$v{nBZt3@|u6}{XKk2J4LszJ^!chTI2WqL1kx7gWc3H){R=qg?juW zR(r3T^jWDGHrv3?x^ITb`$8Af$_hKJ?qN9>j_@NZYrz zmuPr#Hyap8*>?0CdBG&It#9;eD{9*yk#99JAzc+9Z8GFyInGNa>d)T34eQZx{Ob}0 zVYZX)19NoKI1)Ymd`b1Qt0c9{ z7fFkXesj6WyHw^4N9Y1nq0OL~9fEO8#YzgAv6L}K_E9C3AOh}{&Pgh4*043qxosr5Fj>E4)GdNpTPAD!=J}-G(52_tJueqHE_nc( zwMqq49sT~|>*o{4ONCFrn4Ssj;TQe<8ll!1PUnV-}p$bneXY!-1fm1g*`Gl`1{1u#rd0`RfbLPFt?2u~0WBx}!B6J>+94XNgq z2g!%)?b^!nPU|=x{WVIPDAC!kHIB!x^AR^Ac1WII@{Lcf8mhgn9ZVXksHi!>6wt7&XbPHdh`NdpCVTR3iR0d_NYmb6%@` zc-4#9+pE3hTMti;H{2{OdBjY}Qb);bk$YSbo~gJSM6l?*=Da8u-`jOmZfsTGLHM5^ zI3e#1r;s%FiuUGCP@SDe|nAUbc!}FNs*8McHE0O;hdrV z*?ep0H6A>Uxp8B<7{=%_Emjz%WJ}N}Q$V5vC43_OLPnRi#(0qjOQVT~$oeV*X9|JY zLjo9pvpC@#(00@`NDj$9R8(>Ck)UPpWkkC#%|RtHBFU>HwyODwQSVDB>^Cx)xuCwb zo@;Uyr9{a!vIU9yO&tfr*J9{y_)QwP^)0_J0oEucIpjOWG$z9%=^br^op;{uA2<=E zF(gDjBPVbogt1-B{uZ?p%h;ZBw91VpP0M0-ZpybaTrkZWOUv_8qD2_?a)~C3;!d$) zzR^3IX`(~KFaSYDSzzhH0SFjdqab@VBC8OJ)Rx6g2xp%7qe;8frJ#(dE>Y=83wz9= zf0OPt$@f~$C_Nw)yM|v69txWT|Nit6%^qHi>0s9@7`KSG1g{2CC3V^vl_9H_${pDJ zhF+6VT>+Xp`B492&k0854Soo2EMRaL)u$i6z2y zZ44=WH)z|n7+qo!vYWN-%(jWVR@28nAXyuy;(h<1f?;c;4XA9i)bK{S@nvi-?HnT@DNA5;Fh`E} zY>Nxy`>dMvYnRWyXTRo(`<`v_%*`=uTh-nK??TkS+Y1du-tP+ySl;giV57AgSsT05 z{$8y6*7{icZ6EVaNTs2V+};RE;8@h(0b0S2O$oeU&yUpIv*X7&2aY9Tf^@FtKGyNA zbOsXCIM9vqzGqXB%3uI$s!fxXMZU*tAcrXtRi#VD?c<}b?5oE!7>5Dzb^#Khb|(^n z){Js~ysdN-yf_?~SIosqh4DSR2;~e}9uB_!1o{2)XnOn_!Y=oK2{{H(e)vNpN<_)t zIZe@caPCLgtASE5j-lyjQHtJqsYtV1G$`HxVve3%UAVum3%BwTyP97a=T%M-!TOeJ zJ1otgA)Uj|?dGr<@_>6n_{(FpdY9vm(F-|_`%0p4==BNNY-T4RgJUH{Ewx;TgOicj zU-U|x7{uC6&&>vl(f9I_RgD)P5XLGdzxVco<(q}>Bv+(?6!rR>;z@e#OSTsv+GmZv zbfg9`V*M=T3{TGnCHOOj(p->YU5afR6zklLY`a>ekMI1-MSj~s!T2)J9yS&SDDg;T zr`@I=8v-L=sz<3~okJ-%a>NqD7YfFA&1@?xt zgxah<1vE>&SYGWPDa5e3DMng5#9>89s&CVW2qyE?n};asI!?Gj^WrDbp*4TD%x}e` zjpP|-@zd38{i^1t_lxeHPH&)WGPyB`!%MCc@@}LZf#Lm~Aw-^pPJ%~k3<_-xPWZ>K zBR;LySyt$cNXU~Sn2T77hKfvq?p=dAcm_hbHo=VNq&Ydsm$bPy3e~wZi!1_1oUc0{H4nOerW{ z18Q==;>wo9XCgm{9O*$W(Jtxo?UnTwt?W``fN1vb)9Q5+@&j_p0>557bu|B;=$;yn zy;*oMY_#}#dVzL2{QLuN*Fs{g1$r~<^C4-?WCCGIcB>auGo_gxs<$?k6XO5LA>MRV z?TF^<=GYRr41CGM+IZmO!?gzY&|hHgMwJFdBG;L}qb+C04DG31cc#LFY-oJv-|CbU zT_^M7czcls=Vk6s9<+E6Bv(L6UGMV;hYyy=7JO`=2n}nY`;!N)vXvvi#$YF_DBpE2 z8+0CgvlE?mLd|}OK5Ut;3OQGseu>&7YDuwa-Si4<_-i}m^!mhqa+W@yeT%8}1#6-; z5B9_ya(X3UFj#kja|vncWJ8cO&QccPbKX4bi_h}5Df^)kw>_5f=25kH;FWD|Fk@^s zm(dD)1CLAVH-&pW0LWMXr-Z`zZ3VPNF!hTKaWXd__@=$8g&M!IuLRX;fBP2%&vuoI z2bMK$5W}8HJeVBJL`2YZaaQBH>D))jMoY^Uft8w`H`>b1HyyQd=8${e(#$1weI~wX z0Mc`RhK9#RBi&yP-9x+}=-EpK%XiI4z(w2e9`jO5B$3+kw%MsM!qs@=B32`AszozX zy@yaWQtJ09vV(eYvY4Kt_sRFdbA%tT(s>-t}D>kOa#%c5WAdh!&Lx)xbkajFgnKfTvl$o_iqNSh?CW&wY9PML>0VQk^?c z=o9`+Wp%7ZSDHtA!#pF5<0y#&*Ll#PceU!+esXbIp5sq@My7iEQ&qTMS3;eNRb<|xdm3Ynb`36R})OS7~e>{W$Ypf{8g?56ho1eg@7xE z5+|R`GUoLj$RG#!M4Ns5TVl2M^P-S+A*eZ*6qRe4F6gZ(#ot3A?iOBgiO(&@6#tq7 zC)gD`t1mp2;O=^NaST6N&W=xcdYi!L2e5F&mZ# z;VbMHD6szZ6FR-3bD^}($^>B`b6X^oD95S&P|5xE8rmCpT^>|(_-gqE051)-%7bcr z9D4{(aiH}ItXGU47wAZZuDC4NZXYhTOphik@mqVTJg6pE)RMPC?+(kF zcAm(hY2*b>i;~l#X;jLZb|ndejVV4^3!9d(;|Yvt79~xaCig}2-KMl@o5?VmhFR3K z%9IQ3@Jd_p2|Q##zo^BX*y5LtTdvP|vvuCK1} zrb}MGdGua#$x4g5SXQJ~e()!)&aO5~)i%$H(qFHj|IHkyZ=D=TmiF7m1hbJbr7@WX zQvDM35X*#8`SEH=1d+ZqEK|D)PDIKqzg*Qrz#5NM_!$=Ge@N2zUlAWwSb~}drW7d+ zCV@5au3E1M9oWa7pR>w+Q-|OfT5!!c(3$e4TY7H#s;`pT9zT_DEEPR|1-{Y6Z_F1C z7QFmOPn6$xwq#;Cj1MsnHlr^h{RCYn=kaf+Z;Mk1oP(}P@ly7ubfWkNMDSSgzF+Ge ziSg2{FFlsB(p~Je8$SPH@eQbV#FZdY>bdq2MtpayZ?VbPu)J>D7u1N{;qPvgdUJzw z0PIUNDsUVPTjC4pu+<``f8OLm%10rZ{}Ot&h8e5s6{yAG>-nX4z%$U4tJu*L(O;;T z?2TI+sE1TZ>&y8&%Xd#Cy~9uz%ZOU^OG{hA7IzoxHz`u9VJ%WCRL}0x70UbeS@ovf zLKL@gmj~5E{2hR_VrOGE3OQT`WpTjhD!6<%WshQ2wjP^?p=Im0%R=Moq=XBOm|o3U zFk4$^!#d5t#OVxo4MpWd&U~(bh@TE6m3p=?M+a*b1!{rv?b~USSgbxawaEPz^rvNw z7qUpLcCSxxXpKZs<-u#NmO9skRrYL-cy93?JRmsMGInJq_#E0U&Ovx-bFzeYymyz)8aR0udD3Tt z?8m1#+K1DR$Hj;f?qcg8NijxHH{Sl-j~LN8&nXmaXTGNjGj69)f1_2=Qm2%d4$i>AyYZG?GU$Mku7o27 zB_)175!_(^!eI#cwtu#HJydS%)L(3;j; z(@=a^*0xJSjXv$9!QXGo)n1#vd@S&xY{HF-eYEcI#AYy6eCcB>**Fn;ky{MaX_oXN zg*1xM3cWGJdK(O;qRzueT(&i49b!_-0RWL@9Cd z3J%4c*7_gYXfhBo(}>v9K0U6nXu6^0S6_*RJ0>EECm zcS9?@7kV>01Rq^5JaC>>L?&kCl_`PF)TR)a(7d>-A0BzI|4G z6}wVdkmgiTjP130*T9YDceOlQK{DGHw^Zq^^eXxL>8s`Phy(dV{Q>8;QhqPq?5 zE>1YTwyjR@DSlg&1P>nEf{g+XiquNltK~JR5l^R*^w=+#)78u|zupCCq$tl@z2;+Z zE0+_ms7-m^b91zErfz<7rs>3-0EWi_sOon=8}~*~Vz6c*sJoaE)UELE{uz_pa!9a6 z%)&X+*zSXp%NgiDkHJ!nB&A96sjf4_H(y1emgzCcAx7@g3+uS zFvISkOjU|lS-o@t#z+5h}+TQJ{wF4NQqw)61#w7)`Hm+#s zsImPkcgkn%#bk%<+h~$&GRt`~5LU(B3323jn4!t)SHAE8`PB;V5KZ735Qq&Q37S3` z=tR_fUKSG;Ud{<3V%PFcSj~0CQa-A!1RbdraMl62^-J*xK7g#V5_S>0+J^J=n(QNr zIdE2iT>uLDj^Mfs9XoIMuxW6tPWc?=tJ&?JpLk<>!UL>}JHmlpe%Se8Kl&60!;$)Y z_D1~kiY`sr%JmCxbk~NsxO~m2bh2@SQs)F>X5P{@)9N9U7YyDBhHFdhwjSm2VY|h7 z*gm)im5<2_>zPoKifcI-M&#(xQ!JF?VGQu;@>g8)tkhNZCvv~fpL&`5to0tH@k@oJ zs}={ux8xvhyCqSvM~a79u7-&e78}}+PCfv2cFm2LIAw|9gf zx`grf7~|GHQQK~ zljaFm7aMKN_dx81yp9`ZJPnv-5>M*M$!OENi`-y}Udk*K0}k6duZyULn%MI&YiUI*|X_jyGEz@a#QW9lsCk8yeEmyChc`HGc4ZH|mZp z0~@AXBzo7bH|3j}>pdXJEwAIr*EPS18G z+a6($mJ#GTU*rWviTs7qNE2eZGBd+my%r(@#_RX{TLzu_v|(wjPQvg@5P5&v=t z@PmLt1Gm)zty`<#`!FA0#)o-N&U&ZV-Qcjyv{_4HXMaBq;D`9|He7OnjqUdKMq)R& z2*5f?(OaJNreMnoE3l_&wOPtC*sId0HMO2lQT6?_`& zA9P3GjtV2+?k&n>?FSX1OL&Bx3KkX>i1;I?Z#k#qXsBWbUHO_9sV|^z@~@UKe}C?Y zRqA_c!R%#3Q{laCZ%Q=76`wgFaW(X$D|tJW9cG4rkNB))my&z*cOSo+ctnl;;td8n zE36MVmqQuk(Eb$3sk5$UO4@wL$AuUj`W=%MJFcj`UO)Wj?tlcM{5b^8&Sy&Gsmzxr zMBE(^Dn{zpH~5?J0slc=`JuuKWg4w7bv4^)lWH`lwRdBkm1)w!-OGD-FE8lmkc6O| z@S#FC0SQ1h=acc30pDS&DK^4qu1R|5ENWY; zrTpagJN;Vy{!XL)1SP}?VQKk6cgy>H&LBF%_`xBTfz4hvT zDb)Zh9?=>iTkjda3n!XwxB0TCmdBazU;ch;RW)viw0?08WP)ArgD%l6U)i=Y_keA) zH1{~n`%#=iRF))%oxz)qzoW%{F8|KQc0xrQq=q3>B{nRQA=D?;SrTgPukyo)tZnQ} zDrNnZhhiPn8xPmVQ$<}``!tT1=uP#zQOI;7Jkf`!i9xVON?p}CSbQjc zJ%TX4La}^|R>`bGB@8gS&M2UaOS`2Qx>1ho}Uw)`+#%ckFU+K#i`I`2&(VshbMt98Ve z|9cL0OJD66zaK0^!s-$I@yw^+bL0bj_%7dTXVI~#?f_S&TNZ7eA?~V+moFZD8eXu^rr*v< z{uuTMb1#)6phjS9>CCM~2M3b}fX;>g%4OPpcxb{Bg5l(Y8`qP{GnnqV~+Id{Gw*D+4S|v1GuV9?f?P9~ZzrMsc zas=LJdCE02(mUD^*VN#SyK<}&e)ihoq<~$@X8C+Q)vAiww!OiPHlF-nA6n>u(p>Pi z6s{%Mc%evoot#8%>TpEaK(I#>RT&PvcU5Njw0koK%`oF#VI;>fGDIU;cT7ggO8KGi z&BGh)XJFBB<+W{*g^cZ&8#FN!k~tXKulvi($gu=hC`KU1V%Y-0AhUvMXP6q^4NyX7 z#}sW^i^0~;CH~0~3+~^XB(G)~r@+PVP3J4;D?NjAMAlkFq8>x(mdNj`fu9#gFm}Ba zNM~PH28qMj?6szj^Xt+EtO@&7it0(Bud|g2iRKEXrulK8pkyHSL1EG&Z}UM!vn@}+ zj^Rf?hKHO9>}rt&>g@&wVxRQYEOY1@a+WSFQWtQb$>wGO`+GU%+Q+;DBZ#2_2W=(@ zkA{M=?``Y`0ACMza$DId7Dxpe14PEAJ=H~eVd_TtWv|+hXYh_b(*6K}i|cF{;x$OU zyYQ9blr18*HVkyYz5wa92zeZB_5h=;L1E$arTnUfqrDZ-<~}-9^?i6;uz#+R=U@2(#SLrC>(zOj(W3XPJaG`Rra_%pF zhB)ts56K68+D~zMpIUQ4tkGEYs;7EAmn_@sT~ z#ga>b*{cvdySqMrCeWJ!W3_ewM^DhHmtX?9P~$}ClrCO)B>c%n0`l(R{mDd0Vz>r? zV^l?&n1Gz$d$F`6HQ=pc5a?Rx86ho^6|^~7i4d`!rCwY+z%j^fbspbyg!UdguOSET z96y%O1=zhgLIy?k+lc%i{EZGb5Wp8%0p$j2A#h-2(cBuA_l_hhDbzJcSu`_cul;Ul zt>$2dUf&R`>pgJ3*P0nip`lLEz!r%c&r{X~=)@HM`v`xH#(C=MKxhJZj ze(jynT6?z_>S1@$`dcIA(VmN>2n``bf}N=os_>1BcBD#gMFyGn(A3aIimmmMxFBOq zEo!P#<&pAe4<)#sMOtiMEN!n|p|@11wyF?_W9xdLZ7s8QtD5V^2HHHU9-j@gpkxsf z(_DczQmoccq4~x2g;vwxlS|6G9)fafgQkZ(&wX#K`=_-&aZ7_j=GEW9{1Wno9mm$X zK3UyrCf*aYw9qGSF(^|zDJ$;3x?a4FUfO5XgU@j|agv+ok@)z)^pP5SXR+qGulDmI zlYtC}keozn;v3%G5GNfZ12@N4hItIN-@+nek?&uk)@U% zDm=F{m%f*!u|0j`Qcy5juX&l=SDq&8P*GS3{Wp&Q29GO~#i+21#TL-syet-S?!FL~ z&g^?*jbh&6ygvf`)H-*SjKM^zb?iDKCI zPsJ`y)|U6qvRK*aWn5{XI!_DIl($)f|rw& z3Y=r}@mNk8Ajs9^f~{UEy?UY~ou77Fp3Q}ICf$|^9SG%lBSl=LZ7qz(`cdxfS`cbH z><~_};O~gxTr*{p$>g8v`$!B@mFXiVy7m5>IoF3O$A&!}OvBGqnHkm|8>UYn0_25X zrZxbxT&3VbfH*q?&+fXqU|EM+L6hm!m3(jY)pGS(;1q`H*^+A^;Q57< zD&-EaSDZhC3UnB7iN1Rv9&x_WTy%?|vp3tLfUr?W1qP1gVzj?^)pcjMU#OZC}O>7l>y_L~xQ4&NB^+-t-}$W3p}@ zuwOQB$I%`#HBNE^`WU1VMZGo&V=J7$nO7ABR!c;)tK7SXXDwjPRVVX+_UPs}U5Q~M zwA3ZFRX9Y|UFrVnc7Y(_Wb~#q7$ChKMttdgrV8hli=Yj}1QC1E2SYPg9NgPy)whum z`CH}bzi$(cYy&odS45l#=VAU-{8ssMAYni5bIqQ!8?3`rKEW1$u6}~~h`0s4Wg&t# zYWb0#qkh#J+GkC;yI%D)41J=;0@|w}xUO-5Sg6ZKFqu}ox5Opi2H-cwu|0z+;QTrgHz|#e4K#$)U2W0=F{1Y@w8f6Q5*y)HZnMm`7_Rd2ydVus zonSm+fmcB3HC@^P>%|!c5@?$-F-6+JuqO=(P+DIBX1IFIL$U>5fO1B%Ra1xvW}?XE zz^)4h5N+l1{U}uWE`~EN2Z&TjbYgS%Ys60cY#=5Y`5vBY$s4eI!A`4t0}?M8&uee8 z6#J*}2dRUEhLjV>4>@TAB~Suq=^84da=^scM*|bk3H;k};E7XFV`NXj6?9T!p6%JQ zQy60UQ`~w}!yn={W0bVdL+*JMlOrhZadnUT*3IoDgy4|@Y!myC1dQs3^Y_Zi;bj}ZFW5S*Rh--lLc$0@SPkRc)1oTM{o!G z7={G$X{cdO_A3CS!^s?&7${Kpi@5cpZ3K|D(~R7#I@lWpcOfyDo@QE9(y?RUEXh*< z;b9a>i|=$7>$9?cF;r`_eQ$i$UE*fk;jyAaN=R0c`gZ4F{gqU&VwZrX@N5>hGWnC{ z2j!wJ0dtIeO6r3_6hQYa2&y31#+-y+*D@aWKk8?9H?7HOyKAvX*;+)^yE1a^dj&$} z5n9b_rOaFB5z@^v{dN0|T{Pl1zvD9vIvV{U`&=Zt?SaNe>2jO2>j50Lj`4<3?c6`R zBkr;CeJU`Z?#98dTVr>doI=;ROj(KKMK5M3;QQY)DXf`U3W5Dro*J_MYJmYK2B&Wx zw1Q#p<=k6A1)TEM704NoD)9OUZcOuN#*-=Vwd-``!eao4NF*Iy%0mYX>(1bUlxy1_ zNXHEV*^S5Q(#T#C0V9R&R{~@(TU_<+o1ic}FzdD}V|!V{(?PFoa5&PG*)E z664`~@(sJ@gRZD;ir^llWL|Y7f=A1&Jpcu~xRj#7HUv{4P2z4AsbOf9UDXle>Ncr zZ<6^yKdIrS=V$T?dvzfy;+XJ&xf$2tOYWbRW}3que-MGA+<+P2UxKN6BggH;tGHy z#Rb|Yp=pSJuV*)zsDyEttqXjSSV}CE9mMN^8GIf)2p);ZpzS;gj$qp>@!8v6`O6$( z#sF#!yD7Uw+D}foIl}4m+?j*eI!w_G(oKWV1aS;?M~L$t3Xag|vecPRSbT8bW7#mO&!(N$0bdW zCY8^NQrU#`x;CN@0`HKHYcs(CsNK0MRgxh1{Lg3K!WzYVP`YC-Rut;;jd3p1BepNh zjk~+D)3H0BWa{!@8cdHSc68mn#m}&CpFAX??k+ndP}gsy*|GYGg2jy^|j1hVl>R3Kv>k30QR7dE;(=s4(uL8vhb-V zQUr+kyOdf><7I2#58>@xR`~|b{ZZ+nMs2dD0h`m5_63i-Q!d*unGB@$Y|ZgwZc1=) z($*?@mUV|^8`l~;FT`J=NR8EkP`zS+7m%jPpV%>if1NX5a2(EY+3D!IUQQ!JVu1Vb zZSJS=0%FpIKX`j_9+WZon`qOV5=V1#v@AN4A+QT~XPuJfiabEwI!?^v*M2vw@D5&O zff&>gd@b@kch`*Td3SwI@g4quw zgiVpU76-prp5@VRk#{%%%#}t&ZH^%iPNpH5+RCqBm~59pIVbBqvuq@4nk)~Ud+;R8 z0)lqT>TksWR@J}LKt!YzyOO%DVY{@DL8wa}3;?r&K0RlLnDEf8E@26rhhKNI%kFh| zBS{VHy}GeQ@~Mc4Pg#Ed)Jfx>;1e95A%wQ2^I*AsDv_t5`nBCAO4QpCb~ zey@#NxLe+BFnjyKOsvq>Lz@7(t#u@^xTW$mwrHD9Dj1;3h+lTE(E3TDWCiVLf#}TM z#xEm1+VRj05S=E{5$3{EQAjXi7iS*!n(sGZQ;0ZZ|q%i~yvAd8A z3~~<|yKvM5j>8A|4Jhg{e|J#Hg-1#$Z6|CZM_v}~-FUJ)L%>sxIA}bKhJB2Cf$lWF z;WE&p#quYCgC}7WrtUWrtpuT9$FbQqPgkMeI+kA`%C0ptL9+#jG&ubX90~1(9Rv9r zbjhC_ZOzYhb#8@}m`HPJ>JuXlLZKl_ zbytgL3kZ?Mmet_rdgcjgA^Z?>NeFgIroU!)ydq z{XXqHuZ{Q|UFBk5$^G4mf1H8jX?YFjA{NglV1mUpE1J}b8kqm%t4HTr`YXtt=&4gE z{Zd^mx2IiCqH<9Zs63sn>`o&Vaei#}4Y7)+2rCl_$7|_rua?O9@tcvKxVuJv-7Zf8Yls~?^i3dr49ZF-XQ6cEqy?N~h_ls~#R;T>m zwlmlS-C*(HopTbmQ9mMNw$jbJAAxShGqaJ|7x=)w0-+G7*;8EEyh80@!mHGvVrsPb z(wJqnu~@FP{0b}7-!8bl&Dky+>u!}d>>2Zee0K`f1xISql+Kq%tM5E|w=X8Vdu|DQ zRQ!IVy-lQJ$r+%fDH=Q=Hu5^Kzs*G>KdBYNJe64 zU=T{Y9X_;4Et4OByO79bmUUCnbcfD$mEmC_O5?wC0NB~xnaO!un{b}NF|PQEX?Mh3 z%HNYML2X}|Vw|TfMLmnkhadJOI!QWtd(5}68+)@?gcHc8Ck7h7A zmSAh?)5Ni}Ozb(Bc}UW` z8r(3z`L)uSB$M!vC~rQJGmDxNN3n!;FsQ5~j8;r{7ku}-z{e(|Z;NFN+Z5|wPY~{h zF<;@7nhNxB6qYpgKz6P!N^!hdzm-}X=#W~>TJZ`>*Mmc7PA`* zXnv`s&?xE2tXvwXtsG?!b)f15mA(M`NE92Z7pMo@QOd(n2jeWn-bkMACOdTdzI%+> zPLJ3LfHXZZ{k+f2ToA?%hw9P%S%C-Xj+I|oexY0)R*6v>fd3(NwA z7{w$?+y=Felykg0z!qiiBr-ApOHdu?n8gY;iW+etsXW70diNRV0B! zp&v>UcG(jqXo<3~kAQ&5mWS+5yP%W!4(yyZCYIK1YC6Ed4O`CmZAv*&;))qEjykU! zu9`X<#Et<%lgNR(tfBeHeZm-p^7ROq4u?CWH%0L*03CW zHoMkFxwIzQf#98Mwo=(;fM!g?%Bo4 z`2^j=G8VAtTA;OXHo0U`OUePG_qNRNhNy4t%fvAS32)pdz!%P6baQt;?D_)21G%8*!F&p}6!ifHNZkFhxMN8@F=vn_Oklg!*kWicZcRGSro37MRN)4c z$=bcRKtDITY47J6*zud?y{)7JhjUU3>h@LPH`;btriLc_!p7`O0<(7Vm>C%No0b~I z65Bz(ktCoQ-TS{>acTQId1MYh+)nYkzx_Ty@h|7TAAWxX`^~=7v4;1dBw{3tGe1N^ zb-`BH>oP|`kMK=*3x-m%K=m9|Cx$I29mtlZ3&(FGi9P&i zC8tDDqp)$zMZaPxoX2SKR5M|-2M;1F2VXqoj>+n~1_9?7<9x}F;FY+%dPc4lWP6Qh z$8h-WPGE5e)g*(mNsw@VB~5(L6>h^?QwJD_q4ntYuTQ=q#NareNjNYV5;y zGq0~t(ky$@a@$cKtvRE}$1)1KSSw%_zwC}O|A=1OX}ieL0#tosA#TE4uUm|;0x53> zAN2ltb!Vb&*WVaBgVW=?y&GOA_T`ucyk{5_Vb2*WW&(EsFw`hd4FN4S{+y-lzC)vh z8d7X4GB`R0vNt_x7RPd6>*O*X%0ORsM2sfLmG@t`PjN&m@+@CDEFpv8bDXSF4kZ3o zrq&o3_y&;NtkWTD3??5(mn;>$%5fPcmW_kyg)!VEGNWIGmx;dC zaf^HlRugVc#V|B4!lIpD-_fISB;o}UnPTMqZ7MuY z+^}sqwt-983&`edRfm=5!YvdjR)42*tzRzRfJ$g>uWn2=ocLn&*p6c7jT$zovy+Pj zF-O+{2{Yi2oK!Ye$O!@!t}oUq2O|)*U;6!fG^oZ7{QY}N)ce6YtnAouslEsF-iJGL zOexSGvS(!hhQsj{(peUgma-YkHG!gGCqq_l0Qa%3T)Pwq?1EFvF5iY`-?uwgKjtPJ zjM1SVXj#~+AtSnD*yWo*aQY**^5^#%vLmWCXpe*Tfd>|o`^sVvgASSW3MUqmFCrP8_~k9cl%qj$-zt9Y z%}(*A^&I9PgJNf}Rhe}+bOSouz1USW?eF2+O2mb(@eNc6dACbb5SU@6&$#)$t7mS& zwK;S{V%F9Q%2Z&lLt14rRYX^En~JF#doa>OjHQRxJb-ZzFH>kc_;2Sk0sJ~|i<%~S zZnmSeARiqd` z_zF{ATbgD&hfI7VV?k-5*i40nucUjV*k={r;B_X#eQ_Fy`68W^ulHQTaJ3H`Ooz|B zUl(kKqXPZ06+w|;z==NXoGp3eNsI1)9Z(psYi*7#6{KP|s!kuS4um-=>^+vO$j@Aw@6gDhF_bFn6Vq>@qL&p?cr{@tSPzo zr`4+eAHW_8-Juk+2~@cD5IUE=nTX*bXMSN(jn=TnCpoaft9>=~>^!AKsaYot$Pd)- zXU(DZ1Ku6l>eKmxi?<3xv{8i;EGiM*Ed@aKTltMA-*fz`pQ9>&qmJEsGCXZj45_R})@T1l$m6o#9%wj{^ z%6mxSpwQ8wX*!TiYx8C?{Sew-1=Y{>ZhDRm%Kq7SKWp|+HQVOR^fs+;s04>5C2^8g zrC%`|o~sFf@9`3K%CO!`?e&`FAEEu=J_ePTdsPT?mfhV2(i)_QKWT2A6U`$VS+z zHf~F#R~<0&{)bw!CW|y~)?78g${3Un-krO>(SJkd2>+ic-OrI)HP+mHlV`HP4EW-!zD5EN;1|7L7fH>x2R`HM!^*k5)=F z^Y?h6VZg$n0$8K@PDy5M;*vR{;i<1v#BX0>>MQ_&iQc|rz_FpTP#7V1@4 zMV{=l2{DTgBkkpI&1|dwF>x%M%h$8jlld$tL7;X<2}% zjTpU`MX*pMlE@Hs+H-0b>t|XQUvi;t*cKXXCA&i=2KG5;e~ab27R^+UzW<8YKv~G1 zp>P3_uCYX>Gk^aPe3Vnijb{4{8?_irS^h;A9^;WZoE<9c?$+NDCT3zUG@GRvp zIEjLX%Cd3Mo$ zRjxzyKz>esa+M#6H~6s0(8s5*Zjzzn#O|Lxdo%7rD2LCp8Tn*6p-P_^Lgb7j!CqSg z&X|4X1BS$FZ=CCuEVGS}FUL3vWDeLKjHgd{;@s@AaMZWkG@<;LG$B4$p5YkXo+F2T#qp5T7T(G6GKFJMsXYwoObdtJW{+K5soY7k)1 zFL8sH1*^s%P-bHg!-BHLDX$otRq)cumhfGiWbiGP61PxYkOnWNcDl_OU_e3|%U9Ws zELVWdKNVNx1W5|+-| zWjIDi@v54F2}ScF&@V)${S_1iO<`>+ zqp>I+IIvh^(1fb*FA7EM)49#Jz%_UnKjQMT1{aYwcncQ?=-$%c(v^8TSR_D!1RREG zzom$ljBSKwys4JHX|lqjCPk!J89|JtiMglwv@76->3*-1=@fiO4WAf{i0KXU_? zI0J@@_0>l0Yhx{_txTpx5NpSzOxz$BRcYimKm;fKaxqOoo=jyPBv(hezxY}KPO>r+ zp(1dGDEIstTcXpzF!F0b-ODmD_^CEW9|pxC0BqT^T6-gyW7g7378!LzgWPn|>|=@l zuJ5*^z~xv@*gV#Qq2Zj8g+kTkyQuwaStlpVeMUao%0uNjkke*^5I*4g;4%`5s=;ROrcVS87t_o2 zt0n%O#!+X7yyC6_UaSzCz2#ds|54=G40K!?f66K|wrk7(B0YtaRl3(|jeOpOx5;J& z?Je%nW-v7^1OkP{h(AAYB3V9PNQm#-d^Fr@r&Xkx;40gb2VP0;7t?E;JCYfAiFa=T zt@!0*h*6(xhBaG`gvqQcF#@x?p9(`uyJU5plc2zIh1$0YcV;~HgQd|OLpW_fL3A8+gCiZ8pMX1Y*J$zx6pU?SvaR$1<{odPChtT3x=}w% zv)lu)w89(V5)4zoJr{?)L1#wa@Q4I>%%on;`8)Q7mYlz%UKn-f?f!uYLu_B2eJ7Io zwOti-#j==Tn~l+^y~R+I+r~KKGZYJ!c>u}Xv6#ilHJL0XTysEv_N&>39J1*&6Dolc z!$O)z!!oIIPx_^y9=|`m^b5PCI?%eNzj!%OaGUl^xeRX}X4=HK z*@=+f%p?Vsk`!Cy>1557Q$*|_rYd^D{0sR>j7EVn?RCxM3L2oWgV>q$8{;6j1-Onq z&<4WbTR8tpHP|1xr;IYiUG4_*9b#1~Pr?Etj&aT>)N>b$^o7f-pZFW3eNf*Lj6BJ1 zX(E+rnTSoQKLZ23{JsUE0tf@G0nZnx&eJ#yJY}_yIox%gLcc|wVEI@A&nd5~C-yyH zyiPP0Nhs--EiCpPz=`jwtzSUE8+5kF_cJ6~VIcInWEs)H!W6BP7y;4c`hp3!oreFQ95HTt%WhUnrLIH6eKb3_S(1=NjDge~q^5``=T%&9Zmn28m;lIfJ{b=v zT9Kwbg4nbSD{GJs-cM94NwsQM75Q@}ne~jY@tUVSdg@tBeR~)E9kc}GMwNnEOoRn1 zk0nWZI?JwV3CXyxu9TC}zZs+Dtg;NR$W0l+*5JrQG4|d5K~to=mG&UDXDda^^|@$a ztvtZ&@9qg(9UhV)A)2d(#>?Hsn*8tXS`BSLkaf#E?lckDrtFZZWQ1QZK}WV?i;go3 zhqK9U=`fD@xM)!`1W;!Km&W4EteAhBhNb6jxStm@78#BPpb4wYeB*Cj5?kK{O&Lli za6EMb;Z-(VJ2jJtKwHcSFrV|B5kn1M}^Xb$i$A(tE{VL0{5YO6@jA z^VdIvmaVhcLZ^v~`}^suKEx8*y6Az{M zj;x-74hA&K!jO&-RaNVpwFCrZ#Okb7ykTnG1k7ztC6N^$8uHJ&YKK!hqF+*(Dmx3yEF2=57^ z7xlIGeB+j8sZo-lsz2lZ5O2l&zw<{2E9toVPJ4g-OdA*|OZIal^yLLS2KMYQ``$9I zb|J?{@~{{mc8bP2Z9uieHUqb@CyGJkO3ILsmt?5&BYg}3$8h8O3~1z*_8gOJj?(N` z%T;*cxNrLJ1*P^F*mn1Jj^p?GP^Gj*v&4CX38}(fq~67HS^tVwn3LG~ASG0_%qDSl zG4>r#XYl<7Cf=ieAMo!tQR|O?-iK_BVNJ{eFTtIc6T&==1Fz8eev^!C*<0pq*Wc#! z(FODj1>NUnww!&TLqpu#Y$cTZr#nNJA!Y8jt2o7zko(}8n|0*p5l$QBZMUt6CPovH z%;4p4bF;U+sASWq@4{f$hrx+aeHAx{)*Ljg;Y_256&t+6CNrIlpKzS8+05cd7=zhp zM+mq?c8@2HoRmG>a`pssaBFW;v<^0DvTYEIG0@Y;86r@4hESjW53;l@@ z%t%R8@p6C)JIQ`yYjID{Dm(N_N`0U_Oq=Hjs0`KMa46ViuS#$P^NIP!WEyToE>pa` z;)V(|mL_0?ctjG^lEKL(A=#olcZLBi4Emn6!@WV;a*JS2;}y`bq#o!f8{@! zU710DmWc~YvavY;rAp3mNF`~hbSN5pz^ZbP0xC2Q#qMB|FjuJgOY-OkGxx1wG$mSC z@_=|6e1fjtaPLq9+yHkfwVQ?6HNxY^V;QY_aet515IYMF!FHa;)l$9p%sP~Ypz+R!0jr_X4neBlOQPOJz+yt@md^zI@b5v4CZR>wpMC?^{&cf>$%K%L zg|a}Fm*9+C(Vct3POezEN%Y`+D#!}f1H+LZmay)4pyb_nvMD*JT&B-fuJn(OaPrzs zL@~?uTcfEe;v0XQlg8Sx%VxEk z4*Cn=?{||>TsXh!P)$R@BoFr9Vp({ccPY1vKiNw;zosH zD$n+n4Y-uA)|>-5p#3+*XBxr0+z8)+-o`VO04r{o7}-7f!@eB;}|N2Q*2_S zq0uevdVmP>H`d(sHQB2ixHdLHd|AK|u9UXDPnZ!Y=RVd;zNW1NzcCGjs2Q%>g&2&g z`O*Lk2rMnemyOuGQSj3tY=E;lo=H7#?n1tMnp4YJdE2GN1f-YR7&+Y_c)mgN6_DJn zKaY%hAhwxJd)=0e&@a^%GK;Cd(#)xw4C;C>+PHIXB?UoUr5w0EIFpH{6!^?#)^c;? zV4qu0E>6M^*%RvCxW8mF%$krCu6I(TDYW0St-^sWX1GGD6ViXbN%!PpdQ8fQJL9!O z2n6mKAjZGR@W>{gq}m!*I6!dsSNqE&BaxhQ&it81j;F!M61FyrF`SU}W+KawbyslM z>#L>gkXBy~aghMNl8I1)$QO-ctm5dATNFXDxO{V^O9)e2neWE(7#oJO5js$9>ExaV z2-TA0SZKByJRaev0|t)I4t(O(Z+>-KmV@C`ygjfk2@<+VFFtmYNf2TbEwZh}r19vm zpG2mC_3r98nBm6Kz!lbIX_!YlCR{hmU3-OY83HB6ORVaR80lhwH~|#Xyrsiu@;Y(k znK16%l(|*;Bs{;OpIRQ)W7Hc9*P0DPuF9E4-Gh#Fw2!b%Rr#DbT~OYL062K+`O16fq$ znLOd|5Lvy7m>drrjF!)q`%A8`RJGjkPNtLOyOzndHG+C?+XNVK4m{jD!tlF@74R?LmS9L`)#9 zQEF{vIp2IXDI)mO0O4{Ng{lmPf+0GGKB(GNXk@ZL8K~czdl}Uhj0_O1tE;sgJciRb`gjQ1Sloz^!QeiY ziVKLUqERYCZTc<#zzN0>rTiY&GS1T3D9L^&AdLqormF`H*6*8imB%gh54gNaG~ zc(dgjXj9uOJBR9AXF(%Cq5my(k{&%s@1E_w^oiQC@10(1o-NBV)g=vxRRkzWeo{`W zZF7sbyAGEbh12Y23m;mW~!qcJX@cMI{aks=U!(LyjH-X&~LT!ML?- z0|!HIgF{b%%Azs@`E7-YWu)>a8^MGv&J{S*p+fDFWF-J^eHm?sB?@gh(VkJSuGNDl zoW%{>!Zl$?ZwP9HB<E$aZ*%O%8>4j&M>~-4@R`gSXESPgkb}!EL z>2k5$c`Ey^Sc18QUOLxOt4MSLnG}LtaKAGuEs<=)hVr&I@q{E!&_!s_!Ey80Y`QvD z4))>8y1UtmNq;VfLH%Zu9`H%9k&E`Z)x^OyzuT2Dby3z8cbrl{&YHZBE78=CnOwQj z@2m&AY+O1T)CR#Q)xGaTr4ygPx6K#UBjh7!!{D9X0Tv@OSF;D#@GB~mEiR>ETjZ&NfQ>+--xAAp;3bY#oXfjjvI!Q>;N~tZS&KG7C5yBWTDN?&-KvQxx&6|R+?Rur;4>P|J%ZjW^amS zA@8013aX7VH6h3{Wq`>=P*%?tJWgv1x_pa`-V~auXqt_v6`YnoUr)E||B^&+4lG#o z=azL(Caa8KHeUCxkg8hA%(j(M5G_a4BIURlzSd$9!_e#qcy*1kXg-Ue3}Y6NZO>Y% zEE{l7suG!&&$wvbM&feMkM!i~;+*pU9>V;2&DTGmnl^W{RfUIw3b&6Chf@Me+{L$q7LaJ=^Dj=n`KIt& zTKJDJh;NqO87;j#T6%A^^yAUeUyhc3qSByyB^9NCj_eeQlKtXe?%jX*>8~C>`1r$* z9)9}ShaZ3T;8!1h_TZPFeE89wJ9~SdKKSU-N56ddUq&YKtI-dBI$HYKXz6sc^k}s7 zc(nB7pLDVE5b(3nwx^?|cebq39kg=ad}Bx<=VIcouf&^$H(I?1WbGbn=71cH%1eIL z+_1Fh7dq}$n$@R#4dHgZ-cpSAWV1&4W^}vC4Jw7^W`h!a1q($$#JO(1TFsBH@%GP; z#vmtl7gWYBQ%{Hl4K~1E5He-|9Jv!3$x8s#%_~Dst zUfMaOJeO}cGB0*UR}B9qcW~)-L;{b(S7m2ahyOVVVXME*7bo9*qYFKczxjp(SSgfj z`MA-WYxcfDz^HdQMblbtK3r=R|4M;jC?Fy$V;)Nz-Rge4!I$pb8#*X~xN+)=2<>uR zc|>Aty!**WcVlHoBkfKLSJPKiezW-%0F(^EyV~CQX0xY{ zX|XYiPdAIWp*Gg3VX8K}6DZ!N-KX!_?#@SJzxMMH}jA?u;G|=|_N2HTd=rkgEralwni9|`Z z*ry6HkBdCg#SX^HIN(MN;o3{Yc+^DFCK_|UIcBaa=J0sPJ!YTHRt3^PdCQkfMb^$6nJQf6v( z#2P~P2$GdY(uGF?LD0Bf+eM?oBat*@71 zzKIlaeZo4kT|#VHv2~`ntG-zJsX9iSoh2Xa`;TeKUNZ08aY!*oZI8`LBR!GB$M^Zz zS5GOdBIIT-)N47!FEnCg&1Etk!=DX(e@rqMifAI+N ztmDX^-JqRb{s{h98lw5J<>8(z<|ZsFu=LlT+*0@1ZIyTKetOHRcRss&OYOZo_in4c zbN91bUgprNT%9?3k8EZz;*}z%pFrj^73f!ZH|OukQykNeJir$Gl=SPU+GO7$;5{8f zN?;Q{2!_#HPx!af1=0G9w~7!{aBN5cJ)^puVt)QX!Jdjqr93W7+TeN9`Bai zT)toNkz!73kS}1%} zqP}tCPE}lGyrWH4bdR{46Or!Ge0EN{Q#wgm!yb~Fn+te#&#%t>?7mI7WTx-L1)Tn~ z)tB?dKSSuQiWIFpe;KM^q}{1kbed`l3kl*HHidCBV+m+BK98K1+_6ThCx1XI=D9|U z#O5Ab$)**Cuo9tAe$yWl9P6!U9Xj5e-iO;Q^)1YBTgzt@;z z*hSLJZ?9ECs#~fz=F;!GA4U*pm~bg-rCj;^j*OJ)mwbPHxx2n0X@h214!n&wdS=$c zC%bol`AHg4{mF6+*Y|;w&c*D9C?htpa;F^bcD$e{5Mln_HEDN21Bx4VUl)0^Sytq` z9^~t~TX8YFE|Y49xHEVU{doVjyt`JA@5cUs=0)JHex+``tS#Ci2dz>&mQs6HgvN3O zWskkK?1gLMEt)z8A0QtstZ>}pas@s%@yS&eKtmgiGQnUFmIf5!>z5#If{HdqmuXV$ zgY9pZJS+LIP{t$OOkevlOGnV6T8cqliQL3HD4XH*VrC3aZO}cwA7nmAT>4k8MEOP3 zlJwbGU^fhrcZKr!X{Pz$kK0?dV6B5MD7(aiAKu{I^c(DzQ0dwzzZbig8#Ekq{NgT#QYjHO2rq*Jp^$KpLF&<*U#so^nR)IOTwh zak=+IzmhY0KUDME`#Bare?6^amzYe<);q5ROw!>K^Qv&oojudlIC`s5@4(f2t=+7Yvo8uU~bZFr9S^IG0 z+BkojNvK~T?0j*JBp1ZTQ=zGNiUX+~03~X!vm*yN$34`vA^gJ=b^^HYmXu=89*-lP z?Fa*TI3c?YENO&GYh|I4h~{P}_F2?@4V__ZcEW4;wc;VFTZ>38LdJl6v5xYX3=~~= z=R^f8IF~GG#s*cH_>ok0lUjXAnxpzbtiLJp7%e$`Ggk_7v|1M$`f?#=)V6hivewk? z;%w$lt%57856B%Ez1%BQ_7BvQs@I-bmV4HG9W1D2(KcZ3TppXxm8 zn*CeHPBynoyXx;idDmjxqQ}g{d@OZAA!;CmIWjZ{kw`dKNwl1e zk*1!HlHhmSizos@*6Ce2UMD|!7`NH@foHMWlY>;9#otHMi@7c~a~u`dbtn!A8L!bO z6TEAlcuXa*_Fy^3eWqRfKwf{l4nk6zEZ{<7GOsKxW3d7Oz%cEl{PJXfXHeUHHJx7- z;5(-_gwj}#aRB%W2WU-(jokJ!{Mz8T&cHHEq~Di2IC&I8Zb#E%Wb}#@%(*vu8)&Dg zu{|z`ke^bgq%TnLbQ7HGEN@^BJ$es*!Yp6U3;482%So*-HJr9u@2ya~=t6=f)3No^ z6tt3n`tz-oiJ9v+8+tK$h|sNZ>vK8nN$(+NLr}srp?JXEDL9B#ZjU@fd@(v8-pNu$ zve*~r#<$Fmvv2Vl%ARLRNX|a@VhDp`eYRwp-4i&G6>7xSuu8Mz*K$Sr61Sq&l&h7T zd^JKg>WNIl6nj-D2*($!~e&Go( zS}Byo;q_oOB}3j>P9=x>h#498TMql%`!@3NH{6Zj$jsL>TCrIduN$b)CU$Bt1lU+% zu3Y#nKcLP77C-V@=EAo-BV0s&!?j>sv?c9Y3Q*6Nc*nFOuE?P(P1u?klKy5s1Lm&3 zOA#_3)ek^~^(tD>uKAwOFd-=<2lL!nE#SEBTI}sru}^W@KSIbEY{rXoLo#8IBy}zu zTFozuzw47Zx0x&qVY@Mk+)(E|2wt&21m-tnSoWbOOVh6~bg3w=SI3P*lWx3N;RqN~ zL_vg{ZzHU+xleFaA$bL1&4|d{C3&WOT;I{Kxc}0nv-9a&`_;Hf1v_J-&zQsdw%Epn zxV2i8Cqbj>o}T~4U1e%3ZsCw^e*U%=<%=)KOWq7Hi_@qw`Z2&+)%%-W+UOUJdscP| zgL;CIVC;>{o0XKHn^kavCqy}6ohsg5&t}(Gkeghpb*2QaE$)ALs6h}hxM;ehDAID) zmXeL?6S+y2ZxDMGh;V)rIq!v^0JOF;=A2btM{h5dwJxV>_F9?9YL!ML7Bvm&&3Es^ zmYfk)UK@|XzX$geXX`ugNmw(kn$?6_SRhauOA6JkFTr#x2LJvmRE$_$Yeny4m4?&? zskOjtE*EFR{jx@7lKtYKf-2-fF_R(%lGrP=yuh!1#00PU7`a#7=2nZfBIr*>rY9k; z?Ed;f^kXEgmg?LkR7IzHf7|9%N2xPpX-n{BNOuvI}; zrd07ui0>Fg(wup1840-*`#wLA8=AF97Ik}#Yq9#`elvowyRays4Y;jNJ2HiF;jyz* z(l1$5Rz{YwtV+tilEh=mt%E6d+Ahwt+}-{8CI0vJQ~p1$T{)c1UVBP26G$NMmeJ1D z^igDbWK&7IE=T-x@G8*`L4~gzLi?|hM{2cQ{&^^|j&!z%J%h4rDvRz-j?E5ctE^CQ z>3dAgVK5mgG2H7XL1nB;z^Z)g>V`c3-K14V=v4Fj6fnh@Gy{xH?_;CUN1|i>#M2Gq zMqf0ki`OqV)_Bks#z5|t&hUrpui1PQWM>MnA;XkF^^FhAbULVVvlIg0#btmm zrYrn{%vZ3GKl^B(B3jXaVo27|xdjEe>9`Z6yI3DDSLgGiBnfg3%HL_~69g?2w=R~m z73S`;ibf7R z&6@wF-5GBz__zDF%V;(4PWaA}x@^6o^(FnStbc3$;Ty`1y64u!0aq&KonE#e(mx8QGe@E6R`g z+x_&K@#^`Sx+_|qbYJnWk45imX0-cb!RXjVHs|?vK(OeXaZXh0QTxuioa}?mo9zeP7hp*Ca>z)W9;r-t?VcW-Tug3y}x&*NL&kB=yMMSEd} z;6U3y(bp>+9TNmIjV59Jgm>1wxkt%W_a$#=q=v}>-S=qupL{kNz3}J(BX~nU=R6A* zj(?Z@odT6zT3p%8UTc)Q!a1Ld)8#__q~7HS$}!LQ-4JdqbH5P*5em_7z+nfA}9>|wRQii zetVzgaOB-*{WW?{Uv(X|A4I=&iB|ZtE`=; z@%+|WT>+iIN?BPEWq^Hn8%@FE+XLD`(^m{^k!Ctga zV;JtZN0f=azGCEqmOs_b6g|H-e0)SN8mngOxT`aTRr|2t?xF26^>xVqeFuoT3QK|D zFZ!*&1P-EF^;8fhYxRXWwEy#d`}=(VoO&Mx^*`~|7G2dh*PAElAH1di3*PGfhyS(v z1#f8lQ|9!QeM8VmnyT}S6XlOITJ;#uf93Q#v2_o+p|?&nBw^F(GtiGll z=v0&u|JfU$?UY43UbB5dKl-a$t*xl|YyNK3{`9tY^+m17TgGx*FHO5Y5H{JF^oLG0 z-|D3JBd6;-KvbMY_v6p`wKVR;TYu4Ye3u6Tw!y7Q2^U-AUM zXi(P*e`&2WGtF<8a^LT^-+uMb`qFu-_k2y&=8V?*w$7@Hc=r)yI#0ljzdWG*oL}`j zT7{O5VmP%Pv`>%ezfVhtt-p$I_21F10ndLbN-GK>ywkY!Rqemm!TI>CyAMzKmhUIc z?kR8R?DBoR!IA#YKd~L15Y`&6nW^)u`+TKB^Jn&5@qhT(0FU$T=Uw-ectp{Ehn>bX z{Kf~}|H6MNRo{JBYlP$d3J=8TI4wNm{X^F6DJ%IwGmihjllT(h;EKN=&|f_liyTA0hd_;JDU*JN*A1{|W)lD7^~-`l!3ZuaCNq z`S-1%s*v`$`^&ETPhtu3uys`Wz)(jc`T!^keRL3M+iS_|=)3La z*Vc5x^#Nm?vtiEZPw1-es7?%`w!jWd$avq{$}PG38E^ia`4@zqiKS65$q=HIY4o$5n*5D6Jl7U+m-*8%MKNq<*3Srcj3iY)nR_v6h2tNWAthGW7-RPXd}yXfDw zr4<%k5gb}(Z39BaXsuac;ed9_MvH&_KcBE{FIYg|SpCM@PKmr9Fuax<74Sr9z1(?Q zN2H2!BBCGCdumuTxw>Hfj+WN9h|u>(e=-4)_Ic}5{`(~;_aSKgqo3sI+n=uVHE~w_ zrCPM3cmDMQ)9FN;pNKyZV8w51lp<@r7Ju0vdmVZ6rN8dC@x@kONj{pkfBdAG@tS#d zKmLOlah-Gbp%A$pyYo?k)dk}l=%xO7_{ANzqL6D?{ z4&pquO4=;q&?-;Wj1L*7l@ zFM1X(N^c<|-Mno(rGD|LeL1maV-6cD<#fO)UF`*u{h^@Iely3rNfl}Rum8vQL#^Zw z-|y`m6Kv}+H>US*9uIb`>#J6?5`cB>y)ltR!vI6$j?gc1DmezDltL*)_ICNr&R^JqdGQz!QpuY;Lp4NMBh5_G*i+ltE2p1B$>#*O zKexd1lAMYpFPSc6q&u#^jv@bzE!_^Sg@>wJ|f1UCBn&+prxz9_0ADk#w_`%m57$XNg6^Pn$Pi@||%Cebiq;bU`C zk<0)&tDMDlSX4gaUpUDAONbix`1LR7z2Gr-^_9vFJsm*uInVFlasS?hSkVrxL5@v- z`(n_$NBbWcl}7n5Xyq8&zy9C5pkHdekF4wMOX|eBKMXNaB6woBG|_Ph=r-`_h;!Dw z8Q5PBmtvpZMZ`u_$bUTq#4T;7eKZx5_iH=A(q|{F7sGZtofK~89G0%{kr#)4^+g!A z*#Gv~3u8UhwXaU@Hs6K97wKE;2_mhbw0bha2(z_U&!PLNJC=Cf?wz(*4Z)X1i`e#g z`(n!K@B#nr$KtIxJ+u(&PqJL{r=k#g$|aUEA(z4R$v(OjCyvS`5xMDoxDTBMyXqn- zUOmM$o*(`Dw)Z|@3AX#aPro1iMDz2VDEMn$gRlIdMz48be*IIIB(#o$R`+~Aijrw9 z&S@dU6eqK4R1JQ@_IWlHqD9IQZL4`n$MFVP!w9-YH^?rsi#FIUk^o%;v;h`q z_m2g3fd<{6{ii4v`%e~4fD}dl2+;56eBWozIrrXoI3vk$i`FvVdEa}_J?A;kd4507 zIX4}%1?Fh=Q@Q10W<0$eLr$IBlU*R!%EMx>{pz4N8D|poYt7 zN-4_K_XWLyI|`woQT2IhEzh?&ilCu-`B+dqCn(TtdVY7?bB~6m1M;*vz6D;=2G-0T zV>;4Zoe}_~gb==>m7O^?%v7I&aRo2mTsVs$J-ny@qqa0+MSAUC4f_iz zbU=Pgt5>o37X{sd{z1jWcEV?QO3)HK>;^$%EUn&b3q_m8@4+Hva-N|%4@jQH7OsF8=^5(jy5`I39G8EC4EC>9f@y|(t*lp!t$lDN z>m+0aeg~4N9luz?z>0LWcZn9Wod<1WrG@_Js%m^y^S$YlVv=;U9R>MF(HzpHBo}(C zaP3T{+t5}{EFl36H>2Ql1@)RgP2unB4)9`JSR!=;yk(}6e)~)82rRbr9CWF63q%*; z`Hfgc-)Tu1J@3nFZZ&4__uWC=<71O49mH>Wam z&^a3VVCE0BE^@1VuGjmE!&KEZm~DN6ODsw#8wz*jMxo}4>&^`KTYTBV8zPR0+vSbN3%M#mX(rMNDUf^i;NrWU0q?zUMy|7U$*pAOV zEIh~r`QaKwLv=>ulr>35?%k%xv1^JwhIJ=+4t-OQAh9e*`r9rl`8oRjSpk1Tpw0;C zr0=NKN2QsB9HOvl!sy1hL(yHr-zD0GAscCClsdDZpUA`ok+cF>#PJdELOOGr%@Cp3nTh9zNu~7B z@4?IiL1PrO&!_uM;A!;z(!~%Mrv@p$?JVfF^wbAtCAv==$~LXEy=-x7bl%qBNJxO3 zhc+{uF3%N?E%yQ&GDxPcF+rQQuWm90p8^hAL42v0n zJr!mN>&_=4&x;klkSP`YN+pZ2zM6JD2zE#0=6o}wMfHzQS|U5c_j~=#JSohg-)p#Q zuOuBjlUEatc7$nS%jJ!T@Lp^*BJ#JSUr+|muN;M}`!3iM2dEeN{Di$+URy7d_=333 z(CP`!JNssY%C$atYT5NFOnOn%y&`l?GOIq#QTC`}W6wAoR`zVoDftZy&xx?m^ET&J z8W*A~4pv#f9@+hBjli1RN&wShx|n;|7!WFg5BJ@PMi=rMCc=ltUkFD6pRi?t36Uj% zf92C6gh?|NDUALF8?}j!;Z>V=kQ3qUw}7D&(RDWjGLvEo&f-kwO)5k@K_<=^F%Ghj zNOV}wHhoA7dYc3tJTT>g3)giL6Dzj=9CYb}#EBxs&wPt4SD` z)cacG+Df4x4BM+>4VM6@y875;Sh{U{MDo&Fc)ys*Cn^JDf|<5Al(V-+QCwz8gs%g8 zYme++2pgjqlL%_9O{j6|;mEz)^k%gJ&9yv{R-n1IWp50n-(c+3Dd9*#M*>asd1STW zp$M&smvnLk?l9b|aM!N-R}a3?KffSmw#!+hN2^|1-x{fB0YF^O&LWXZo$Q6pBFuKH*1kzyCNDx2fm?UugTYC|MT@MH*QE)GF|BL+ma&eQT~p+O_bZHkFnuu{Qj&8{6#bZN2hv(kq+ducr&rTA&QE6< zjaJOP8%bSF`FCA8CtBTE7O2mFf3l>BdJr2t0bbZ~m>_}3F0w#vx9Fm~A)Oe^p2Zmgn(qrpRfy2-jo^c0(kF$kezw2Ie=~4f?Nawz3nku-KfYxZ)^u^MrF6ja~FtMf>z;F+k~F z7fPNSLbPFlg^8J(ZV^jRsg~>XT72l1P%o$tbE!n#xD><*TNpl_SoxHvf|a?-g{u8| z>6*g}6&IE9p3}&j*wn^9sWM4mKXI6Y`>^>sP`3OmDOpL5V$oSuxtr6r)P#oWZv}D$Immmb6XC{R^=-K*48uiH zG3H{ITPHo2_JI@RA(RC!p|KtWAN?%jis>Rc<%&F{C_aU|y#|qynA34mNKi~DSH#7g z3%U*s#r?=watH)ejFf~wk(?Es<#UsZ#wqyg;buQrv(BycPOsew9F^5Z#>08CJa>pj z8hzmCCt_9|lS_wVU6y5GS=YO(@_-`U2i&fC{AwVDijWldp!3mhdLR^vo$lB2BOmBd z2iNSLhgt6<3$a}hk@h|zIU}2$FWf1J!r`}|sMEP&lo2sy;aNhNPO8EIWSdkk=s94B z{UZaDm0#*3urA3f9iN!;(pmLqZz}F0bWB`vWl2z4AOmf`7RjC)q=BhH&9k7Jji)ck z*}o*=dRCZvQR?Enl-DW!yCea8URN*ZU)qlGGqAinQRyiEf%)7lVv(a9oc41@m*oW8 zU>J;HumT_RAP`C`4)|^}4<*g%zy*HC=QS5h;PGD6y{(8I3jL&wh?QlNVq?%oHZXJ~ zt0{$FJ#w997OXsKryPh;jw@#-X(N8`_3Q}B%-zHZ4q%-z-%&l-%4ToP`o>Hfs`53& zBXBaFOt$$2{i=`Avg$0pIwlS;aK zKiDc*G+gX-Dn^J{NaU_ssA5M|jRA@~oF7P!uCABoG!xSRl$lMq*^`+MyL(Y=WOQA< z^aL~mg+xHDg{Os?xwiYR)9Lzo!UWx8>QRcJGB`FBdRppnZ8~~Ns|&x{^j*|1BoQ>k z(?#t(rSB1hO-D`%cBquI`%og#v5j8#Pk8;?88K2k!zi(SHd6UT*{YA}sg%+QFb96i zY&;jQvZZDTOWJt5pplpXlqfEm?e{_UhZ!UIEjdGC0%yAms-1^N_llG(LE7b~f*RXr zIQVz6GlW}>*=hVD0p$?Pp4R6r$wa*aS$Jli9Gy)Z>*g}l|1qmn7^tyGX|8` z!dZ;(MNzl+(Op+dXn`|d%X8?SFvmmQw|%7(rX|MloQ9}0+^{9hsvOC^Jg;N!<9%sa z8}6~orX4FF@tnqv!2-_~hZdOv7D+g*w7&_An-|jlwukPR$hCZg_QAFt6k_wTM%I4fhq$(=GV?MM{z7{ADfpvKky4}S);W932~23 zD!$iKw#C~g({7%#dU!UfO_ z>vmi23^VOo+U*m|mdg>-J6wESy;|BupywI&WXrhDC^0X1#LqCAzXRJ?%Jf=<<+|MB znG5RqU5&`BZg*tsO=&P>x9tPu(2BvFnYJ(1q1IN&N1%MIqoE6ZE@%c&u+9=Vv~tT@ zI;6uxZ9}Je#aQ=pjBYwQ^hCQd!I?!?re{9RQ?_Zk{5@PY)!VH05>$YKBMjNziS*`IC`&a6eUrJSh#pfRZn@n z31&l?Lv~3|e&^FS`@CrD8D1^+Df*&)JwwVf>^~h8=3uw-mM56uz1x{0+O=NBL*8u) zS6c$WL47{L-;Wa{C(5dsA(}}o?6I|^b8ZM$;waa|)e87@4!uQ!AuaK2 z2Ylrm8L%DJ^P_Lp7(#34we*sASQ(DeAoJrOP*&~jjx;9P5an3R*EI!%CfSu`swWH? zhdL_Wv7RUaXTkS(^(US4-oM&|dZV=p)`{fZuKHK6?fvMYYYLKG&#fap1NHWkaBb3N zGCsoJK!mbiaaw z(>ZCXfh%eyypOmlIOAO#=hyU zE{1BWY-(fet#ID8{eRN9oVv@|F<3>W^{cvq?P)7{Y8yHgpJY}s)`)IQ&Di6hka<=Z z>q9iPiMiQM%PYLM#87;7;OwSt7sVg6W-RJ!Sna9NZ=l42r6SH>G3Q^GHvXJJNV>auN9w!@lH?#6H|NBA!yai+f+cg^zQD4z)=)e z)oMWPY<^RH5|mt4-TAGMwZoD||1_+gJvmuIl)u!D7P(#$dteX_c|T*4fkW$1Acq|D z1fh81C63M^+xEzpv)@*%9M%~LS5sb~jaW{hM^Jd1XuXh93J`io$=ru0Nc%yw?0-ww z@w}129v3;(>uLRWbuF!vbk=Dl)}v|NjIMl9|MsV;bqDlU@_gMZlH#wZTt2Ov&fgTx zTcEhfjhkTeU+Kklln^gf>#S72HKAPxVG9%@onvX*$l}6;ZPz}?bN!<-c|w|%gvku z+j|1e?JVjJ(~gJ~_nCa;SO69j!BbIy2Vcg)-Qu5o?o{9M>aF*#y5HViog`95jWqXD z8p)OoaI(~~^>nDU<$Z`w&dwh1gw{qY1Q&Dkh68Zb5shcTCJ`L(O18d0h$44xRdl?N zBOqWT#64VK0t>sDQ~kR9!3z&-e(0W}7M}AdjfXs(z!jr^#k4F)Sq9fhvs~A7z0i57 zKaQ$MP*#!*kWV2oiu42Nm-UUn$vaYUA*f=i!Be4)q6ecjdbln)IH1sioM0L-6lW1L zQiZF>2<(v&?j=K{cOw}38`G*lNQt{^|C4zWeFtZ?t~@xmMZ{gH&!F*jm$ z)#T7a;OKW2v?5MF#iVQ3%VB`8*OYZf6~@)F0#OfXlMcoS zLs24S^g9=_RI=uVkPzIE6?2NJX1K(W14x@;ER0JQ-y%J>5)fnPwq(kz0gFu*9(hAg zoN#Y8;4UM(&}^nTIh6cX53_4Je~0-1ll1%!qU+LySk zf7cnQTv?+y3DPm-uyu8K9A|aC#90rFDb!Ik_^TFgJ+6HMv4$RhTN?=wO0NygPFxgP2M8sc22~@&j#sUrWT% z{JM;d{RnVkL%W zq76Plp#(i4k2yK9yr>BRWTEEt*RPxXK-c1>vq$yqVL8V0c`6tY5EMi>FEBCSVQ1R6 zL~a*?zERICDaiKI4nWEMo?%}SqcipmmGse~-bRylmlkC-rhh5-m=2TDbHEV$h|$_q zXpfn$4JCtocuU()Yu)>-JIn(clNQO$y)Absu3_3&V1G|DD=cs+&)Np8qCIFMR{Xj; zw`I%A{RWJM7TqGhoaT)MEihrBwy(*s<48G9J!yga3#+9Z{ow_X zGo)>S304CoHQls+c8OYrB=~0TqXm|0HDlQ$hp|9jv0sPjaS+@)iwnXzhm)8@DI(mX zjnL>UxYIl5LZ7r;)ymqM^qDeyVj(KXYqI<>=iAV84|VX)Q~}?kt=yAEX<;*?w>A$a zkA~Q{mv7Pz!H%>mP660Br+5;`r(Mt}Iyht_;<^so!^9C?1*2E1ARJ56VdByEXVi#k zIXz*q8(PT+*1-<0%(NM>q~EPAYTa>O*O6U*+MFD=>q^g~T^v+t#iic?SIewf`C8wW zVwf8JXjrGm7J}dum*O~-VGM>EihZrDY;mBV5U&k--}exv_4;#%seL`FNKY6%WbY85KuPgd7qIcRd*Oo1#zu_)3)*OWytT**+> zG%=@nLXYzr%R&M}c1|X2+HYhtCo0-w#2ypqgm)moD0N%>uCSIkL z-Ly}&kQ~eLmZkxPb1ER5)0(xxZC&jaaZltO!3@ZY-QK+M^gVr&#x}vF<7+W9B07Ij zy<8(a_~=@mw$}p5>Pe;Q9H)0*1G4jkp?A`od0Z6>)X#u)v^^PT&!@LY8_JkTslWQ^ zUfYXj)n7S19MZDjjpz1=4Sn+|# z^6aAKOe&cdj$vO}C_1Evj&zBRrF)rkNfXqDkObYMt@s%hIXBhox3lQ^P@h;U!qw=% zUFc1Ek78`>PO+ImEI#ZqOd9wS9gIoYx|>~tfCXeh%LHt3d0H$1J)<3Xmj;Vg=iEXS zK^i!x5rg3k(<~h>jZnFjssgUypMpBY9$vN*B?Di(!`3SHMj-J}pvYRFgr#9-`f>Eb zVuD_skT5zAG6)LlJ6TwU<|GsbmH|0FVjcvSc$)NkIZY|f$X^slJQ2aN zIwOd!u86>Dh!?TR+60z4Xrs$sLzFg|9%@_$4a{j0dlWNU31ngSrwekQL_apD(IjYUl`E4=9f|yz6O6WJw-c$MOFQ9Y$7OocobBGLpTuryj@P|M>(@p8 z$QKv}^qQrd-|aXW>%@_}W&~F#iSv2__2e2gJ$-g9s=6Np3>mVl`V|px_n;0a9-YNF z5uRsOqX7DF5Ew-*Am6MKbjHlR%3sw|U-h0L$$T-td#L+6?+FUWSer2Ch$>x3?plf8WiSwif!7Q$|hVc1d%@&xKO z;S+g>M+Dcyf)D61h9na1EIgMd$06O0S&A8T0cVhegIRTH1MO~fHcZVIK-O=TC z+(Vb+iDS`4i?1xVcvgL2%W%}SEyif`$a0$tf*GFrr7_A%KVQvlru2pl$fIB|ZJ=Vz z*y1g%#!TQh-A@!x`%5-5V$74byLna^=UJ6*DrP$Hr_BVVYG|qDGHl-&!MkfIs!ALPVGB5}isA(!7)WNRFjs?oiftyl zYfWc~g^ywdgKy`eX8DTShD6rXoqQB-q>KEbB+j=3blj3+*HVVorMv>@$F;n>vd8Wp zsA2t~xiDg}nM;0@`!FD!5YNo(3iJ+V@FY*v65jrcEk`dTvx6S?RD2Z>VOq1yNI&LH zkMAHM%W=)+=hdf=L!ngXJ&9qifx%j*9@kuceqh$VUeDUS+*Ch2fed?HBOK34=8&M} zC8}=E<_n5pfZsUSBmE5KQA*5iUjM$7zwzY$F|0RM?2Q0G;41n9U&H;Cv5$|({dr-z z^uX1?_Cc-7)CLp*R>ch+9MiH~7&91O!|XR~$`XcHX2`wdXuAiLJgt?1hQX$42;TVg z$DLQ-R$sGOG_h(^Jv-;)ndj%B=G2ZQKB zu*~MC5im}YVz*80_)t*zojM&b_hI}Z-hl0~alrF}zFW`QZc7K-R?q1^MI#G>6=CB* z40LnV#ki+iK0PD(%U(Z6bWiwCN z;)}v=LFBez+@->IyIV*qapvmQ)MdYw8Ot?}OZ@Pxm0cx?ivO zn7TaKY&HM2(agx_b;qb}NO;h+ozHq3{TD5+%gTHlRDGane2{h3kqR+vnBqSW0Xke= z#<)fprWg@)%gLB{c@m=t;ZkY^ z`!ZM#`k6_P0TGfN1C8&KAaR}o$*tZV8AcFKGgn%*nMxQ~&)r$(XqsS;P8zPHwA)BV zHyvs#AW+NTJZWcyz-9O7Cq_gd(1ycO7@yG5P!`^t-wlUn@=RKkVCABF z3!4fpqkr^uVaJEfmK^ZCP{g`3MQ|HH6$3YF{>ZmXLb8Dm!yY6$k%4BkVPh>V5U1lU z1nI>^p`niIeO;`Fo3W&cv7|wxMZAz>f+8lXJ4Of_Asq~*@~ob#P41q7q8D^csuHnU zIy4qQY4p#YR%fko;Y1W@ZjF%wrrEZS)Dw9^JjJtRi+UJ4h2_bPEA5Lw(%T6ZO1?AT7k|DqPm4vW{LHf|jrqX5?guy1nvNONwxVDW+!U#hM6i{8x&N zQ0tt8JU@WXu740Z67LpmRSXCiEf@vO1sxHSb@-r22Q*XHdc<~2zZ!-M*3-QHi?M1m zcTViXY$$|5)!Li4>UlgZpLbuiWl@iUuc+ML+G7~(PZ)aXBaBku%( zP+73YuzqW}^k(|Kcz0Jo2j+%Paq+qN7+IP5oD zc%RRs#`BDOFX{4%;I)DCdA-PO>cwHF%Ev256f5@K4z=wTQH%>M6e(KLJR?!Oa-?Xe zUqy=66m6Q&2S*Z+!bi}rCWLuF!R|@1U1AS*z@U9N!79QD8jKz|A|zLsNi1=R4~Ntv z%D^2`hjESkKAQD^E@evy0rZoj*w|Zz&7xe%WdYq`y0xtV&SIua0Ii*9z_9tkb*5sY z!Iqwb*=3Ix`m#Qwt!}%Nrv=P?R57{#{-kc8h3rZ&`=}_ayDX_TPcKXZBpEmk85qMk zWP4uy67&UBBQEX_fzz*_2+Ir;HhS>*{6Z6Z#h8f7{rjp0uBTBsu^KfB7L9*m5<}Cq zJyd|T_hf>gih&S)0K~b+^fol5oH0Ds%9zXIcdTuoAYxtwdWqLZL_0md+Gi2WP?1mX zo38{lc@!%elteo5aeJ)tJI7bs2MUW(&*>j-8!)aO0-MKvYJSXftf+!@tDc3~`gLI- zLUEDzN@qXGEapY>NK=FiAw;RuP7Z$ZI(OG9vS1kYP%(4-I4f4>iqrt_B}aA#+m%{K ztTmVb@1^)UnD{p}2}lUSguEl;RoI{_)QI!a9>zloz^@b!Q5V&=eL|5K5YjWht9nRk z3=v(O2+^grs4m7>s+jAn;CMqjxnN+J?N+CjQfh6-q=ia*yKGw2ev}8Ny|pnASLZd4 z!r*BKYzZ8Qof;P2cfNYHeDAp}sDCSY%jdk6T~=0Y;!K*Y-hq6iZCTF&A=RIK|C!-d zbx(TcFoat6Bd}2zCMsdw9u2H%8$TKc7Sh_zdnCMVnC|WIc7$RpbZBiJs>K#SP@#4m z@|f6uraO}!KIA+Y3#HFjKZoQrK1 zhGChAv0a00o zgwA|Nzel#We;j@dE-q;O+f^$Z<=-y+K_SYeiqsUNe=%(#xd@yMPvn3=TWO+_5$pD< zG?U^5cpXcDeu>gw8}snm_Fy=f_HMU2xOl^+S_-1dPqIgZ*xJ< zqVsxfU#%C%)e;foD(q7v^Ly&Uex=(inTH+lMtG)+}{hS2HpQ+ESfSKV=kzuL@g1z1YB6Q(gkv z!i15UhKCSyJdLQeL(VlLqMde|Rj}|K?%3Cm2aiMA{q5Dm0_8Zjrb@qx@mWVGXo(Oz6VlolcA zEtDHuW~`TnL=mQk;aSsDqd)3CW?LfS7xhqHL2oxL(lI-g8dmOkMz^?A;Qpzh7 zj{aAMx7c1iHv7W)q*fU)CQtSY=?kKPPc~8sxxpYcLPL#E4@%W&m}^Y&H$M3kS2M6l z_Ul3e2e2SZ%~AoHKso)i$gcmwCU%gaML;0WxHi-=bX(aSMZ3!$PZ%iY^;}`dwCR+3 z3HweZ)^}cA&;`p!#05z|+cj`31Kid%Br9U8wZ}|ab`FrSE%zeKZ2mJ{I4ag3K^F!z zvH+RVRq=pXJ6Cg(I$e0$sS(LS*nyHF>iDe6`)81qA$gr>CVrx z4J-_cVacxo;xm(F?r& zMMoM=(=Qfwn!cPzR*Ut-@%R*B=~Hn#eZHPQ)uX;&%byxe-_?gc-^rhT_FMV8;$*t6 z-3R&U#v2^)VWwt&U3w_TgV|^3o^{KPU^vQ_43yx1l{AM1J=qKM9 zi!Ez>GS)Z2j6NAFC!6%ih|mO|%aS8>4e>JfF<; zjf~GX@*LmHFi?Y(*1ws1;O&Ear~R9`{k04UQOdMF)22RY4<+&m9x%uG z=J}-kujH1$k|D&qOzYpuGkPn}2-|}zv?RI7Cv$l#_xVv@jXGd$NbJlAtSR1|O*sIF(IkiL8e zw(EJ;*Yj9x8{i6K!I^wQQP(r%*E3yR&+uQ*@FVuqdL$d4U<1D96Z*ly;givkntU=M z8w&WO|95gf=!mo)zm`w>xsm(1k^8xk=W-*@g`=Uk>-Jz6f1FPs$NT3KUgPBXwEkPU zPb6kqkHg0&=^;m^`f`3d~KA~8=2tJtwZVjKz+ z-RY^?teRn0jGc2rc%M(p=mZ5wKpo!*b&4xHNsrpQQ^8W4%)MUgisUt?PFUc zM~!?{$A~_xzlZhT5rvn&tZGPp&FNQ~Ig^QqwYQPUDKN$7m>Xzuy4zy!qMr3LC<;tT zhv4Xy?2mdmeO7It8&^7U2Qv=Jv#ATVP<1{BfjkFydOr49Q)QbluLBJ{7m)y-$GHd> zGR7X?-AkuQJKn5 zY881=@KZWy@o9M+zo_FxpVbD^=W^osdAZ9RQFBq5f)|zddP!U6(s9ffFagy;Z#ct1 z1uyy+d}H?=crl+b^>_hM(iXV-={W4gc(vew-kkKOZG-_#2X+)ne=eM3O>Dv!Gn{j^ zmq%Uqup)NagtX~Ire{`_()Mcq`gt`5VH`yc@nO@OrOhx*)E0jX1wk<|UBP}Z7;@2s z<3+}^fw&MsWikLsD~IWsI`^>#9P%+T(1BRs;e<`)w;rL3A!ksI+$B)xKwj-GIyBG` z1ZUQg3<1&oR85G%gF2D;yDD^Y@arR$r}-CUdF2;da`-Pjiteq2$9erOvAjqV42Y%C z|76+b_^77^dWIi{+E@Uiu9ogd`ToiE1eTy12jqj-%-taokO|(c#gYyo1q$^Npj${w zoXkA;O?^Ykvsh6>!jiev{I4&FxVhm-C0%2C0={zy3( zGa%MToJbam8VbeEhgKOg6ff2m>sJ^Ncnj=MHGG8X579cKaKfVtYSt&PZXU}BvGfZp zw_BNG%^@**jGQ7{L0u)vbnAF&fZh!yxO%|a(bB|>O93s;E-@8W7m9?=LO0=Nnu1y+ z8FokX?>Z@{RN=Ax?8JD308i@N88NN8giC6g&VQWda0Pe(Ob%`GkR`-|f! zOe{VUXxLyBiVqLhH7;o(Aq1$sBU?W@sXHiJRAQK@5euDLzJiRN>&39z`(3gmqBT^* zU7&HSrv&dDab|`SQbsZ;+e8^AWgA6X)Uyi`e6VO7(_`B{9U*E#j0V1+6hZCa=L~p9 zx^&O;pBsEXwc6gzYWa0?aNO>*)Hp{) zws)VVvk(%mD#KO_cKG<1;ehYbpL3mk99uNi7*5+Tka`R=`tgDgW9tc}SYFvu;=yPe z%w!C?SV9YO=pxiSPh0SZiAcXjdmX0^u5^t6Q>i(IwX3YpC=x0xFK;}_H|>j|LHX;3ml zb`gnXW3!7vp~@P4Lu%e$q|sfJ_^_rf`YKYRXvfG3{`;;R^UR66)mT}{!s%ivR6TJ> zyJ#?(m2|O9!T>;e3C7fh*C>=8 z2HlVyWJz>hi!!VXS8EgbnEn{FMU?I!> z*6u|p;|wF>$$*4Yjn0OpkRvOs_2@?-vdZ4(pCO0MqiJf5bUP=vp&HDqp2W=uQGt+w zqMQ9JNW>>D2r(0qP*>0;1nY~-#_>%=tw7y^dVgE#S<0J^Ym*8vV5Wrrv0*|)f_9E& z5wK>7dFmjQFN;HCypWgDDa10)x0lD^TWch!r=v51YW1Tt3q5t*1t-KeEQqlp;J(_y zwwf47qm6zaW-9LKl0bM{z!gW(EJs)khD3!9mtoMtdJH4OVjP;rygo7(ve}g<&t~C0`ty1h_evh{JxZ}^OLo6i}6djt)YN~0A;mk%C#ztQWo#2O; zqP}4L77BW;4Oanr=~RA-XImYHk}WU%2>H|J47;b;NM%OFVxoqsHGqdg5#L`D@b-0w znp1EC=pc&tk)1w^ZHE>DDR>GnBGylTSo$DX%49qt1Inhp^ubeA-!a|Li_nryTU$bw zZ$o2%pr8vx1=&|lM?^Ch=?US(Kv2p*T2KQ|sh!}xfM_k`p((=#;T}L)R@)AaVE*}x zV`K=^Lj{!T{Q&VX8C~T->a}pN_SUSfo}?zpgUbL@Scr(jWMbH;9SPqL>;rIZs@3h| z2ropC%VsF zkmP`^Bnqzs5k_Sx=Y!UeOm(%#0o^Y$37BU^-L}fv#)ga2hSo7%T1QM?_e=fJy8S|_ z-6u=DEMy?=81}YJQBm&)#b_>Zt)ZU0iGoNi&`*-JL*fOlt!3+6=9+(7B%l#s0Z!LQ zLI-ovr#ucr+FtWsR69kMT+UG}iPWAIa&P42W4VhdT}b1k0D-5XbSBUeWj6K1J!%M$ z^3Dv0wt=cP*oi*9dTte~S=OYD6->ftfanN&xXuQG$udy{gU!_b$q9D(p+OXcU0%4( zQWg^c-bA)VjZBEG_I1~Dis1MF8w3j#FXn7>l;yXLz*0N@VQv{N6MhLo3LQ}MyscNv zp2!>U1WRZGh=mZPzUsxntaKfvM@C{G{2-sUHZ69`nk(Vex@~I`rP2RJngc|}^qC@R zhLy)Itf?r_90H}dt}fFH8?Y>P*BrMb$H4K+1%kd?`mLoui)2)W0EqxOB`An2L*a~Q zRIBm~5m*~FKUqsG?z}KoT%VFQZewzjTSYP6J!5pE|C~-*VTv_{0B%DC;1wYk8v;TJ zAke(CA1@wJ@9;@H9cv0V4-3k+XOY|K8I7}A3)!n?iwl^Z6NL0AMWO8rtWN)4+EBD| z8vR~NUg!lMi)QY?7V*P=0>rt4RMIRLK}`ulIAR; zswhP#ql%*){74^VT2nh%C|nYj1_OuJMRJZu(y2m-qRToJmoaTIlKkP2VN(e_0DXsv zWUH<|m<;XYgARqF4= zS{Mf8FbdJb6JweYvn(v>I2x-GM`Fm#L<*f_}YgM_3yi&a>Gb}9`!!^D6ERN>w`J5B(U6WC-Okw>{CYXp5-g}*U_sy0 z=wD6eS+QQswB{7Y^&hentyEu|*6I|Hh?XYRRb|FLbT}ig4tniv&GoL(N5at)a&9)j5JL2*VHd3R>o{d-upY>&^8n< zA~frMSDIZ;|L=uDUe$kJ%M=6ccn@(9``6OcF0R#d%og#W@N{}DD*fzuu@}V?OL;}W z$s2+^?H^8QA#WPT>+piGT*tW<_4GOQi$g-cA;-ZtE0SJYPzxOJ)^Izkd$2qAY|32_ zeL#$aM*Ax4YL1FMr+#?(Qa2Hh&J2&j2vPrqzA5k2c~*CrJ7UN+RmH_gr|;bxi8#s& zR_sUE8k#$}N4A%pt+pHG*q&P36E|gRAl_T^HXT~f2)17A>%1n(Q|};N5GGhFjX2wH zdqI7^E39BI-L4L#7o8k=Qdh64x1o8R)0}XKZKuWwd1;5A={w@-bO`@27`oI|&h<8i z>h&yGEd89+oZv&?KqfdI@}#afoB3L<&0|9WGT+*?SQqKy2|d#$a7{Js-k&p~KUC+F z!V>huyge>@9m+O0nHSPq{a(9V0v_JcfAj~m%#)tpQECj?5*2Z*SXc+q2Syhz9ds}> zgJ>5VNss=1Q@u0db9po<$)_b4Z&j~P+rAc^l2(dOJEVdFLL_fdbuniq@{6HURS-Oe%|hc*1~E{ zi~W^pu~8(*iy9X$SP~ubeBc_pcTq>S^m~Gv*shKg59px1TUqwo0wYiy1%Bx;VL80M zfX{lM#VOpvDRyY2bnNN8rpSAq3+h}{n=9(sH3#SQ*X37Wl9KJLv2;w~Regh29j@Ri zE#O1qO6>~W%#zX;%1U&Q-m3eBwk=!M##^hDIcGdm;sOMHn27_N!;;&OFvq?=2AlMT zSq`Uwfm8YhpT5_eYl2MehF{ZZo<%1>f0+BOawRTdABg+Tl$Bi8Q@QW!TFa==?)Ee3 ziGKgq?&0aBoh>{_Bb+BFD{X77~q_iV9N5HJk;$hwao$OXj5J~Qodi)lW*wx)>6BvRcj+EX@O@Pro&@h zNwZuK1mMVhEZZx)TI{wCN;(dd!xR@%f|a%(PYr%;O{GWI`gFuy(gIJO5*D!iuqp$8 zEroaaIOL`%em6bT{2JPm9;DIo2s}R&B4gybXso;1S%d6jgchDYPSPT+hAdvNwbFVm z2?j#3E`b%qv$gf#h0vpvwMhHw))zES{9|O#hr(-Qrqe)mKT;T+n3v&r^Rn?al+3}7 zgNns}FX9TrsjL^$*tFB~m7|?N{EkZGD4ye4qzkqNxV6S4*?}CF4>He{Vwn=l0iN&- zdb8L06@Y1)dl)Ka;%e!ywXaC2-AUeyXiRme5toKgDvDb3Jlo%VBohBcqPaft7A-Go~( zPp^sFGOu*H+t$HmtO@MXV(%0Q#}ma)Lr!aZTJIIL(JG{sDbbYe(z&tK{74sq;U~FT z&pJJ`r1fl1s&64ipA>ro_?bUgM|a*99U{@$-jEK)d26i>dQv0MqP#{b?F%_ktQt5H z>m=->uPf^duHjpJYU|poStcUsCsS~`!gKiRa8#)gt*OFTGd6>AvDVCeeR}EIQt8ra z#{lDzXY;7-%1rQo^BGL5nL}98ttFYBUoCvY&tt7(c^ww^343dGPq;^~MOc++cVjKI zYrN3S+|q$+JgaW(!xj(TBT^6#r_P?5!?_05&DY32c=N`%nyJMpah!MbuX_p?UZRio zux##e!;zKGxc8hc2siegkuB+vtts~v1=U_@%d+qR)OP>mwqb4MJ~!Ep580aLJ?p4N z4(_pkLN1|`3_MnJ-$~tFNy|p&Y56U}j}V(H2MfQOxsN;|NlaFVD6w$Dm7eDzZ;68M&tIpC)jX`qFH?nLhc1XVkQ3_&8Z|6*v_--dFIIF(<_Vm@nLA~wIg{yYkTcz-f=m#{b_m53zAr!=X=-3ee|x6``G~=Ezh7f3TUBpq)W_x zQNLP?tH<@#Yi@h@*0YT--Ff6mAvwV6=(7$k@q4ADD#kU2LMcxGCYzQ(!`N&Pi`PwG z(5M*K9+xBzLWD4Ilr2CqaavfMRYqQt87Y~*d=hdTIA2ICs!rzB8)U`{Rank2&C{m# z-1T&QNq5Wc`mQ6xE}Cu#w`+cQ?Hsf+{v9@Q0vHTfH3;(k_wJ3HSsJ?pg{=s2nTa61 zE(H0ReKx|%Gu^r5Rx@X_I7A_%j9S&^ep-xh_M;OiF%Phw&Jfhc(W1@<3>O@-vN#iU zKmzuOdVqK}1f!WM(?J+(Xl6au`R-{6hXp+e%>X^)vw@o$Cg_^^V+^xuDe>{kWB>aWoLp7#6}qW-Co}GN)hoXwJboDg;6L%|w1h(^36) z0Tb^=2>C*fY(@#&#$|qN4IT6fd zEe289Igu^4>wHSfudI%?fxn@5HB5d_1h^?@40rqDfR!4H)%ZQJ!Mxa9VkUrKt@Rx# zM$|0BJ}}SQnbfZ4S<=gL+XW(kE-QxYUlc}GerI5h$af*C{ z*XH=*up$GjdCH6IU<+iwB`2XqWCya2VF^6a%Pkd1z{8=j%5Lb(`MNbsU5r_tfrwpu zZEmOkKvL`rpr)K!1x!l{I2b9IFEl2_H&Z&k3<0&*S zY!``F`XVK48p&Gwc|QZgpvSEp=_Q~sWh_dpd|RYWIWAJ%zrUhyy&hkk)FZ5jacm~^ zyl?`*G){u)vQSg32rxP6q&dELUQYx@t-n@>Ph*Ajh>IobP-501rvwO$!u0BWf*5OL zID_ni*h68mIG6!-H5eP_@K&A6^s<*lATG2=w)6#A#?R`T7Z>zc=5dD1CsF0mbEV2Z zcTYvq6uQaXkht`7h>>0 z0fA7NFtlfa1=D^M&L*R-EtY2G!Mc1_7OZ6CU-@X+SC z9_l%5?Osu<7fThkQ&SX2LA3;IUEK`{a@C2y;ARI@;82qh3*-Wj{7$~D@kaX+oJn_f z5U~n#Dpr7wVN1OEJ)*@Z3itXT91$u*02BeYSb+-IZK1h&3RPlLwHE6zCUx1)7kE<8 z5M!rRcKN?!$0ha{uglseTl&dy{EPQ{vyGQ9cz^~C`inUnM-GsoB#AJqO?mPK^Mf&lf)##v-}s6V_3@7u&w zDSe1;HX1I!b1iN6ub%O6G^|>WeL^@wgg9nwGYh)y7&M#DXE!S%DTmY4=r=9cVac~L zBiMfrrw3)$FSRH!0pbyLQNtb?oM>rM-UxD@r$!yUiTwxD4}qG6{pkN()T0(lA(H6? z!4=i~#TcbsJ5XJ`%w2Gf9)P0JK;~t9I)m)>Db?CGRm#>BqF`{Zxx0Ra=I|s6T4Hs0 z7A|Bh!XH6Dg(1ugWPa{I@m!FJRE#?FPa6IEa_gMZ1RN(8Vm7ujSblrkvZn;{_Q={g zoF36%C*$ot6lSx55z5ozF_Hw1(qN-6<<-LbX38X9=^JEPmwKqLK*+$LN-Kg)ff|yN!U}YCUUxqpDx#;H$>T9*VM7tN% z(|h7XvYZ^*h0HWO@^@#t^ND*QKhs-9?ps1a{5Y#fKcK~y=73OEFd_yK=q$OF^VL(P z8%P^TJeT2mQ!Ab}mV>TUr$0TXyAW>LctHJIo=bb|0D_Wb28MCF9oY12WVQsT?;tjd zY^d(McuF$~s;|8WbVS)_V&(&K^l)9pYT5~mcy6MUbx+DIEtVL$N4rEg$M0z!g0s>h z8{|HX|I$|I1-B`DA7N{IjZWhshIt=qx9 zs2f{=^a{mut-Oo*^}H_Bp9nKIhb-8-51wAlxUGfS4TuzJhPeCjr#0v#(bl2_m4lNM z;<8;90W`fRHh)U`B~8DmIP7`-N*hk;?|EH2ukTOkDjQR@Md^+6)v|=pMTy$L2~EJl zld5IGVi6!)muLb@QM`^RF4!o+snOhQlCo;s=Zio)-+603?e!E4QIU(#oRT26)BaCsnG&sX4 zNhfF#CGls~E}}#Am=`pnZQCe9hJsN)D7LgSR8w~wfdbNp7uCX{S!j+tPn43oAiOw_ zK&shpLtS>^PKUT!=EyH#z=*)SeN(&@Fs35~M=lzsyq$FjTgvgTC9Mah4$r62zn)AE zjse$b>@IX{fhr2o8MEE0%Z`RTbl^`bGmy@?HCQ{)-ueT#6Ylr}_S0>q+N zkcLbHx^_6QjinZf2TE-F{!B^&K~iS)4=xHL2oi&i#^X02*mm%V(_YQ6hnZ4Y7q?ys zDF!#54q?z2NX3n?XiHD@Pwg%Ya9rL$=PN%fWbqP+!}@krr!GGt_WqKbny;j^HC&&P zgif36t$_v>H*Mz75BplSkJA0**kom1T*!-KOBCD0ekA825idL-5@BN`=P!`~YTLyD z0=AapX;IkGuuN^2lB6~{6{{1`2acmENAa8uhKZBA)6Lb2TOWE-QnTF@@!T>W-*a32 zYuz)giE@E;gcGl%_!WsxUXXA@l;M3kABc%=OL28izvk>~PQE^u;@s=yGp~?+?$cwijVUR)pw;)`c{!Ig+}pS>JSO? zholCQFV0DZe?n;zLF%s3q~6l=2ebmF$q1sj>OW|&cpq`)fX3$;gj-xIt#n4u1uZ4F zx*c=yt&L+?h8SaUBc6pyJL&T zhDmzDzCdl#503fUJrbZ*NqorOILmx3B)az~Vh1X0fni0vkS!JL@Ca3>H3fbVpx*TN zAz{%&ybCjg+RgNYY;!guzns3IZ?EbNnFsav70vjNte$TSv`pImwvzowpcUJ1E{9zC z)>-XCCvrWD1#lhOw8(DCIrq1gTI6PcpiZr^0S0Cbm(=znG!^b76*Q-W!&2~(jyfb9 zYf1_~0xm#|!a=>ZJ*S1W_#*USt2wsfY6TQ%0PEvwn(6Pwx9=}JkoJlVJ-8zuwfRvP z&rvNT6%ine2iTX0wEcdVnqA}X3jtJ|6JsC>MdZP3V8g@)O1C!IOln5cI;iX9Wcbg$ST7SJ=d6I3#Z7&CUst$B6+>7sjP-eG>Cb0~iAf>- zif`}Pwn&B89>@?po^iq5o9Y9i{+fvTi-N6%%S*5);~S}O$HO=*1$w{)cFK(A)nEDb zK>D7b<-fi9*X<`@?)TF6;T|ZxdqNmR=wiRwCTA9N1MtT)jEnn1l*^VK$9NP7>v^74 zzpQw79c((6x^$bf?lEA8B4W(=%h?1^hysX?zM}EJ*uhP-1IAOC68mEpm$LL9IDJL$ z)hJiXw{|7#U+M1D|Ib1u;{PwPP)h=TW)cX4A>1+KX)R5WGw_T(Bbx<5pCLtO#f`Xc z1Tnme2DySH#qPuvj6L0Pd``G=^op6~yn`#%x)LfR>es~iyqx-bsvqvGObu7+iTC zi&>k5hAFOd1V}@l73lmr%L0F^iyWy3!?o56N!^9gvKF0#G<;k$<9wIz>61G%`prqc z7+4SFe*wGa3@)w;tLPhW!t-FH$h|4O?9%0TX&UXG_uAzbU}EH^_v7p#>kCdH`kF@P z>MQDxHySzE%P+TiMI-Rf?eH}S@R1KgqZjQND==_E%?@zt99}1!yU*1e)?=8rgRPEU z)t%auBb#Bn=7Rou-+Iq`+xiQF5?G;n_(FRfH<44nDhtE~+|IG{``J7K+=vmF_6GIf z{1AnBY@92L9Zrfe?59WQvo#reaOiEZNC(fccQCxX03CYTc`fql9x{#{kMF zB!-PuW3I$M+#fiIxCwikc&)0drLkwy{e~p%=kGP)1gGO6xmm2)7sVkD$<6tqB0-9K zTU;ptX<}cj@*b_7t#8&3PGN4=2C6+cG`SXsxgaqP3Hw=cyj6-3=sEI~5sizycAd8b z^Q%8$nk*!*y;5M{TLf&W`@kWuPu9d|iRvw8%S>YDYP}_9PVLI}03@@0pLYJViCT*v z5&+zjj|Vv^Rve1@#+i7ayN&*qf`HQ!1{d@+VjnfZ61^uOOTH-HL}OJvv|L(}4KL|g z7j>q?;mLZr{aKQ}eHhd3uWPJ$YIa$ug~vMeek>QJi57JZVs&zGB8aC3e&bzIoQ_fkF+&(A5|>O0*Ma<4qiI&mL6S8Myc3?(l6UR8zk&I zIZZe2albPx=QNV5yOA%}?*s=4c_M$)R;-FQ6bXJue!p#-w1H|9*ye^pXY_AseNW$( z1ix%FoiWpwAae4R+4|A|^5RQ!pyFQT~@lb6^TwkieEzY17sZ~m@(k7;9Q zhYR4VT&B?vR}NO573KgHygP$Abf(Mdjy;Axz^@VYq^1VX%_+Mf+Ii56F+a zT#IOyBwhZr$FiLYoxqD4;nh!jgeK^_IGofi{A>Rk8>ny`Sv@ds%LMyf*2XTAoNKjE zMC>eZwec}|3~&yj77iEfYhSy$*~} z&qXdL9V&!fC=$UxAT1Wc;IO^N$xcyqjLZx*z9@)miSPM==fdzYhmc?diwAa$Mh`&eyM$CB}5ky z|6)aoMnfMm!<6P<5wtK3jAF*{VH7pf0GEw0AM1cPxhAqJZIU*?3(eb@lPid;d(#($ zshlgD4!6B^upyfPBHnx=uK=NI#3agnNqPkavtoTWZ?&+PfykcJJzT}isQHD()EY@-q~*l^gh-#ZFcwoHsC20e(q*fQOT?=^-pLgUUlnmL)y{ahpoH~sr%$p>I2Jo zdB!vCljYc+IN~MkY+Lw^c;ngZZSR3yix?m1LaVf^Z3DwXk2c4;@I5QI!2=;kb|QA~ zU(n1+9Q~4d$tA#B8Pk>gx5qinbnsNhi~}(3==cmI5nO$kw9670fhK|y5~go_I*PZZ z+e?BmXb@h`Ho<1Niq~tIie=jEjk+?5VZs-RvQrGmTWM-5mPO~<{^93ts3l>6;QXl# z4~u7xDsZq*VT!{lX}JM)ZE#&AxS%8@U)u^!DYv+#PlCt_Q%#2{oHlSo`FjdJd`&Rd z3XoE5c*3i<%wc=Y8K@#FGUJ~B(=re5=&I`Fr+3#+W7^wCvqG1uJh&*xmoze0kaO@G z*Lo|v!I@}Urk%CA+B4=|Ak?V?JL>g%Qq+hW2gRjLH7tLergplnFKC+c0%D!h_APD~8YJ6e3+-hfZZ+_bCS`nkP2EA%rmB zk_^L@L7MnLF5zH#8@t0-YKoa`6nj@^21VSywy1){@yD6f$l3Pzg{LnN@oUz;Ie42WMej|Uy z{ad+zQ1ZIw{8hydhvq$%Pu}dieLjL@Xw%s3-1m%jBCrdv_If#Y2YVaX5xa<#badDx zcq-p@CT8HNndsTdn;1qX-|)uj%_$g`P@IEb@e9wUAC*P*g(-Lw`}U~)j1VuwLb3;) zO4woCu+CTB;fZ>-@V}@h-X#7?8#+G z3xfQ%M8lP3gE`G~>8&^4YoCt#FN%N@v+CU*%Lc%X(q^e?k#-c-ak8D+rmqXHhz;X6 z?Tz0Hy6W&6>YiC5wh+Q;S7`$eakeeSCs|NY^)&793)8mX;8|UXc;(clD|*7hJomOf ztNlZa;5fgtSQpePit0M_y&rWzgx^LMDjY@7!@OQZKGcrtQA}-Uo(QU+enxF&l~8JD`hOy3UvRv%!wL?+F(uF%ABsKhw+-`b6h=BuD+0AM@eN9WHZhmAyrlvjHMlR z2j3NjY=9HN$!dLT;Vx9}cW9mCdv-0}D-po0bsyuH+*Y5)=2abMT<+%tJRFy@-jSh8 z&tM>6K!HEtMFoesz;|ku$SE#p+-LR8wZ@O-)?mvtl4p4sC&BWHIf7T#vy9rKp3$F9 zYhYf?;&N%%t+xqU7vP(KPG!9tOmaX<#kmBmoBa}8@!FK=vsgai#Pjm5ek%wx4%M-b zN|{mHZcc6d{vsCQgoqG}_^O0-j27chWkzc)gb@2I4=mw#Ws8;9$=iJwCL`@c(5Ia} z)-6^HmNr5JC>$3ErUDE0M)v1o5q<$Z_^@wI#2~h*@-mpIJG;ueW9Y^%JIi1+^}$$q z5sUyE^8IC))0E?wFp#@{j7YnHEUdYNX#K3dd%`|FAnqZ5n0{DOK{j)0PvWNp7P^au z9=x5&W=<`k@ABR{LxUNLV;X%=ZLDQN(nhf&AsR`r6}fCqTjr;HDrJep*Jm1w19xGW z#hf6yS`wyh@J^8-Az9k19mz8K$y#WKsi3x?V+1849SROg8REYWGElS(N=L||lwf{R zK?nwDpGXsitlp7(KgvllbQO#^=AJfz&JFWB zav@8?z8U9=R%J5(A4^j&udU~kVit>k*6AL7@4)yVso%rxTPx$Xm`bZpgmkeAK48rB ztxtcf1&Kmpd>6Em#2bkRekj>H9`Vk)*7~pgtxK|YV6%7&2L1=GvK{bNQtgrbfmeuh za~1$k1MMdC+&QaS4a=LBwdtrq~0ORtQfaWA3 zN~I141hfGmxnd{U&1b>LsW|guKvy$So%B`xdsvhFvaVCqZ<8b1gi(PY9=bLw=0uEG zFiqY0@pQ%*#XsL&e!*Pm53>JHD?)R2Y&AemyiRX=IjUa|XA(lPexTmUvm}X8aJ*{r zB^k$yIf{n+3y{Q3OTW{)5>5->h%CM=X~sk&dKWg0ZNB$)_f=Urbsqs0GNo3n^j1<& z?K4LIH#2fPZV+?nnNw+POq6Re7IVS$aG?WwwENONKl71bfVrdK|A1y0IULzx$69v9 z04L6D*A5+xb?fMvO_i|oB-gk3d&|n{O55W~Ssomy56A9@z~y;eL@co zo7jCz& z^)UT=*(4?m8-esNc4N7IMSBSCLz0~hPJ;w%A_VD*w84b|RFlMyUtl72KKHtS^m}Va}kb>i~rG6!7V>Jpi zE3J`d7|$@D)xm=w`gRrp#etd2*s{Hj-ohL)d08yjn|3{n>u^yE1jKF8qagZJhOrwf zhC38&?ze!7wN9;`iD2%U24NplQ@Z;{(;amTSS;4F`s>_gpWDpOL(Jl*SK`!IpqSi4 z8DV?JY=~p_vKaDJF#{aVYoEIN#XxZJg^lFZjB7cGt_W>X#tvW9WA91c=0BqnTt)-B zwgrdohBqEF3KIob9O%GM!nZ(X#eqlX^Q;`uu=C_H4ZH~NNkq1~2;Vx!Vu=N$rA?d2 zE1i|-u|EW>&MlM7^a_x#1+OiUIga7r-<;qf4uDXwYdoj9!gQ}!#A89%fc}Qv0nLduuZMAU<8r=-9Pj6h6pegBZiE~0kyCn3ROt?J{Y8gd5at2kOvSS{}}97C0z#Kdegi(x%M+u;QiVdKr=9;J9Aksg10_4gQSr z;JMve*3#vdE? zpN><2iN-jH5{y6ux#Gn?g$x9E#gImzQQ0>xLHLwLs(GdFT4%Rr+L%Tu~Nr(fAYA5 z4h&^O%Ar2;x^1uz1E&P~7}Dv|0{F@C>*I(de{Gq(Ny;LdAuOU-W=#4oPx4a6p?HB) ztr314h6z$4CI&gpib*W_-^$UnS}b7DFb7BhD9{Y(KB8_Q1r}j5sdU(;SYlO_i`)NqphO>Zc=C=yqv%{UBp$c znG*FX^<1UYW0QkU*uV;`SJW$;w4tnEkhB+9e>U5XR|N|ybXM@O;+VJ7A)}4^XKRuJzWOWH=Xt+Mt;<+&uD)D@1(!GJ19b3zoHLf(y%}<6E zRsed9nm6bh34lpdk7R7kXzg_PJ^r_ulG5&&{_a+6TP1@hRe@a*DW7|!Uej#S94)A{L zHZ7`sa6*`QY0M+<=3;<2LfTU8yjqvsK$;Frr2CBtvJHHbIv(#&qEw;HpLJDTzmPlB z5!;R}m5?ytpUuS%Ot1|CNd<--6~RMDn`w_UW`0O3UIE;Fx!v*xj)O=ghXdQ0VM=36 zhk?W?Agu7}xU2LUu}aa+iCSC5bw{-?DN4uu>KZn^0o+50kWuhG?})=q_W~`{O%w zZ829$C$UAt4GY~5;@%$%-+GrjAH0D=95p%-_0)v@t%a9O7lVHW%m# z`w`{tID&e3|0yj?Ae*ARcg8L|g4pjYBqD<_MvRwz{)Qw9;cNpB3;QlK8ufBJYF(n) zjuti$3(Y)8&@rnw^u60}5dj+EwRVIP!Zpz~C#zV=dQKmEly}=vU^sAmBU|uwX7p1U zZ+2Lz+HpRw(d$)Do1?Xhr7x#+Jgx){LxbUXTgZVU`(v1TZ)YrHwouDb#Oja&NVE1% zc&oduS%j9UXh8TaETmu52w&G)*nEX5t@O)|-LRoq>mm;6Q)~Q88&+5;0L(mxV^{X& z)56E^Yuv-N)%Wmm!_niBw!{Apjxj4M43$@Gtg~oob2k31H>aJ*t>I{My3~!4 zAlW8G7b14zwR7U5>=XK~jAOztzUxp-ns0H3VX;zjAZ?>Ij97S`I7mm3UL@FEdqk|H z8(DxyA}RqD^=p$N!p;uJCGkec#+B;|Ew72dO95@VAP9*6SVpEt%3Z$&ff)AN^4;-x zffgAJ^t9WmY;$@+(4OBI04TO}=Q%PR+G5j%zv>w=}1(>92jMiX75WT!LXtf zMfN$@K)?L!VByfP3^o*;F%^!HMw%e+X$x(yrDu4m>iLmjD6C0pecTyi0z`fe_q@Dc zNbqleGSd=k)vU$QlUi4thmiQDws}2GEUjxt_--2g(Yee9Oa)_r#}QdB#zMu00As2q z*nvJZi z=9FrrvqO><_U6rmGE0*52yL(G3K1tU=`MtzIezyN6SEKAzYzoUQnWm0DUBlW^R8;C3~ zA?PNfztzPXb#H0(Uq*F^x8+18dQOxBvHBF3pK)zS4!o2Ff|&?Goycgk*JS%x(cEoA z;f7S5x-c%2+E;IA>Ql7cPwFd&L!eW66H*=QWCNUon(4J5Q}cxh^y6lqBJ>dnQY1a)aWhpbI)4`PR8 zkSlft)98PP?P3kz6;nf9#1nox>&a*#_GU!W-SMamCI)dWhraRZ5d;=7bGq)gpT-+O zO2I7R6wy{}`67%6GlLe!p4yE_unlU4!`N97Z`A@0`gTa7R%8SKFw|q0r>%w>YSg2rMl_DLVa-^sV`-q!BI4$#nS)2b zfuqF8W&9f%Bk_h#(y!PFENPC@js8jNTSaj^LAO4!TRH^ETV0gm1+u3lH@&vfis(5q z+Lk*0WiN1QFR~ZU1GKYX*tjf2weLb_-`%^gByA3JXW5(ER+gzGztTGSRP)cO$Kv}G z1ivh!31TbRy;q^k&4fAYJ!ENyb}Txd_Eyg8TZvbs4U{DyJah`2irKuxkP2oeE0MMl zAvCwxzR6eD!&RK#UqZLz_J@NT>xj=8jS9vL-31XcygzA&y~UPPTT3a{~#uG8|Y4h@Zp zqNtNKfdNzJ;Jsb+(~m)npUl+GN?E~=ug=n+)8_VCh@KC*n+5;SPLUGJe6y3DCfv(o zBM}{`8;|`6Ppl>SI)3gT^X$hskY1?Pa!5W0I13p!( z*xAzJ2kE)K^0=f8Tl?XI;_T?yhE274*OR;2-)FU^5gq$L5^_<$ZDA2FLeivnjw zu`Z5k*$^PPg_&k29w*##(Q4Jo9>*T}1-vNdFel&_!(8{7gaOtJY}#p(Zn;>_O7`j$ zwN2Zy-H4HVhI}{vR?Hr6hEp)$k%+R`_<2SnLdD^eM}CQ`&=IrAhm~v}evUn=VOn{N z){IIsNCz7+L-z&I?!KmeO5@s$QIvJY_bJ&ctK78M7dn)Yz+pJPO)Dj0t^Ezr#CCc^ zZI>RJevVJ>2g>SGWb^b4SvS_tagR8U&&D1cf{u4J`0F(mqz}1@gKq1Gzf`BC&6F-O zCkh@2<)rCY)wKPh?!jrTc28TqYBdhhUe?*hA9jc-xKqEhk8xNBToj@>V7ynpG5TGQ zfNOvu5Q4fGN0Dv!(V~m$pw6oMyb4FgAWR}o)35a)(fN!@ zTowWg*7T%6mlp#opL0lJIcfvTQ9VY5Vct=A8^pb#Uc>wZLZ0U;3!qU?wePHGO}0oQ z(gS`93rUm>XbN`J%QU_R;wPP2OOgQrLz(C8S+Lmz;2rCW*0_lqntRhNI!97Vi?^cl5@o zp+T@oU`T8MSTS@93?1{ww&z|E4gkwlP7!Q9C|ptl38UMlMU-?MZpIC4Q=dRzl=~pF zJlZf)crI3DQZ8X=EqM;8LqA)DFe4Ytd%nDX*Qf;sp>6a}p>*QJt>6vJ#}qIw?C1n= zUBvWP1(5Lc;qg`>o3pGUZI}!rBf|3(qoZ~m5BR;GJ=Ghq{*;SmWD9kPTM5(aQA24f z2#xrYPk%_;5Vde12NFSTcra?T2$|Av1SdnQ5v;!}hO{-@F2fdbu8l1)((=KV|<+bx^#;rnNgUwD0y_p!h z`jUtXJLuBb>rR_GzmK06oDrT1#)$LCLos&^1lvcfJMT+KAN7S=SBRk`zzGVy+Z*vn zSAf7e$SPKXb|ih+dK*$BWLc@)5)3;qD;#v|sKIAu)Q?p?`eWr90a}_)kYXGO=d2lH zO6AH1ywqGvyLkc)6PtB9qi+B%s8yV?BX%Gb9va)0>qI;2i9e-{k4vFnRDIX8iuI)F z2!8Y4Zm1XNbd14f=E|HR-jO!N6;of@?1;u=^1#O2ux(zP!<^U?ynO!jzM-peE!w5c zy(`t3twj6035xBtOQKK|8#sab#WR~u%7mHKou?Ho)H|Q0apVYi{x&;N^=I6Ax z94g@JeGfnF?6xVKm=2bEmo&;`OCfD7(jn>>694YvqL04`RPp112bQl3s^e2?`@r(p z<-yz!4=xYv2jhBxv*jYwzv!-*=WA12`18wCTW)Fg`g8a1tXGTC9sPP`YRmV}jsJet zcYo~-1p$->%Q@8AdQA!c7q>`HW)j($5aioD9Dk1MrrQ7T%li9( z=T7_2Fj>B+$t(IJw18-?s2%h6*SvZxta=^&GyMgk2Q%D%mOuaF_}*XUUw;YA|A(6X zB~AY?HRZxzPi?s~r3=Eq^56CPEn>MygF7?2v2WafzZxw6=Eg<+zB8-85YNR2MLfAr z4RYsjbiOctX1!*pPVd~-|8;_R*F*cgF2Abd2#4K;QXj{PdmAXoNe_jsf-n z++S*?-W>O~XG~6;?=ZJ5qrbR+o4<|+*|YiXe>3h)&u+duMJJg)mb=N=*dyBb9P0vF ze=DQzxAaR08vT}5^|h&SxB4z>^$_%TbV>vKjR%ZZurvA#<^;wCO7871pxR~ln1GO% z?}Gk4dB)7^?gD-B?wHv2VD5U$um3|N z(r|Zq`Cq#4AvL&XtGvitURrgppEe^|k(1$NshX+C2S7ZhB5j@ZLjj_g= zhD5NE6%Xpq?0pa32NOyUZMpkbl@Q{mNsVtIEq|m(?*3NR8F!wQp!-mimcQJP=tiDi zj|;yre&kNRBK>^l7mz!Wp4(`mzjqI3(?WkUuWi$>yFXc{pMqD^{6P5%m|K4Ezvz~_ zKmZ*^x8w_%2XuM!-QSiNXM|@ZvG|L|)!(~+I2P}KaD$=w@}U$TIup*3D%6#~%jf8C z=kNcH&ma7c`TO6`NLqKF9$2TR@BWE~|DLYt$p@#$LiNE1t?*fg2OqpoKXf;1ohHvaK*0(xrdLF>A^4@p_X*DZG+V(hyQ3Bu!9ufWE%&}Dt*%env-?mpyp(h7Mn zVRqcVT1haE{vvnvZ}R8A)B+13oA3U}6X55+Ek8BCS$^F&9`{FixF6}V=A-M@!TLgH z-~aD&m;XavM0ND*|J8jD?#gCk{_>xWnLYo|-TxX1I7K%?dFBF229 z0_AUI9vzt2-x{~=LGw_4qUvI3F1vE0-m_&ju>e0~X8m0H+}K3mTQEA`wH#w}!EMm5 ze3K^NPthj)`dsS#p4#-lx;&uoer_t01V2O)qGSI(HAd%1zcYJ$b}ULh3v_}qOAMG+ zA|>~rFJsH`?jOLuV+rtAV@m$3OiF+Cf3x>CFmhejnc%DDk4TDYktIr|Wl}CtltfDG zV)Y-{q$yebE4IxhX?C}MVmowo)$8sutE)Oy)nvD1*+uq`sEj?Z182txl8I-=!Ptod z!~+}aAP(T2b#@)Zlg(glz`=Tf4B%iLjDt-UHeh43$bR2B@4ml!)m`0PO-i;X`}M2$ z?z{KgbI(2ZoO91PS5~W^IP&qWFUv#9?Xs4AS*YFlnpJ<9Qaa?nR&?2jcxcB%0Kw2n zaO)?Kylt6lB5v%z^&?P*+{UZ_j51(@@o|B)6>5|`IJ`qOu-3yn%!_Zx4d`Dx)rvbQ zx_`zgD(nxiEq%l3_R>+sOp6wXKk5{WKPpun#sjS!cVOuIXK*>ZgB@S`hFp(=@3fHB zKZ>6yB<($7In{_j`TBR9;rOL(hU&M-8@po)#*fe&$gAu!f&8(+=7^ouZ|PI>cky%h4X!7D z(Q6r0{N2CwGhxx3)?d|yLjDSl&#PXbZ=kK2LYVrZF7pFt7VeWd>U$vMFDe|Ga3DM{ z5T18_&C9QO`~n;@V35*UIYbcCIr{AJ;*z_+?8t2w-7EsyT3l*%am+`8$R%lH z$@zwl1<_0H$G4r2Z+jo}k$fzR-Xed>N4GJ9IEitkc6uL%;wt2F&dm)N@Sg1}Y3B_&Y5 z&NNOQLUBQAz2KB$>pDy224l4JRV}#mP5ebCmcEIiRLPeFP~LpjRnwO~=iPo5<-m9_ zRkY#T1JdyA0jH_k10dM8mcu*ZHSrP%oc4 z$dXq}e09t~C}^kZX6R3BP(Zl+MSDw!98l#(fHy54Bdk&tbv)Lve`(mM3Nq>b<(Js* zZ#l0pMZH#*X9cO43y(m}myukaMMIq9`)9xw&Em<`OGH?C>PQhN0)7DenODyA6Imy| zl28n-B+T@~+)Dtd5BX*zc<$FZVKG_2Y2AAi5%y}{>3mK+C|~-@vBGgvAFIc^Z=gQj zvOaTv#Hr8x#;b2qh%~=}fCnO;bvU1e%cAJF_<8twe7W+jRo?9jLD3Qc*0+OTRR~u2 znXnoMnGn)M1~r&^z_1~FXP(6&xcPn&XXZ150QoG0z;`%RhkKcjh0c75n!^Pkc?(SS zaFmh?!e61HdLI}()q9WGr9iDx;672?4b-M@Vbs?2EnL9pF5%|@L1q7l7nld&Y+_#} z3;mHZldE6jOe3%T8fWmW4=4wzehusY(#tWm{r-rrZvMGb^7ePRzGHI6Z-3vJukr|@ z7#~3?hiy$?a&fx-edUlSD-A9GKx+GARC4<#BJ(?Pj883S#iQH*D2kCQ?E|peKZAgR zDaC0?m8li?PBF3$tsW~gn_d2iG`lRK`?3hDx4y%c7xn%N(p@ePZ|qgE=Zyo--+lVG z4ZzXbxAgm5Mzz+JLxwlHoaGP~HGM86gPdk1;lKsn!dW3R#(cZDCBA|;!fwq9`1kk(!?=>-YrQTVggDHOAA^PfOQzg{p1-pVszZDnFU>7j zp-c_u&HY>%j(M;53XwW5QPB!CcNpl**8pYZyDf(gwK~&xxflAxQPhCJaPMWcAs`MD zbzk7)@3*vaZ$tj#8v%vS4sb?>3(|z4MTs0Nj#X|taJkeQplfA}Pk6(%R&HKG{pkNZ z4F&w$>LPSy%)8BcxBP$zo(I_juk+MsAQE##N=N=% zQuz-{B5D!*=mFF;Zuyf{^ z%9npr6(s(J&K<}0m}7{C<=EVP-o5*Rd-p~6?#u4oSKYg>yLaDk@4o5YeapT3w%lPH zK_6`G0pgsn&};|NF%W#$z5Bl0p%l<6Mt<;_UHFMVGK)EauOGt$uqEBia!h7#j5$61 zUHuCQN8eZR7uY2waRUsu5EGZ>7t_{Kix?*aYGvE)qPUq{?t_4gLVDwFP=I1SD#G$!N1J*{a=s% z<-aTZ!Qa0=pFaE#`@i{z-~RM{e?Iw%-}>5~-~FQ>AN@bR|Ns2OBhUW&|8D)?*?;=# zpN!`J`$PZlz@DF<`RVneU;66G&!(y$%l`Hc7hC`E_W$zDGoRaKoJ#i5_tT$#_z;8q z=!HjT5EH=C>ufy7={I0vIn=LWuit5A4+DjDk2=l`aIiIKbPsj15sz5`_OQXXyE8@ zC^#VF&b@J2(WE5NAt8;R{79_}?5NY2QheF!3F5Psj@6-V7=5gvWHN=d@!Rk~MB+Oc z90ZacpO9>bcfw_;mb2q%u(%FO*a`L&3mNA!y5%=Ao@FcW*#N4b=bmx>CfWIcF_A81 zE9LiV*Vgn2;U5(5TK2%W{*|pH$%3(rBpRMo&+ZcB3cUHr0}al5(WY&kqBkcw<_%0F z4LZ3jteL!1iC{4=v+gJg>jdV4z?p+V3KnKK zs5%Q?L7kqvHn20MIRKy{Ac)5U zkpVHkMG}9TaXQ}tx;$c9|uHEWm3tUx$3p_n3nMjrYwK;z9Gq@vdlEZQ8 zXy!loz}BmR>5%Cfe1Np3Ni=o+CVIA8z-;x$=g@II4T%Sx5(y+l-jm`qS=FSUlCfBWlTS_CGX(`>V>zXSL6YBRAv=KzC0%jXei^p4t&ETe|fFyJJY|V-_R0XkIiq>Yg2>Q2Yq5{)RgGt>%`JC))8FEWBeKHP1z){ z&()8^l|(sm93wtysO6Iw29A#&;-(Qu3?H1pcMRlWIA(4AoWbGL^kgVp8km%xj^HNc z!&Tf-aiH^YK?45Yok%3Z;oeq{n(+k|;g6X3ee1B8!2W*ozc#+lC2I$e!!$oKVTY~z!j^>R!pm739J z&0K|l(P)SiWkN;BBQzt@d(c}QcMUNh1%xw&=bW+gQ%rD95Rd+m@t5Q~m1;=&#BRUf zoSczaZf!jAGHjFA82U5x=;uWqZ!!FcPh#OE@(I%hsfPKpRlHN`BS%(R-Oi77CB*{i zRKn$yb`Vpk_l9>hPos;*P*fLd`P}>It=*w#Qm)CDSS%zu>|{95gd-l*gY09yP&)g8 zvO!G0=OGsjBQxpy!K_ALdg0m4AAq(!ipe<+#py-FH@s~93MR}1rZ9!jNr*?3tv(8^ zHV+0s_B;#0kyD!lcpa-TrJ7d|{o9TurxO`4yRB0=TcQWcc?e(~911sG8-c28BVZkf zf-4&aG+Z;g%g%aTHQfvYPGl059wH4Aweuk&@aRNDK9TYEq0IIKFNj?6 z%r%R64^9GqVCf@XfvCW*quy&W4Nv61Dr2e9B-;f9wB{2`TlQF~)tIt>8EFH$u7g%W zjTsK5!E6ltqDI*fgebaDF!pO7^(Y3Ll%3V6E@6o{-4m2${gCn?VY1GXsEP_2MW%UN z^)%#%)j&zn*E^J+t8K+P6n^E;P4h5IP$Xv1S`f`A!ms?_g-<76qp%6MS9R>AU@uuO z#ZgM@(LJs;!10tq3T|pib+HiafsURYk6T>|HyTtEq8nx?7lAv8D~)<;ks@Br!QQ8F zmjc^h3C#+{D~%Oxf=^No5y|kUiZ#F0K+sr9y_ZKf5b4H9S^f39)pDC4W&uc0ttf9* z|Ly9qY*u6QmLBjw0D=aJV#bm~!}!S~VM; z4mRrVS^assp6S9y$T0QS)vmmBa~auZA^qa+SEFqUkJ*ouidEX7>s^F0@~f zWtziG_7NUVuU8x*36GPz;9m)1aidF#9(SvhQ$zV1BS?RhC(#+T@Q@!7;f$D_Y(DHK zF%pVO&Swtfr1hb#XodvA`MdomkPGDkL!s%|iIbRG+{q+iP{QI|XZk}Lca#!%E-}Wt1zE@2yH$MvoFteJC0vZ z;s1dte*k23@e&Y4B31h{`^20XUTzH{(MWnU7BJg}w<|$j?N=;AaD;87F5P}?08P}l zf+|o2u>&P*Hhz;(e-t~k6I}-I{&a{*s~2x;&5)yLPbIw&kf*#6FsTk`i7<79cY(|@ z>8r)<*6O-u^|R~gHAg(^{Ow@x>z6u@{#MY7bzvD zJZw~5Ki^oYvKX@+~vj*)`9)AV|XU4(5$7zD|A4i*gC{Gjjd$6L> zpWqo0{4^W&Ufq?}Ik1oFaxW&N3CmYoKA^Jpc-!emyjxmR^!UhvSWJvP&D}$htybO4 zdW!SJzr~^J3$xjB+o_Bz3sOFMN)tRVn7v~B^CdN+{2M-4!<8YXL z#a;Z2J&Kzt=5;br9}irjbJjj$!M`zw1=yq-#OAtphO%Gbd7|D6O=DsJdzjc`PChC% zR35z{Kj6ocNxYKuKV%jMcFMm`OAhMwZJ+6`kq;mXP#G=@k7aI(y~fT)9LDt>yJtia z$Zz4De*&o~E*>(~D;yM5I3RHkKZXpC_#Y8wjwF%m2|t30ppt9aIY3jms&HQ8I;%N- z8ofKT8vpb7X^m)Th}n}dbxu$*RiWji1ur90?5ed#pC<9vH?>QvHBYwM3${-)c@ivw z_%bQMYL}RXnJc#j(0i)wBYQxH<4ir(aoY-IZxG`{%U z9vtz^1YDFhNLS1;<7LHSf4PS9Epv?-LN(ctxZ+bDU|ZbIQNfj2ZJ3gpnL0H?Bxew7 zsaG3$ph7}vh{>Z=me5pgBs)%68)eQpO96B29JAhQJqj7-IG!h*|Fo7~bdcFEHO-r8 zm!^g}%xC6ac)%(b-y>oC|N zOy_`E@+A@ouk1xK0)F!i+wBK-DXWs7aNHMs5c>Oh2{m%$!{b2w(tSzACDy^!L2ERy zlOjx;<}bG%-U|v~3i}VC{ii~>G35v&Wnk7EZd=EZ8kJYS!Rd!!CHJ0scR>pC|GI_p zZ0+qC^vg7Z{1otnUyM8o?n-9(6j;MiED=vRa_@2D1F6!cDOR=yjKr%ij5+NFwp@}R zU3JIcDGvOP)>N9zl!G&M6)o?NS(k&A7%uJcO|`;tBU?A=Ipf2&Hd8H)KaacwN%$pf zAq{}A+hh;iFJWUf-e*-;)><(=H7qH&sp>~%o3Df(EbK*R?2_2J_8McwO% zGUYWpE`7R;(zL;3Bq|W3VY9{P=hM}n`}ZGKO@aj=P*L%||^>=^|^)nCAueiLEn^_cX< z#@faKx2%v&KF*)G$AU1O+(lVtlbP99#41PO*@6Q*1mGGa068Oron zreV!TCg-n^;+W*v$fl}ylKM;nRt~cN%%%bS@?`Z9NMV%7HUGoO~80**)h#4JE7%&(adt60=%btd?yK(Z)#o zt|M#fODITjLwWahzCB`|_2P{hX~@bs^GRxC?6KG(uMm~zB9v%OMw-7%cpaL9G7qHk z7glHV98XRP;(&lrC0CoQDpADc6rOoT3>6imZXy|-qmM>-_b|MXx7p2BqJw@`>@8`7 zgEDEokA|xP<_(P!Bp8yHnGw9FCGaf3@5R_(z@6GF&Pr)k;@N-p4&!6f!a@HJKj)6C z>7od0IHwvh^$0aM(ipS&2idLIh`3OzZ@?HPD5vKE&N__?$l#Gu!lB^97X&zVi3`m> zHcJB_sez)%UnLT;U=tOGQguVe&X;+Pw(4Ry(sk z8RRS_nVMvU`ABi{k#O-~|DOoI9t0lzK0eND;xxNMk_{xlC>gauX{Sb%y<6f>q;MFL zOx`>)QG>$tDgsd*89G96f0#3g{MR$Qo5{1bR7F1E7u}uZh}_cEA(TgxcdmZd=U?H> z+C+hH9wK*R+C}wWuf7WSTiC3E*$Y*Y5+sGjdWvSk)78jE*X^@6L0OF)fcw2k{H1)B zMm>C50q(sM4ap7XgqyDC=X`k3jhR5&&Dee zmhVaGY3qctUfO+C)nl{l57A6|^KU7fTdlA%Q!XQ1@krpkV9O=kF+u?WII^mfFbmBm z8$%vJLRO(-_Rck@2e*ExISmr?q&#Ybl*uXi!nLV6mFF?Qs#J%aA&ru~1q~Ukgz^=w zL$m1H6vRw%G^i0i4B@*9Usz)dE14aaP#@(cv+Y?sA4$=kRViDK{FQpchoP@Z{uFRm zJEQ#}p3un|Ov#OkFO~jT>(pvf%CBVvKdVz)oyU$Dh{R+j2-NLqi~{#^G_>lVr@;lA zI_AAFW)LG51`E0xdMmreHIAAU0`1q(>_teS*(QveI7iF8P@Vq-slU-P%acKq2B{<5 z13fmif=Z#>sWBm7A{e-gks=2pN24-Nk(`@AM&V+f>`u3$|ylU41zODYJAS$Rg zdwvZJEi#+>1d=s|)p)A*W|c7pU$qSo50q<&Odfo*Hd2W1LlFbsE1F{wnJ9sHF9R@*XNo3>qXx2%D0H_Q_y|tU#gE zCTG!;Ss3zl*E6`j_cdNEr(ICEq)8tep;ut~9K(A4GN`=z?~U0+w=~QV(@Efrtm(~g zo_h5Q21aArc{4)Uq$ScXCy#<;{DvVFVLsZNMSt~%RCsyhs*s|YHHLMmWjAfL`Z;EK zee35DCU}WDkk31#J9$9}&`c9f1WKz3Y}<#Gbsn4?vs~d|pJ$>_wLQTPxZ3loW@%1z z&kfVFX8G>Kq$b)^j4G7;IV)P-9dKrg0NZIyI^w4%Y3KJ zh-G2X4OYeF$&C5|eoWo4B;|v-WMC~j4>r%4&a5`2`aei@loeCQ(ef_zdmB4 zVVRXl!$o@DI=>k>7>H`@{0$FwG)x>Z+9WsGHTrXA@gJG&Caa>*L1!gm>A6O+q`N2d zmnwjAPvWW@a}5(#85G>GYnXOxKh+7T)x8X)(&8WTcUTW3{_1EM zqg7(sy3iICP@0Z+Z zQN$KPqnKK~LX$wOXjN|qYowUK#BSUqq#EH5A>-Z!bGB%(9Kj<38OUbJY6(8+!Fra0 z$a@N&G$*l{ayjti1#GHZ#rvz`pQBM-2i5B4os-5pE+>)_iF{p^5UyPQLKLnQCi2&^ z)n(XQba8S9>P2}}Vq9p;R?CRhGE}p?{|o;4mi*x2@48Lzp$eemjy!4VK0pAu4ElYR zj~WGxYE9Vh+k9B#gB;;@yoz5mlI3trY|T03ZMtf}rzahCk+l4;GlD~|-OL4`VwI=R zQGJ733U^Y&o#1fr1J5q=aJX*ILHPu0AY-M2Ezv-`E5G-OFy>IVylU!ErIzxBWK{Bl z&xPOX-H|W^e(>6Wdn7?>tS>d81DYC#A*|uhfrrUQjDfTbO%RzR$*k2;uiFIMZ-TAc zd7AM^BJ6x9uB<-$4Kp~3Q%W5t1w3lP8j{;E17594R!+7v7UU=!gOB-SREbuLb5kJX z=+F+)uw<}WcZt3Ea0J_WI_o(daSuO>*`Qt3NHk({cH@|=SGhJtnL@cYXSUbih7qI5 z5GnB(D%kLVsV5d0gI8I@%U*cE_?weY?TlW9p~&8i4O>4d=QQ`K%{G6)C@}@6LMTvw zW3UHFE}AOB4R4t7c+?TDa>KmBPbJ|>LpdB8M^Knr!WI8&GltirnsD_YXXM7=9)_pN zNo>gR?VZZyVi={hl(cfALYS@CHrWY zn3GtAlZI8Qa7A>!n!sq0ad->xhT$^RQ7)(1WW$`&RCECgLqWt@Y8-{eb+dXM?S)W~ zcFZUnUK9*;%=4+fyrqrHL8h_+41v)cxJ;C-hDX(}UeQjZno4+78y<{$)zKzGk&g;$ zJN|2Gg#RBalAoD&+`N2YKlW<51ftX#A!muBrk?_6a%Ib4`5_NPnPWDYkO z++6KxpYJ}MoGnc4&dsE!?31{&tm=j-Ze3s7V%E?hXGgr!07Lxs?h1p7Rs+69cUPun)CMR?Dc{`tilt+t3+0MEgRWFMJ5B_CG*a>T_uC84+XcInCcwuV!qI8qC{=@_zlm87dN{gl zmnMrPK%24O+27mVlj=Hq#hxi%x5o=}WjlKT*v^-?0V}&l>@x8=oPF?ev0ND|<FzmO|TT~3!kiTcd{sJ~dKl!|%5ZwlkEZ9>s(d(xZRy}Nt`GI7oyQ1*CZfRXk6GR8uPIY5 z?~)$l#xl2NLQYVSx<+m za5?_y-0W>wc}vSY7N4$JzFTIE$iJe>m9)t?sC+U%gFl!q4$@# zXzeJbakZ>R!EeLwW%lk=lpyjcW<3&F0vxk=J(smhEyY>OdMaiei7w`!^DQM5eW0c@ zmbHW1pMh&ssdvPzcz;qNGquY`Nvv}4xItDz2YB{`9} zJU5ZgWw7EslS*}TrTCA$5&zEUuT<((3UKkCzVGhn?(AysY{vsF!8`oFcOZ49v%mB7 zDHJ%}-*cw-G@cIjbaxJQ^q=lO-PJxcbf#mdx2Ly%Fm-C+bYD+Lch~7uM}O}?cmL3t zGwrFauCCKVr#gH4Qr$y6eSN2fy4z87pr^gRr~gdnK*v!3U{8NXs<(G&=ya;9WAJoG zdw*YV`>Da+-oZ0Hr%(5sYHuGH9B6OvPxbZzfK+Orzx&jw)2O_!JJow;pm$)fzoToQ zZ=eStooOHJ9PH^G=uD*shfZ}3wfA-Po$2m8)j!zRerl+%t1Hzzbf)vnQ1|Im9bLU= z`nq~f4fUKl-IF@qf2!+D?_gI?XKJvwucxQ~RDTM?fq|=jDQ4~S*87X;8BC?8u+#(G zv%^`gzYtkU<ld2|>$WT9I%w@}2(9?M zK31CxXFi^V~KTVcdTs}t*K_s_m7XD&rDyC4W>;_)?a55rnQOy^*}1x6bM^Nc z(F!8fjp0I$GIj11`dHqLqc~~ z`+Ub4pOm56;kRl>ty$V(Zo{J$P!9VRD)t9IY_!9uU&qPMw@SyoxZYkQ9~&waXI`4g z>l87{nf_`_A3K$r@9L--s;}2}@<~zT+s_UZFBU6T(z&t?mSC5z+gVRJ3sP8Eh0l1D zuc|1om?)J6iXCMto0ZYam#-A(3fb~nb4P1{5;O?`4chZin)=J}>hEp^mxc+WQn_Mh=Q1=AM8bc(`tP;^ybDp_B_Au!ULBdsS8}uYg-B>3 zInnXz=W9V+4|Cm4PGmTJm;?r*A=OD3_3mj(DrQ2Ci}B`o^*1&L;XQ?7WgNzpdO&tY z0g`+ySB5$;k)FugwU!VW*cvf!Q)?#{$;w=*P$?QPH@j+9e=o3Ps3f{65FHJwX#oEF zW&^l8lTX9umCd?A=X+vH9a&vZoiauxWeDaI=V< z3k-L2sS%JR+FQ- znb|zVzNuWfq8lNlEr6qrEza5hC|5tT1#LdF7RFsuAWe%j+GJ!S=yDN;vV|xtJWX-A z9lBV#jE$^(&URGh^XcpM3lMs<5YmfL{?E1ISF`lE>Gf(r(VKixnwt?KRffD1>a)kD zuGo{@Ux8Xs{X$^injnPTCwA`Zc1i4r_1BuPg={_9&0h^~Oy?>#c5YpZ z%VrmvNW$zg7oHTc}==@5v2YqiYi#=m(2h*&(B_RJ{ zvq9cjD7MY!TyeK{_&0&yA8vL}eOt-?HG{^m&Wfy$k=v+db0|3+TobNvTfJP7{aF|# zl66G+H9k-FtLowt_y29Phh#@-u8>}ZeAa1|O$Ojo(XW#x$<9u=f4~eo32WqtU70Rs zUHfr=I-jRX-M7#`oy%uKHp-fz_{->_Ff*^5?0sp-u4JZr%cCWGYOItll<8hkZw&k! zcgbP@FH>XkQsL5EWvYmkH*%DZMFZrost$b|zxnjmM!?%UV>Yasc&bTs-!h8s{l^a2m zA7|n3kKcT7>v8p;nu{xs8JatTb>9Spy;+E%4uZ^=b?4j8tw+m$xPxdh^UPUq*2Ica z?)c4zw;m7w;~m4pdZv&|A?BuL>O5bo+Q1p1qob?yY;OfSpA&NxX9x5G#Mu&j^K{=H zJB?-A-Lpq>y9g9-c6Tlw!s*EM%*O-Gs4}r}VB?d;U|=y$ZhU{_8g25d7rn+Sn-;Tg6$KNoju*B(%H^aU3O>p*;SmI zTzA&?_OAJ!8eh$Z_B!!pd(D^ciCHH?!{vHZxs7)4(^?PFhFb0DoNqrB-nMI~Rrt2d z!!Qy4wxL!#yXHG;oGBY?^;Gvfe3HVg!ryZn{G|epN#dOpb-6cY?Gz*2fMr2{FAe2N zc2>u~Nn=5DFTw7X5+(1FcD{pcxpGX(7 ziF87|;}Yo#9EE2qiCj66o&X&tD#gSEj9!JL<2u!j(bdN1uplKM?!YWY2`5pUL@mB* z)!ojr{GdzM63C52II$n!vS+wV-pt;_##(j^m*II8^M3&cwMTuO4Z}&tz_NkuUGSjI z=OzKp3>>_ImHX=)iCO3UbrurofMv^%g$&)3;gp1D#A!kYAz`?vY1-#prnjvzYd4$_ z;I@pZY{r;C6vY|Qvfz059s*JJMiJi6;`p5yu@mB^F;Sf7NMzv21aI!d#Dajp!A84L zeDHnZBH4EDHWI}VeU6;T4?^Uw`@05w!0G0#7P85oTHm|OkV%84M2)MRBFb7X?7Uy;j#QcEtWXd06A1_=GA}}tnCuX{-H8Re0u}~4vSTOA1|cM! zmYs+SB|{^ATQX3WGKjYDO;R?Cxk7eF#L&&#nVr-n1*j!Nc}d;X%x?9TR-yfg`eu8Td$5643n$Vr#Q`!&de-hJVCOuDsLa~&4MRpR#lwXIY;dV^H?mOH&AD|~8-#LJi zHR|5PDv%z9-*YAnwmo3h*&1BvM7)E8wI62`fG4?e8pdf_yGc^SqTmo5>ke=zi^ER)$9AKYPm?(VCp=hDK5EemuJ$5c{hJAI6$ z3n*-PV7Tlsey>4mU(C99zLeuqlE>_FW`Kjnl>vAdguCM$35gcgC#4pydkaaiDmkkhibfScPZv=>_PnSV~Aq zLH^RBfmDjS>c5FuiMaxZDVKqAn|1AWU~BHiWK9+09}W$O()uKo1*8ckgw z{L~F(0ES{#@2jJgbY-smTH;mE6&E1VFk%9+i1Y5X6N$WxV!Soz};%cSE%vh6XQVKsl>H9tzmr0p;*IIt5+@@5>SWw0Fv`=?OHi(@>7^ zKd&|DVDBo~jD(HiY{YSh`TC==ypIQP=CVuXEfCETr>^axswsA4Fsl zCToFWxXf92y(D3edQ9LIr5$64Ve#N~CtNMuvCa)FgNI|*J$8Y-A{$YoGI6ln#9Awm zWkF;<=u)_22#|?(JzXo0w8q*+7f@Mb2+riw^~*vRXzxA_T{2h5>J+fF)pVnEuS~MDsrF=dD&;LI7>j$TkwtzZRuLd8 z^?(GC@7gtzD~P>>vE@&LRXIF?UP9%u;uQc<(=bZzV;Co1_`ZiQ0<=Ehd=FoLVa1LF z5uDw-_MkBAA+4_C%Xuoqs4rTWUsKZH=kyl4RDuJZjqq5#rTtAhyA zejwNzfn-a%#I}N9ZCzVfe76^X*}Asa)wu%&9EjcX3zl^$xF6!>c6b_?1>@7hUYY=r0=akP?5896vb_texxYB`0#g1!P9@KGwd8&XQrLRWQw|I* zCi^Z@sxCsG(Gp3l3i|I3x4UU%J-1n#=IRhY3V4?@H<{1Jb@xcTN~sH`BkY7#fjdeG zyN3(dPo$9y8@BiLQmt|#Ep4@^t=^QpRrGIhr?im}Gg0f z`JO>I^uahBHiXHRM@Nl$o1(nblvDMQrLhpF<6K z;yj!V@^<2x#H)G-`{m&LEL4gzpEB-Q#}5M^{)vESTk_{0an$fFfj74=muDFj8Z^HL`r;w6?j2ad zjtaewR;N^@a_R}#D$YO^hMwTfIPh$j5H~o-T2UWuKw=QEEdEUAr?9tJnT8n*rk@k9 za=m~$|61ahW2no*O71zHymmZs3|4he)@#Q_Z-sLJ4Kr7B+12~Tw%p2P3+q1TOKcy( zh!*-9%+oiAm07|rvIhzL&=?H`NYxSYi1B@}epEfrirINTJA%@+1CBs7jfJ4|#$^Kx z0vc>9W~jP8OV2{6z|!IG85Hr|Zu!-VJ`RPIEP3@(u<2mqQ%w|Ckt}ib(n8~~F73kR zH*9lJ+OQv5xA-hzhAZFdRI1l7*>@DL3Iv&|sq#B?>x*wzM=c)qXwWjj+ixQg^6{ z$ts;eTAA`ykM;SM<>2g4C!)+>sKV(j*Q+y`z`8L0GnJ z?lW*z7P@h!m%{#5>cJKbA`t_nF%JR4BN!|YN4rn;4Rj9lrP>COh_9`y{Y-mX@4!%h zTl-Mw=~Q?BK*y=hQ+0`r>&m9P+s>Ts zIE_|L4-A|+)!WlQfCPr%%FU-(=tJPjjpsP^?|@s@{a7emX$!_z4_oj@e22J03?yE4 zHaOwCK*KG>_4}N)whjEs`G~TV@Kk;FNX&X?&F7f@;@BYiXd_%T1^@S&S`-NQQG|mG z0oVpOFcR6mSks26C*oddU{1W+>$yufI#1vkQbUmD1@DFBryapnt z*T)J)IE8!Oln{6$`Sj|nb*toq)gXUWHs`!;P>j}Et3ptQvVJ8XGiVsy1|6pFhlX0? zBrV9-*?q?(HE+U&?i7yD!}b5fmfw@-UQNAr*7!6H7P7O52(8dBG+lY-Nl46CDW6Q7 zeAco!=Yx@={nKeka&TVvvxe27xE>fKzt-MC6W}cLwCsxzx;+EnD*H3L=y61eKCJET z>jQtkMh|9nu2(mA%;jkLlrcR$?PrJu$EjXppI~6TBB`o+OQrMzcQ`{@^&Z!$OVs_J)J5iF$Ixy`m7vOkjn(p3picmJa<#U*3QS%q5)~PJ?K7Acfic)6@};p1UIC; zpdsT5ClO}J`KB|-Z1U2JBfJA3oFYj9Kwt*Y-1t=fGaOx`>aME5QAj#dMa%XQsyP7HB`@*^sg9}%HkszAi!5nu5OJeVV@Fa%(q zK&BkyAXb^v9j7#=)SiSoij0YNX-4vCdx0H0q|)&8xc34adNVLqLGh33hd>8q|6awP z>=8vG4jq0-%eb38SCQWw`E(+SOTBP?uj$RkHvnIP&Jpe&q)wnCQ%RJ0bOE@}-D(#u z!(B4Kgi-fkU$OQ^OY1AG+xDj|0#vcE*O1l9g-;mIe7W zcE5;`5`>Pedpm0!2ybE!>*jGmsflwo2L**D&a>x2RXi(S$wLupFpcbIj!ai7vu979 zEF(g2CS6X>&*aO+^lY+NnmT!-d=e*$bf3ikV8Df2dS&5chSsU_NyjN4N=>;4uW@}% zuXRrDb0=$BhCjR>TEjVt(0uHlJbP~T*_RP;otWV9Q6P$J5#k*k&YhwOb`a-qNfbYi zIx8p7ot#DOk(CJ%g;4@J>cgI&PEbdLEUmGd*}8|m$x1Xk+7Wu!?v0zr5yU1KqNzw- zp+9CR;+20^7L2?f8m=0BV7!!n=7{pjRu~~i#h`(Q&axE6wLlwB`Pk`55t%>iRd{ez z9Wc8c^VQ)y_bCi8O)H>b{8LJ%66yQ0E?LS*>H1*Gpr#vjnc@aSqn(!uqjX^pP1Fa* zZWI&T8AUuYgVnM)iq0EcxvTzq01g#&Hj*)|mQAEYsWAdhVt6#6dvvjt92;FGh|!k;!aL!)|zMxSe- z(OmNcwnrRWBy(WMu|O(gFj)CHynqqW^5C& znS2(}X^xiW5d2lBYm>PWGNFV>KSt6I2`4bO${I{x*l(_l##o&Z*t_!$JHJrW#YXTl_0 zOTOLS+xT?y61^$u<)y%UP-CLRS$1@t<;c-4;_TvMA05YZXQt(m9NbqsCqjG2p}9R4 zXv}9fU;pH*+Yr`+ZQcqQ0ziJ&bun2#6!(YrIHH<+D?Ymu19cbh0@~1jccJZdHTe#x z9?a8MU#D-Nx_XuTqAyA5dK$}y9faJ0{C~HP^SqQ+@e+DtGg2smT`F34~K@C|lr@}_4_RywUQ)H+co zo;VUn?HjU}F#t$zq$7;9QZ?VXfvW3`dh@X2-Ayv$k+ejANOan*d?XZ1t^0RLFTa_a zRI)davs_Q(OAdg%7}PP-8YVW1v)rJUOlkoVz7OvTxy-c!)M-r%3kQQ7 zwy*gD`Tg_yg34>QI3Zy~JEyoO3+C?8UGJK7S9=0x5<6I^#-TMf$Hdok^|7qI$WoSJ zOmzvlq4+9~9QJdVSNe-&{|a(B`HgqvDl8>Dz#DFBOTF^3og(UxOm| z3I#hqn3og!%E?Qm9Nf*)c|98tf%p!=RR2{(+uK8HTYz25mZZBcv#leU@(6g7z%+`q zUtN{=bl|L<>&0Alyudu_P5|>z&dz7cpz5%f#1&-UlN9ToC)0bdE;z$cD6cUN{yi$< z!s`OrMXr1mX%}-@nN7ZME-3|Pnf=&><9o^@7%*hx2sIa4DZ{(L?dz|jcKAGyqwcy8 z*x(>TVm2H&L(?J%r*9I%H(@Q(4t*Qg_9IFWKT=agsQIW_iLJ)H?xaE(>8hBm#R|6O z_dB1<$q83W#p3G8Bz(QzVgkjOw5*#lNh(f<#IMcHBDY2eDIq-8422L#ig6^$AdRQo z>ci27kywRxLX9Fb%^odXfqi=QnmvML8)XgKjLLNpq_G%j!(VzMXppukad}A^BB!|r zW8FJ;*}*8hJsapUg>ml#q~2}do9cgwp2;C*9~zCZ@q&}b|Ds(x&xBPGIFlyoJ!j%(*Uf8!Hr*P|_txzWjnvUI zt1f}ai}%rY!kKsLS~hB1+i+Fll;QVB^7)Haze5*%1+X}K6=JCbslNH?tNwu8Y>8NV z-Xa}pmV{WBDDRpgR{h@~|2c$af<~`O)Iw-zf?VHv^YXGrJM<=G&h;mcM>x-WW}&C*06>ux=Tua@U~HCF#JN}34`|62-M)vwozRcnYPZ-S+nqwkH%9Jr+ytG?+y zfOM{OBUi3*Y`=d5XKP_^fX61%zujy9m-23h_(amWV-6f)oi%_7e>#Kk!FuRbsI+M;Yh_cakkHOry&QG{Q zAh~r`Z6n5-feaiXwYmzfTM5`L+Ks?82A5>Q3S@}F1Zk^koWT!#W4tbnQ@`UU&geGK zX@Tt|BLq~YZX5vti%H{n2vN|M{QPk9On1-}!=^iqq^4@30en@O@{Qz{bhLp=gFLCu zui#^^R`56HYd1U| zvo0fLl%NPkASN|p1}Sc}x~G+5qmW_eD8nP6(@0MN?=2Ja>cchzP{1Y3!LL!>S^XIn z`5I5HADNS!`d7?SCInZz zh0%($f3>9Kh51Emr@7nbQGQWo`~2g9`M+891u=U#DPgJ*o@fWhkkrSdDv*=KHGM(y zP7U10n%T{rFXXbt;_NSWCwIR%jZjY>P!;aygQHH)38t-e!>q9+>%XR=dc#nx&f%)J zYJyPLu%q}DEKM5V?Eu##F(uosIimsl&zDMx_vyft4=N))*PDH~K(p zmT5w(mIZGvp8-_+DLDtak-DjrgESk?T-s-=M^1$D@OWRYkfj@{nAF(%konnOl~JBYbZ4)gl4FVFsYz(AU!4J%0l9XJ&`D5g)?F@BoSXXR1n(e z;e6>Zz4)@R{!-C~aIDifP%$tjI6<{AR$OyfkdQabNT8W^bReXS8mW>ySJerg|63kb zwdd00CW-4V@{PMTm1^0zPO(qKtXE!~2CK$OAnE&&s1qstm^%qNCeqksip6U=J28j! z=*a4nq29_ZioE1`!%4%OcUUldxu2%f*D;BUECS(Czf=c6GIG3NUJ)}hpNU!Ho%NQ3 z`~tp!whz|~q=36rxNN}UX+QjTU+w;Yb}RVe{V{8Z^mzkEZKu&AiF1Z)u66>z;L*$+ zJYC_j2JKrr1zD_ODA>nJ;QBS*(3U(Dr_~StJqV3mRnxVyyry2m|GHds?QR*Nr8?&yCVczl#h{SYmY8t6E z)GtN^gA-2DR2f6ylJ36@8%IBI+^S~Zn9V_N$Q5MtaYDqby3?o+^yugX1su)$`MHjl zuo1m|K4$fCup9=jIk%XX49K8agv2v3SE&HX8#%y03<71E-xaBA1YKzARLp7*A*Y{7 zzP(dky{aJ;!OQ|fRuHyFajrT+p^chz!C7W1$e5UzD9*bB0l@L^ewb--thNoKm>fqX zeR>k<5m^P(ph-$7tpt6@6=vru33Mz^Ve27x=NJBKL@9e5CU76Fu$l2B>+K&M#bMuI zmQ1`a=an1!^+6eiOzYt&VC634keNn9IXY%HY8nAt0RS7h3f->H{{q z;^$)4dwi^ikq>R9rYy#(5EdcW+m@Hl7L%Kai^z*cVV?@b~ zT(&Z8U^D;`K;&a*o+B_3d>jpv0v&$$-k5ckH9IF%Ckk^j6QDfGTUx*T718gN*KWai{W)AXAgNf{zq>y}lH)MqTWpHK$I> z_c*;uOmJq<4Ae~0EK^F=P~n8m7;6NBO~gsNmtxlYB=cY1zHaB)0h$SfWitJzBttZu zf~x~gmN9_@h=IVtHWh#b!SOn+&u%}5!O-3tnzI5x)*q!35iKx)xP(Ghoc4qitb^EN z)pC#!r?8Z1=60+83&mRVAQ+2Tm)40P39d+_vsvJ=9Eqk4pk4Sh<1}h3G%8;6I$am- zLNsz|USm39mt)rZ*NNweT&Xfm@AO)ffD~8ngEl%6v(B%xQH_g7R< zP&4W#od@%PWgu$a)@`ua(@ALOV$2#|X9t`>p-A8r#=2c--mo;UCIuM*g=6c)!>qUt zFx8KVmWo74U1Vs(8<=bi$4W3BE3&=jVWuwRLOB2*|9+`7b3|*rOfh5p$^{Bi3(V6i zIe(EeTf-?~Cz*m6La90{rvgr3!*LoK2n0%G2v%7Day%ArD20XWNtocukfD6m!MmW( z)*WbsKb%nohQbA9=#rg?5CV|TAJRM%N>kH8pNf-{t_V`McAWs;I_BNQVYqk1qzlxF z&&pw6ZNz;hEs>RqV{C^*H-PeDL#QR*@&5=-0+bq-Kc%hin1%GS&Nnh>5V=b5;4&NU z_B;-nhW*Te1&*k0ufi2lY#h|$fY#TwaKVLu&1{pVzY~t7Z~<~Wgn4lca1uqANt!b_ zp@XIaY(|um3KUe_Zgx7(AbRprv z34p@5MU>4!M+9bBXV{Q6vRrWo&Z9CC=CB4xn4*~35!Gs^?%u$0jaUnPiX^%>6rebW zNnbT&%#0emX@~Usl3%MS(oQ9cwTEY^1`N&HCLm>@Rtyvx3mGh&VRX?QRHwoN#uW7IU*^B2L7t4~H>Y zDHijU+^m0^-w@N8GtseL!Eyte6|TZkSBFlK9Uj<@nAJ84P++Tsl!6mX9Wr#LB&T*_ zWWo7W5S3mlx)8ITca?09Q>0xSi3Px+2%yYPmveN9a%f?7%=rl;46*;6tb0I*EGDur zn3aZGtq$-P5KxLM`U@!+$)z2ur$Sad_#CxOFyM8&e-~g;tg5*vph@d03C{~@}a(NE=81zPL z>PjKkn8*W@X5nUm*14^^&a=yMQt?Twpp%wGi&$t1gm?I*czJYgY6^n_i(lE9Lx?3i z5yaH^m0`0FtBoW^24CW`E$JS@I03%#Po`tB*-lK4j8QnDLYprl6byL1cxg;|m`=cXi>kXLe?dnD zh0tQd4yrj#g`{M*nXA=1#^@wM3k-v35+6SaOLt{jY>F5)l1*^zfoe4eD@Z{!!bKzR zq?Yqg8JsT^GlMmfnncDlXU0rI$kQVih=S4H5gO&M*#(T6aj=J$n+-bn2z{NziEyh^ zIgspgVELt5B$e;cV(a1GvD0#M14|nYw&3}LJc)|?9%Ritkt&g%WZW7DLkzkQ*x~O) zxg2Z_K4M^OVIC`^VO&AVxmP3vjujZP0H>D?74hmyCI;-uG<}~r0ovQU=6h0@kzs|m z6YKc#(D0i2lIBJv{ZX{Ii(E(9j!tHmfw#f=Wvyz=QGKFDp`I`-u=1u-q3myg6OfO}iX%ga;D*QH=XSOTV_f+xw*|^) zE19#LlV@=h*;zPJQ5q^1EDNKP^azVE$fVVi$^!!|Ga6rq7Yb=H*h@_4@yA1GRvlIn zQ1OKL7nC9Cc|aYoPL82z$Np%Tm3tbe3JKzFXWVHbT9rp;56RhfD5<%Z%MC2@bnV3O zIL#PA27~lV#Zjuao4FFbX9$a3S?o$v1@If78MZ69&^5dR7Ni{-{zwbLvwXWAYTKnF ztIQiG?<@({3^m44nWYdy_46^S`rBsy!r)q3z`Vr#q`|@&dRJrOhP-g&Sh z`3ds{Ry7m;gJ-V%S}0bMiNx?Em?~_t@Te`#*(V5|#2dptg0zro9I+D@O`Vh$#Q5t1 z8|=M+?p<8wcaIY%(6y1+fa<3qGFelU`) zg>8+ig!BZJyG`yluP4+bNN9I)5Q2ah=UaylXq7Rl=ce`1XfBFiD&nz~p$Ov77faAWP%(`vE5qrTd z-0d)rAT-)HMYYGy>$=`tdXqaFOBb|Hb^9>374E>z^PclYVFSos)y23jMigO9?t)f& z`HuMnHxK-grn(e28@X$YV%^tQn(uPlJe1dkx_M1(iO2F9tmfq{^A2tvUN$g8S9c`7 zV+6m&Znbw={HZ%7HtAejw_Y7Ly~-k#y%S-Gjff*=Rfk0i;Njm{*loi54I-CklUHEh zf)J;ns)2AzHI_+T!A3U~M@n!k>-|j(Yt<2`R%6zy&)X2{q3T0(*DW2*1ky&$9m%^& zxmkKyLBzM`5gd?MKgo zsPfZ@4#oYUP|NiNYT7aDBYt@vt|QpY8ZM~q0rq|f^y0M%^NH-k!6y}JP7!uZ{0(_R z!Da%dYhuCkmdY=nCsBQX#iALpiiR{nTwzQY&%K7?LTe&G71Ke;o!~=qY+9byj#^B> z#$hK?wEDoFgk2yYcAi_8xX0HL@(BF+I`NXSOf!X^>4Vy$9F=?G-PbM@0YLAtwfgwIH>oN@Z(>zHwLl(j26r%r2PN24Cu`@Y_n z+`gjy8);yOMmAvV(q+P7G)rf?l9RP-EqyNlA1M83%=(a%BV-I=H>0!Z z!imHTPCqNNU{@-2mjCMsQ@5|nAn|R&or1VGPW81Rw2o=R*ePYZ1erjv zbCNFD#kn$e4sg;Fd+M8cjPgYWrT`U@nlD^>J~4dJm^#Cg1NgCphB>st!pxR|<0-43 z8;4o=LS&E;QTQ8~l~L~#$J{LpSV4jz@EjO7N>-_cyYl_wJ*{3CUS`NK1PCSAJbh$UXL+?e!%RtpqX zcRx_BWBvMiZ&(11%6iDxX|}GO<`LLeG(}H*|GP%W2m>tp+O8+743Uajh5|SNxpm{G zX=IeLcv$Ge0}h#>(8*u{GoIIC)+EQoIPeQEg^=gEnR6qEj7{gR_?S)5;t4KZ%pj|X z5dbTw#7Cgqg`eOc(i)tHNazv>)vn8V#7|H zpM)v$oj-Uy^aYUyCkuDpE0E;`u8iwVu2^q~S zoFS$pPy~R@Xuu-m5(e^`rP>`F1unSY!wTWcwxv5cMONAl*1t;S~S`|0ZKr+F*x$)y{_z1P8qv5}D;@j`0yJB~XNG znRN<;tg(r%Z-Dk4jcJon7%+=Xvqc_P!isA24vK(xSh$s8N1M@!iysDQ^>lQc9RcGX zkuarlZ+R4%CUcouf;z?w(m0$o?`+KL<_l;Pil}UEJBgT`AXLROg@1Urf%O!p3iSR# zROzF&>!{%z42f7>Ok3x2CH;R(OnrA>9u|}6(ONsrwBnqy9@iO_*St6^DoHZ45pRi^ zcnAk+Ly0G+m2I>S8V>d0hyl6_7B)&6?1t+f=B$$d{g=wOW);qDUV)=lmjX-2Cc_JM zU&f3r*;rV@ZU~3_@c0^8JhC_ymgp$rUcWt z0mkkp?{IS=Y(Yq`u9@Wp)TaR&GLwiqq>g;fV(cyIO3mng&a@3FP~g&@z+EK%(U0- zezCjH<9#hGkBk35jEGQ-e4#L2K2PSeO8yF@2CvcQ^Ti4FTp&fDaeHT~=dA0QI4X0k zJXRb>5|84HK&5$?i{=E8{rNoIS#UDEWwJU>#lT>n@Qt(D z*Bd@4ulBq;j{|rkn2kl9?bd-LJngWw>QOI+ER@m=7Id`>=%Fv=7qK~i0k%2K%N(Jz zL^bC%EO*u43-nManFkl1?tr2ap18=ePYnoK1GOX+wnJym>{N9*OwDHpXJ%oo!8Q#y z2UVkXG-F?cGSa`a(X^5EXY>ofTlZ&_LEQJ5`3N|OWDIoON(f447i8M-dbUPW8iY2$%^T^UftYv%ih>I<7<0qocOW3(9 zuoPN$ig9lb=5(Zq5CnkzG`G!n!sad~N~E&0^4-!c2FC zHT~D-#F&aLXMfh&JKNg2aQ}AU#?7l9uA-9niIjM!&#Lo4YV@x9Z<xh!TmyHi@5-6RLN8187Nd@vd(23 zF>q9JAUT_{l*_p9jx&yJFp@AkeD_6cvYFT1iko5T7AA?ocZo5d?A<(5MYM5sv$oah zzp96zO$mJ6M&QG+C=Y8*OeK2H#9I2MspO zVy6cJ>=b$eRK?^7VobRqJREdOy`nkmlE&|I;flCoCx^>}=A?vC_+ujU04syHZQR`2 zFx`Cux1wQ#TMS3fZmfvjp|_3aK!YP~qOe~5{U$rHj8hZD zVu9qXJY2Pm!!YP*>jY;>&Q7c*?lLMtBq)H>w$sokp|TbQf>CeSSqh=rCWdlkd~{4wtE%2KSCFJ+SSD@ba8*uLSGJH2o`PvR>kqC7jk#C` z6AX_?R{w_p9Edm1Io?q)N_M2^QG`Q~m~FSHXJwlxmpmdDu%(5#uh|HfrROd)(V!gk z40i*b;3@JQ&#+JhlX8>@eV|A^GnB5^um+$cs3aN1K{q@$hsA9R_JQeQR+B;%n3)a) zSSsE~exjLV&@mn{+6k8;FcYOwL~QY}QW=7%>9@gWcU~aaz_g3%TlEVOgTOtxRD1hb z=#i4#k4LwI=KA0yN1G4gFkG`w#GcX>Oaj9@BwKH^asqnRX-eG`Nps1R{0E4ENI{Rv zZQhH#(%eSVLe3T%en1N{ZZpynj{+~0=^OigFfdQCd293%3QY70wXRT@<1%V`)Vr{K z+dXGoV=0Ih@&hVNceK4tOp-`yXJXIrR>JyB!K-9eJn=p*<5>QLZP54MT|~ICY|c27 zGrx5;+(h@HX69Xe7CB)=c|X;8c9{7wc-p|QE>ZMDcfD(B?Z7XSZ!kkWjzBiEm5#hp z1spO;aUn*o|IGs4nn|ZeZtlH ziQp|Rrmw%lp)a^M53BEB{_2_7Q1$-AsNft@eg z2&Nz>(6}p9{87flvnWmctYj#6lC3H#JHTf z{66{dh;?OyX7SDqG=CR+9!0iW%C4gteEZo(ye`&-wY{1!N`s2z%Qc=n5VKnQFI^nF z(%U~adUa_0!UYG$z;}C)jAvl5Z~S@73OttN;2z(y+QTLO&F9M%CKlGprKcuTZSy$aY!fNb0KN$LP0OZ=& z@+7M6+TM-Etc$c$aLZL3(3q%(O8^p)nFJ__5-f3Cyd{$nWq~}*VEGfw$;fYWlWq8- zfD6rHA@bge25Ng;ix4T}UFsC5MTqxF=q^x0;76$7+drGdqLJ?^+QRb~wB(*tw{iJ5 zF~Wh^Rm9E%Y3g(Nm0W^mpf5LEWvkJ^>q3W719AK}!PCT6gV$HrQ> zLld`m56$KCVSK z`^|!w{jsr@z2gO_OrQy#&=%XaGroJ*&IjXdE%Ek4&Q15B`<*8b##cUz7p<-G+x%+L z*XCz@+$r9TC!cGHcYDRZQBwz8!U#o|kc_Bu6xB=&&S(z3G!@Z?)|?%K9< z|HroPj932*zaQnzxA{f&jh5C{{`#-He9r-QymdF<{WKP@{?oluUHs+({>P{2*3H*i z%+uH6H*ez0n_oe#M=#Z>d}6!T2+=_{%Mg7u|KD;aUO0J|D>FmGo=>t?tOLMi!phQ)8T#o`YVIlN)nJL_^&G$0%gZb;W4!z`F3aD> z+vR^`kw0$Pxd$_4hV$>%AGM&@80eqIT3dD!8Mi*i%in<3rRy?5@LBxke_>UBfy?3! zKNnX9cWz*`e`MwfumDWq0s7vJ|F@F{ zFtYJ+ogl68rK9@j@D5=`cz1Y*`|cZh2Xs2Ew<fpO`m)1MZn zQ2bF-I{v7ZK8#0BJGkXw{EXv3PP6!HyevC?c)*G;rihhW9|qiuN1etNkG48=vIv^_ zl=~FqwSN(m8egj5vdp{1%k1Lfv6%K6H~W{^*z(8jQ*2<&zACe5|022CB1kyCd|PPz z(OBzF6naKx-0cG%980FfrB?6ZZS(Lpr{prpb+O7N13U|4C0v_DNP&x&&E4$-g!ylA zSrX>=HN21+yR@CpZ~=w@4WDuL+!h?%d^CnTXTe!HDlBQ`piF?@+!kLs8echx|2Y6H z&l+r1zlU`|pYC7$3c*|=&X>>eE``gYpeD;AY@+%tzW4?&n2hnI3r>xTpChJk^Rwy? z`AqtRi56etw+jDP`ST;Z$cX$7?}*{$?NU9Kk)_YMcb{cv`NiVjktf_9;O}qqlkd0e z+>QCUn-6{<@3MG&J4?j3wH)3dObTPls+Pdl7JK;B7kT+>e6tL|_b;<=%b#WuOrqsa z6OqdwaY$(S)6T1MCfB6FMP}%b9JNe>D+-|9sL zpXO%?ewLTF7;T}2+kA2Rvm~tQ|0m4zwsfC#v46%H;az4(59*L6+#$tyCgMxqdyJ}U%;nJzlFOMK3n_~ zmILjq9BK^?$x6b!Im$V)f>GYT@<~3UptO7*A1{5SW#>*-!X}m|VlDljy!xNx^l|AZB+~~h{6EGTiSAv1<&7?0dUyd# z*#E|Jyl@7;f$r~r;{wVHZhnYguW#o?kjAE8KZcPwivK6@|7o;a{S+^sk?Ma6fsn91 z{*gT0jyY@61D08w zMEG2uN0G(P@xuAP_*GuUc)86Bsp2+&E}vlY5CoO0kpIcdUz8QqcAoFQ6?2}y@iBb# z1`+$l5-+Un4f4h1KXxiwIm%yO$7SUpFA4sv@Fi+nIcRR=@fSHB(&jQtEjz=ryiCS+ zn+vzL%yF&$J}x)E$IE{c<^#!ys}e9qoH)Yx;(tYfl|#G`j+JA$ERrl&Ql_JPbn8I} z4&jq4T`bVU%Q-%O{elkA>mR|R*V*{%-`|$7V%rl|eD{t-tR=pGXCfBg9p8UXq6I(V z5AI5AJA}WF9@>-Gt~YpQwZsp{ACKS1&+fx#7$Sal_yG$)S}{y`{@_k47QZk4;C4J| z#pC$l)*V*tP`q8P-7HTzgfDP|pA>d>N~?!hd|a!HkF(17_+AS%qe@=9{a!0ZMkFd9 zUc|?JKX9w+Tenk6ewkA8V^_kGF*`~)bEyANJO?ba0#va5gtdPL&tm&$wp&*G7|WdC z@AwJc4#@2QZ+qmnhqo`u?MqVeM`H2HZj^s8&O6lG!g_JB;#nz{Glp1aG%`}VC1#{{3k55vUR(Vm=&PPLe6O(Q= z{m@VyR@#q4n{`R&9k&|4lB>m*tHpUq83)qRBpSLh9uheav(w|m0uS?QS(F5}^FpQX4(g24P3x$9igCiVxpOXdR?lX8n)n2z9% zSW_TLIhA*G#^p<_bjkcS2|^~T^o-@FyrPXfcb4m&<&{V$9msrd3YV_**vR+Azf@Ev47n0umOQKK84;kk}KBk9S5ls0Z@=<70j>;W9Nx63z5qoE#f=l6||3yaPAuHvn9laUlsXR4Ak``w(K;F^jEwsD9QEZo_D(&Gm-l?hV>*Sd!VYxS4 zI%KDL76C+FU@8c(DS1#FnPgJOT8mHR4u0=8h@4)E5~z&OXq60 zwHM|&My4WV4W2fx)~JpXZKCC)ew;f-rjXuHr^=0=ViIGK06nq4EsRiOz)fj%z)HMy z4K`1G6A{u;r3%*F`Ey8;93*oM2kz)RP!#wxu?60k3XxPAg!f~ zvDE?<4dST?1?sk-#iHq7c>*`~6sVW}odI@&D*v+Y%c5iZE{(=U>Il-el-js1KT4KaL2s9734Z`#Z9j;6H zGz)5)_`s0D`7ELYmA!gIj4xs3KI-N$o~t>CMRe%_(dDU>r$9bNql%_Z7YH7We_Egw zGwbEg_@Aa_mAzaFuuPR^{)<^ft7mw~w8o0b1xH~`;a;cH%TGl5q~Rmg|C{e<>R-|S z-<<7mUf}aXK2+Z}Sg%}T^&M!_F-P&qVKSwa<7r%U9Yo1YC04noMOIm78s9aBSFSNjP@dtVUm``ZgqBzh zd$PkJzw#WSp2egiKhjbEyRA5ebgZ6|(f(37UZ&WxHp((p9(B0On2;qm&4)%#X1w#t z4*}G}RE}r#*wNd9S*1N|B6bNr(|7=XS6c#6s_4HCqd%Tuji zpms~j5y`EUb>x!vw>2xAKbvpGEHUOVsk)fsPTy_NX*J3)+!)l2C6(KY;qgWa%dOJ$ z^{oV~+R>`|q~# zM^gkN0kBHtwUjaBJ?(Q---*@M0A32ARw;^fMPk2DT8i(;?`rgv#_W8(yhqBI#LmUMz8a<*E(g*N>N$m8|kVv9t7k3 zRH~hnSf$ZZF6s|7;-aBfuEC)DK|vb z4nL(bL7msj;KwqqqyJZ&mCG=IS;vS({u4u%V&d?hBrZk>)-jd#Svx3g9r+ShRnPG1 zrTW+K!|fur(Nt(hN{M2k8!oLZfCfXXDH>B#%p+)WW~V}n;$HEFJ1nWAcPgMl#R8V5 zSSYr+46-Dbr9DI@vQfU$o>2`TMgUjAF*mROIVHuilI~ec6kt6cfQhy`IZ{VM6{JX| zTS+fa1&PZrlN*I-S3OBi?F=g^b-HJ~;9~s~X3<@xH1= z6e)0%9I!l+Z4;s_sD27FpK2FIU6C-LxLr zcrwWz9J(f%G%sHEz~tvl33do?ks_jIVlcVs*7IAIX`IS_H+gKFi`~}fN(TzG4fFGd z$+u8LVpWs&$8x7QxZvXXy0O-6Ras19O&VZYQYVnfqO#xA;`pR;3&GI~W|3$Sr7fs^ zTFtt&Md!+1JMV5Gb#;04o*kIjFkaKhCydsLMSPDiR%1}pu1toJ8n?>(WYRG6RoWs$ zuJNqwEF*|5G@I^Z^tg_cFaLOF0tlC)RFs?@V9}jm-3rw018F*vN6c6f1C7O+pNBSk z9m6lS7HT(sV*$BbzyKxrF&g}MamGgr|G zHs1_aXA+*2pJP%&f-65qW>K-{MoD){2~C-z&3Qx=BwlGPi3^tXd!>=VIP2Hs_n_76;PX>b(!f%>+Qjm{}Q{!jWk)hZsLG_87$qaJ~%H|hq@p+OQwCW_t`Z8+Y zNK+psrIp$0G{0TodjX|nbc+` zM(gV47qYYt&Uu7vf0Jr7^`E6%@vVHK>a&y~#sx#U5VCxfhFw03VkvjPl^#W{#>@uP zW>c$6M|Y&MQcZiTSui45CXvKg>Z_P2;0~8P2*p&1#)&GWH4w7BmGamzkd8CNXDgvLTr*Wt0u5H{@b=xeNm*~=GY2{xgH$k;(5U93LG&wP^lB9`kl*pQ`zfs5)&19ene_FYub`!^_7jiJxF zm)zE~=$X|LI{|8pBGz@Jqc8?1`SD75f;L=OmrYC828$`hMwRx5#rjEO!jwXNwM7S4 zozcm+#SS3ftS3P!2rRWps-M~<>Vy%i zG2rh^!TP`|q1R^;8g<&A)M~^|pqkY}bv+5K!UMw(t*&AQ5FUdx45f0D>N;FVDy}}I z0|v|kXVZXC7;gEQq^j$nq!E^vX{LrXf2q<9Wi)0j^tR~24k~PNZK^tLby~;MkunG} zt*g=}V6~T0*BUU$80xNo>KUWiz1l)L8*c%R$Gd7!wORh@tfY=ITGLGCvx~%XwAtrq zb5Ytg)XPy&r306LJ}E|afbJ#LhR(}E)(&9Cg0-w2uwJk>2dfeiv0-y)Gc}Mue{j=0Zv_>WYOIv9T&sm>{R4t0ldFmFcgrJB6BVZ0MTYazsSTI`m6j5Y>8ql&g z=J!FXwfSMvrM^^A)R*?Cu_1A(xtb!^LeXV4-AFaJs5Pd!RSm&T z!#o_G7W~~X*|J6g6rjLOforScQPJ!f15*0&`~7_Z$`WKFC*o7w>4G}&)-(YXLIE2g zDevGsFcp>k2B(*YXiA zC%eY6EY0+3k@*0#b7%m)zYeT{UH$t^7pMbF8brTSRf3c00}x4gs) ztay#T#iVhQ=fDKWEwWvAvCGu5I;eLZeZ%s!Le>{qc(Z^tru;O6L{i=&BIf0+@0+RH zjFsTm!%`GZACo0AHBF!RIOvG&#>aG_LIJ=tp!s$OS!(<0@-kY4Tw=P z)itA?dB1EQQt|Lz)bP_CR11jQ4{m|Goo�DO+$+(xYtNz&0EONa;GXv%cD2W=MgF zt-iX=Q8>S^(R8zp7os6YflHRpnn6!$3w2XlXrinw zCQZ9v>`UwmZlTGCNf7m~&j`9tc1q1&H=9nBv&xyury6vJnJd(rWYUE%qgj9x2%PXTX1buFxDnWfyP^9=*v58P zA0J!gVA?_!oA=u`-Ayxwf3?Z>Wx_I{*&Lfs;NWexO$nHq)D{;^*|33Voh%_XDa?Lo zrb?Y0Ylw~kGHapr<*`+=xrwIiZBgxfCbVt9*jO`X?-M~$I~K8Im)q0K8-?0X3LC7; z5|NkoZ@?pxQJc>`1`Ss*lh&t;WQ#+w$h|5<1FO4|$~pxi@LgsCOIy{hY)OKS(-Kpn z3=YQnvOy@X3$l(zty6c7@-SzlAxL*pS(=oeW43_E2+V35mho1dYfQZ{kv9fgY`d*ZKMWxwRrWq=d6fndDlS`QY^YbIjru!Gs?14wthpmBGGcZ# zXU$xy>tt%RTa0nCl__tJjCaG}vWMdx4k8}kX!?I-x1TM0p1{KRz7Jb7-27pRRvDgD zdz)@5%zS#M9)H=?^QsjRnDw;1D=q{7mTu|WD1ds%p+ z;L=ANAI$D!X{Jvg<|n1~{4Ber^%9w6$V{wO2Rs>o0yY-g~> znpW^*R#S5s9}@5-dMvW5x1kYWv3T!eIPHLzla`;SwWM{l8Y>t@Tt76%sn51pYPVa< zt=^2>){w2v{?)>{*p2Bed)akUpJPwz3_yKJt4}p3^C#5ds%A7B!`u)RP`ew*w6V64 zX#;{Y9+|>&Uk>j(l|vU$*Rlpq;*CAf6x9lhl2YwOX$(u6r}%4SJKZb|C9p7sWfN0y zLs~O{qOksQ?WBLGVRayh%0oAJxWy&afu$vk9(MkPGoMVAj5#+hQrnJB`5NFT5 z7swoM;wGRN&jc|VZMlz-cGAxql5+o|CVGL1OQK$uCF12859y5ObFRfwKi3kx&?l%1 zk*Pl?O*|ycq?$}@$6@_^l5mUDhCN-J^cmiu^!mNW)^E*5)J~( zO6OH5;5%QyAXm27TMGkhsnJrz;|Q`D!28G+8#!uk-j<-*u_Z#Q?ef|uW8 zc7`>Cb^n^d8rlW_GW=1b!NdPE0$Oc&*_JJ5sFOvD=X|`G^}QOQjrJ;2(d!)O0=ph< z*I^qQ34MX~O9*~FvLOz$Sy(Q0=(dW};#@NDsC0DTQS)iz`lS{kVz5C;k!ko|Ub2~h z1&J#m8mmaQ%t+NHa z4%Qk=qcf(tRG+en_8k@XVXdt{ynA3TtH=x|?Rm$FbZ7ro%MmZ0paeY$yAk&0jq!|uM?-swhhs$8kl-P@JFP^fySsb3ncPUuM}g)i{rB_kbx&tM z8%^ZB$jilB?(Bb1-Yv4cfX8DFiCn4Ms~%UOGu`yAyosy-ibPi{&SiLoA-~Bb^bC5z z04*(jisH#@Td8(Zxf~^CmI%Nh^57;(x3a^Xlcmd>bLHO)z%l{eVV|m09k_`Sp8; zp0QZ3Rp9bCJNLxCw>;T`l<9gkO-dO>mXGgT(k`Q7v7Si}-LAYn7@nSq(laS~Hb2Xr z?FlHSm?KcOcvFEF=vh3rgO&1COd&A^N?U5N3CMDvSz$IO zJ!Y9AanzOuTE5ojr1Xp?R+I9l%ttO?4`uf^7S&xPM5v=6VRiQJ@|TBX6UsN+Y-?}E zE`hgou1^aEl+-b*h;E8)ol%q#`HnjEuvvr-GWc>DPf3`%CVYZem0NPE2l|& zHDAmma&xa~iYt!tRkSpo&~f%QA1v%*f_62wv-vi~Tycdfwk{Z*h-c?3hoziXC zb}}ie-xRk(QH1vBgVv3GtTp4xp?hoCsRMg>5H7xjs|__;FnUAV&C|c@pYN%dQ)7QV zK2$fB$EP{cAq_er{cM!Ti|Oc|M_$p9v9a#>kUeinObDnhZ}e*4%y`Z6;}l!DJ1f@@ zl{>tsmm@(Nsf0za4D&bLJuQe!%0hdk{%#&=O@m%dQp3f)ft-3xd0H9N-Uoh|jDnY( zI?wjuyxM}U@UOG-2-8~x)LWM}d8i!@3?q6no&C?KWn|cpmI>vMjF1Joqxg!bQ^Qrl zOClPXGzMg7PB1BI*q33IXtchH9<+QiEK?JHc1Y+h-QLcwKwgBfDcH&*Qb)#lC~0Q} zgF_$QDotu@)}%HHs+^L|48btNB2!omZ z2~Qmp!d}#*M3YsnvNuon+VHyiUhj|(q+~s-*YYzF47Av#pWX$546rPevHd#^1+s3a zt*uRdgSq?K&ev#~ULu;sF8G?JV01GD-$=dc3+SL%Lwm|sbq=&s)`E3|^kfCqG_lg% zX_kp==Rju%h03`!qZaXm5SCwv+(Jt*OCId)|xMYWu>b<&G z+?@mCtjnoxwOZC{6_v6=28*S6?&LSxqlfHf7yUyXW1*k5v$}+&$|r%Oj5X8DnyF+B_2XS7Z$)e8TATAiDo>!Ddmk{^3|dT~-IqA2 zolm@-wLY6&sWHpK@~{aYjD(bG`CgrC7a1oW2Y!V|E>mvGmziCvU1dxkG#hoi-lsq` zJ)Hv+ItM0eR!!|zI)aP)UW=%1#qEi)R!m?YlKqZ^x-e- z(E4sj4NNj%t7Q&hK7~kqiR&vRmI4r0dos-7!c?C!naDVZAh3xUYd|sf-Pgw?m=3#WKezZQ0LjYDIfk!fARKr;9P%qzQ6SO%X}F-d*gxhE|9XI zX*6x_F6tb(Bs+yy+I1S8nZnBvQ+O>lThRO5KvQ)(OQ#t+EhtPuAPe=j_7uE#kVQI8 z*J+wgGg|`#?_YB}tA*J3vJvE5oo3r(|5i1(ONGse*o;PC-kF}_3JS}6(y;XEG%xZ^ zZ}9Q{vy!uyo-L&-#JD&wkZB)#h-1uLKJXPS1zPjnD%ylh!4(O>lChm1wDT_Gw;?o4 zyc?`&{A<2?UcOzi%r|l)XT4#oC~h_6A)R>|?vpVy3CK2#< zCTBMHh<&Q1&iXS0LXE6CkyTFFZ@f2nHvKsWwe#w&{wt zvN6dh+BXShb`AIJKN8CJBhIBgI@g!$%*wXTtL(hi&T~~Pw)${pkB`p2pf#g6>s+}X zPWEaT|6apyG5RK-J--7&B9@-9143lj^)Q9VeWE)QgdGRrq1O<0m4ULUK+mK}Otf&; zzJW%3)isz!^Rt=6uxAUzSK4aaLYQIKnKgQy7aM!!OwHLSuguGeWuZmr;h}6#w`aXp zky=!?Cu-20OB!_$S`dZADiGfyos@-67QU3#-JDtIGD(?aSuO&p47c-jIqS3q>=-&Y4MU;U=tplV^X);_x%q*(sWf=9JPYtujcWk^+}DDkVSf zsC&~zCL6`Zwnt?(ObB|?_GXEZi8jvtCIm{7XHhbb?c$X5@MWByV%~<2w#w0+wENGJ zb@QaXHP7bz(aGc<-A(38S>5?OJ4f~MQ{Ki8e%Am4bHAr#ehYC9Ow*Y!9pyC;gTKDq zf3qZ+BsONtCbi}nZ}?s!&!Awm0@PP^C?7m#Y!D`?J^N?{)1q1+LLR4^ zUG98tiK|LndMwRbj;VA{o-H=^T8(A2OjknkWLY1jXbGRMDeD82W&4PcJ<(lDS3aMV zDVC7Q_B)!n)iN7HPt)_pr*F!Wb!Vre^*yrk@wz`P$>&+nVxH;Tq}&H}k-oqPpwqcJ z_33ocNM%nc_#b(?L?tX=GC4oYXYnPEhjK0tw|q%Qo+&5|SGA{)v7LpzY;>Oc5U(iz z8{TKQW^+->p1#Ud zzCouOb-Gyr%eRWWb!@(kob)h0^#A#ifz|P~R#Ug4pUfNXNlNx@(T5CNZ`HSlFA@z? z%`qb9s~HcWTg)TT$)}W{O6v|st$0<9^;r9629_0hutL6%d&Sr;t_P^Xptkhp2+L=v z!!iUTw`8QU?=VHS4^E4w%CIyk-9o_>$1NlC)W^o8Lf1n9RPd@hI^Sy8IO<4Q4#p{5 zJdZysFXQyV)yQO}ZtoygGD{UzCg3F42S+Ot#Jzi@YQ(?7Ryj6gN)L{G1v*iB6lble zHiOf(ft>NWI#KrMb5o^9t(N7EZIBud6^>%qOMa>yBYG?&jj{{6kQ+R$(mpT6%7s)b z^U!G2B#NyR6st8i=~E*IBx(;E#-R7){4nc|V6g~?u85bfiDI+Mj5r2n7o-iE;nnv2 zUWKO^PJxHGD{}wwly!~HRy{!*qzTYg%xGqs2CcN zR7;#F%05YIUk>}n<#2C84ywtf0NVL5CZAn>3lA*ueq)WAL3IO6Nf&k5eQTB zWMEM;FwZ1siCL}yDdNDqAW|}eE(|PA1{NH`xLAw}Fe~Iqs?-T5R-208W4WrI2SQJG z0sTdR*Tyo*z!k{=x*`?@zCx!96~n;NWME<8RkC1<@#Zlr`kVw`S6J559kr#rTkW;H zwgC{jyjUXe%(`8s({7#Co{}GaNMwPPO+{?6xeKPGym}~sM!YdfeL1bHQ{^sEtJSCa zp@$lrr^1DS34JBs;pKP;cQa6QO=yp8GgV7yF=Q^30m4>b7vI?;MNp%j^FI%lf2|>QK-wR9bPqjFODcV}n9c*Z2;% z`OfUl#!<@Ib&cWhSj9w;`|s&s=CT!b-K&K?X+-r2)M(@ z%_28k#{VY)PZvs$7^1SYn5EY31!| zcWT1wL~&Crl14z>6M23I^=bhnkUW!^44E6S4>*&H5Q5J+H-$Id)qZVN{AC(Aq}%c> z__yoy2BtoxY7(*+K74 z708I1oD*%0+|sxc#{)WT>6Iq>oz<~HG#Un9z@XaUDhx*-D$_fcAiv7_)}`{c;wlC_ zsKLv)5au+QPqoFmc5@_xPlYh$zV0)foeF3wwS}zk>q2MQ)v1l0`>b>eE#LB4m5+te zOO#B%`}hgF&$9CXMx|E@Z^HrD56u-5#fZ`LkzPuB@T5rT@$zZ-uz2MfZDdBJmU5VPc2MIek(#A*nPRxi+{zp5Pdb!t=%E@0u1f}L%>8*8 ztHDWNlzBe<1J~(932{*e2Junp+59K!Si;IRs5U>)(O5}d)ur%R%xjW?RsS;PHHvxF z)O=?$u$mt$I5c^FoJ@wdGdN((_Za?yDIt2O5Uab?ZN1DWh1P#$zKvB&7BE?XddZhd znv8<^4nY?_2AFip+m&}hTTE94hZ>WgxJ%4n9@fX4jyZa zldpC#NGBmbQp0NhjgR2gYo7xBpTWw$IZ~!XwtvDrGwlbk#9k&Fc(BUeOPoqg-)JsF zx?Js{FQcaQKlU#?uap`MvvEbHm6DAKOWsICzbJNVJ@O3s2ts!t(LW=x;u5?+Cj<9&RxgrZ=q#X+npWUtE4MP5%x7g7px`KPov0WF z9zch`Yq97y=MO7#*&dw{5_moSdd#Hb$xXb^F1endm5 zWQn}?HZD!`E_6`zshAFN%S2;3@Sv>oypZ!awNQFD|BPNwKgJboP7hV4=?2vySLVUT zyj&Awy_@`1mKXhG1?+yDqk6(v^Qd`>!#e2Y^uF}{R(aB2R)y4NWdEy|bz)QE=Pif& zr^k%NtVU85sl}8R`5rc(0a6V@R<4Z$%K9?ekHc3t>3qeY6 zQi55mY&A=$HCx(WLAlv#y(BN4^5H@$RCOw|zDd<~-~OCB;C4^x3;IW!TuShYh&$cD~2xG+bciNp1GQToki5OQ+e?6)L}-Y58Q}acK)~hQG)f4Lp80k{@`I zpNE5i#O~qDh~dczOdbvFO9u9`C~0CQ3ey(OYRTr_4VZ(omtLRL&>kj0Nf4s8P#*;F z-Yem&lX@w=oP@^|`laUBM*A&CXtHWoFct;x6xqys5H$r-=ZSzU7tMC4IyZYBQ0j#LRowXt0fRYcsp3 z-`ZLJiM`9tP=zJGS(qxq*Ur*O#=kCuRCjVIDIj|);~1==3*8bV?vVM0p${if2P{k*g#+TQ6n1Urya!BeHmaaWk2(| zf#;?5%@j?^A~iFy4&!8z5MdvB7FX{u^?zxBNTz8jQPI5gxqN#<%0AtFu+Iq6dEav7=@po(e#h9A%=i@FGU!@H0ZAc|v z4^e`UT{&Puf{iPg(|oj{yd}}@2O9ga#vzSDJDpYaInPncjA(9VxJH1t}!`Q_St~emri+{K*udzQMryYLgs0Gw8C{HCX#6B~@)ptlGT6 z;1tNgDW+}&Z+u_M{sxTQPqX^Oxm0Xe61^EZmQASo=^LGjH!0C-H-E@v%T1)IiPiZ^ zn;%w>GgF%Ei>*EgF`roj%PL>6;x`}PHU@+>ShK-NtW#K);i)iQ8k`jF#6Z#61EjwW zW_}i5t&)qO&je_ppguL>vsCu+C?&*p3w}Oc2u96GeI|9xPq%!XO4+X=BLXSh5!4a4 zrN{kkEW|W!^f1oy4=IzL*QaPw zuReuD)oYuRuWw0{S&M6I7mqayw@-z7X~QSx1V>5HR7Ts{1+NKU0s@yF(}7Az=C2yx z@#LKz$a_gtwX7JCtJ!g9DlZ>MiTQqQQ1h6B)8zy3^(dS1!cRe(gERE2?$J<%pSWgV z+mh-WGlg{XbTN?9C{K;fv(2-}&Mc{%{%aa-zLu;|TFq0I9yixk4z?Ul=KmYY#$RO0 zGZM7jCmK2Mhjs>MaZ#$XB&gaQ6WQ!g!}Uc=YFkXz_$Y*ao2?~0&BLHXwJky2YFh|z zr|Q!hbIU-aM+Hma9c7kZS&iSOiFteK&k|*6TilOO!#CEl|Il^l(RJZbyecf)%yeF5 zXSocunrfc!+0@no3s@dE6V%oWk=Hd8gxz49F+8d_Q-Ip$5&2d#o*;Cieln$h3U)8) zA5O!^Aee>eAFiSD;M`2G6o4sTUKiXuC~qc8fQ>-NiSw0W^f)8_)LG*h_016GoC>(C&v4ZI=8f@b1fL;*4AO{k>MF9_@rID zCaLTUE>LL}Sk9h=tUYPu<02m?a`EY1Nfi)Xdble;T*)<#q;fx@b;tXu`PK+GFq7+* z$>3r>=7d~pnr9xoQm4gAVZS|JmJD9e{9Nw%;1v?j;8MeNzqFGQV3_3r=xe0}9-~PZ z8NfxR+JlRr3d{*M(4f(Si&UiY{4sJ=W#El5o?|^NLey*sM>GehZtMguG~b9~v7Bki zZAopOOonYwsm&{5%@Y7!-YmvoM#zT!4aVvW)ojYO(g%DyXEeCDW`DgN{@3Bditr1u14x?<1u8j?#UKvvlnUY2@0WBysJL1_ST~mhw$XbAc7$8Wl~` zwD|fsPg3BdK3rwDrc`I@m>CamW3>(kpn=^EUWm2&;!sJ2f{#(x_oO0XZox|+ayTecHdsRWtgxzCYN}z*eMiK;R`rN< z+LB{+4fPN^9`!lm8l+b?(>`c-^wxH_s$qpg&1=lg7s61=4WWRV>eFsBv}fTM@7*Oe z^Z;>4Lz^U8)99Xkx~8FuqNKW}A1*!3nP;V^RdWCh%q9^f)G5p=dufM^hq0s2!xU4G znMVg5U!2s}DEfIrIiPDNdr56kLO$(Juhvz(`aGu9)&KE!4)0SiTdZw1;m#sm^ve7& z-usx@ke5a(a9Ve-5Y@YgMBO>#ZD&2FJr{*z00*g5@0un@EGP#;G4W8-|5{!A@IsB> zra2pJVmf-JX=bkpOHp4HQ42+o>Zpev08jwFadnJl2E>{SqD`Ey<8LDJ7ZLe;h(WW6 z#B^?{YQ|W5x^c&uOi=9Jv(XyAJRLlF%-;|i3JPxGQkPbrYqOmw34I0YcHX9H7a((j zd>c6B!e4*Yt<9+2n$#{;qkGy0UbRbYbBJ7YK9=DB$nD^6lA_PpI#t%jCJn984esPG<0iEg zsL)jnb{q89RkHZ$L$H3!ya_0x=A7!;6PWD>2}`@!8D4->8S zGA7llh&I3y*u$K_Y$;DuE)r#JiS5X3CsB!lWnq3usRxtIj)6=eV~y2e$=I3{l)Buj zNkW2m)^}@^UVk_!`@@n}8UIzwpNZemQ+2lPzX1i*jvgLvNy?kUmYxk7X`pPj1TeVY z{&0a7H3Mm?KlmILOr5R~THK=#e=NCDJ-~GGI)R$6X2CjMLwYY%WTQ1 z?+-a-f(sW@Hbjx;OJvTIBnK}_ETmmTa=kCl3axaoL&X(mA}8T zkgU|7k=hQjvY=BIpPG6zsjM81RBYj8MX1h@f6!(pR8;Y!CLrf-v1ESY3%OcjDAj*`-nBFlTzbjUxxtQ3Gz9J3BBwgh&}^` zpVc5$&T^R~%H>!K{rGN@!q9c-5u-7C6t6>%7KBIfYE8-BL6SZgAs4fMUQ$|}lyGu2 z0oXr}Q%SGcG^Ga_>!N=VR~xl>*|PB#rZ^<4rJ+FaYNm8U(jNf@Wj8KC zM{Ax;%PJM-Kp0Z#1G)*#h_Aq@@H30(=z=IC({EEB1~rTL$w`4pQ%}sY@kw(H80x3R zw!$1PLlZL2M?htHFAF8M82!gy(L*&jf5S`!!bKdunbl=BrThwNGLo^U9jU(g)LN+d z{#i1|{Z}Ua3;7@%WxJC7^ULIy*6T>GF$R=CX9eq_AfY|_3a@LhVxv+DFvWT`{${m( zDn*R^o$4WaZ45@nO8>*`1JG6x?Gmw95VR0tZ=&($9rD&-19_(lGD$QFKm16`S7WuLfY}?E z!sgDFf>*Br1h%!PHo+@<@&x3S={yShaQ4i`PUp=k(mEqRkkIs+iv5-VCjKhBmES(!R3jZ@a7{Z&m zBXjG>Ayxx*Dl&4jT7|SoLHKSDBC@t`uJFDYa8xIAVQ}t{jW@?iCI9bit7SIM%x59RB29)TTC>v>tFdu}K3iYY5$}A7= zX7-WsojmgE`GScb3-g($a4$lmkl@!e{1i|<|w>9-J#Oo3ppE$*5=DIi||DJjB-ucyGn$06+* zUlCOv3wM6#!hat({n3?$4QIUlBb~e2PAwdN&y0V+_2f66R5<*s$9BG=bHN06>M>*6 zFS&g9Yj2wUUqAcN;cK3B{7duoq__O$Td!fH3JQpVx-rdPr|JvLRsE0Xn?oXWcw9Wnd_7v}2i)!aAD(6OVKFY8+ zalY87_jA75sMVam$We6P;OxV0g7Qzl7pWcb=@U@kmWHP}_m*!p^7n!8bc`E-`U*#z`wnN7sLlNVN@=<`=pxWFtC|`~lk(w8&w?ZlAHn$kcr*>t0T7vR<{zSmK-1Sgj=IC-80@ddJ2WmS< zoBKti9uCxa_dBTn<;b~g0UjOhXwE)Y-(H<^uQKcm&OWubMY+rdd#gSDK%f%$zH3u% zkh_U)J?C%Q)B8C4_MYKF68AxdGPB*@rkBN+A+=64dKB+T7bYduhBY zQtyWvaNZfwT!`no?lCxq?+-Z?IFHmjntx!rWaqoyv zm&T{p#;0F^^6`B;QoAGdw@8f{Moz7~uY@{{qs_gA^Lvb16{*ig>c&Xj1|@0a+{6tj zcPDpfU3~hZNbP`*FkGX88`0j#!FSP@aopwH(VR~+%6&2wsM!%) z5U4h{NIWKuE1|B@ox3GaZEj0=+UC9o<@J6?q#lXXlaYEhQm)vDxdm!02W=r>$GHFb zuT;?38DP?loO^xX``wz6Es;N1OX;q#l7%duwy`9jPGQKY=OT6Zimf+Ku8k!5tZ> zzq^y5^zZ%YAqkxgCb_h^^F>+i-xjF9yLW{UZSG1aU!r=Titgi3%4yN93E1D8Wd8*) zuXT4t>Zg%cq|AbO&e1&W4OuNY(ZSJ+4eY&rQ@@=&*VsC}=X}mL19}G`# zOAqC~8nB$Z2I>ZmHg|i(z6+(Andp8Bx}bckI10*_V|v8S3>caN^>&UfcNJ%^u@xxgIp;nDr4r@b*CMtB z%3GCRM(j_K`e&fp-0+cJra3oBlxgRypnP6l59M>(2jz9+;)wl6#6A$PiSFZ2k{`Vv zlychUz6!O8<7D@h-=*Acs5bW~XJ7KaLisduqda!98w(}AoI4WA>-}+1@;BPtX;AYx z+T7BJEsxl>ky;N~mvKh?mZ59o3ohxyt+)lG&H*5=NE@_y4CC|{TFfKuBZh!!d5{u9h=b_wd^ z965KR&Q{8=1uEz6gz|j%Md}w&3eo0%&)IA2eyGA&VG}ufTX$Tby4=Z7UQf?~@_Y*; z-@7ALiqz^rb-A0N6t>HK3(D8v51~}kUG5i9zvGzb{=wN>m0{z2IlA1{7dm^|<;H<2 zY@0hSKAj2WW8U~K=U&fUmwQ{_>vEUJrxmEr*wYOW+X|)ly4)`#_4`O2fJ%4iX*Xw2 z9SNnJB8`ZhAE}EX_0C8wiPV2a>S`#T?rJC>-I9B1cP3~5bZ&UsO}pFyDAmk4ZbWz59l>#qJ0VafxS3GmJIBqAPu~)$D+2Wfcg2rV zZaH^vaMyG8)RzO*<-Q5!^Kw6wm*h_a^;-9<`1C0#<+RN`3#E3Ha~J>81q)Z`Y4oe3 zpwxPDZbG2C+zC*=l&3=}wKn%=s4F5gIdm!bD!eu`EG*p@!cD+ocmdzPIte9 z+Q-r5az{4!4u|q#rvuve4UpA#q39X`Z*}yZ+$gTIrj}H-*<0@k~flbKY;Rm$}gcb>d3i$0pp|F zlN+gxhVs4rE1=|?O>`$ic`N^BDDR=XGg8YV^+_n7=dVCr+@i1>p%gafegx%nwHwO& zNRLHoZ=kx|U!hb-U9R|w1~oBK)1lP5bM9;??+LyMO6lI&aygX#<=h9MRBvtW<50ei zz8v@%bwGKo`$3@SQ=pV?oBIQlufe|tN^y?*sb;72PqR>E*Wr3Vj^*H!xB)pYAbe+^ z=P8a$12WuY-8e%&)Px*v$Ta~O4^NLFHwI)P$V5`?a9;=6#&Hq(JI;_j0l5t1L<@Bw zAn)aG;?6K6`I!%O8DsCWEYy(^In2#9WJW~Bx;GngQ4=!Xkjo>|<=$#Ye?+?7+YR|f zM8>;I4cQWrN$!1y{5&E@xepq0AR@=Q0Yk>@Y~=Yw_en!$MP!z{&5*u;T;yiE?;7%+ z$aAi{&ybHs`D`u-}6CnqT1l*QI(p+>0Rj zT`AY+7PvpT6c3N!PRJ&t^Q2r%gRD)+k` zaMLW*&Va0QSG%)~=Z5PVJSF$0)Q#kNZ{Trmt-FDknF;>6=h+1E`Ba&-x&qSY)`2)m zF+Ct#LB3$|ygncf?)c@Lq{K4WG{fkC@eaZdNkf{OrVd_inPbt;c zIRWW&>)kV!p9KL~=l+|IhpWEc8<5M=xAM1fCFg5FzRcm=*ImJo`*Io zivj5))bO-Y?_xrJDn}pfWTb^UgFDr`bKi1wLh$_eryI5WEjQVC{tcdYayYley*i!h z?QkCqNFT^q#$fVRZ_YMn{eyEZ9Huo-z`EZb< zIQrZ+x7gx2hdaeHE%jr!%tE~}AkO{NRg7nGK&GdD>iR9MY2(N(p=PFbxsMyNBJlLN zpS$Y}`FIoZne;lzAjbT2_t~`C#ScLwpPLA^*3x=1@XSr^cIz#k7XmUb^(*&PLyEs_ zl>Jxk7DEn?$ir>}6JE}3N6yOOChW*}EcKHE5A6y>bulL(b5ncW7DJAV<@%HRz9EZa z%ztwC8`2qh_POnbd@%4#O8wdGH01gwd0 z?Xj3ggQy0lrT*f6Z!(-7k>}m>hP*i-Yf^uA|FBS(2V`yPfXif5_Wp?c!?han-x1*} zONKlWkxc6FjA}6Tuut8&Olo{aH8?IH(^8pKuZ21@Aa|tlsbex~7fT~gYwASf`DEm2 zPo0)geZ7B;k9m{pNX<5$djike)EE$&w|gico7~vcn~dj$7;|?(Mm*Ax&&1R_jpyiy zydt&4@^co5>Y~pblUioTnp6GGrdM>HW@40%lx za-ZdJK|uOQ{eI)QvWe#blTWRQ=O-E2pD#vaMrxNK8zOQ_>X#PJJs{q)%}o8)G~tQJ zGc&cvQg^@cd7hF!BlTB9j%Y$&uy{@jh;wJ8UbOtYH6VQ;xvX^cs))QU)tQwhoN>R8 zd6RoxYK-x$iaf6m$PE#ho$AU;4>y5)pQF#cAvMvE->+&Q=ci7#czzXl=BCe2z1n#8 z2V@S&jI8Q3`)H%==ci^GayZC|9L}AeI^B@ICS;by^PUiDJMp~M(kg-Y{Jb%Bw((pO zk-4b_*)nw@i>;XZ+`p&ZWij6r;&JZc)JF{22I95l;#4`ij$G^k`3Hx1t}&$du_5FW zmewo~#e8M@;?#dxJa39T|B?EpBp06p@!InK)b|M0;qCxY>VxoXv$TE$qCEGxt5Q3R=g%S3uJnge4_jLK z-}-nqxpHb>)*+uR5QQ3a0|7a)3Hh_}oY#cxw;alf`qT$fe>LP%c)T=Lre4gZCUm$J z5&2ju-=cQ$nTTA&m*b>S8zSMTR{Mr3VjPK)fu zixK&J>N?};_+3L9x27IyDZq0)h`f}(%-2(o8qets#ND3yts#98`F83B5cUT|t{Vw%}oN~AUJ0|_P31m)A<@#9Q>2pt{7UtylegQ=K)aUl5uF9>0`U=R` zIGp=is&4W8PeA%WZZc#?M4n6SG~`!J$n&`r!G8~;{A_a1r;f-A`FljtX%O-={BfVd zKGyT5N zWodmqAkH10{z!fux%hq)QnFBw$54l-`we-q30Y~#xF;HE^`t*x$Vm~InEs5F;=F)t za>u0q+jtg7o>v8AML=$HC#G*Vo{vSIlhWTcWL*<-uOV9^a!PueA-@87lB3U^n*MQK zZKw73Dc8l(=T1vMWXSmunU#LRa(GcdHo4cP|CCp|SQ>fG1(6;uZ$h3m8TNyGp2N8} zq@T5z@8-^@{)Y7PRy#imq1I;pjZdVhzII3Cg7i2;o`}fX(^CxjOGFl>k1r@csV5ty zxIBFZyJtGwXb_*45b5D@0dej<>2nJz`x`;t$+0%`p7a|G`DjGmpYAI($|W8~i0K8! zb5rE`Ac)fXK8R22!|Asf^81J^Pru!An0qSadN}&riu5~T%pR$MD4w@Po&gZGxZ7^? zp*CTU-({iR9eF+uB8h!4AZs%pPcJrPAR^bLKVUI`8pK<_&!q>A=T?yKaIDRIF8wh> zj=a5r+?>8W=1@F+?#}cs%g>)es7-EL`sarH+k2hGv&lUGqEh@l@btN#fJla|3=~Im z2zkh)aY{sf7Lcd%g^}{`8kMc@GT&+Ee=ope+#ld?+-{H$e#-3-VXQd)`tE0 zeY&Mpy0Ho#Ups$fb6N^yJ;*&AeeRj`G(#SV$Y0VkT9wwmfH=25{aSeNE*RYUQ2Wzo zw>r`~97G!4=blZ!fj^(r;f@N(%>$=ki8L^n0dgE z++JUbh1nxByDW#jAd>T>?BvYDCc~2h(&t{0`K`(491w4fkIFpRD$9R)K>FNKnLilM z>d13!=7rW061#OeyWfbp&mEgdwMov`N1hWi#WwNW7LZc*#LOt;xi9jZlsTeJl79^z zsp1*To|Ku;mLm0^2cGTeS7)XevM(YtGOx6FI-hRj`IOA7ES@O=8O)xNd3Bp=@brL` zvZrOvwNUe7sM9lVG-Oc|GS|||({_}fr!uE!K+u+}1J5RRcIHy!`D{S?+_^$1#fwb; z`M&bJ%)2f1@4(}cxtRe&eie~7XFlGhuKv#;>Hk%~ydc9Lm_eT>b0?%P^EMD^%LxIw zKXWmNgJ)Jic4RNk+-Nb+2U)04?$XR{7W3uYeVAjDdv|89#q%-lK5snl1Cf003dp0` z_htURYI z)G(FeXb`opnb{JEQa?2y2eQ>nFQGczzk_&A&_QVqzw?6sNm4EbV2 zKACxwA@>C2tn77}w;1xXfQ)MSOlF}W&jjSc>}NBV8uI+NyqD7FZpbVdrrJ3!Ae-E} z%(7uOqT$jy@5!tOQ7NQ#LYNK9thBP{_jzQK+nBk{cqRm-&)o&0c+L!nbDJ`E81m*O zU#nCeL&{6d_VJN z3zcIcPo>!8evo;=LLDBEKDQl2bvh#;Ie_Nn3O=#Dlb=m3dsR_=NLA<|ucJ|bErL{WpoSQw@LVXFu_uX&I zo@dB+L3~LUWZz}+{4^kwvKM48H=ai$&n4M9Jd`5xyd%5Pc=CT~jJDpD{j?#yAR2K@ zN&iRovxb}o;#0podt-YFiM=HvS7g7|UZ%dzLGoPC=l_?z-O9cc9?kO2Vf&J#pPz4JUx;aGbiBziS}v+~l$Iak-wC4HNnO)GzLy^ltk_lP`^eYYX+XhN14vZM)lpCQX4vNu~Zr2T7+{QN2V(PEjh*Wr<_K9%`% zcC|_4O97dd8{P5~Lv9bq^xUkL+z3hR?tm<6c~{G8M<|}10byRE<&DPkyMWBf{YT52 z40$0Um$zIrLYgq*SzllDJ1vWhr#B!^WtIlyRUlgN*`EGD%X^IHoQQn5-~-O zrWGw8F`mx^s!7xqD)WJ$e-_=4olVFDL;lu;OzdWo9wx>Uun@gTM++i>H9By^j<}T>W5cAO>`q$^K%Uxo~X%ShI`wv6rM&$b3 zWri${$hzG7I_t#qk%)XX_hI9?E+V%Ema%&9vSVaCO zcY`5!MdW+AFBq~XB3pAe8uDC3evn&l$WYnu&wbTO`pN^19R4tO^Fcg6%6-j{(<9FV zxmyi+V?=i4?lk0*i2OXa$&jle@{8Pe47nj9yK{FNGE}Dz z+)hIVBF`UlzcS==5qUcIYeR02$iCcf4cQfuzvP}UWT-Co=bkiVsO-L?oAg)_4m4Xq2mvKVZmE?F`GiM6K!Y$fK9}g&Y?Vy+Q69e+m$a8c+_T1Lsd1XMB<7@fWeOy5PD~6f|(!%340U4J)5kzhI ze_}i*<_|OEt1;9``LTv0uKg9_*X*r-O93lOxYt0`l63T#$c*#dCfW@^6-(c}>VW56aJl`F9_b zpNsQL3>nh8x98tu$b~VUOY-kEq!y8P=HG9~EfHCizsisyoB84VM+~_)@+{An4H;_h zEAmxChU((#d>w7+a8JijAIT3G@?u1;&wtb;Hk{pN`nSn_KL0U`=Y)Xtxi1FfoQQlW ze~t0HH6mZmf5MQDMdTa#>kauvM828-oFPN?zA=A;ArD2KJM&*KWT=)m~kRU2RU z*XO>S|B@ly5&2I3D@hCbb7Dk(oWIR#@U(z@xn*bm9t$<3;lId#@1V4H=eJs@3t~JE z<$qwvyCd@3{7)>@P$~Y9-)-${MdbNo{+EV)EF%9KkWWYCF9G>xM4ksxD|jd(t^h&} z{xKry!o!B}H!*`WGKF6sl%H(jQA0*Yo|eMz3>hkWuJD8*Cq|xp;Yma0Mx;>qgCUnh zWNhKjhWuwl#ufG(vL+&3g})kdTSO)l{%Oe8h#Xxgj8wUP9g$ZRIt=++L|#)EH&W8* z$oP`p-154@MB_OkAbswv!laQSF&WbvNajt2V-1;m2(si5ty>a&bgTg_*|l?ugV2vkdu2L{=7F zXGlFF*A~vAa*ktN{EgpFxlVUF)SHaD6zXk8t%6!)l-BC6H0qa7Rijd@{(jP^DNtWB z>ffNg0oC{a(f0Q7U5@|%|8ZV4uVv9lLbP@D4x^?aT?tWAYAut5kS-XCsbqM~)+9yQ zWGM+nm>S|8LTY6wx@1yxElfff@9=#*pU3lfo-g!yf4;xl@AvB;clYyoTp#Dvah|Vp z@iCxfOjDJfQ+ieD1EnoWdzAt_(Y3jppwva_N~PPC%9Wl~s#2;^`cWy03-DyomUg02 zwh}#awOj90nyK`X(gvj{=kL@-<%W31Wb?~Vx=87Ir9!3YN>MKFs5@9`U(41^a|oV? ztl;rT1O3nCMy2)8xRFXFN)<}$lzvh=8Y|}YG}rO$Zfkpx5kxbD!rgot+Y!iz#6VCqp4Cyr5vTvN(t?N`;2Q)CR;PjJkaNG zScepc_nsv#DQPEYJGSP=YeBo1epaH7C0JKqsgcqNN^O)*Q|heLLn%k;N~PrmI2y znMQ$Vj4p|nf~bs3;!i8RB$ORr4%&{b+3{WKaN6J$?ac|GOOfB{CKE)pN;iE$gPDd4 zrJB1z!?@f>l@@?*V7Cl3is?9w1w%)r*w zpzQcUkR8ivA*0^NYH}8@afSAj;1(R|%z?37{W2=NX_sL3S1&QBAY}t|`+-P-~{& zLAgw=j>2;graqtwrrSWDGCc;OTs*S{WM}LzAY137@WmBNr-8oaxWP&jK>OLv0@*tM z8+3r(8jy$eVb5#=)o1z^bU4#bphiqdM;mhtQwxx-L08ZT>@EQ{XBwk!8p!VPi$J!1 zA1g(*s)hR((x#gveEy{!(~+RFK$)f~=sczqK|MjK<}}d7OmvJG1j>$I21lcnX|4m& z-ji-_2T}df&3&M2m}Y>6Gd-`gRJVQxva@76D39a52if`^(5*>$%bMa6=RLi7JsK%; z7rk|yD>uqHYRAdC z^<1T)AX}>_=O}GdE0@dP$D;@}$c^8HTrAzIL}O$f9j}Ny6Xopot;GCjEGKe)G}4x) zAwMF|Ob1CnD^VX<_kp@ELAFKpnp#RXEkSm_{O^6>TIrdnPhCwt6OCnm?f zOk?5bIgn>6l(vFqX`DSC9Bh`TK)sG~5zwO*ij>R&r^y&#YpiE4Lb^wb)87akP#)!I+(J zxp5jdOU=b)$J>JJ$Xo#W3UP_$=D_V`mk;`piTa?9X*wJo*A9N2vk+T<=eR16|32ls zOI<^JBg<|*9Tc^Q+JW;MT5gZUS7GZRoc0!wJpvbK+UQ7K0!K3^)jTNVnMx2Hy)*Hf zUw2gg2$aJ4eG0NI|5>STnscL+rYOCjPiIqoFT zMyAt1cJ%v$?2Nb>v=v+J>c=i7x+k$j*VNy!qibsG=(_G#xO78(Uk^_#)6Ep*QlDuC zh~{6Wc^-5)T&8&ybQ}n8T!Q|^^d2aKX&tB?Qw zfoSwo&8e-M@Jz+7~{6vv(NZfNW1jcaRNFvge9SlL=ab z{4&j1N@puwsFbZVNa;GI>y>U*8m|-=^2~jpjVR4CkAOCT{(iioYx&&xQ`lbeEOFv>I`Znf|#Rk!to}>v7nc9dDRnYn2^8RVX?} zq?VjA<@ct32lG*~H5iO$4!Yk|0&coE2!cE3_7XgIec zx;AsySDsmjt+dBy$3K=7?agPPn~eciXV_Rj$h*&{9xt{ANj!8!uFvqV$B)8%pbia^f`qsP>69_(iwY&$L@J&8Z-| zeo36W7s9>IHMmM?n9_|(`9e{P@K!mT?X^-6tyXyEO%UxLp4loCwLCkXe40&>n9B*` zFd`tkl5io&<}wmQYi?04iD@Tk+9yGFX1@vgh->hP(q5%ld$+ZPQYWQLl}0H|Qkn~* z*>teFWSV!dbpw~X0c87S8_2fk8<1U-rux~fR6k2pKTA}rPdOK=m334rOH?aMR4byW zE;;cZ#pT5Rqf{@;#^uBtDV?I!LFpW&UP?JimnmJNG)(D6r7=o(DcviCwO7#J=igIs zG+McF`hAL}SA-Jh>6>snIBuCxPW(L(^+8U2z0!82{X)5M|8#q7&y6=wItD~(quG>c zn!!>167PvmgWJR7;f^_|E8Ms2+_5+sh3t5q${2N_I z_)rklB|AP|$TO2c+qu1uf^503gW{a?CXiiCrnL;ZnoBo7z|oz5y7>(>0deUjrIWqG zEi};?yD8ix&V^RN=vp-0w1q2U*9|m-(_R94irp}f-5c)#&1XmSg2uhXZYG=^)wh*) zgD9{vZ$SrCKIsi&FnIP{&B3iew{YUE-*3r6!b+m3_ z9j#kfN9z{W(YnRod;BuwoPwNl<5vlJ=AXxxXneEdLlH+kly1g>Qjr#WsNTuBV|LPUnG&1c?jS!xdDOYU%OAJAQN;*8jjGFox({;AZcn{_$yV?nkj zyMpLU=b4LSt377hW7E}e_Fm&Ake$zTeQ*-@!M$*HU!|2Ddrq0FaVtP=5og!%vY6;h zXNjK3c4bE^cjqzfMhbhLKJ^?+i7grfN9E?m<3g#X1k@MK9@p%#^FcUU)982~9TVw@ zc^Oi8<{8A%6+mJc)I(Qt8Sh}LrD`Et1|5sj`RI5p;_U3CI(ud_;;6le`3=Kyas=mh zmD1-*KO=?R8lG#(Ge?4MM2f%9_FLf6&8gU00P;*XkR7+nK=$}N9#q0xqjivJa8ubu z^W||k>U*qwf*u7Oe2o6NvXj`h9Z35)(&om$RQg6JC;lCXX4n~q;^;2*3`232D9(~O z4=cyWnIOt9$#hj3tW==%h|;r4?=lJQuFn z*t#7p%8AcZdQHePpD6vVTU(rOXLe4!r_wOcQk3DD2S6*Bo|3H?U)}n>y0i=2{?QX; zufqmKgsVAwC3qVg^*D|+hr8MN6dcX_?D(4?s(q%Z0oj&Evu-;a9i?*OuFjr`YPAPj z?H-!i!_FbkoDHHL_sj^8-TJW7GNoFjhCN+e7p16`(UsOM*lJr;46-eX#^?#%`kqpB zjrjxIN8G1PFLV@*D&2L^zGdgeCrmUqzGU+1x%(cv2Kj{@U4tC{5v8DOkbg1J+0>?` zvuRg$bT-XpqO<9ECR*{gbBNaJZ3_zMn2GJKh^ab1gf5oltvoGl2uH_y!9JUD$@@jTgG7*+q*z{V+&icg4Ps& zcZw-`Kf?8fXPP2~-D_zrlHRpSJPXm8q&3p!#LtqroOrg<%}V)7ZNq0Ql8RSr3aPDm7Y+Vuk@1AJ3_hf)#^S` z`by~+q4tLQ^knoY7T0i=Y{x|BWO9i|26_jB`uxi^D z@xCA$-&8XMbT(Y#_|nw_z1ff(ACIj>ICDyhoOrp?e5FM~ct(J<=OMrLhSFN17WHID zEh6Wc4<$un+jgpRZ<<6`WZChgYEy_PPZ{+u)2+g}PgSP$8!4|HF9 zu&ufAE07EIOK$ucr4dRu3VCKUXfT%+y?J{VobCI^l%jWamuT8eAUZN+$A17_ja;(h zb+R=ZpCYz3$TST=w62$F8Yvy8)LbYho&lmdV{a7lOb-yfbBr%&gNAWUZwKAL{X%Pk zqnPMy`qyhDdyKG-RuL`HdDWi%=)5|f>-@NsmL0DYN;R~`I0;*G;w#1F#Mgqhqkiqp zE)c!vn-dRnT%DUKbrrfKewk99(13W6(sZR~gz%hBX`|9!knQI`)g3Vat36!%Q$RDA zx`L?xvf~$n=>8)+emTgdy-~LoD?O_8y3!h@T}r z8$osizgO}GI(HPvj(KaPGnCE+(bIzLc&^gTN)wc3DZQ-pzS1_OUxhNwVV4^b-OiPv4fY!6y z0;*x!2in3^Z?H=-Mf%>}5p3tJ4Y8G4gfAF??7hqRAiFoZt%+wzdNR5fX>;SZBF+;1 zH6Tm$9xV~(E}ZSFnX)xIzDV6VknQn3>i)SljBD>JTwT&Ywx$naEyLEYBixVNj%ce} z)kv%}t+W2lbsmfqL|B8D{IcU?#bw9u1KC?Om8z6JRr*0Gc9kp5ogwhvjUM@%$yU7S1hR9jhtky`+mnxDZuo0y z9xMQ*Ff9Q!X1Wn^X(0Q?ek&$AOIo7y>Z$DLJZK#~5hI5;J(2cI-b!cP&Yz8>e8L_qq}H(y>Ski_n< z;Lc##@&D&%i0I52ofo3>Wpsuer!9}p8qpaxI<`mW>4%WQwlX^JM@RYS3LrY$|NnKA zkFG|rN_>V}G5qgmaay0W=ksUKjvO9ew`!Ub|44cxC%#uH>1sPSa^lAeT@vpmG$1}u zC_8?GQe5dNrRa*sT@T^P99!*E+FcTdxAUcbIq{#w<-{9a<7&`W=^~{(r70j9nVk6Z zpzVCLi1y#;d>&l^MArvzNG{p&ZA#&_Zm(#o)L&`5(j2A5N*^liP&%L#U1c0U)Rl3t ztC39I+DmDOQjt=06pgM`qU()kG;W2`H%iIZxf*0Bby4c46kYK|*LtIM>jb44O0Oub z1lfINm%1N?@Hc+~cV+1hb0hfA(a(-I$5wj`>!1{kmTM8NXt8x5&+Gx9E13RyjJ4}} z*I=u>DF(`pN7rUIAg!%)G;@ly+;XABa~_?i=}JF0PJe@sC~@n1aCAqI8(*umPbl3a z4>x8UYLIS@0TnQvco5e?U9QHBQ1^hk+3G6QEmilWx}Vg!a*s4kN8lMaYH+024s;)p z>8@@d=mFlE2P$QXgUXr8bnATGxRpj50hS!t%ye5KcfJW~a- zZ^VBh6x9m9nudD?waShEtn`Nvo-O9tt+=)Y(Y}hmKrWP+OGmiZIhP(vmnhw&G*0Pm zAv_fXy^XY)=24Jccbo^JUrpobu*9JqAX|ggN;M#Q{)V^xL9};!X1`Ei4#?JY)9^-H zzjV_WM7gA!7D8wd=snZ`-_Qi{xS0z;tKpJNKXn5^whT&P>*7-27jqg%Y1eYv0ucRn zJ;_W0ZDjW_XcL!4x!Cuw{(CNSG?xXM%WINLPP__4b;*f;sPu)>H%dP#1vl9gN#-!6 zV?g#-R&79E*!qF?Fm(X!W9ki}F-kYIT1)dP-F({^>k<6ik6K=bxFj-^lWYLiSc%AjAyCh0G26Ww&Fi^p~G*HPS4 zaCXdT+~{}^&6mW{e-3ena*CIg-T_fh;;$%zC~cDY9CS3teFdW4O)~pI^c$EYbI8qZ zj9j^iTaUxm7M!*Ps0~wlP0u{O})(VGKFCN|2^@gN)54sZR^_cA{@VyYTg8m;ItorZ0|-h z;$yh&Tv`rSCvIT1n9tROsvT^sZ!XJh;_S1ED0- z2xPA#nuBO{AAd#R82e6T;@s_ot<<(8(*v}fDVo{3HKE*G#Es=ya+T6hAM0O_9 zTWbfOiIqtEKBss^iPElTN3+w?+t^ye?nBTPrcXh3>kpvq?COuj+c8XyLHn5gTm9@6 zz^@$V-V8ptYmWSE+uWY_zqO5e!|o~Vkk*px7rW=#{CZ%k9rNBwxu8F|R@Z@I>uC?T z9b|Kv3bH-EP`9oG+4C>0%r@W@v@&byV{AQ|-EL4*P^S3-L~o1Wd*kD54Ls9KsiRUq zrQt%UrVwO*y*x#?&Js#8)RVSFu20j=TiDtf<>G4)pp%)_fZ8#A0-`rB(#}!N@lAP^Z zf2)^D!@D0!^c@lF=nEy5=nEy5=nEy5qFSQsby3-2kF{&LlHdjdlDQfbor%YBP5<{A6motyBdslM zoKlJA{4mJo_XLRk`nVmV|K7IyIp>32$^745wJg-SyalqeX*I~Umqy0c%B{qBx)Ot5 zW1;V9Ug14jq?pQe{#|(%v3Sg zz`TW+&{T*SEhfp-h`9@9C1PSGCEeiPN;3)OBbY3v+}GLCiXspJ0wO6`aqsZrfof=SF5Ro2WN%!s35b4g3lCE1!sI zY?g9NsW}$LY#=kBIR#Z2D*X_cqs>4uRC)?b6Ej2%l}<6on4w}^D~>h!Y^Irx$oUAw z9BblYhQKs|InGRGQ=;S5)RftLVy=cw&76P4%>PHsqJPBDSBzXMPC!{rO_dmGMJt%& zO$JtpD27^b3d{*6ON?tpGt-kz)Q8PXKO2+mYS_#SV6)QDeL)uTX=dh1KGcVuVDJSD zF;x0FFwITVmQm?FVOp3hF|PEMW=JcFnPy7RV;3W)rO6lbG|c5NtxU0)l`z9$TAMO4 zyJ7NS{$(n}B$ePU6sCEr z*TKwZ)1)=kxk$(KWRu3GBz7xe79i$ilO^U}n3vde7c&#)-!K_wpqPa)OW5SGiE=*0 z#Mw-bEl12U#GGR0uqlacgn5_EQZYMVRtey>XgZC1$I{v^QJD{3J2$&3-ZUCmNHq5x>JVu{O3{Enw=iX)30(#GG#0 ziRmFRrVy=g2#3r9jG=I)C1vW-!!kMPn#>DPHs$-GrOfy%^BQVX_ zEMgOlatE`-8dHIoR*30fs{RqP%9_}6#GK4AwPM!5v}1EX%odn4V9qj4Pqe-9JxnJy z8P;f>JDMyuC9!(9aou`n0087hX_l?&6!6pNvDUCySAP1LT=W|qXXy$|pG zBBryc6w?=GIGZXlH^b1}=wfQbOoO4B(8biUDdPUQ38}go`YKc6KG@YXu_pGi1ry)dPBm@+ma#EgY`9OgVTQOvzCbJ>)$iDq4QGsha9W6vR`JAY3J zSIsdRi-l~~NX#S1=M|Xq%|0>nVBThfLlFMiaep7?0+S|&#(e{ucGl=@>0vrZ%*)7! z`ml%TEoK=E^|irdOmM%AxzNlK(-ekcE;N;5PKTkgdYLLQ zm%>n4y-bam+hO*=Tx4p+%!b*^28T^<>2jE#V0xQ0F`Hq2W7EzWo@3@?&-5{yt0|1|G?{Gc)5oM>6^(k8_LL;#bFs+~L!)yjo6gRlH&S8x8v4Q!rJ~U} zj!m8z+ACYb^fQyi(CD;dGmA}8tP@J_1e0xQ#AL&q&t?ysX-$U1^n>Yd+TnQ(%F=fA zHyx~rxiRf;dW&&m+TRQja})BRw&$39F_U0uEON|5F;7d(07G9MqISJ0F#}Acm<=!k zP@hXom6)Gk2C=CTH-9cQZNxO5Vvj8YO=mHu!O*c~ zAb&rIYIrdWwd*o7RAO#|p>|zn#))}AVg{MXViriuATvkIhZ1wSStRBgiMiZVi-|p8 z%NlGpi)jNxWeqm_#PpPyD@>SaTRKW&t}so+xc%ZvlOe|K7gw5Y*6@738ohdz+0Q0A zK3`=HSQ9IkvaT`>PouJmVsoXet4vEVl`wRC9%4F(Sq(#dIK=c8^R>iWZH9;m9<(u6 zn|v`%VW^+4F%!jP!BE?;F|)+rK9xqhRQY@p@A%rn$u2V9Ld0O3V#rzL;(> zbib2ls>Sq$p?=OYJFPL7!%RSZ^31*jGa2Sa{ssl2{=Ojr%B* za)ve2VQAb(nKUuaOU!7KCFb7}GureNvmA!b1-F>NVm86hasC!FO3e2XbE_#9lRVAF z+-l0jq{GZY4fD-nFVT#jA?SFZPx^e8DrXrc}!x) znx0}_k(jY&pfx&w#+f1iFeBI$#a1KLGpOM>Gg-_RFbmmKvWaHYII~!cn^EJ;2AfLD zy4`F}Ff?0kH??d^V*8LY-GgB1s)KFUuP_ud-ZW$r9RcnzO{~!)z#S$-j5`9{VY-R& zAHv_DLY)iDWHBi)Z?T!hCOXStxq|<#tk)PZRfxIMRB}wT7u;U_6Z zC8iDXq4^v)8^oLmL&uG{*~(_6xd4XRj&Iev*T!w^HIKVcT1&8cE^=R1bYDr-zSV(ws*e~!($JxmGA zQ>Nd!)^vxN0yEd_6f;oFJTsuXjTr`0hM1>Klk>?;Gk3wvfO*C&7Bdy*NtpSj;sP7< zB+PR#&zVJRqP^*Pv(uW`>xijD%=4z!8nXiC4K}znz`r6k%U~)@mYB~Gvl?ch86u_* z<`b9~&CZ^bs?bo(7ceiGaTk)AX6ikRH3yhiOo5nIFb7~>HN|4ihY4!%My8p}#?Crg zJ6&wb*w{VAnni5vTuni$#b!<~D$AOqU|u%^E+SJByAC~+?vnh<-26Hl-5fU>2 zhUVcrW|YLtfT2C*9aA7NFTk9JRLe}U#4Le1lg(6#`9NZpn{qZqu^Ne4ZstnNE|@Mz zRb?t9=6jg)*esTq-(h;etT0O@CN>@S1#GBQSj%m2B+R8SE6pm7iH@r)P47Mwv)gNp z80xW=^uPGGvfimMS8yt8mLJj$hW^6&N;8;KRdFghV!vx9vWezTwV9e=u1BhBQ&y@~D`Tz|>&*x@MX_;+xfl7YH>1Q%gPFpn zz@{>;6&p<0m&z(K&mo3JaD(Z_X1VX$wZSZrm?emzG2Lj|^rKYMOf^gya{k!NWn<^h zY?vCeIGb~h?Lf@4Fq_PNG2e;#%(UxIF(t7-U|vDYX464TqerkevFXlc`JpGlEQ8r% zdW$(1rkc$tHbt>PFdxBuZpN{h5W5X#Bb#zD_o zicMAW7cf-T7iNQ)A7Hk!*~+FkR<9iIXuxbWd&C?C^DUc{9BO-2ax0kqFxyNcG3UYj z#wLwTiMbkv&Q{yad@;jdyif6sEmJdq`_PPmsSmT$>=9D}(~wPFf@uP?%S^r`O4S19 zOGCdd##nGZC$gzaFsH%nF;jDG41IUA6U1agm}?QU&&+32X3mA7 zGtoZN?lQ_J+AF^| zI}EkmcxhL&@s4=Z_Lv9Brd~@J>M`G&B{3agUWEy~rq|e1y4Gh&16hhHt-&^ z$Dd|i+D(*dx;YW18&Wm%=-v3lEBrKXa)P1bbDCG4VCd>J-J8oMx;ky4Wu1+j>0H@L zjXT3eraxl(q4daH2}4(LYU<^|(794ggS%mJ|B`At%;3M6xiECpYUNdO4WsLpR^DPZ zyOZBQ%r%^9shE{8beG-As}i#YhK|^+ylOFDz~phNHDdO_jA2tF=6jesVOo1zt?_;n z)5hB)<`0+&h&jot6;pq{nOS<5z_+Z z3BIinoS0q=>D|5*MUvctL?pR zHlO4nNVT3*b+^XLgP}fb@AVXO8w}OCz1N#fV$SqS1FK&%@2TI=wbB0$erU-^&&h#dWnFK?tD`$D-VrT@vModR< zju_YToxJ&CsOM=+J9!misOR^=boMI6xKZxvEfPaLUx%2py`^lToZEWcqk%~-zuY;JKVlMIW#C!+S95DmEssux+27C0zJhkEv#GC?i zl{ZmL%H!5t?JX741cp*w>+KQKO3W~?>8&=OESNJ8GtwI%rUy(nm^^Qyn9E@gkv6u-kwDOTO<_PpycKt7E-}Z0t4v5afKj*MUuyc?o6Z!HoCleR5oD@xDVj-{H--CbkqY zbRAycRkA6JeF8%<1>RDL*$YF*-aEZ&i3#W6eKzELr&l8}$HLHE(p}zGi8%>|?vn2E z_DM`f7`g+x+p80E0nA;<=WZ{&&EQ{2tUt^In7B8044LWX3Yh!YG#P769?UeDd%WTV z^C-*&Z{RqJiLM6k^G2{KGIt}@(}=mxE4ZCvqARpX-c&ZW59$8&es2$(=zeF4x6c~A zmzm-X9#8p1cP>-Bv^zLwL-%oX_5OgD&&KBb0!n|-o5g0Oxo-~s-Y3jdoj;Gjya6*! z&1{&ZFb_G?U>*#OSE)1gUYAs*UPVG#H0#Q|rEKh*7%PxZnODOmI+B!m`)n$+7WsU{ zF|`E-|BBdbf|>4R+-c25#O#21#2b=eYGKN~S!|;D{HV9Yn%Fj^qB=k7Rf#zOLv!p= zZ;hCvpRh4Ay&5s6!BEUhZ>N|(Fmx84<<*M09EOg@v%ESnBPE~5F!89)C9!10>3D!Ia(+8%~t7S9I%!9cM<|S_t z&PjAt`3B6@FpIna_gb?V=4O~zz0GWT9=02F$y*e>XVWz^o;l=PA zm#%U*Ut@Jg`xGIrD~Q_%wNnJ z7#f{-G-ewN&AQ0^ATi4{#-D3rB69@H`6zw4#+(Y%?=Pm8#8hd_aEXabG0b43TH#{q zJpe=da%3J>Gnm_M_qgjg)kHSClU>_adQ-)?wy*SNiE(Xz*PAQGwf$YMQjBYRwYOM| zYkRdgY;h|NmR_1J1JO^oX?{M?HFt!(fvQjJ5-ky#IO*I&#RFmyM8 zSF~-adUOvv0Wp!GyGSx0c`dmtdtRpTTH|G~*`4glTH|Gjab@9i5mFyl)>^Nd%_p`O zrI#Y-wO&6lf5OaQ^Y{AT=N2}fdagd}ydj(_S_xe5jbO7f=E_>{z{oKH6~uBDqjdV2szzu23Ip(Dv=ZvdNZ z-Ul!=?pwUUY^pqWf4apRV)N0X`W7#rO;HSw1xz){+Ts<6sSmT7%|tPcVAjKY?oAcb z2If;Xv&3|ke7^AL`6ABUv0jqT7aqM~fLR(F2t&`Lwt9=j+yp~wAX~jEHifZb7&;zq z(@~!K4>J#j>J!Dh{Ery7FK_cUaL&Ah?zad zUg>@9ZJzemRNr_z*+i+n@$w#`nBAUBRqMv99$n?qd)?ov3FqTp4>jEDH7cc4b}WvE z+2_$yK$N~$uJ$+RI*uK->rx5_ZEwB>*4#ohGmpbRm`nX|Kz2Kack5+ zdEMAdGZ!G|bCC1T-hMW==dXbI)r&n$`9ycMzj+zBlBTPIE0F3s#Qf%Ev5Ags|M9xB zsWNV@@;}}IF>XEcfVbok%BRY>wbS3dnsRI0dgdQqID9>dfxce zZ19c;YDg=XYVA zWMlW`O)%;Hs=uXb?r&fd&4lKD7S1<``(O)yGMlImTl#dCN}N$G{l#o->0hF(mVOq_ z9CS`O9d)L2K^wobmMevxMk_L%X|NK8`sZ{tYhjK>Ok{q5 zNlP^KQc*(dznJ4-PJubYExG*Iq!M9r*!sbiJ1jMGqbZlpG{HBU59t^E5*3$ z@GkxmF?20KWp(wd#L%?_mDSZ>BjzXMd_MZ{Y`;cKP+{*=&h~eTp=$}sr<-3ZhOQ+j zpKgAgm{g>qm~(u*kU+f=YX(Cx=lCgNPJy9o^>h8EY@##cx&8obb7vyz!*l&1Y)WG8 zs-U|+f=!WL6?FIWCFX4Wmr6h1FOZmi_%D@yzCV$TJ;zbb7sv=MKm2NJ=?Bx(uaH#k zI-#e(h)r~z(9>VaCaUv=e##5nQr?>==L`KN*2Hc`EL{m-oL&L*05{rqAvZr1hlCyQ~juAg5n z#?88He~uV8>$3d{Hc@^0`;}~pVhg1e{r$yaR!A%Q`&DAxy=RWUN{qYr%<*fi(RK~+ zce07f%Juh1s?VgXTz{XKJyKS#e?ZJn5_72^F5uCL`Pf3eda2*g8ZB#}-;zyK)*!zP zn`o2=>HdB=@}cpHOf$)Okl*`nIbZJ2O)ytrbguAI7E*n-CAXD)uJRj+86){z<)^VJ ziP1b9hEzlRHf-!XyqQfFnO4}}XtQ+BnV%&@x;irgkGirq2giUlD8|kNsamTTd zeugz#!|VN_35IHz=U1>PiG3?Ay~$rB<`-${P5x3b9>#=5@MgbSOk)_D8#ntK#GDL6 zd+sQIvzQJrwC9fU_ppgZaJ0Wqj2pqx{sA`jY);37Tl}mSc^+~rsLuKRWHwQ+j`7RH zxLzIO&k^H#b*w*EjO*30euWsuyYBRxh;gmB%TE*IT5*@3!KNtY)}!wB zv&6XdsJs1cY@$6k?svB_T<6YoSvDlx8q9`IM$RJsp7;BOG)_Q41Itzz6h_@KW>jN1nv z^!JN#``}dnfEc$APW5ApqP>agJk4*(CaU2>eufxV!-xESY)bU1=^=lh%_rvO{6qdw ziE;P%rGB2oxZ`T6KTcxY%q;Wc660oOnLk-#+_l8Rei@tSTH;}Uj*a1-e+sRb?$=1F zff$|VU>@xY#v<^Fz&q4mR8+29pT{3|gNk?KvD8GcJPD?Ku+ zU}pNUS1HDt&tYc!0}{+PFmwE^Z0udqZ!k~!b=JflMm}_nJMF!6_v;eONSG>r&r;6EEJVy` zm=*r!ccPpNVBYmpma)-Zt@ay

rm!Hdp&C*%axDbhV$srZ7fl$RgxZ?RT)L%&#z$ zVBYid#2kS$Nh!?x{vt7_!aND{p(^it1ZoY>36XpwloR~V8 zdRTiV1JL+3*p!2@c(67##7-(jfjfB3cU(M;H#?4HZ~;qMdUo*ez* z*NJh*xVGwL!W6PQbQ!i+`it1xcIZRTJ#U?sa z$AZpm3iV7K3wpBIoqQ(h^8`{Q2mK_bJIpg|2HO}f8-~Wcen2H*|7tJ@W&zBhYDU4l zmT2mgz^s5t2}W@~QU9a_aVg!6PJ^IWj2oQ>!DKORbQ%QZVqEEm1#`r>(hmzN*lhFY z3W7>MJlJ4kbW9HqwyvgD;B6MH4bv04hC$XxWJ=9Cr1}7W5)&=Y^sdQ=h&b^jLYY^piYeI`KAG0^8ZUdO@oGPqI{YL8^pL&$LpB7BS~c3 z@h39Zqt5i)Dl+cK78$ov5t(sFMf=4GTGkX8+IJ%JBn&;lY^E``r!bBRwb=g=TD2EVU0Cz z{z~HK{qk($krz4DaIYy zP7L}^bF>eh8f@51rqJ|6yN*X$ zZG*}!)?5qI5~f|S^m8)yD)(fV%wWJ5WJ+RgX0{K8ilOg{oQ|0GK^~jJ7=KrU%{Ym< z3pt+)lNC%B<7PruP{yW+zl}iOImrrUNj~&#gr1ygzQoXb1$|*o4=TmbRoo?Pmar)? z52CEWFlPiQTe;3`hQV|QmL{07Fr9+@ZBfibn65#EnEA+O8qC?jPBzh7dFKTC*-S9i zh?$9)bArL!DW3^u8_YbI^Ma{6$Q1Jx?3*w>f|fhUL~rh07<6D``c6Eh4s)1G^2FjY*En)zZX)hrdWPEC!NJ!O^~ zvz1MB)VegNvnKWwV(1Gzmj?Jj6OYcnVdx7ymj)?fK7gskY#A6d60;NL2R7Zs{4Oz< z1--=__qvU_EEp)}EEvjXP%uPHw!{ny^2CgU`4usj2l--3VCcMac@Sq)6m!3=7#x&Y zW1d0`U4aY^cCwjf-hrVb|KOmOjorV@4yMEC-<1pt zdW&)IEDZ|=h;eTg4GTtzaqkfg3nq(k?-30Ps>Hb8rwk8Pv5DR+8Xjz5vpl%qAw1JW zyM_mCzM=jpGP$TT9qUE}S!|-Wk4EUR#XZ-HjC-yZnW4ysjz}Xl)i@YBYDLB!wXW9~ zchriEJICFiF_R^q$hiB#JdK$pF_Bp)^|?`F-jbNexL&m)t2sYc2KbL&+gHd9#unt6hm>(2~nFK@q zd|OZ~X0ycH7EEQcJK6Q&n4nyY>%%d@TuF5*){`iou|b8HA{Z)bY_M2Njl_%#mWnwM zYfcn1E?6aIJPfTH-yUob^F9o%HQgR;6?5#{wyg2N9x+$LP(I^>{bJ_B&^7iQK}s$4 z^S0z)VCY@7JAw{kE?8>wDG0iWnW3hqm|ZZGb3rhGO>xZ4%sYd@V%*HUGZ-Pp&CI)k zQDWT8yelXW<7VC6L9rM&>+TMwigB|p9+Zo5vo0RY7321%!k|Ko+nWl5#cT>=neW(^ z-V>}6b1n?E>z<&NO|&9Z|Qj4BGkZw>xMXY-PvQG%gw#gqh{+3faQs(XXj zUP@JBu0%d`OqdibVN+;E!<>hlCk30?L^}HhyF7lZd#KjcC ze88qsOeqYVE1wP)i>ZL2cdefes@Uw-yQF7=ydSB~(OuH~VB&r{0{3dCF|F_pn&G5Hcx8O&l+6f1(E^@JCLxndrHp=**CgGw>aOUz5bVli(^%u7KP z8{5xxU+{9UfsMUpqi@bE3brQ1>_97C4Tk(oy&AW=gK9Rrlil6cJHZ+;?r!UyppK0#{acj& zP7wRW&W#_QvSYC4D#7T^{EaD#JKuY2NT(p=+WlAV5%5* zw0SR>#U?u1ydTUJII?1P{x!O#eP7_4Cv)n`pmBgWNdO|X+q)b_PO zt(Y6oKeRWk4Z=Dai>N+pgA_5YK5K&}V%%EXx*$!ATZ>y4WU#TL{3mL-J}6Ewv7LD0 z6HH|j)ww1p7vt(&6U-Ik#`M#mLW~>JPlLs5qIPWxma>Uju_>q)<65yP*dXR^wEYOw z=d)lZn`kC{7SxJyGvTwKj!j|gA?dNr!2vdQk86T_HV5Uu@_gp;Y6i0<=tS7g6V>oT|tKfl*-0*huIwrV6*(ti~ntZC9x+MEQVGX=$(o^ z!3diw=B|;x3Py=>*GOLl1!Cr-U369Xbxf7qC_)s&055{CAI?}7?8rDinD0M2L0pPb4RORDdK zIyTcd<|@Q|AG9+bf~J|-h@m%Qe+cG_c?o7XVtx!JdlX}T5l?5L{lQi?rTojyQHc2| z80u3@sac6s<6wRc_OP+Phb@7r3zh^FV@)Z{uR)V~*3g^hkHP#W*q>mYhxt7ikVG-l z%x>iT3e2BD$|0PJ=PF%!ny?X@X!Xg2gT=VjCld}8<5r(cm?vf*a;6m_FDw?5veKDZ zVlvb$5_6H7Rbp;Yvr|l|nge1MsA&|VR+PrpsmT!Yo0{%oj(OMBXRw$v)#QuGRWn&k zfttBu9#OMI%&TfPh3x2+hYrlpvB)N~dzTg?D5Z>Y%=^Rb#@F~6&s zC8jZ+n%X(GNX(gPR*4y+W~Z1EH3!7ZRnzED+lpmsGQ@0C(_M`Bfh&Emn4{F>i#bWn zWHINenJea2HA}=yQ?o(L(`stPyrCvcv31_1rm2|U)MSY{a+RxdZ!xE+87iiingTH+ z)s%@TRZ}76MKx7oHmcby<{LHp#l-N8)Q(_E1KWx;H7&)oSJPQcA2kEST(2fi%oH`n zV&54SOWVb;Qg zVdsX{TmiEa=8$lXn9(rbz{J8TF}K6~36mUd7Bc}RwhPb1!-lCgpBXTzFb%>oHl^lC zF^7lMVk%);ASN|zcqFC5IR)kvm?OiCqpYcg=?c?0OlxdS>?52jVVZ>bM_ZE)b0y5N zVY!$NVvY-!i0KV86fsT1&0MSu{IUOJPVT%R*9h)GN*?7#1y0SN|<(G?Qu5MlVVN_+Z=Dr zQkd5flNF8=^PZT~!&PE7z|gx!XM|ZN*i>J_yn|F7!hH$m1DK9sMKc>i--_7?(>WZN zX3ZZ+^#x4Vuv@w{hpfR9d6;v;J!0r7`HwK?hI!3x44DHk=Y>OBThkb+4%v<0O@#Zz zw1hbVrbjsRUs24lFc*el8*92E=46gK*v`i2%F-=ijTrY1!>!@g)1%U7p@#Wk=QASn63p1J`4Q5=p*qYd#sNpi0 z@!?W2_rcJ5%lNRGO<`;n46V0}4{Ic5Aq=hm+!1b-n73i*s{4*`pTv9w^C5CB2i)2sn6WVR5i>dL$)?augER7})7*?~f&%0Z}JQS`GvjVA3W>dpvw|)Wap>PkIZOI!EL-$_~g|!kx-)Ey= z**p|>Kbu-w63gD`%vLeisM*iPehbc~I?#=KEOr}WGP(4I=aAW*Oy3rx_x&CUhlrtX zi=By>(y+=J{>~ejhr_IMIh9A>d82pL9tr1&p)Y`uDGy`k*%taE-*c?~lz2YsAp^$ND1Gtgu6O%6XeN6{!ZnJQkL*+3iv36!Unv zNDO^{Y&guEaD$|BUw)etZe~-$Usa-~w{yZ;F?7#Jb9GMG=zJ6OcCSOd*_Bt#JKg|d10Cux86H1%n;+& zd!G)o#JKg|r^9Yy!jJ9zc_!>BrU?wKem@fq5R)M>^TWYnawKMcI6};L7+(DjH;Z`) zhK?l9hC8h>&%)e=-gq`NeYmCOB^dgm=JVm;1XF^Tig2-*HxTmx%z|(~n`wsL8haRK zVVH6;^_Ro6zBc9$GKg6eR>kC!x}O9VwQ$m#T3GPja2W1wPGHC z`5tCjSSMyCOdZVfFqUomXFkjyFjZkgF|WXcU*V1Vu!)#uVpfJ}Vm^X76fy6HZNzLA zQysPw^A*eyhAs)F$2Y{4P*W7m|h376#MeJuq7M2=bnL7>%(zuqUQx0 z!{UUPZix9LEK4wbU^a#G6U-o(En%A+Dyt|)zonwp!fjzYG4xw1S}oibc4jjnMsLAg zk5t>k?raKUx1ffj*z{vlYKmaS!t4k~*?i1Q82Zxe&ai?_m3{?cSGeaADn0tn!0s?3 z*BbXVi7&&Ums;b#Jg_IMV>8YCAF}R0uCKBG1NezP=UnHU>q7`(XoL`AA=3y$2(ceF zLI|M|VsVF3O9-VcA!LRjw=gsAY_XOQLMHB^k!i#o#FJaVo>S?lBTXHiUp^){phG7`Um<=>E(AV0@XolP;7)_Shbf8rC))8c%N zcajk^8ehk<3xv)ozr+tIX|N82&_Fwk00R}v!?eS@f$eiOq4~lpnt?$=Tpu#;$jG$PdCO3B~{{P2ptbM z#wT*j{SZ3Vjm4+4JPe_^+_Cs97PC_NpYc;UAG1>WpYeGti;#-maN86=i)9&vo@8x` zFVy)2tMF}(?@-bmM{8Eo@n>`V)C;K2T6)kMo8u>37|Mr`@%UyXRTjNTx*GD|cu_zx zRTix}{uSh}_&z1!`OAt7DrpphNVN_zR%DoEB#==S`XxafGsZ$sX0=!sQCW@Rk06y` z+4>6;lfbflAW1B{1(M7{zeuQaPGxcKFp|!a8l=k9VjT_{QLQLu$zq9%w8g~yhM27) zLrNN~(>Z4ANYcgBim-p;Bls`=x+51LW;0T4Db^483LuCnM2vtqTgbK$cMI7O;%^}n zAln2|!ewp0g-}^L1abqHwc{2-W$nC$P+7ZdAyn3cKq|PbRRMw;|gvvU63!$Kl2ZeD^MB-%|B>(hN5%r_Q{zxS2T4I$r$z>q ztaD9Sr$t6tOj)Nzut+S%>N?kyby_5W#guhgB$>sOby_4{NrUkJt=~30EmEXo;>?&o zEm9UE)Q7o|S{5_r&xo|d2=!rJq%B6M56_Nt#0d4_j7Xo78jJEd5HdS5$T4Ow$d8Q1 z2$g<*#41!RjWc_}g^|P$Cy3k*2rLtQ0cct zMp?|BQW=TARQCo6m0lG|j1ek*UL++(sPx)MrjiIMA~_sm_MQ78vtoowua6Y5 zn0@E|NO_D<>GLCXF+!y`MOtEnN`ElYuB67Ie5mwCBArSatz?WtI)=AK;xAK2W9vYc z$0LbK!o6T&B#FiB1q&k+Sj=9qFp|t-_JW0x6c)1=ER3XT3C8@wNLq|g+ny}gmr z7@@M>kCd^P(feVfJVvOjk0KQ@LS=mtsg4mUYjvcS#f;T2B6TrBW&Jx+&tk^vmy!7~ zLS=m&X^s&pYi*<@MyRZzNUIV(GU=LRII>tt_}%UH2=&Hqk?AaE^lpq4#t4-)7Aa>jqjyuJHb$td@km>Y zP+5OP`eTI3inFaNbbZX|jo1k>LS@-@DvKGt!p?{hD$BEH#R!!p?TQ$ovbMF`Sj_0% z!S09=Dl5_MXECF9CwnkPsH`MA{z_eEilMT0wbNpR%G%wY#bQS9M7t1KG>1gr9UqRI54XFN)QEF24(TrGD7#llrMMJAd%;om8jdM}(0kOA?NOF;2wgQz zwvjFVx}$eN=$q@wcKp>;R+VT8Vv<;14f085c?&}CV^6lzl*|+FLukeIqwVP|-$Q7n zwWIBPC6(fL2(3hSv|X%ZzSw$=UN0`ou251fc7@O{T4vd`oa$f*y``LGH!Eon$8)MF zb{ofB&Z(x@ol2T4nm;@aJvPP8xrW+RW8I1vs!z6Et)$y(gq)6;Y&)?;^}O{EgnHvR z?w^&;Q;@R}bDZ6!V&++|L1_KM<2j})vK%rSF(;T_jl2iBa0^)jDT16B#E@JMIXRFY zA?1)$?Br{yKI`I4KBw7jEGD1R?ZoSJjLGLrdpe8B=PY}^k}B)J$hitRPqW9AR9ZWH zsqb^A+hy0Q{t4cRCQ&#oPsChAnQ;F=j@3 zrd`Bx6qkOEoqQw3=RF;zv^DJbRoz5}?@-k$0&|^iA*CFQyax3Ib$a#T0 z3h9C52STYngq$D9>yXuu3j*nddk{sv)E*u=7}c zg8ZOlmXft`n;}%^i|kUCQ@_%6zSwSOc>+RpzQh)DsejhSjX|i+g?0+dv0v*tUuqY! z+zz2SUuHKe3Fme$w_BBj?@(QC53`tes4llhS2VjwrGd%BVh#;-^4T zS#};YG1)9f1Tu?dW*{Xj*920_a&I85N}9wIkYCWQB6~5*a>zy{?MlM_xx(&cG5vF; zJ;q}C=PEn*W;HT{F<)#?R}wyFEVlDm%yY(KyNJbn=R3zP))G8toMY$xgK`evV87b# zD&MlKYwTVndh7g!R$ODJ+@ewit9)N;r?HsQueCFk)QHc~cJU+bckFB>mEvc}HcE0i zm8s$NcAl1?hS%HEZ`-nlrM9RfskF9Ui?b*4xxvn6*$%Qlq%7Dk4#yexNXX4bqWdF; z&P2Bcax8?-M4`;!nA?JwD>){V+c>5oh-v1S3VV&JPq=PsrJZ_voa*OCTlL)X?RJrp zaIdVgOO)t-rai98uF$E1ey+A_Sxi4y+w)mWAI`IzwFG@Q&z?}FOE*uGYwS@ax~x;s zKX=&K)hZ?^>rOj|#guiYUBF_>y2~z9(hxk$zRNDwF+u5f*{SokEd6e~y@sUHdU36O znp0GgIVi~0Ja-k!x`>RfLZDybB2qAa?WXs}Cl zOi;rHdseN=IaqPxemm(dk_PKzq?&`$8|`IEDy8mZ1T>N$QlWTBnBfFzt3eZnqMqPOWMh?%o00ENtZ<_HYYo>$o;EM_n0wnw!D(+Syuyvfj13SWH>(*%eQ1 z+0tISR*NV^=})i5Q#`v_i&X-lCqBLQFw0F4dS~E$d+O6FAM19=spy{%?Tp1*>LK*B z{UdvT|g79n-<`iCw_b3!yg+`t25$0hUkgekGOG51eYXUHI<@zBY{vVki zBXkD&%AYa(STEw3yi_Sz}+M_IyA$=zL(jI3qPximEczu58ZBn?&x$gB|K@5%OP#%HMStgWMA@s!XH@jcu ztnZFLK+YTNq!+2IweClVp^>oBPG(8`PUpPQPGz|YLOE}=(^)zo>RF_nrDUCJzUv>e zrz#1*>mRf8IF(s>;7@y&lIma_{%IGmm{$C07qOUD{Ari6n6_`S%UR49VVmq~CE-{6 zo9sFz;TQUw?0O~P@o}W?386mR zY;R!6h0w^{Y~v@K(9e~kfMdpO!BWaG<94EwaMboP|~&`UUd09seq&3eTRFQ>4YBH$%n{V>!!| zggqATjA>Cl=KX{xkB+sB@~IJ#@AYVjcM@1kAI3XLET#|RofH$psUl9A7HblOj?WRN zNJ-c~wzG!C^pE2dyhf$34f@A%s##3`IL@$=uzwsU>vh$3wHDJ(XocfU)e_vp3a6N3 z=*=1G4dHYs34232<645=kWT!+wyckI(pgM>q%&Vh*e>aevY2*7omm}Q)-dW6XbEb# zjZ@1priR-%14_agZtrY}5gM7>JMs<6xkjAGJ->sK%rXr^d-o1bHp@j28sUjf4$Jir z$|up8&N6}X+0n^YQYq$fsvVs|mU}tXj!ub^ua1D2JGLor+aj{)W)+FDEG5ISP-<)kPH zTd|jeZ1L9}$wJJj$aycPP{o8>aBrtvi&$B!x5eI0HA^3aw#D8~JqxXlOWP~OX=ZsG zLNO`MA|+wz`#8N?fu%&s*8s;jEi8{gu0UDGI;Fi76Xuic zEYc!gLk#_bQnu5^vKm6app@+_WBCn2*FVQOok}W&yIx=a9Ov|M%$^X6Io|2#n4>x7 zcxO;ac%(hSS@b^DXKkE0vYp_xd_WTJ-6uHleOk=kJ=Muk(qNr~oT*(?ojjH+AlE@o zbe3odj&&zHYdD5}afbHylbvxTVQ-w~qI<8A>WeJ)}%YHpe^xIT8Jn z>*TP!0ij-N|G58FH7BMJ$mYaGmg3oOOoNrleBr0--yFGn{1{ zV~&t#I-N?wK0MP|gL8UpAD-!qVsDM@!!w;(IC{ihE$2BcN^~DKp+0%eGA%)mo#hO2 zjOnqn91Hb~9X~T1p(LC&n&FhNn9)1aY5#wz&T)E`=sk{(E$296Iz}8sy)l3pX$L<% zM`eklA#~L=%c0+UB{>DsiaO7B5?N+Ko>G#`atX(r>!h;G;h1xs43@bZbDopMQq3{v zIXNs19FyN6W6pO+SbpM| z3!P?`KRKqrX=Sm0)NLI=tJ7;ZrqD@cso-O8gUoU2l!WJkYn_%Dp|)S^^eWNgkm_@t)6YWVkYcWL23cqv zQq1+vFbj=Cin-pQ--n{{OyiJZN}X{Q8iy29>WHs(42?rN+T7qIu+TW9qsLzLiyb2Y+#|W`Vo3#t~1U;V|9%ZF{sO;u}b-rISDK@RwDduJ;lZD1A#oX-BD(lpC8mkoZ4=0y}#wx}9!=Y8yDMpT1)-Y;V z?kr}Z=P5rcNy42z#nAJV-;`9dm}BNGPMs1x4*x{VEe@?|jB7SQ?J1Q&uZNWR8P9@nK$i zbC1)hMKmF18^qk>^sqb+NmSC$Vy?{Zb=I($EAxAuVU{kW+6}4hb4FR-homSOSF+AE z^Ahz={P(IAuDLg_cO;9sqpx=oSS94~W&Sft&qY}e zIt3~w?D-a_REyY%m1!%|2UOO z;q)uPnodYXN2E8MHA*T)6NHXPZ#u(DR{GCy%v($<2a_v$x_lJ@*(sk&MK!iMh-+v zyPeh;QD3z<%d}WUoT|qeiIGW2^^TK0My+VFu13t!koTNomf{=rcR=quOSGu7`BcPw z;B>OkQIw?5=~WUQML%{1Sj^S?C(fXfMr$t0Is>Ub;XP%ga~tFwNPi%8kn@#H|5MlS zA;_hWPo4D5TAqPi1NqFU9VcnDNN$3B?kxJRmKBiOAzwJCHS3L&Uq_g*;MCsaVF=8Sj1v-_C$h1G5W~1 zEy|LjR!L1TtCk?@l~f9I?oJRbO2YMfw-cR8*12ZY*6l7i&1i ztj)W<7*^8lnzea%5F?z*tj)WF*ubgYMoTB4&N~Q8sFnu5FrFxcl5l0kVdVn}uu6O`yJ zcp6IILzE~9pOqwwG9}@&l4McMF{Ymt65_T7i49iK0bG z*v}KiA|+uzPZUd7%o@lOMTe5G=O>CzC1KA`6unwhKhHqBCW?U=xe&6qnC@@c&-;jc z7SqrBh$5C5YxTaouP9-;5<+L{eMPwzRn`^Ac|XyjWS#rOV_5G3cZ&yzMVu-FJx|;8 z0MWy;Kj(aa=wmsSb3Q<)Xj&^A3<^s%f!>2wUw5(6wBLMSFn46%F-p?77c zh!K{bAZ@766fveGtn)FVZCh1mYcpbAM9eV)yCnX)BGKQpWCyZ8CeNb0`;a%!xtFH5_xI$V{Lb>SIDTNp&_!D5ai=ZYQ{S_PJlQRj(1 z7WWT*lsHeUVL1$9;a)6XBqXY>BTf!vD$4~B>al#0%TflRI_Ha7O0dc$$DA+bvn=A6 z^TmW6Dd$SD6hgDs7l>RX;ofwC$X8Njy^k1r4ts%UXITrOCs`MYPL|CO4|Tp!wC+SX zH(1+k)GIF)h*2e#)qtA}>acL#pdUv6kSde!VDV zF-P_5MFopFs+Wpd7IRcD74x;I{>eekH;67J;i@=uML&yq!+)+AVlnr6WnzPpm0OuR zyD}jsP`g%cW$x_C!~`XcRxf%Z4`tmXrnAsmwzDBOixQTvAvA|}i&)HJR#CfE^s@Yo zm?EUQO;qeoWi?s}V>k;#Za2r($i9#&NL3&ikb5EX#0Hg0A8Bcu)`;nQP(C%{RK(DB zzeD6JsTAi!DCQ1P%rPa91<0pXl(JMo9#&GJq*^pV=v#(6MJ?y^IAkGW?i9@&L#tRn z1G!7Iaty6v{eqHqj-fSi=}U^c#WI%V5PFB|ZZV()??^+arF9}VnOe~uXIgr%=uy%Y z*M}JTYU4gJ!18a%(b#wHb6`amLk zBGq!_bH7Oy$$-$_-55wNWN%!HZYisfs!>dzNUhLY=Y7b0(HkS5L7GfHK@FQl>Ryy; zooi~?EYev_4Vy)lk}5G9rPG=Q4~o3KDb+kdYX#G_@q?UmSM;(VW|oQxuZe~s zqO2BCoD%lx50FPhkCJt+Dg7}q$YRQROpLOa`aBlY(3BpEDIKy8l~pC4Md@@#YZVDf zs>S<|4Jf@;B(YG>)0IrCNL8{f&eXY8R4A#mzTs9p9+dtUgyx?Y1`^$*=bsmfc~bdeL|Eg=?>1+Pl`GgQ|Bi|i;{J&$@wXanp zH=*>WMYEC`F#$Ds9I(W<0Uq(UfWv1p4)(saSRx8pOm8d^JuId-UJ(Nx znWH52P%TR#rI1ykm*r!~%}R<6(=k6oDk0rMPSO%Lu4jq6#bPBjqWNCE@4PJrSQbHO zM7=FWbt)?nsq%1q?h#2Dluws65poA|?h(UU;!+{BSH2?>4_7g9$3yOgyep?;EiV+t2p79mP zM`E01+MD{@TR62&% zA6p}mm4r`5z7$0)=4$yX(ad7rbNEUOE2*+*RY3X*;43i}BOjxzuSI7Tm9=u~9Z|yp z$e=wyR^yUx-;Jx|Gz2 zlaLSf*s$nTQYp@Z&`1~-0~}*!W!H;AjwwNmjpu;t#fTEDk_w4Jeh`_b>l!YA&@AYW zB3nt5^)h5f#Eb~*42o&AUWe=n`B{{)yaU+}GAi=U)G=Q`XpP?uqEkt@H~lVpl!SBd zzl*j!T{^8qN2UKRI$3BXI+8y`KMSoyN3u~2v(QR(Bx7P+Nt0Ty=?K*4Pa)2toV8>r zNm3HlXOlV7M%JUwbR8bbW(a);9m+O;VNEdPvpGn$C*)MfxJXtxcU$QY+E4#0GFXm* zoQ0UbMArW+{cn*MBQp{6w-}0%3n5#%^UtPM=sI5kiMZ+0NGdH_)#N&ea8ss}bX%qs zQ8%B(v?A&@YZ0fSKD2jlL~638MY_$sPN9}~85*Kj_j?c2H;Gjv&|?FsG@C0*9d z$cOGGwsVJ+R9aP#O4M*Ww|r*U3X0j$ZHbWv#O&yH#>j(^o!t#F(h5m(r=LUlG^r=5 ziy^zZ(`SV_)7SUAxdpRBc>ysK+@2VD1+u$479+1i_HeV$RXM9CyelAkx;Zh@4M}zj zW8{6vM7NmbKD4wSvX|S!@-Rz^n{=Me`B}&yV)k`2Vq_SS>So6X<#T|W$MOnNjY87g z;uxWrgWYnLH@U2IH$7jMMM9|#bBkEsXUT9&S-xO7!mUu!Aci5EkSfz{(J|I2#M(eI z{d|?P66%e~ZlRJIYZGET#2oD=T|hBfXe(#AsVwn->+?mHTfq{AY==}??vfbU2{OgC zF4Xz#h#1;l$GDPZ0?V;(QcTQlNR{oDuIy*+`*U_k{mbjBAw6C$eH9+H<{&BmRvWDWhToRZWc>1OP-sn1S`Zs zCLy1*-B~PjCdz_LbBki+ILLHYUQDG|T6Z87_47=(NJ))lR<)h!HY*9=p_=LTvY2z+ zOm~3A%p=WolP=Lc-+-J?Mp@^$DJ%qp^8BV;;%b$Fr*A}p=(`A_0jViRC<9clyt=%i9$O&i`@(@aU>LTiJNg5<xI*N-0CE+_bjMucqkhzc-AlJGTD(41_7pzSSxz6pmT=)FFkWNUc+f$_F zQI;FsiYrLMI+wY%O7u4x?;=&1JM~J6=@w>{m2$UOi9YA9MohVzd6mwY-roNXQt1w} zw4J zS+Qiko2DcjKl9zO5{hZCXzkgF$Y;K5U8{xGo~3Jv1#Th>tvyRIP3{C1T6>ma9&poH zXzf{wX?8PNXzf{wdC<*ep_OJS<{@`F3#~>=F%P>%O7y6sx#bpjv63obp2t1vwzHV$ zagVwkEarLKV{R9Vc^>ze+ovR){cd$LuG4);{k%Ww)9QA`$l;KMZuRvPQ>EVTJpuBR z8d2!g$WQ2bx?^4Jrj}AnC2nAGG(yZ`H}MADhjdL#?Rv&dRif`os9n#xc}l|iw7F}P zbXg|nHdow8`Gljc&CQOH^HEltTc|{j!$QdOZt+}7)g*R9eXfVR;1-pse1!SZ{{^>1 zNtG~PE5G2DbBvjpY`B%yNfyI6x<8b*C;Q#%UCi{)=enuMYogXWXNqwdRZPo zsv5{kZoiT$adaKVo{}M!bCIe=$%qoX*A01E$r#7{h3m0baE1S}D{i88Rf;Hbei<<@ zyJbphtalHkqt@=eAesm~SE5LRPuS zx08gURx*sYxx_UgeX zz29xuB7WtZSG&tt{>wS9cDs~x;qFjBfB(!)snI!`vOagqmFRZSdoo|RwMy2yC*m!O zQ!!T8xb-aaAXAhyD_Q57r}k^yRu=QrevRA4V&=ZSbeFK0r}kgEoh;_5{a0=ei+O7Q zmD{gG*O1Njql7Ikk<&*;B(OJanM zbwh5QlCY)g-1#h~rR&^Q7Sq!2-Nh`XrQf?tSWHWY-3}Jh(qXqp3GX}D%In?aTHR7} z^c!(gSswqQ{45twJgbyQ&85=ZoL+3 z3S^p+#5+~#)^wKtxM@l%t*cl@-S!yCN2*`=EYlsOx7@FQYzTzjl)GjNsX#tALVgco znjthR5{h{;5{j8O4#mt`hq4&?P)kFh-~FTcu~2BHv>c`X5tQDCnA>9|G6bRT$buLp z^p4O*lPdBjVo3fBBpR<}b07ym=$YMr133~x$DhC4=DVq%^?8uqyZ+0~sv}wFnm*jh zo62JPa4Rp5#q{CUUKfk$!>zquC3wS)>Vsb0+8f{))2s2`Ajg=us^Yy7jxqfl@x(p4 zKBk`|UN(#A=ZKfXV){AaO=mIvYlm{Iquyc` zvjw;H`dG{sOz;Mk=nw~JS&1ixDW`4Ta^ zc>OHDLN-D6^oAEuKKPZ2h)y-p%YQ%%%}CR#K@+_-N*b&^5VP$@l5v&;S@!ZKG*hYu ztb&bqGZC}5m&`H~vO6TjOJOO6&^yxmc4`iJH-S zV34zU`#Ka_pZ|2E3dM}oQ0_um(_&*H%@BGkCWwi&v80)@BJV)x-JXL2`RaefJh={I zNa)FRDC0;)&+!iq@*$y^K%(0_xWC7>`XOGw>Q#LPnTtH zm%w6rBi&17F};!QrLmaaNcYlNOzG)fhn6_gKk42Gi|L<3y$KJg`ox+3Im}C8G5vFx zm&RiH=P)lPMyTzFc|9zqew8=A#}bt!jmkf50CT`l~fAzyz)pdnPbcmGSf@t81wuz)63u(dQM${t#g!@ z#WD1pnre8Im%}mi2E}EFne63p%n7Iu)p@d)uSEa;MKNNI_L3i=I(G+KIm=67FtHe4{aCL*MrgYq>s7Z>ss?mm;QumX|M%P@-kRVeNOT+SxkLS^0HXW z7CgzzW-(jvBriuvCB8GjTnoxN$(ycYf_?C0FQ3J1i<7-V7PBv(?9FE}+cd}PVlmt6 z6mKv_Xj`1(6)aNiiZk2mRIfZnDCSgkWQ(02JB>xpk3E1opB@O!k39-GBM>t`c9u7; zat`Ml&h|2%q|&uKhg4^K*-G^J>m|rEFZpSTX%gR{e>x#Eyi^vNg?LZNkdm5U7Gj1s z!eXw&XLu79tFnZ-4xj0zD8b4nd>ua1o6a$tQPxMu`5Z5wWgCGfz)Ff(CPKb~%<@WD zCPCIKna^^{U3xZSwzr6dW-5M1%xtfX#mrR9_LeBA5+@=bI@ZnhdRff8#B6U3%f*PX z#wcb;Nu{`nQYjf#QZ4EsG((tqk0k_!=YnK$x+7W#c@ zy1%&GD{l{_2r-v??JS=n=2}RR*Zd;IgtH=7c#D-ZTE8KNu86MiHn42#;`?u;y3$K} ziBjR0bP#iklKz*q(6i%vA;n(yDu8> zp7m%cVo438f+a7IW|oTsX=k}MkRFzbKn7Xb0vTiJ3nbxRx)nbMlFG8fwx)*JEc*sB zi{+F+N?5K8q?YBrKw4Rz2xJ*cPau6PUk5VGA`(n}tPWl0y#q;NnH)$u%VmM&urviy z!17WcWh|=#sb~2%ki{%pZ)fV$$&wn#0L#okMp>>3M7*I}F)xs0mgfV>WceVFJeHpW zDPl?5-qfdp<3CndW{s<(MW$ztKeX?0j z31k+_oIpxg9uK6JWkn#ZET0FmOpEmkWFgK4rC!+zs*k=(Sq8b$YgMA(m_wk zjFuiqnOC5s(TYpN)dl1xZyAeVx!Fs2Q?*pZe1({QcpXY=#1pUSccja`F)h|aq*{-d zaxd>KN)^6&b&FTcV&1&E)tk>^o=V^94Jm1`CLtesmUOE(!jjE$o40}Gbe0NlTubl{ zRi)Ryib~g4%O_*Sl}az6JCsq>u*!>nn`E79<_hL{QVC|3kTcDF&GV8t#>_C(c*z`N zzO=3J(v(z*i;-$Ga=ydM;F#+n@qdy`RkAj&8bY%WwO($F&@4o)*P|r-M)gjwkL3fT zqTaa68&IO37}A~Q-Ja;7R@8`(a1}?-yX(9JmLDMWRYILNfo1Evb<90p3d;lt#oXhi zE2*-+Kv~Ye6 zjJext_Ifyme#0>p{nPCAbBwwFdeB?LG4#&uA&7a<8|D~uNA{4nK}(#uZ+ghH-cxl} zLia=udDSfDzUg7FK1L|!VK1>)r!sRXEnW(XxsPk{GFZ%gT#HxAV(#M}@s=pj`_~bu z^P^t;`;>E)I1{}=@0hiEDO%L8icCdJtJk8W!MX@BbPcf3+n}VsEM|-?^paVw##2`s8&7ztEO$X@{5;`hu=GRdTaQIv z7R&FDbCu+<>~xR*^_C~SJeI>C^y@88digA8K&Y&zyh4_%Ayn2=UJ1*+9P_kS#_~^& zdD^RH`G8{7a?E0{ndK>N*E3!#%NyLTXS_BR!S7K&>n&kP<@czc^*UK{IOaL8 zhoyvLp7Z*Zg!^Edw}!>+gKgfh7OQ+meASAr{JfXYM_Z@Ts)L*l`KOo8vXJEkFJFt= z2MZC??u{u4zqMcLSs$rw&hhB(HYQ{M1KIL4e)-tfkitaaxg70q=o_u@aH z8a4`=2cUV0a*ON#X@hvk#u^6O2TvZTizgxId`x0Mp?|c zd!;wrPo=MmGc)Zgy|hn5p>y0yuR{rbArUjukD#nBFLSl3v-K=mu?Vutt7qwkbU@zm zT4Urh$Om4#k}7L0V$?eA-U!RD5IX06>WwLBu%bKT2_9s%x9Bq}tHC-PG7kC7%ln+9 z(mEYN`F!r>D`~WfAoeCa-S+xf?uP6D`L|d9g|74CkUb%5yuyEnas=dSFJ+A`YZ+or zg{<}Rztr+2r~1}g^i?R7YMs~1;w0e;t%4R3qj;UOvm0kY>m)UNOs`kmn)4dZjEo?xM@u z;FYr+2kAu2?_Mp-97sQ8qu0suAmn$*m^aR{3PRU5e|qt2bt`^>P%Achl4Y-5b}8N`{Pq~R7Lwq1ve4HkH$%4f`&g!7 zer)o$*h2oGlJLB|voF8hvhv*)z4>XhcrR<_pP6(hU?;JR(2ueK)?NGlC^OM zpy%&_9OMtN%z<3-Ii6|yN&lgk2J1P=d*my zlHo6A`4RF8QXTHgUv#R-?r|1<^>d`(_p6pfNC#pv{oLP3!mT{npROca6>zd&|2xGr zSbHN?7g9~}J6X&;ZMNU1B^W=)`C=ob(#ICMzc|iMixFBq?|8p0M(B=ps=q8os1+yr z1!I&?qsTz%w8x$77qLu(&>nZPU!tT+m?Kh-U#29y7tZl(Ip#W~qO06f{CbY5htO5- zDSivb{F7r&^*1Qd-(>ZpKBxNfPpXfWHIUQ%6eZ#HMy}t%Vy-t%_j_5)^~UM`n36{8 zJ(NW=?Wg;Rn^a4c3?b(;{A?xRN(g8A%`9dmgfsoj&6KLaTFv?7`PDH(`JCnVv#dkR z50JC{oN=9s7B=sfWMhZ=KI^knJEB`Pq0oJa%kc?3c#~jg3qE0WBgIspyXEQh!iMCDu{UcdVEC zBOFuAF_-xpl!V*jGQT8_$_l?GxZJN`G27yDzg9`3bqn&LZE?B3K}p#2MgACz>G>jm z!d8@XgH?-E)MHoprCNf$;7Y$viGFhZPmI+o{bnUKV(An5Yq(;+m1QM__JU%+jm50E zHOF6~Mcr}y3uVpm2V;bOxAbaXZcX*U_ot}OEF2}S@e^5IfKaMy{A49v>X*DeMNEl5 z&N6o~j>eE{{l0k0r%TN_tb$zUZ%`5*{jT$^2*s?6qoW@k*{=69VuX%|rT!8YIv&!o z?nZw&M(7AR*H06aPove18t#Izag$%6q`~?Dk_@@oA7`PX*8Y%x_^qyLX)u#>i@#V& zcz(adAC8GR6sd0UbGsaJ`=D$g@ zrS2b+Qy?{dIm-;l$w*b}cf?38ZFytmBNl99^O4j>Vqd%Wz2MD!vzCWNu?_cGEm<{vgE|dx@PvRFS z9>msZ@)MO*ib?Hw`w=lsezKDA_t75kb6L!EX@yMKgH;M(9hph*XMbB0dX5j zf5=~^M4#hmp7vosaW{(LD{9Cieua`6k%~IsiBymJ)hzW->+cyK_3KzVAat&L)Nf`n zM~TP$Ru*%Vc+78O+4gyzPpiL#Wlsp@)9QD!&~Ieqqc%-qF7f0$!v&ip>K;t7A0V_t3GH(ND|96fuyr6 z2qcH)=|Botx&kR<`6Q5fmY)JytRy^FKIM065g9M&BmYx=56ejqI`Ti|_p|sD^%3c5 ze+|n%5Q=%)A7(MzVzEEUVz$L%e_TnpO`q`-_6WCyKZx&K{0UmbvB>#JY_B#yg=H4x zIVI^@tS0O`FF~I73s}}J#hN^jcE2u0dLb|SNy(}#>jk7*4SB_{pGeXqu0_tYb(Z=g zN*b+d$k&Kj>QCKEZ7-`4G7MSfm&eE^$ZLLWj70v6wVnNCEIVOrYzOJ^Tlc1X!ZEho zU#27+W6S+sEy0*y?)NJR?{k;?gB-I6^`R?}75*^Cyau8DYlXjoV`y7kglou7f1G1z zTU@S0q)>gT#0Q+un|^{4y{9Ch&Tsm;N*dL7>k}bw`SJT~*@~5Zs}en;4nWLGzdc4W zAglb;eJPcWIS$g}XT``FkoWvCCHkAA3m_l*%l1>L#4u`jIIbl=^gESQioYR8E9vE! zo%X`&Xh_xP_p|H|xl+j>%dHq2*Frw>H?WxZ`9JcY)L7FXwDQuY{%DNQG5k~C+F!NQ zx)3qj4`Ei#PmGZo-e&PW-XNq|o^0_Y# z)KZUpo`rnj55&mJkT3oAG#%51n14aO_G=Fcr3*6XXCJKP@)z;N6XY9zdW?Lkq>SYq z0@aOWLSyb-*-iw zfAfnosLnOwdA#XO*R+55rAjJA2ZYWbfA|#~^Ahr*n2mld$8*6LO z=5dv(da~}rsgT7GDeIKz8omID$}TNxmWD>cwzB{K#cV4FImXm^JDGB{uA!OR*-jR- zT!6A(L(bdDawWPxE0m;VsZ{F9vm3I#%+w;TM5;bWqU>au3!zb$D0^8JK&Xa^GJc9K z{mCFEk7Y%WPZ`TlAgwH7KT}o@%OQb`vYZB?ZILK*kD;=#Dh`C+g-DcxN~)~6kS|nB zLN>)TSoIKk?y#dwV)+-#PBNM0JC>bgD$Dk%I#rTPXUTxj(~4bWCd;Xi5tOy7%u=Ga zAdTJ$vMWZ$5VN}+h!MIX+Cz?N5e3NSZ^Y~=6OW@hS79AH-OqcWyTh1mmh+V~TF+VLev&L#f;XM;jo69ECqwqJ+=YB-%xB0AEX@!)(q>3`s;=Qv5ZVh4m+34oLue}> zE=O4C%R7oWLMEK1Q_+`q6mx`JtfbrRM5;WLex&SW8Gy`GGQ=_pIUkZKMXqkwUyw_b zB(ul^aGeP`N={|j2~wgYUrG2*#bjB*V&18kESou1GE&iV^P^=u%OMbY{(iLVRT6%S zmnHjI%(r-1a!^UNI0mWaqVy>;{&cEywKxkxy*foEDQU89fY2Ps6q&B1#wv%sjt*2)v>Zi$tv{@IlUi#tek!Zl^$M?Wy@-o*EpZ! zWUZ2F^`3bp>U_Mk&Qz%^v+msSGBZ!-)5|qHLFTZ0A4n<7W(d7~bb^dOOXuSsi1QAv zk*3NlEpa`vLvm&A42o&6+96Lt&XgH5Nh+<6Ak?dQ zGM{A#@&aPclFL~Bg3$IlTP`|Br%FiE+kKiGRT3U;rb#i2V!|WRG?}1eoqI4+(cV2x z=CT~aGF{fPoCTr%Yla+PITu1>V}?wct#THlcy2{8Gi4UbpAd?fDf3t^;e5`KMJy$p z&pEQ3ze;sJUyiUi2Vo}c zC%kPS6VB81*$qO!{CI&(WjTanE|j?}*&K7BEMz&0V+v#~%cUGsAX`~(;+TtM7t6gI zbCF!b@&w0REUkQ9pI12MVwuG9Hpg5dvsk|5m`mhzmftw0P?oXS2kUkf%6gVvAk_9t zIIObB>%W@pYTqZ|ZW^l}9Qk<`Ac+d}ej9o6%Sm+lvX^dSi3s|l|DjGjUvYO>~ z2yKfZ*`j1^+{2I+*n(Hc#VqeZ=*V`JY*(^M9iwO;yh^5CK&6LkV;0L?7IQ?JBMVu? zAy{7%InR+j7phco+d`~cImR~q#uH3+~Rl2TE znasRI*C!D|^(m93Ec-%eyWb>hS&o6wcE3rsu*~FqZkFvVmvcTh%Py8Oj`@ciV5#Mp zf5;J*W{xSBR-vv>8^@H(M3znn)#nzO%F+*^`rIP3ScW;DTV)>0M$YF}S;%4^s@r~> zEMwUPLT$fI*0H2(ATEasS5En7KN7gEs}nvgz~vVrYh+c=Gw1Trn8u9zgk(Q#X26TXwSV2qlGK1v}$V9|EA&ZqXSf4`EEON;mf?V=uADyOr24Warhm9;ECLM}o-zbcop z#2t>ay^=nbogvg?%cNDNx5WVv>ak@qiN#!@y(V*5%oW;evOr0Aet%si+(h|wS>|m1 zFS$mEo^hobcF6Rbby-um^fzRt68!cwm;Q#F$}#6dsHMwgF2`I6p?sFhe2y_IA*_&v zEM_Hy6|zK0m6(fESEKEnvW)YogWRN~R;RKahs=Y#DcfU&-n)29=KO=|tXuIt?gv-O zW+gSk)Nqw-RZ=NT4Ohu_jxk?SbjxKNW4>+gmOVNq*vfCqAx^af^{GRB-j>Pby2svT z>5=&?UqYG@^Nwt0`47vxvY#dX2t3P0%zHB77M;)TEWI+91nZYujV?LCrx9ONCIHphLvMlA8K3Tx> z4us~qKayoEt06Sk{gIr{@-2kM^T%=-%LWLI=Z|F{OXNu0gP^6K$PFwzKvpP`6;z*Y zcOqmJq+ceo90hq#NwSg}aTerb$ft5DO95m+Nj}Rp5US5=S;2A(gzB?eHY=$VcSES3 zKa*`Nj|I}nV#e5Ka)f0`5R*_zb*>a|L1^oICR3Dzvk(I^T}fA*nNRp!_ObLK)z_%= z7c%K~%BL%CEo2?!-!h-&7YL2{HFBAj;7t9MOsrC=f;0ZtvVz5&@xPV>N*XMYiE}P; z9+ZjIs?OF8zLga$H$v#@;#*mMhmLs|@+b27R!*qZ z@&e>wDSG@;A${T*i`g6wb?tSuZ{p_X8`P^Ka!5&y$a~qcc0j71(Jqz) zS)6Fn0v&TKiyNKJG7~~?<@wPfCE;0EMoYAaV#Hj5vShT4EX99+eZ_Xbj9t47#h#pNBgt{b9&oH$63tzbcbmCgSyA|L#i9l z_QYtN5(=$N@vbTJEksYJ)jouW%vjzK;YvvahA>TaU5}cco zq5~XLf|x3ll@uLgnFqO3N!~+L!|;joF3|!d;q}ih(LyER_0KNRIu>*Nvum_RNjNV$ zAv&xi90|Ke$Fu~q`nyLn9@bmg%J*gM+7(#Db!9bhqY@B2i@SzHTEX%Ogw7!QMVnd7vw+lS2a9Is#A2R< z93CBK`3@tY9(&vo(fEbBK2{d)nKt6tO*DbUJY706n$BXLE*%-oQc|scg^E`9%8X8B zF{^uJM)P#4;Hk$^(Q+1AIY+Gt7Oh)ErH6L`M@6%qR1!Qvm>gZkV(#CMjwU>%W6b?~ zR9j)H)M&x8s?OqWNE5c;)F_hRuPfRLp|i}?Xo-rc6t6>Q&z%~b&+;XN_S~t_ zHYGKdSrO>OXulFX_Mf8jIVrk^

C!txk##E9r`x!!ajE#s9JQHsDoMSKIKObLJ%H zgv<;fu_bM)P}53mR8k{?#ugL=G$Lq3(5OVC0!9Qy1&vBHqS&aQsX|2sr7dW*plJoA z7BsccMj?s{HYzA8XjG`N0!IDrwf9>4Bm-%*^?je`{jOfQa_zP6z5e$9-^`qc$)5)2 zI_4SbO*V)wXS%5w=1tQ`wYmd5wC^77Eog_#M=nnAT3OG7;Gr4qL@%dKYqm4miQZgB zm7?j~FSL^-l8oJZccR+Zy3jXrxL#16#CW9N{%H@-|yP*(>}VNmZ#f zAao*qvNw>C%%9=5c{lEfypbA7&MBk3aT-b9?~L;1Ga~mpr+6EURJ;&+sJ>41b}(`Z z5GvWj_KqX!YBXS2+;?-(oW?XhIr+Ld6k)6wF-g-vlUS_nnixIh(8SV91 zMz&_g?LCnNWoa6PZH@3Dg&pF;OM)okzIIn_{_|Hw9j`Qjn`3?}O z_cCuIBL^{0nHT@P(cGVT&h_#cIg@$L^-3AJmU+(eW-v03dCv2eGE&bx<=zHHHZV`Q z=l;RiYGt1Dy*`Y%1C7t;dt(^M0zy7t;8im6Q|7tAt7Bv&^IYhyXXGO0xzJNj7+W)e z(1JjYb;cG9F&! zEzroE`1inb1@;9OdFwTjypy`fYi305q%QWh8a;OWx!7xCM8=;Qb*iBXTEosaLL%Ds>2art$DnFaK$hN{%*{dW8mw z%Sq0q-egAPB8DqE)r?46o#riOMB3^!ZzChpHl}+mj7Zy>h}3(f=QbD~srPHV{68B#bSknOK40sVGeV~#e*$uyH(w)FYA$R&2V{oV!pIXq zUI22vw~LY2*`I1}1(wuy|29HH9SA(rSuQAo0uD)-SypMsDSN{nD#tJ@P)|FTFNK#MUpp zk&PW~-Q~^KNYd6_UcEu$^Vrs0ZzUru*w$RHf%S;3xnBPBMzh$O>&;+9%5a|7sF9?t zdEQoo#Ghqb_joOgtYcgEc&)5QY~ACPzR=OuJ>F7A#MXSTO(RKL^S!KfBsDX>iEZ8I zmA!2ePe2UL_;>K&Z_x@~T;nl;I+;g%Po} z$Q$@#M_a%4YBZ9x^=ogDLE^`-t>1cej0|C0zxC=_kJ$RHm-CX*EVh2@O=d*$wb)y! zk)*A~-UfrjNi+53hrDJ+MzO7jysfN9Y(3-^Z|G?2A#VXAV(VeAMI%XD4}0#*BsDWW zmTf)ar86>}Z9U>;X(U-+k9d`gNWLEN)-xiu9`$lw(VA`Bc+@L2NPH&STIv-s@>{mG z)Elgkq^+f19V23Esi$5wITc&Wykd(?H%Rv3-?>ya{i+-qh; zY(4Jv-PqAqy;rFbV`~R$r{0@ykoc!;>j`fWBay+T9X{dJG148#9!Ndm)oUb~()}QqHY9wjvNpCJAV(Uq-g%Pp! zl-K|79c?}3jWkG{G?T4AdSe(lhHd@P8>f+^tv`Be7!g~4^m3Xzmg>{qc#R}$@M&*` zLE=N%)++C2M$TnhtGwB)M{01Dw~G<6waP1gy`!zw-dv3sTkm6*S?w)0Nc;-6^^CWa zr9|^H-Y!N&^D|!GH#%y5)+^UYrn(V&zC!st>&<55P9WVPxQp}_FmhdmQayn*di9Kq zy9mF~3S^zv{3dD6RMVK}MQ?{j%o+7T;Cb2Gr4f@0S{uLOsm&y1kk{WPB+DT22Vnhk z@Vx33hIn4}hB436%(KxO-;RegZ}cYbg-qKEnb8h86drE$Y7G*91)7flvdOD&$3yF= zP2L*jc?UeS)_Tp`){ckPQLlNe?GTdsyBFW0b84UbZ1(yX#GbS_dwusp`fKDaMI}#f zpf`Kt+96qg$NOmB&5TgV6VIDoT|0z$Hhb$Cq52}8x4g~m5aM~;+tCg=8hL-mQ*V*a zcPWw@1ms<>J0lZV&o-}DJB0LX_xdvOG0KPZeBcdihmf8YZzLmMf@c_zkG!dj#D?Hp zM1_ zH@8EG=X0^D zt2GZB2dNvOC&eGf$YqSA`V|IIvw+M2Pu!o&i1f;If3ZgHj6c9q8NPatG~XHjBO^Wh zks6t!{to0`=*jdKZzG;LDssH(-97z{j2r;uVetIGFMnV2*mtRV`Li`*`e{9Qdil!@ z5+8vZOzH)>{zgU$pvNG)82LGnRglW{dwxKgXU0zkLcdp%>-T5md?2(d$@Rw=WZ)Da z)R%Mpa^|VDJk`u|ljWJsJad2;TT2=F6%gakdPaU@ksXXAeeT|(J+!?t*UxE(Jg0Lp zP$TABOrN1`=1uJJA_K?P=B#O)GSDCgsnsU^+u0# zKajV99On1=Nc-a)4iBG)=EMBHjEK*N`8y1fcpFkwhKKpPm`8j*%vT>9J>v6W{$PV7 z#OK5OVvQtyKFqJsNR|50Fq8Mb{(RPRIFJwEVPC&h5caUI-^Pe|*wd$AMtl@YM2Ic%yzg{C|W^|(wb-2GxBkwxLltZcWT4-@Ra>{32l+h>qCN!A!;l)}=ZAQX^$VG2zZ3AZ_!hiV z<4+Fp9OqAC9?92n{>_X?z6Sd%LsCQh2Ii4`4e>WJBKbPrPyf`EnB;4yKa3H{*D(KP zgV=lx_h&PYuM_-jA)XWc9n5nu^1dA9bE3bCk)c2ufE4@je|9X@ z5q@`rD3KcB_hdw*PWJnRq(=FDnWr3@Pu_;x8h@}xOzT|-Tc`LH8hO{DU!#5v$f+3YXRwG-Shk;N}8SS?)BIDR-zm*XgC4hWJ`P!0r8&b3j811(i#Euf9 zeRr4Uab%Pj?awfX9mhudvo(?&B}V&8HBzOrPc-A$>Hc~~4zkFOc2d-LPWN{iL>&Ph zYKN!$>AO3Y{1`vWAgUBRZ=rm~`1v88v3?=*NcoKQ2Zwmh@Qay8Y@Okc3-O%kk7pkG z?)NIJTh8=ngm_B*o0*4xb@wUol=_Pq>GKbRoaHx!q|WvmnMX9A?Qae7oa47J&$Y= z=7s)LMxtYo{RnEAw3uS8$x;}`8z^- zF7f+(*|Fp&`+W_fw!;>EH-54|FvK&(AI3aif`@wC6u&&gbE#j!Jl{Xb@LcLI*T@#9 zKaf4Boy+{fuXKIcRnujD5hF6%T;?}8t{!cE4Jp?psYZj?I=#%_z=+i8Wqww~NJ*Vu z=I3Z6S*Nh2kt)@FgsIc1eyKrp?WDohRDY^QZipWMo|j(7&6!_mc;bfx*`$%1nP(^v zTGw6a&(+AC>TDpH&~v3<$B2us%w=mNJxU(lpsrhB*8J1_a*Y@dsYOlmD-5D8gdXb4 z)BKwmnFoYQe!9Pik-sr=mA^iu=W2f=^LzoGUa)?(zbnL3>7#Jr&rH?*WMiw+&t>FL zAY|(rzmSoWfY9$DUh5Awh;7f;`NbhU*ZGq}dS>`DLVBwF*&0D#hUNlzc)h=k5t)gu z_jd>n?*gv(hozcYeg{%VYpIb2v2Ejee+(niHm>*Qvy`-r>-|LEEB~1X4#P+VE@TH&pGs)WrN_)EQ`=@mYojdc7LnZoP39Fwx1Q(C9lhn zex-D_Ki(kmiLg#B>JERhMyldh0iiRHJN!!KxrKS|^sAX?0rTAH&(_Fu&L4n`gY{a! zSAuLk=lluCcp$&@mm5UMxz=62o2Ge`tXJ>$vow-ynRoj+22n3S&n3`vx8FC!GuQ9W zJa2>N3h>PJOEiM7{sOrM$UMJ}5vk>Qemx^H0?hMEyO~B(BIh19)%iAHXS7l7wMAou&F8mWpO1LRSSjAtJDee<#Jyn?JCVkV=gtYiFTfZ4fmadY*)yh5n)t&jWrP^NePm2mFQ*&x3wrNY8_QOFN!< zpWwX+f3TkeHNDEe znWZ+c)GB}R{zlJcMxOC&4=~7fAg{w#gJ0RpAUhd(&R@{mAhhOx4?Ju9sXsKxF7RxF zKY#Tb8R>qiK^pz;2O6GiAfG_$1%E0dKLqjxkoEp9Mh*oMk44mre#4KA)X#wI_yoE2 zYYsBVFh*YS2lg?@sX$2cMt>0_)DrfCp4a@6Ji~JycyfWf<@Y_@xzRsSAbBD`_%8wNDC0^ai97*j6_PzlUM)r^EHyJ_ka3@dm%*z(ZAY! zI&A&ZFAed0=9e>1CNvYzXa2Mh&n|xk^Ymh#UH*a)&u)J)^UyCulb+rFnh?((e?9Yv ztv&u$jcjrHLG#&=`rMz^mr7%cU7>yM&tOEx=gPgOTU*vR5A3>82+W-H^lRm-=BHTVV(mVvFd}v8206zVDXCL8$kj-) zPTgRzMygaDG*f-Wf^tTlvPgA1DZ^7^5S#Z{urb7w5^QE3$$LuB|7YY+vQ$%pfd)~3 zg)N%jQ-f(Co_H`L#1jvehj26(xrjf|W_B)qutOtN@f=7Ij~}!#&p|+F1seqJ zV3MkeAHh69&|M>VVv2dX2R)gmn0dMfxy;knU~FXs`OI?~^JE15ndcnV(<2zjJQd8- zBPiBL@>V)CSk8#7dozQ=A>?85d8DkMRwHxNbm*aXsj`Cj@x+r{z3&(F)rcuW%KLu7 zIE~y8zn%U0PB300Rq;ja&v$~UhDU#Enr=D28#K4mLv6liu+<=H1*E90_6*cevYu?u z*+JYOY8~@r2RRzylWnxR?*(lJiN6CLx)u6CP&|zE+z{UZglgvpL5W7H;$HxvT>Kyy zr;+4aNc#tqjg;DRule%H{z1-gtw*JeF|Fl*V2wtS?;ITvv>G10yLkrw^a^&J(9!x2 z19c)HN$Woh(lwH_eqfNJksDNZ*dh-P4C)yX>$$;#V&l){*dbCG<_66gN&1r;#7`og zWDWi($k#}+RDTo{8bo~$w*CsAe-sRB$I}Gl$H6p>BwJLUU~W4evfd|Hzg-`8qtcCe6v4zQSObMz%O3#^Oy%*eVPbFd`ln28$UH4-12w zF~-9OAw^%yEDUlDVm&Mj@);2i3xmllB_0+A(=?LwurQdbkt+31Xr^9pM6ibSxM$$2 zitzA=px0P!-L5K+2>LK09v%@aFi2t~q;j>?V&>T&_oqhlQbxqXBZ7LC5)Y3ER%#^a z;SoVIOZ^I(4~FJ`!N4;*`qM8M#)$aSFK9W-lvvuCI7|5q_k%&JL2QZj3)&bFfBFT3 z&o)xxPrsm8BT0Yy1r-`eu5ynIYK)X49v&I&U_|Ql$Y2*E;^C1&<2fBYJTll|5bNQQ zK{F%b;gLbFaUDH8GU%g`q=!ca!!%N*rXlZC^8JJH8Zom>Aa zn~S3Yw@llz^?p>4&WPmVs9@xI9dmJ1FvcJ@7e@u-7?E5Y6)a*YDd(etI*lZAaa7Q# zkz~s}I%v^|(sL6%jc|0(y_~F@d>xH^4GacqKT!I4GK!nC(ZbMJ)WBe1>-f6oSOy(6&f)sh-XN!)gbW|;Gr+y4haTcKt9imueQi+M)F@b>#-rh zMuXTB;32^-=1J-qcA?Rel$vdjc2bM>LbAqdsdhXHr>H|O$4K017*Qv8NROy9Lh%m{ zhd54h$6P|8=)<`~2i&!C6SaIqUCw$$E*ysWE*W9;hxsJ_;*U)FbzSH+`NfST``cM4 z`l?xard0c8BTP*}t9IULsN z5Z^lE_!15u;cx|~KdZy2@+X;c?TF*|T(y0ihllu^SkGI>8@Y`fm+*Dwzc|yROMIKg zqpDShu4>a^Or>5)^_-$Ib%<}Ue#7>6Aj=)eq1ZF_qw1&={~bS4Ras!0&~RNch-+T-N6_#^rxE_&v5klQ<-;e1Qn zl#8*SET?2#^xvoTM^qi#k@59O#-9t>f05%GL!r#me`j3A#c=pKr$5B~Q2dZ`k#R0O zer;ws6DHRU`;Oyz_ICW#Zls-UWn9ATI*upDL--z!n{aP=!9|boOI*Uv^qYL*7Zj&a z`;973hoCv^p+iZ>SAaUill&d=Fkd*{ncRPloB0UOy=XsOn;-Gd)Nj&`)VJh29Pdo7 zGdzdOCu~RfO?s63Z_+>0E^zjwqK6Z zk7T*b<8^;n{_Dog_?aA^%y^iLr}Q-C+ZA6|>8+vhTH-SPUZe9FQ8k=jNiXB^YA&Z= z%;WlW#utUkXEDcDb`ox6{OgoY_wKkY{|5Xt-gl-qTz|qB#>4Rszhlau%Bg$z!o%RE+_F*@Ng*UorU3iOL<5+nfk?gAAatu-Ts{GYordN z+z(uJ`^g>o$8xzFK0Kkr@vy()xcFi4h`JbZxL;P&b?7Rp7xK&afnOQpc6hDUA5pik z9T|6|pLA9pUEz1J-p=%NmfjgI_QL5>UXtEfxai;XXL(3Y;?f>EvnROlOF2lqD|zAj zrgHzOU6KE$<@^_v6ZK>9SMp~y{rC8?VHM#`Ynx*$9JM9oIml0 z#sTX05|@5YA?ZDp^WWb#vY#GV*kj0;+Oh< zLEACqPWh&F1I-^Y9#T5_PjRX@8IPsDC{Fs`)_U-rns)qD9$o2|^7>fI;k@N)WB-Q; zlk&J{(sAsk8JGOZI!E+KJ(&EO`XoK4u-s{^N6M*;aVyW~GQxMEPLJwwUMW{iWqy%6 zdaCIsh96%>52XvAgfi}%a{#G_i5^A5jl8}y>oVFKL8xi6uH`^Xf zyTtvDPREydd4Ctqhmprqt6Dx9l9%?K)Fb(nP|8c<-!zo^I!B+6;aOSUC&+v!_@z2s z_7AR|4?D9r{NRrD+Zo^2#f^R0*F?Lt|8@2LyL@s#*2?w2hwJ&xUMAn+^mTmxm|EF! zz6`gAeYGnZPt&zra{lhadSqT15{k?C+7*5h>y`TMtUR{%Hu*APM4iR|d99{C?qSGVF^oQj00IiIF#q!~}*fr-}Qr;02wwrPdjW5adjl?~T z;|q>_t|DRY4miFt!SQ2R5BW{&)Z!3M=QI1lPXk|jd>reM^Zs!B!ch8@P`r}kM$S>; zxZo0gakZ(R8?>Cm?HA_;yv{WDeaZMOtp85t?--A&Uvzc{*0Z{k_!>@s zv6J+$yqvpBd-=L?>CeqA&W=2%N9* ze(Rgzt}@RL?7i-hdXn)*LK$bn@y_hVwf}h5UHh9HSLB{t?8rV+?y-%Xj2uHnR)u_uXCi`$hx(wdz_(qUd3~Qmr;2~)d(GT)!97XcC{`P`SUe@ zR83|%S$DS{MtU9lTuP-*kEl7!C-HkjaibUK7R(=xhvjSXjh)W;JIdqBvTRRq2_IuT z9EyHfpD)(yRQzHs+Z9|wDYtO?*Olu`KCHjvxP-48a(Rhe(Ia7)U*@Bi^?p36cIhy= zt}!@%rTkDTUwOVLs@7^du6mivOZ0aYhW!frBj@B@@rm3myw5Zto^Rv&5I=-ZLQ{Up zbF4p3HtoiQ$#&Th$2}JFh0i0TzX`rIR34vlT%OAkKTSTP*59v-n|-CraxoR1LF*#? z_B^jsMQ=wwyf+?tp1osvB=5^*e<&N^hx650J(~9D zs2{ODiT{M-g)A?j;S>I3D02G_BWeWeG3gSIs%+gK_TJx%zj7WedtcRpT7{zT6O zUsL{@@=svBVgDsA`lOyZ^ZQEHBlFrdI-Y#r@HS32IKG?4ap^~5Pr|P337>>r@&BJr ze}MBN{zxe8OWL8};ZVx?A=dM_4)JU49Pi5iu)c6StpA(pGyI+R>#)85H2xCj|5eU^ zI4=2lo%yyg-=`dQmA}uK??3gkGx@N;;kfu8ZvS2R9ky4~&#XVp{2f*CDl_ke`NDB? zu8ez$lgvCXadUpq^}422pCg<5LVAubvlF|W@g1c3BWm%b#{SYP+K2e2nbsfW`$+uG zG4l&<%FR`M*=`Ys?d{RJ{n&lr+<&5w4%azz} z&CeI?Th3AY#=F)h>z6aMJv{%VpC5FUdETk(@jLx!GoBbZe6>(NzlHmM_TQ|3BTDW! z!tGYtzl0ZQIe88&X*+6{e0J26Y|oPK8a;pRo&QsgGW}p9`$yws`|(lAcMIElSBJ^x zZ>0P_X8B#rC*#H!j7z@KZ=i84qH=VY9QP09xajLD>`c!wtjDA$^E-s`EIqEtc%Iyc zN_k8B75ia1!KMGoJ%p71zSEO_bjB}oVLjov@P)&ZIe%U056gw)qDSUcV_(iolIImN zPfB^ob6a73|888~x0d`%DCc`}ekbv-dwv*xzEqw+9V6|J!!n8Ud02SfH0|3_vaXQl z>m)SKm*IIn))S74{u!KZ&O7iW^^jdDKfz_bG5b%<&)l9RK9u9f;{7`6XZL7*QFWgV z@mvDy|1*cOkL@g6&wLv>e1pReIo!ozq}r@kzOTcG`k@Y^DwlENH@wd!tnZ`_VGt<4DD@Q%%XNB0jc2}a+}Mq%3Qm`}=eq(7XWaJ;kf5r6;Pbg9>y*dG%{)U6!Ez z@yza_n};6D?9*Tb*$4Pw0_(n5c$+-7T&g5KO z=2Hn}ybs$8*ng2T=l;ocM%W*T)BA9AUm)|TgeD)dE{m#5hf)2z%B-VeYQMe|cX)r) zHJ^;fqQ95+7r(5j?MKyt?Em46%X}Zsr}*7j*wsEo?3*yT-s?;*%qQ}l@rV8Dicj=O zKFxhe=k;dR&3GSMx1;3xD{NQV*}g+O@2AT-s!rr`56jE<^1}PauHv#jey5DuNBFz| z{kM~SN7#Ni{-63I=L*Jtl+Q6-KF5fu*?gW6_S>w(Tvf{D)RmqIT2G4AcMi8_$+wKZ z5>8;f5>{|r-q$}wk8cq*iE&w9%DzSRnGy;vp`71Hx`dK0p|nHc50`&uap4!e5{h04 z1-JWzP&<(F3GW+3PD0TqVR$|??;9rHGc@mkMfaNj{@w9X%0b$J>}&UZ9wz5m5{COj z7?-%i<6?4Lp3L=czV9QrdB2&)VcDO_IC~BAhsRTCcM?i|Zr1z}W%l*>g(8;!P@jXz z`2l_%YlfLGB%IHDa$h0sQ|75~DDz4k%Sl}Hh(F;_>N~9ON!AnQ@3v$|@H=8LJ# zI!sYJIw{X@>SvqQgYSCHH0>oEmv$oMC-a7@`Q_X-%6{SdB*AHSBP<56CJxXc&Z zi_i4aDD&gHu=@OI@BD`E`D7dk`z?GO?`<4q;t^gaN%5^v&c%J{ijW ziwW^dL%hE1?4IVkTpuP(@^_}^aOOXmL+O8=@mDaPgq`{EP4QW*H{1@T{m8k`w|)-9 z=RIM&vL2Utv#aO0%)SHXFFGH|b=yh&9m}x(aJ=LD$M~KEzu#!=hvPCo;Mae-+#c0o zL_N;-pYDL;c_5C<_te&KT-uY^d5Li|-|T%4D*aRX-OwvdJC|`t^qCOzO~_6d50`_) zWxkV8#*_B?+n-yv$7#N#INh&(s_jQr8&} zfc2RW;~AHOFx6&a-F^3d<5&2=RHNAoZH*5L;I2T(pfu7;%46_{1Qf#w2NWd zK7PqfuUj2e5{ipI;qWZxyO8~#9E#6myrW!1-KKH8U)mvE?xp2@Emv*rZQ7yq*WWO| z`OcuDrtUxxS_KM%4SP-^8(RVSG2^=6RRS`-^+C>2I&<_tPCE`wn@ZFf){X0LNv$ zBK!x3_+(wvRVaE)m|Q;{q4g!duYDZHWt}7UJ*J+p9_8^~%4^^0t{TdEWc>NM_3=N& zC++oA_FLv>X}^NY`JUt}92Y&3E}`tFYWVy>_{{ex(r z&O%ep_?1vzSIpvio2|pBx|{3oJ`SZ`9^kn6VZw-df^pd&uj06rOE~OIJ}lQ6Uszu_ z9xnG|^mqR|AGbw*E&DCMTVUjp@5>6`|F%%ZEeR#R^1ZrOb-p4>*2hvl67~*#|9Ttv zXOWM2Gkx=YOT*B}?8;)NQs;{p6lXfBc#jg3T zN%DI>qR0G>*50`Jem%}N__<`^pRWDEcih-7!Oi!UBKG@af}8IzMeOf!2yVW|w6|TE z5AF%+H~R%Szevuf;r)i_H|Mi>Z-C$L65O2E;yr_qeseA>=j%!R@|{kzUWuxeAvrnM zll6|+G4Y5x@?tD?5oP?8xPK_{Hut&PTYN{Cj$1>L$*| z*VVsoKOH5wv_n%au9_dx|7gg6!xyvV68=6_IDT~K_u?cjq0FQ5-MB+1nf@96zFYYG zFC3TiX&E;qG~*_I=Yac9_;*3%J9Oszg7RK@G88!pyONi4L=#5r_bWTY#lHNWN%;8+ zxxbb2lDM1;NnAqtj+m5(go4X+{r_$#euzE^#g2qs;qv_g@muaOMgJdkyNjqB`Mq}O zcM^*KGTuGQ?N;h1oGyHw;bJ%Z{D$$X^Y04$>+~2u@0haJ^B#?yzm4p-Po)gU&<$xv={Mv z0P7966GEXDv|8O{*`6WCl6c=3jgFL?`q4Wm{Phk@AvI@UFsze10tZEa8`Rk*r%@)aByx@AxIx z=W<^o`IPSpOGxb`u1>*!nd+nFsDtrepjN4$;{R~92LG#6p}NH>RCnS3KKz%dBh;;` zpL){iryj-s9iYopfA9?e{{VzV&~Xg@2dXwT2>-{bH=JX^GemWFhN_;5xggY zw^-#n#i|kE8vL(PC#(L>D9D_G|I_h5Mm-cc13YIS{S2g^1?+q^-Z>xG`M}NxHUaSo zh)+O#0^$`2D-d3+mO2-Mz8Lf*@Js^FB*Z5nehJbp0euPR$w-@ww8@B1M*LF5FGc)P z#4kmBs#>Wo$Nv@hpQfsv>r^ZLcR5w~zXAW%$k$Bd=_d8Z$jxe5WESXKRBq%JgtsBQ z4dLx7D>4TMjdS4t9f;qF^0^x}?uL!KVPl>e7r7Vldr=nm0=pO3eF*PEct7y_)wIa{ zh~JO+0)z_?E>trj3z4=E@r8&#peiE|fbRiSjsF?=&vza`+5<>iq-r8dVB;a!UW#z3 zD#d?3=rw97(wC|7$THxM;s0^`*CSq!a0U2Rs>hJ?J&~2_6wqbrSrw1s7we;c#{U}R z{cmctyG|8G*Qx%|Cj7q$nV0bYGJJU%zPt=yUWTogVe4hsdIe?hD$+ONe-r*+hmJQ8 zzKQ>LRfBpLJnyNw(f2^V2YQ>@jQ>??JHqV<-$(d9!jF*t5yDT@$Y?A6KZD*qNZSMK zbA+EGY{TD|YI*ca@O}yGOJEVFO{F+pO*R;N&}jvqlBLGMq;I zufhK+mFaB7{~G+SQr|)N9fUodl4wt7TBN5_jsF?=&v$x)uP4%bB7J{ns@uz{bbI6f zhfX#AE8PPT9*8j4slk6W{wv*s5FUiEk24?t)%dS;f8soi|C-35PMv!w=tDsdLhBjg zjB$rR{}AXOg4!60_)x@$B7UONCw7uEF=dof6dUCXjFlif9sgq?cb3yXHqLp{9S1#S zz{(N70RI;{Gw}bUdm-@gPGNMs(?2@VSrEAh<#93or+~f|@-v+mQg3$NNUd=macdC2 z)p_2%)oH^2%kErY_X4}$sfsNCz5w_F;Em2`)#%)c|2gUf=OO%;;s2xP3&36gw$6DJ z|7G|;H+3Dbb--S7?!bSU+U(qwcnkDfpx<(yao$4uTS(vGjBs{<-U0eE=P~y)q<`l8 z0pYC(=cq57f4W})`@-3S@K%I#RC?seSbC%k;nN6jML0(t5E-3v0I&lhFC-2Cb^x%v z$l0+xV0n=Ylewa2C*ic}@B70JY0UH+iaoR9o!+;HsJd`pV*zm}~X~TgH z2X+Fm6M&rn>;zyZ04oMo46GPfF|cA_r@@EQba<;us4s3%YVk|>)eUu+tJH|+hNNJ;y-L0LvZM0UD`z^Y7^w+$E>fRHYC=t6DqUR*YMaK0dJa^c z+6IY}-X|L`0{awLy7~*Kk2K#cpw?;ZEl{t48lXKWfsGvN=_+sBMGCbLfxg|)SBlhJ zoqBt#qpDQ2)KTXH%TsBft^t+bF107HnZT;l0ifoCnq@VYsmESXY6-9jntBvekxk80 z2SMWZz!s|G?@;Q|4GvOk+0((6Z;8711Eto0Z;2{^L<-8PK%KI{l-d$?9I*9BEl?+c zn)s>%KB|Sspl^wq!?JnmOr-u@Yncd&tPQr-inRpgx71Qq>MHQP4T*A#RamOhQq`6! z(bP4s;TbS>?y-*gz`@f;7Mp6Z6&j;fQlMtQ#xrOoO%`iX+t4Cb{hhF#paRtI7Mr?7 z&4k1rc(q;K3n~qzu~YpH)K|djE#D?}`$p9kodv{gqN4QX6b) zqop=js!ol&PpNm2k7l(8zEIw>oeE%73%#8m-(^~RiaGm{Tn;Kl9oA1vU(y5cbP$RKM#WdpNKGI=@G2>NQ}4Kn-%<0hJ05 zMmZmX8VbyHCPKCr`pTSt0viFWKz$C1JY8r@w?JWHQKyj>l?G}fBns34pw0lcQ2iKG zIjB6<57b0Z({;`#Yw9>)(?HF#WojtuGlqH(`V94%rY^oyDWXHcjQfjeLM=(h|SY)M%vshi4&>@r}LHb)DcyMa9ctlGA^8r$le z2(`p#kXmc8MC8|yAg?kazhhqt^a%3RW{ky=XF0Xfv3()Z1gsHSdPm*?^&+Ue$endc zy#cBq@-eWjpay8_eNgq*mpW^AROCzWeTvkL-R|s--ra_$b)5r|Un+z7I!Cv+I%+~h zddd__HR@C1R92i=!Pl-vjl1P>DzpsF$E`R)ogWJYcgT?+iBiooDsU zi3|td;YeK)nYIq&&>JY%$mzgdMSFH4C-uWDf>bAR0kEHg+G=yOP~F+A^n6sHrXcl1 zq%MnG1L}3iu8mN8840Y(T5F2jhSbr(=BQtSqS{~U+zaX~V5=kkmr9)rYE$GPVEeDd z$Q5~vsqK+`l+XmEu63xbO#!t~+qfFkRND@mD3#h%XmwL{y}gezXt8Cw+W7)4n|l0e z=P775)C-`fU#@ok4vI!<)51*ZX2yC)J_c2#tvTo53zVRGN7F&og369k+kH@DhXH#C z)PU%*pdJUc+8G1tNR-QJX96f{b%UZ)LD5=Zc=UQuPl9hyvSItXPC4#Ms7JNhGHA2Z*yxMkqx|lU zYy?I5ouKs*Ruw(}muAE)(-@5cRnhms_tT9y|Bl|ssner-fSmxWD*6tvV?Yg3iE(C> zYKr85`V_v*iBcbY9=>GjzCf*Wo-Q>i`-Rbiz*mgEFxJj9V;!3JZ^Ya<*6EMbHfWik zCENtHgJXbo1GPl^cP;n~)dSdy=y0S`Ij?n2Wokl{X4o90F0;8@ttpaN8$B0%l*_fz zv@xb!s-ok8ov!nC6)5thDOv+6*J^nirB-E2GRL;|-CFa(;M;DkZI8}|EJ zmTF+iXrX?d6L}LD)klsV!wR6UBqFnENknGng!>-&jz(&R`!T4Ypb~Bx`V3(?5oxgt z_54P&+Hkc48)Yh?kZ|L{N*Y=J{50QG|K` ztxE>DDP^#U)?TDXGg@;sMKXX*f$ZAo{-E~53Tn992h>%-M!8a#%c8VqrG7Nr9e~uC zNUe*U0E*guoz_P-rnsjAqp``1&)d)@r@J(o&4I*p_dKLhE1B-@hqC$*Ia;afoNB93 zQ#5+7jL2-&7?IML?p}`mVPq#kOWh7?+0^RhL363i`39TwoX8JQgQoUHU%s_brP2;m zY9VB&I5VK{aZuZ}7V2eH>K0&60UK;3nk}^|_Q`ss*1wCH&N=GGj(Q$^M&d*(={H0Rp6r`+--H7{}N;K2{x#wg%E1!^Q}aFdla)=0}NXT%ex z-7m8q%+mTOb(xhg6ph(a^g4`EYpvb-=se`@dH7csl`*#5q49-Q&1QUg9&K&4yBfYw zi#4Oq>nO>2dK@CnYopI|shQD-+OBEER6?txn~+MQ&syy%dC+8iZm_;IM4y7)cc6KL zF3Fvsuv>)e(9cjaF0BB*0M-zdRn<;+H&SV|ZP31u&pX|(7)v;`LrYD=Y;SF}SgK7^ z)W%D-FEpC1v^Cfmm9fc*x#v2{hnC%L4^TAbY}GxUthH(_B-`2!lb+IIu~L`D2%5!B zOWaR;^(L@hpj_<%`BJ5FVIv<{mFfp-2&nN+9{2`o*`dJB0hVqhDlJuQsa#7HS*l7= zPa(~NEw)w9LNu@9JP)JZMcVFYwo#yHpF9Ovo;nK{<-Em8%(q&KEmd!+23N`;%au_t zN2gM$<-046H9O6GcOEDjuX5a587pyVg-2szvzC|+4_3u!+{kzbW$#{x*_2KV>hvf; zWxCaM7b}(Z2K=*>@xB_e&F(~ae~Z@g0Bdn$G>(&Ox~8s!Y^y7yXsh;syvmNzjXb>sk)i;EetJoYfB z4r(W{3fQ@j7_KoILCRyZ7%PuW2Sw}R^4QI&x8<-_9y=e{1vJLS9s))yc(WrNhW&4O z>@mj5V^@M&Mya}Wwjt-`v3pp{fY|R)8qsc;VPj8%N(Z$n_Ac7}J(wXX9a=}w?qpQ# zS)^tmwL<&%Jy2#vb|@&L`9no30NK;c(>?K6sEFy9Z@(1SB@8P0;rjjM)ii z{Kx34z_MfS0~@9(YHKHhYSrzTT3w~pvMTl+_?HU*s$()UZLlq|&9-OL7fPXJgZn8o zQ!Q+;?R2E`2%bzn8Y`aGcB#_Fm#DwAnYp6P_MR3?RjHe&C_SnasMPcDE*)$bYc%^A zirPVq_L*AtbXQi$1?p;)>6MTe74slVWm=_MVkM~B7>z2F-}zdW#>oPe4L)k^^J6k5 zF0z^{?cB3OwKW)@D;*i{^W4+WD`@`6b1Rst)3W4gz130|I~X?B0jrDAYMoY_D|PRo zQfrFHIh@(a(W-uBOnTIOE74#j8fS zXa;*05?NY;+D4T+A6nJ{%T1B8&rgxr)J>5-n4cmgJ}s?yw^9dE+qI);Q*`zz_%%mp zX^K`rpP?o*wZ!JAO!ugF!DlFH8`-fr$73b{mK~c4iI-5iW^GG3DsyS{rqb>0{_ZK$ z!g{-l(bi}`*xOyst**Cj<0G~bmhxw%*Dt-@AA>U3VN9)#iI&wd(Xu)wT2{xXr;x_wH-Js9&1)_Yag>Z})9rX)mMPp1{c3DEDAcGSq{tbqga;r=~oPr{TK2NHskPsg#dR>RM3LcFm|vGj@?)AJBTE z#rBWtWJ}Z|I*m_xzEC4@e+7?c^!XvF+3utLi> z*it2yDz{W3<#EVTk58ohktnpp0`&~2{h_5muh9<#)mux@X+ZB3+FRuT8x(B>AMO1N zMp}BO$j)$3^d+Po3cfroTd1kGfl)aZSbYU4p8y+#)Pj^YP(!rll=F>O=5&U%jMb-1 zCxY4@@sN5dr~z6F=`$Fe_6*Q7_Sr}^Ug>g4=>Z9IbTmWo%itHta zr{p44w-Squve;PXP^6l^aFnHnf}-7Lz1Bx|>r-gdqdKp*BUiRt0zT?*+3q=@s8*-D zat<=xJshVO@Tt6*%pdkd&3D7ESC1E8)1mF+$W>RL^`460hE#^x&Z z9!8LCcL%Uv=+x8;(bsh9{-DUy>25zz#)A={=4!t4K;5UQX`p_ssTxoZYuN>$9@ErP zP|G#73e=x8^(v@8gUWV40!6i-?FQpbPsw)sf-=}Bi^-qJz6sPooyg7`NG6#2LB@kRCq`%aa$o;g=0PxD+^@#ML(`p4?P?hAtyRj@4yLxI%DN;^eF==l zmps*dqTySXk_YM>sx5sVdV!{n21a}nl*~92)Dq;VLZ=cn6;z%Y#(Xu}18O-nae5x` zSgcTL;`B@HhN9nUKM`21<*T)PwU)0op5$9ojFV5S0BYkeS?Uc?bkDxkwzU?Ux0X~{ zqgSNb(>zNJS7SK8yA|zH%~JZz0UqMmXkFpY@QeFT?>w{5NcB~_J zMP<>qkV^U3lJY1{#i^#Zq^!2oOO|@aQoER{(zo0X!S0rnvw?lSon(np?-NxH>L-@c z&q8R7&P7dXj;1DCS)z>WbwSelD^^ z8QIxZmM9}jl#wOM$j%34>=I>U9{^?S5@lqGGO|RGtdsiDM4U9D)Dn6Gp|xHjbr&!y z`$THuBB8!(sXk0)Xo=;J&9+oV>XAtO6RM zw0qyAZ<2^_taCkNU;PW_+Q?0yXjQ+&-jig>`} z(Yqo3JMg{r97$xpZg%gDcBE;H)0fanF#0sazi3wK2GmDmd^^UH@9cI|vmHCD6rC{d zfzK=BavHxiPBRmo#<#?2W}=hXmbmQRS6UlwR!e$<=7n+a-qjSXT3X{W3*{u_WTG`L ztDsh!kKBYkHAu)jn4b`9W$t|_7wY?kR!dPrP9=B6d`m5|)YL>X_$~uqWr!NDvA-ep98fh{g4Rt1YB{{} ze7Ud91T`i0EU=!SRz%l>qOoa-y*nA}(5{VgzB%QQjY|Ev1yp?FXG)FTN#iM%IE|C$ zo|En>&DrMu&{v^PipXxIUIo#e!$S2dct!d)B;Wx?3&PVoRvimeAk? zwZB)P*-f)+0ZmcuuZsN)tJ0r9Uv8SLZgSG3R$F5-%A3W%YbGA|^YNtmPZ;C*hI zw3o4|n@}!&ffZV7Mb=t=n$&rIn)HfdYq!{HDbW&S&758y1%2kpq+>yqq)9I;Nt4;M z#Of=`lf0v zbY@v?%c|N+)YyD9sJCv%6C}7FoSG)L3iEB==36a`td>Pq%Y3UPJ4W;VFytJkDJb!g zpz2(ynJM}_`y9fwW;!paOOxAzI-MhZrmD5jU0YL())p5)Vq>@J-e|EHStmH#QEzlN zVQfr7>I&UrX(wVRnhgf2o#6WcX464fW|`l^YZL74=Jtp_e}+DD_er%nNc{k^ z^lVw1Ee*Guv<om`IQqtUEUYbL7MQX6br z%k3s@e2Mc@_;L&MO;4rTr#@YvXy;W6Y>7k9ss0L7RjSx%vHA+TN#EKXISyKAmfRgV z0n{Q$?2e2ERR?NTDz&i3K+V%L9p$62n~b7G)|Yvy<&anozM^i@{^q4l1okIjt=8@Y z=PF>&0b7zf0~Fa^m|6qsd0@*@$*Y$@t*|*7tgX>_T5PSECnd<2Jhzz7BDY!_yLIi; z`Bho!-Ox3Sv4=REuzk9$<{6VH7XZ%5OPF5yZWS(?v&c>+Sb(X zd*I8Ct$=2l#k2Kl_(Nc8bsbU5ncz@6_!L-E>a*aZ=ZErKIjvoyp9=d@TYCYiv@374 zUNzb_*=TEegDs&#o8Jw#rWZ>xN^)yAnN3@4*|%EFMG28G^-KMC zfb$0Yiv?H>>$X9=lP!8DLMy?h)c29v4XN90>h^Z2z1x(!=^w$AlOHe*~ zyWL@zYBkS2j_bETZBSk2SZlkj2RZ37(l~aFl(1Az zy3BML@k3yPo`jxbWzDl1)O*Y-lBjGeYbf%0PAWakOlMFF)m2}bF>HHeW<7c+O3kb& zeu8ngx0WS|JWI`q9f6hko=-4Z*nBiAncu1uJ+Wn;Iw*pFL=~mWEIv5hj&PCTNTqc| zzOE1ITUZSPqtp0eTQ2$5MzJlIVp|5owO2GAjIvaTl`Yd4m2*k@Inca6YN652ex=r{ za_d!vwK2fC91=f*#00&@q}Dkhej_j{(+P2!p_jp?@Bu_)Z5f_+Z$^wpP7Yd1(0t0bfcAMOqVgc)wcE= zPuh6Crbsr|Vq0wq6?#%{MV{2#U{6|SjwfZ>VkL@g>YS*|Ou62DD2)P?My@BTmQtkA zt+qk!Z;_QPbLm|QI(;j1>)<`L(;8bsH8z(up3JqI)E~e{ZFi;ajmIHxbylLmmSny4 zrO|3JYr+wbz>N;H(0S)dTfZyq$=%9SnU9)c^wip!kf=_Vk+nMAj=~OVP0ICJ4=Eh_vC^wLC*A1ks+(1TA30RSpC<^GC&Gd9uQ7{M+A0xHcN|acM0nTvv zw;NuqPAvuX6{x(#cd)06;rr6{daj^1eafw@dEST4cuK9cQk#!bn~#-to-r%cbm&{1 zD$i3_Xjz(ZDuUuG@m2~vt+e_ogO%`}uo{ciw8Lg2N3?3L)u~hl=82S^uwiz0y+AE- zE=G>}fSRJm;zL1APrVu#jpNmNWTiQ!&f2KbV=T?nbv8$J0X+>wJ$aF})@UUfEnlPM zTjJ2W6tqKYuo6>JZ-HIfr8eo^=dLg5X^f@?cygFNYnuZZkwzu% zhAfRpqY_6!f~czKuYpnDU+w&!Q(LT8O{vdu>hP48K^=jdH|ez=<)bO}O_pd%ZDDF& zj9PXP_{tJA!hQG^@pb!&qgU5?iBG^c2&r2GSv5~dbf1hT)Tm4oKL#~IQ-^~ZZ86I4 z1icEU{x%^o1gS*zc25R%Huz@g9Tk;9c5L%0XlKACB+f)C-IeDhE(BEpthZYQ>T*zX zw8Yh#Pxi#CQ*TA;^}x2L(*BKXOiz$6l_*o%r4C5Y`;tx2GC_M! zt<&5ayb5fmt-&e!tcqF$o}d1QX-%tB|GCq&u%^^wxsIAr5Y5>4~!#o1VA`6y?0UyUc!0RNktcWxcP}HmI#tbeAz_s--F|wL0}G z=%W&EN*(!AQyO`RU$Bk5#QmUX1X-vxQ+v)!{2o{vs5xotKoK_2+MSoy`&d(w^U_{N zs;Pacw`yB1HI_2(?U1L-(msX+owbtrqf)JH?cunDHUG-R9(>OXBS z%^8zeUvoy~x1g_8YoYesnsM8=pfA10eD*KB$1~r8zT6%!v%cIOZQp{vq8{IyXzHV= z#~@JuX?>LTC}n-6JuYE=r9Ex{Rrd`>hVmXVf|U1=5oBMZMR^YyK`MLP$#yGy{EqGZ zC*x49)4iIa#6VKs`yC^_Mtk&%Qlg4~+J@EA096&d3^It7x9d zES`k-CNLA{WYYIxx1k1eGW&zt0V+LH&M0y+`v7|rSn|!&T%CF}?i_M5Wo}&Q$`g|L z_D#JK``qE+O!^jU#1$mO5^z!KyRm*}Mv!4?1_O&XlM0sx#&3yGol{vk!?HD^ar#i9y|- zM;-kQbu_3Oz2Ea9sG7uqd_r22$mbK%?fQA2jYuu_f6G|0Ka=^&{Xbc1GpDxN^XEmj ztS0DHDYdW(&dac?-_q4L?pvU_PS-S@ZT3n(A7>Q(aYj+EvD;f|<<<-dT4|Zn%l9E+ zo=w>SYE+EI9BQ${^-AkAV0r2tNPG#ZSwBxhy=+PJBVe@GZMM(2uC+UY6_zs3>C>rX zy?vXgUcV(o_W=z$M|2<1m?^ga=6zynO^undcWKC!Q^b1voM3Y%eTk83zj+_EwKY>t z-}3EkM)Ga#3fr0rqhg~lDjt|~sni}gfy|T>xn!G6w#2L~=?hs|(igI_q%UM;$r)Kz z7X4-ios4B=NnbGMYjoa}m30X6QH(Y4fW((vGg(;!fRV(C)U?ZaJV=#y*vxHx2K<9& zmd(m4VTr7)b1Zccs11!|_e#rG4T^egR#vU07TVNDK~b3waI;`nw=2E#r&aU9)B}Kh zPurEAmzyQ0eub85O3edbE=C&j{#!3dl-O2Wk|jO9#h#muva9;s%s22oOY$!_lfFzj z8|9LoDfdz7nR4QqYx_cOrrd`nYbHHYcBx~vX7awwQWFdXucl~<+S+tY(N3hwQnNHg zdxJTeA}#YQw$M^bEVay1D=f9zQfn>MWT{P>(kD-r+HO;KYKpwtZ81lmfs#Z*Q%t!teQc?RWO~2d~Gx-k;BR zzB49Hy_MRo#BUg4#t2?_ZJG<*7dz2c<9=T33+|PGO zC!qVK@u)$v=h7%e>7JF&Mr9rPmiGY3o-`Sd$54mt_wdR(k8-&5|M!die(bTGM=9@A z$L+O8uITJemu7PYXLWX!o!Z@PGyfK2KLYRWHjM9|{=i4&vvOWKxZ|tY#+*KUZT~9g z(wI|%?2&yvE(>;i71e*<;0X@oXeCUXO42LQ?DH7tWl14 zzEDnZeo#(wvIg1XPH~1Qr#Z(eW6sIS>CRN;#m@E0OP!mQGo5>tS37Sj=QzJ8=Q(}+ z_IPo}ubl6kpj_ZgQ{LwMQ@PMtrd;eiuUz76P(J8$LuQ002(IOQhiT;*oxKIMl_O1Z^pQ}S=D%CvLnV7q^( zGf}zAsZ)OIq?A86KPq=S{vmeV9%r(0uk*0d@qMc7>f5Ev_Vqi^uIuSLUfI`It<3k` zt1R}tt}OBGR1WcdryT10MLEp(w{nE9cd0$jk-o!}qkNN;V|;U!A>R_^Sl_G4alY-! z@xH8s?7j)Uo+O`7eEoHKif;g!&5sTaRnGJss=V5FgmRAW809?Q7-ig7uAJ{XQMteu zQQqd8pj_xXL%G;@wsMK@JmrJF>B^+9n&j>2yIi@&_o{Nc@5rIHce+$4yLP!vncd|n zGMnEh`kF5H?eeBFzsvJww!gYdWVp>aT_z~!bvc9V?JVqawsLWo8uc@??olqw`bfDv zYpZfa))ypyEjg<~m&bP9sT|j}O*y{n_sR)fe^yTFx<@&^>z~StyLLHD_g~k2m3_Na zDf7EstSs(!8QGiPdvTR6KiKU$<(h6cDA#tYRi?TvP_FNGyK+OfyUE_X?)^Sp&fX_~ zgzkrZ`YHSFGf^)&3;oE%x=-VJbR<^gzU{^Z)Z~WWRAnfwd^^{tF!MTdAww= zRj$ZxR<6u`L%BM8BiY+olf7BFDfF?oGUcx9X(W%!oXeDbbFNb6=Ul5S z&Y7ny$*EELb8aDfJ415nm1A<&E2rmtp`4eqSGh2!Xrx`YIA^SKd(M^0bk1AK-8o+= z_vFmrw^#Ib_U7zVI^Aa;WiNN_-uGyGzjf>0Q;(nQ?ny55ai@F1F*f^lzd@Pb{Uc>@ z_s_{}eq#I&<)uT{qI-Ack=^@{eEjI1Pv-Jn|NS_AuJe5NLS4`H?uV%V ztb2c5PItdX>vwj4Qn{;pTKR4FHsuf9|5EPm-sf0*+&$g>%DvqWS2{h$khy%$_3LhVr>n8o6YrBl_IBp?>8;Cq`kbcR+h>x} z>3bH*&#w19SJ}63OnrXe^Oa-!UZj3f-%H6{=jOiq@$n$nxvOuX@}a){_3>f;ewQ=v z?JU@DoASZ^c9Gf6^8J2O=I8#UzBo6_wd+c9dn^69hbxEVj#duMJwZ7vccyYgZbErv z?uW`zxqmCiD)JzJ99r!?#lgK*)y+=%y#)@P8OnP^IW}(tna%gOKGo%m^FCKzn&&^s?u+LgP+@a^UWIaHUQD?cyhoLr^WIi|n72#0C67P2z`E^u!<6Z~a^=pviOOAh=PAF< zTS#_se#m=Xmv`sANM<{G^42K#=Dnic$$w3kyXL=1c5$-vH>vNL|BkY6{tjh+{x8bn z`~lrW}?(M>#3~c5)wQO8#zLo|gZsGL}E^6nmWM`Nt?P z&OcLmY5sM}nfdoBug-s7IVb-^<-GhqmGS((r`rAV^AA%l$RDS?E&nX#!u+e1i}UYM zF3Epf`C$G_%4Gfq<+A)wmCN&YDOcqGNM<`L^M6;a&i`Ben*6S(+52a0{z1xAewlK8 z{vjl9xBNquoAQS%H|HNm^0><%qui2TuH2q~qB5NyQSQv2pxl*zhVt9|vz0&OpQqfN zKb`FDI0et!DY%Z1y?9T1y?G^7R(}hJL3vwE5{csQBEj$RynC)E6Llt z;49^{f?dj3!8gk31>ck0zXd-kR~P)ETvPCea&3V#(H=il(2dM?))(aK@`i$bB;S85 z7^BOZ3ydy*STI$Ww-lU1^7t;eRJpg{O7%|RHM-oj@NJUEcj5cWo`oN3-nZ~$Wq#o& zB%jv`x9D<7;b%&J;pfUBh0&-zuc3txD~A<6sT@(bUU_8UC(2QUzbMBP=1j8dLxlsC zV+)T{jw>9m9A9{Wazf!8<)p&fl~W2IR!%EirCd_DUio0*cgkd8$r<*z%LiH`yL%ci|A_p2DzlZ{a0Mr|4#7*P;iN*+tJNdltQ=>|68=$#+DH z_9}~u{!*3{@ht&*e^D2b=dVRwl|zfVDTfv9LuNZ8ih3xIEb6NqRaBrHQ?$P_R5VCA zwrGfQTv3^Fe9>^_grboo&yR{mDX%V?tDIBR<1E|HD;lPZ7e$owi=I|4DEe7>ThZ{d z?Yf0Uu5xkFrDV3Vq^ME(VA0d+R}`&Mt}HrWs$IXjXpwSF(GSYCMQ2UZ+pFj`lE-<` zdXkSLMJ>urMPDj67k#7ru;_Q?mZBc#*mc{Bj51v`L%FkPxpG(0tIBVSeo_8V)azWk zes|Fj<({HrlzWTDDV^dz0zOY|2%s; zh7_Mn^7T~lc#`iM6`!sgQGBlQ$l|5SQN`~l#}xmj3>BBg?E10ABbDQdFIJ8(E~&I1 zMy^`rzf{JG4?N#q|McP!WN+u<;v?$`E zk5z6iu26nhe5!Iqzo>F$zbVSq{mxOY>363%IaNx7ipR^@Fa zpDGuY6kcrSi%Tk%OG^Hwe6Zw4WwK;UwVf|3`KNMu$p+<$k{*}Xer3st%GD+JDA$yH ztz26&a)zC!O0H3^FL_nDp``Dnw%=4zsr<0y8|4=M7>@0?myA@VODz(1Aq2HvKO54=k`f8f1jZ)e4zgmUGeWy;lqo>8tD zv`M*k(2vU0pe~o&_3H-}C^rlmq1-g+SmowHQukR(aE0>Qz`vD01o~WW``v+RAObgbJLyrxrkcIuf!!Umbu4M50mheXCC*|->mR7*gWTHblrAOhnO!tjWqx9ln9W+-I zbn3c0Gu?oN88vq5)Vng>|2lR5-I>lT%4l_`hA+-^OFK2}o=o>hr;fNc(>>NH|9zS6 zt4^J>B-3TxpV1SYn)pDb>z2sqxlS#4Fw>2CD5HxX&gh;;GHOm{w51`V^rIQ=U7FF@ zWf?u$se>Qu=oSUv?Ns;2Gu_xu#XI$Kr+(?wh$lLByuaX5Psf?rsN8X!u$hZ0(AEWU zRH^P}#HTsBTM_RVth*EOkfB?Qc%V2DbHAskc?@y$ST|s~kYwW)f=FG=^Hx zRC57(3q{N=o}%V%)T(tap*F4iH)_|qt)8OhYvl9UYdf;hak9|px?@p5or?ym8;i=& zRC6*4t2+x-s5=kwqeYzQ48%*>oJ4Sir>zU}xDi#_QH-j!V<5T&MNAorqpb^$L3Nsr zLAPoeK}k)|LXDc9i~gnQ^(dw30@SAI?Wi3^&1%F;+c@X15kJ~O*ZWCs5gJ{06e`p7 zICQY47oxDHt5JofFQbz+{RG9()&(c7;1+3J1XXL@>F5%zy9C9xZWpT6y6;e(*8Plb zMG@nBszXuJ2PL)R9Mq_F=cAOmnW#nGY?MY}b1T|`M%Uem+BCffIazj^L^)`xc?|hc zm05+#)E)3NYtZPr$*2O&Fz0xhYR*S7?YIk7X`S;7w^Hl&@if)+Ky`Fe&2cEH9Wm6X z?p?GF%`&Z?M%VoZwP^YsYD06)AD*U~>sNBlUG4E2(O^_-UiK6=uX?IC>rt83b$gbx zm-0N#HOHcAbx)#NG`j8uRHtq&N}{a`K0}S_zC{FZs7&j2c$#Z^u6CS|c8o(|G`j8- zRH1cI6w`D8s#bS9imOYYT9hzJRHx}LUqz^ zv=oi5%YC^+i%c2lO2J%nQ&F8X1+}3W z=6p|6%|*zUV;>t2pd2*AJmP7pS%%8!o-}WHnrc2r73#XL?a)*+5LMGnH4#s9%{8cw zZmxOG(^T_4YSg-ZuXJdxsX#62ZuT_SJdet{+vEL+Dx}7-StS=v9v=PjuQ`Fh$NyHG$n zt(niY(hI0k8t@v&ljfra=^NB6OosK$k*F;2cv*=7^;+xL{%tZ zjzu-<3~G?V$k)g29ftzaDX3hUh$^MYs79KGYEe_L5;ds15VcA((2l;2)8EYWln7pf zeET`hM)L*ALjBDyPl@37sFf~kCcnZ#Uzj+*oBQFfqKX&3Sp*zP+NkbXi{Xp#BV z(+8&b4el$tgmF=;){RBJLc6yD1*B6^xfDf}(iBu9or4;r^U*pqy6z&h1J#?$JcZ5E zo@&i1a{e4#lJw zQKhsN)kw|A{%w#iOW!~Z>NcWgX){`f66Pb+qIFwQtEOL|Hg!8uPCt8;(hYoGK#R-; zo<`T*g=*-+<~~%b>4Tm|*R4Sfn*JL#OY2apv;plviQwC)4Yik!Y2o(nZ;v+?Wl0sD z>dmR1YR#P}py^^X7$t)DqjGiGZ*gx(y-n5T)byHBIRE1ikRj5sR4Gk`__t1N&47HbLZRGgshNB8~K~#kj=2BFx?n+dP znu4FBI(0ixqjb_Hu1&fY)eW#meiSuI8&ER}n_p0yx<8OJ&~^vD&07$)mmZA#>L#Ip zbQTIp=c00{3dN+0QKfVlsz&XlSD_kp_oF&>52FTkUEblW)a{E>h-V(CSg?|-uR>Mk8&Cbs z@$YqXiQqU?&9uGrdsL$xzoA;x-~8oibY0i?JGw-$yQeC%64hz%z8`QawKo?vNJVHV z8f;2D?Jy^zM(sEarL^vB)GVEc)}j7px~FffS|l>YR_bMe0VPMs*8O zGYXp~)GDP=)?juy99>Yhe1ln8$2Y3qVfpYYbA z+qxj=X>{H3s9HP5p&Ar6D^M+J3O6LIHJ~QKj?| zic4Ejjr0X-kanVGsSUMC-y`3F_Q*e@fV2mdOMjwDsmm6}iA(#U8mT9$MOp5Co_e?j zB{iLj8l)IXNf)4I=@Qf`U4eF>tqZP3zEXQG*P(!P11dv_U@aRv?6(pt0wEi%o>H`JcXUnn4DZROF9M%QI~N(6hOA#~f!B`Aav z!7EU?c5FoJ&?2)L?bNz1+qjiw_Q?Apztj^2r2SC2RER32{-{RsqXy|fv>t6U2P5CX z_L=WtD1gFd6dHoInII}xcRZ?;PC_-(cr;(@PDe>~XQBpaDq4ybnHXwB>&(L_rRfu> zMcoRtL+hSLJJB}t4jO!jy{|q%VN`EE^;B#2-`>%M%^)T$%QApkWs6rb0IcFd> zpy^sS;tQ@9h0Rf@7HwTH8YQ*PMN6f3&^k?zNq1;;-5AuW>G7R<6YZqiW+t|B)ZzAa zOh%O`Z04XE=^rSG62Y60?=U<48D*hbv&U1t`O{O_m@m0^wJwb8Pf+r89;!locg9mw zFp6q4oq`&qbI?+>$efRw)m@9yXzPM`s8wAJ+9BQIsn*ncsy7RfZ-l+x_fQrZUH7r4 zrr>sDe_p%Rw0a7guRYb9Z%{4Mrl5TVr0;Nhl*3UDYA-z+1=LMLr?$4-> zX?tn6uX$`}$57ND9f}$?J;GBW7)2>fUqsE)T9lTWQLFR@az@&7-iUnCW|W0S*L~!v zhr7+wVE21ZvrO0jbgavAyQ3U-w3i;Yi;t%|$_*$W)uJ*@7od>3Cs4Vx0)-Ku_fbsU z3#bZZxlNw>yMLpU*7a`V?ScBcd7kpz0iLqlgHYCyb~@Qpo?GcD%bkG+Go5Ab_jHK+ zh^H*~F;vAg5!`{6qOh6T&b3J~v_rZ8wQ1cYDC;P@?iZAU+DrdH0d@O-!?j6+P`NY& zg{3l7DGf(e(nwT|+Dk{F8g-LVtuzhQp+v9}HK_XzEtP&k>!e@N4rwoHL+z!$Z#mPW z?U^2g21~7Eq(kRp*1<_LJ zc$7kk;7O=i-5Rt`dIhzh_R`l-tGZUSL;4!EY5EQF9b<3D!0)+5(qNQ>62YM;pl&r9 zY&-Lkr?B}q3TwI!RiO{e22Ug1|DtL-zQX-4w?oqdJdJcKIyDI`)ztp}a;uTMTd+BzxgXssR|Bu|FQC34djdUX@tnNHdBi&n272Qbp z0Z$*8r%?@E*nEU)HQnmz1M@v<(DYZd6n$X!qGom7e&U?fbw{o0@{sRXd%R*4kOrU- zN(2u;>aX>5XdC6`@+G1l4I8Kn>~+M)nm7VRIO2mX1X0q+?O5 zWY7*NjC`Z*j&Ud;oq`5S6H&P|8HJ^3D2BE!s6>_OE<|y4Gf<7XnWz?xuA7aLn$ATH zn#R#m>1LGD^j6fY?oPB$T8z?~-j7<vHwsIeQB2d1P^G%9s7m?*#WmfDYSgu%TIqX~)bwZ6pl%OZD*cI4 zns(XE?NzrgS|{~HX-)S-t?CNV4yiwK#@O5IM?S=Nagbl#!6=~aFf>>?5`{E97L}_r zC@h7MeMQFB1>;bqx>Hbb4qqMpk zQLDQ7XopmXd_jAQ?m$`6A{3C8puy5Zs9bs!g{3D@rL+Q7NzbBM=>@b@YC`Lz6xt!Z zj0K0(K15;ZQ#2NBGoPcFx*e!W+J)lMcc@nS2_>ap(NbwIN=d%|aW2w6 zC@u9sJEXqIaqV>%AiuOf8Y~S$Ll9qUps>0!R3!~ZwbDqmR2qfWp+qod@m7YYta@(y$0qJ=(7$t%)qp-R@zj0(K zAJt0zPy^a%2BM|v4nob+FtkoO9Hr6L1xKS+b;qF{C=m=H=Xg6!ARh{wB+8N=Lw-&F zg#zlHK_PXkQCQtes7m@bic9NIjkE#PN^hg2^gc>SpP;m~9koiW$O+qX`5O79Z%{z` z0fnUhp>pYW6qf!*F{$hCoRyS=;!@(Ql$H)hJEWtL zGuEEzaVSd)A-{A28Z4cR!qRD|N}7Zkq_a@7bS_$l62U6es%{P1A-#fpC)jIy4P{Ah zqJXps4VK!edqt27bq zkR~JFID5QlC`+nD0qH_CSek*t(o9q(%|^A-^(ZObh?Yw8QA(;q>!dqST3Up5NK26Y zQKztZ2xUo+BER$m8Z50qA?aBZmR>+HsR_lU6snb8M@i`|)F8c!QqqU0S^5;ErO#0- zYA@Y^oRjTY{ek?FvzIfFx}h4WJF1oXpav-)HB0?at27YV*J6duU=%>@r9;tR#K#vD zmR6z)$^R#}4Ta53s7l>GQC!`xs7Bh0YBlx!#Tlr(5-nACO{cy_&6>J@^Y+kmENVsV zrK?fdczUx5*;i@tOchnA+lngH?Le*4F62AKuKNxJq@Pd)N(6tk(^KvALWkcnEX_b6 zX(lR{W}}#NJ&H>=q8e#FN=kL8LAnDqON)^IG0UwDdpQoo>6|QAqk5#iXuT zoQsr$l2UKfirP!_kTcQlHOME0kzX2z0@5j{T$+d~rOBuowUxlJUR0^>byThHEmWiKN7Nwwf*Ljb1EtiR(T%f`&PJ`$dB}H$J(uaI z47Hb5qY9J=ZbpsjM(@L3t($_<(mAMAIv@GYv`4uJ1*A(+xpXC}l&(QF(p=Oa#Zj|# zGs>B4&)`;1iQwa?j4lxzv~P#_H#t5YA?MJHLF{JTBT=^?;Lx) z7f?WILgi8l#iZ9!TzU)DNbjPg^dV}HK1C_%bJQ&DKxt_gYL&i2ZHW7-Q)(tD^{ z`WwZy?vOs5y)**VX?j$rs!&qXM^S_H1Zvc}6)2_dEz~T%i_+4E$X994`BM~-K1b!! z4pb@aLN(HNs1EUXK@I8#_T}2t4Mr(-6H$x0$(<_QkL%U+f2dXZ9r@0;XYe=jOI>q0 z7bypYq~54p%0m^Xy|lPfRVb$E)2LEfg{rk~4T`I~C6BXLSC7)_?#%b`#KfM#V&s$V zM}FyH6p)spGL#4|_ry;&6m)dl8z`i8>k2tjX#=X1-bU4^z4U!lqi+8q?muY|YSeTH zYF76nYEkzKYE`$gnDd)%&-8i3pH<*oUPb|RBl>X$(ov{f8jWI-iz=nDC@xi?8tGJ& zl%gmlO+jht9OPVJulIc9mo7p9=~7fKU5P5CYfz0e7p0{*axSz-xf%JTTTw{56O~Jg zQBt}erKE>Zv$PbYrRAtqdI~ug*&{!PeA0`^FReu(sTq|^Z=jg85mic?QC#{6)ks@W z=wf^1FHlU{Y1c_@C@Fo9Qqs>TE$y+>YPNcYabsu%A zdwIRD&8(d+9AGrS2uv zEd3j`Xu1xi)%}E8rC(8-rhAd^3VSZclyEN67!;7oQ5kA4JrRY}%|YeTKTw6HH=&ri zXHccI8dYoh5{j$)64glmK`okoi`t~T0i4TBdoE*84r(tgM*(%0qB33)<#O~Hpzv$~}yt!_DLRreHfuCd2^4*8@PQ9xRY%B5yhDZPPeq>XlZt=+rX zPNk3RRN9Ifq%Tmjv=i0MvG12{c8bF0C)B9!SG!J~*QLe5;fBZz#`@yIWogaXodR4$#4lG2$dB~3+XDTbVR_IMZA zPP)W)|FGQ^$S+-uLeh1p`35_^0kulC$akad7NCH1J1Up%MwQZis787aHAoF85Vw0D zN9EF!s8w2td^L9Zyj>@~Y}ZMzq6TR_YL;41T6zbyN*^HSCVP}E$R~YE)7OC(omF? z4n+;p5vW-@2DM6KkaM#=N;&dLCnCQTK>=w33Q1?6a_MXolg>kx(sWcKRig&!a?~u% zLTQu;&Oxo}@($p7Z?R`ki~`aCR4yHWVki+j2vw@P3DrpdL=Dnys9CxTwMzFQ-#_h< z6UdJe!6XW(`vZkgm2n1hZR*ZMmC{sHBgIgIbOCCXE1UdPoaAYF&br5jL8 zszq^W0ZO7o@OIR!ZUbtS-bTJUd%X8i040K-pmNC_!ud&0plYelft;yyU8nY-26eI0 zj6OpZx7y>Ka1cj98_jE|THQueqi)<#&I*Oi>8MpY6Zz_GHx>D%7z#-jprmvOYDDd& zSD=)-pHW)cgIc9Ok#n0pUY9bCEbWW@Qco0;_Craj5H(2sQ6p+E^`mBW%TbHEr%;=; z1?Ajs*X?sK_aq9NLs6N!BT$XHdr=))XA-DE-7?gut`VixJ%^k->``7sA!#j&NzJJF zPCI=AwMrY2Z=vlrqa3u(e1rn(K1b!!4pb@aLTy_29m=`O?)U{YN`IpkDfTY}F z{gAWBsu0B&TlGgt$&XUffha82)+K^( zbt*cnqnql!<0%nrI<%vUy2FQesLDOkQ^bt%6gA^K&2ayLnswxxPz##swtJf4esWkx z7d6{GC4%`QI=V!#zEk@g?yYmL^Hk;D=qX}uMs4<1x_4z{?(;OuEjprO8Zl=e=RSL{ zRiPXdbuac5F_&jLGtbj3cLOT3>r9W4p4?MB&2pojBIXVh(vcrT7246@smbhfWJeb< zJv~L;ViePkfvDQ(yS9*$=<)}?ZUY(Kqv8O6`yQhfx68VRbR6xFeAu6vfJs5#$L#4OBoZW1-JF6ut+DPmS+ zIC6wPLdQGdSWoUfo@TiT zPZ9GKis=mgLX}e1XzpD!%gy!_bth(Irg(~&MikeM*H9gbx^HG=-u5)h?SEXyG-575 zN$t1+HQF7f)>FiMoax;EdYa|_52duj9m88eJH}?@F7m{0VDL1{eGav;ZkD^(Q`9{% z*wIDJcux`YILdjzp7X02nb$qdatlqzG-6_?jCC{I>pWGtH+Y)r&i52GSGpbRqV8r- ziQvbcBBmn5TfttNIX@$}!BfOM;i<`_P>gkaE<=^lMiiGeqZ;WWREMhEt)8OhyNq0a zdB?QgE%g*J!%&0vjzNtmYRWTmuk{o$|L|1h-tMX1O`vA&Z9pxE`_B{qp64m*jyS$! z8Z}3Is&cRNRPQcEX&vPO)G9rK+ECP8mXZ0Fr-wQX1LR(s-A5T2r@EhBgISl(`|Yce5EQFCHO?jxQe<}p;kx`JIXh2p*W}%p;y6W|yZbcaNufcfg6f1?^rlI3xEKPZ4vQ zrz-bBPxbD*s8KsU@)R)#oYc`ZnIk+!-BGATx5Idcbth$H&h}L0-jCXJJD$kM zJmo23wtA{^+db90e<0^U`!@28z135bS%_lVaWATr5~vzAnWU$v zc|0Sx@5vq0h$%#I?I=Yx(jll0C4wV5^-`yfkMNOD>o%eWX)|g>QS(to?tt+fUBnFb zROOEJRPUaMQrbHnHA|$)P^GFJx@{d1@b*)-+~96 z!duYFJ;+nkJro5r9f``&RCko88ScTSa^Guu7^*<4%#o;4-3%0$W}-SY)t&8WhI`Rz z+%KA5iW*TOcx9(Hd79z66FR0--Lak`=J3-yx~S`-l#X%&YL-q$Eohc|ny09_&Ql`z zil>MfF|lJ^)HNury<<@uN(3uBHJP=ZqV8*+B4$ITGasXzhwXhjA=;rPb1rJ5i<;@4 zBJMpInTPGVN9>Ljo}%VuPgQQ-q>kw-6GeX3g-snQLs4^wr-(^;s&d~!A+7rmRiH%h zQ%_M-aYjcMF|$2YxwW1W!MaWjI+MpZd#l{}o}%VfPh1l#p$ zyr+n1Ln*EM6}9Pjdp*r^yHD-tqGmMe+F*bB^D>l!BIYVjGu*hRsJYqGRJX|!|FSo& zV@K3I;vCLYdq;WVGgwA$EebK^@q#K4kC%+x5$ASvJikXVts9HtQUyv%r=k`VaigdW zRk_nV@p$&cEA%@x^t_IBiQv*smBu={sC&Psh zZqMl*(*O|`z?P-=f z=>i^C+VL=2kG7emsKxFz%RNQRo=oTNcVWkr_Y{=Y-b&PFceod3WG?j-F|T-<<$jEE zmf9oxFY@GG?rD~LwI{wCfXeJT_Y+SM^I4`dzj&JER$R<|&pO`oJk4@fc#4`|GICF- z=HAuuBAz1V^h{?i@ifa_kLq-Oy)W_Pp66+ndx58jc?LCV-3Cv5M{|bPxes`%a+98T zZi`y9<5f?*^)sDYbZN)5$qYbg*6}ljs7*VDdWx9aGo738)MOfvv&`;z0)?a%C?-9N zs!`N^!Bf~>>uHwz8k)~^oB0#fA)X;$)}dK$Ur$jJ&B%QORXk?jf{%Hsau2$^ql=hB zJw@H)P_

mV2slPx2Hor(~w)98{-uH+pI^H)lFi?%NqkniOV@XOdiE3 z>K0~XN<8s-&{LDCMSkt5LuGb{xg#U@-=3=6^`0VT8wzR1S7` zs&|i_(=n}bT~877Fly0RJ?*K=-S@hVE@BSz#It5k_3jC%O*z+K9v)8()C%)eIlyEQd6gBUoH0!o5D4*9MUQdkL=<40)Jw@FnPgQQSr-<2-nVMb5 zY1C2v!EHl4zsksc&r_56#1o(WP#NnY?l&lo62aZ5(e8B*yTOw=$`j9}JVnfPs6{*K zJVni3PgC8Z8#|^m+^+EsMco`v5z`0lWbZaJ2(=-ey?Wvm|DK{|WkzmJO~*R+qMU!( z`@X-Ys2f1jpR~t22z6ayH4HT)UXzYmrK6GkeVDx31O=oJDwj?`^AV2?G~{Wk(@-l4 zn@Py`jMZ5vAf1cKr7Bb@U5sj^%g{2k&0K}XuC%%qRXl6&=Xt1F`Ub5>+sxTFaXX%~ zIuFHBQ*b&;q6ELSIHS){O4IXddAxM2L(VF@qZ;|8%RN<@Stz6~fnrh;#ihqkQu-H4 zNzb5W6gI0-THQ;iRo%bQPPEOeL%!8^-3Anp-bUrp`>0a-1l35}QG?WqQm85THCm6h znQu^9-4Dol-cJ9AY7jp?i<0X8Mh)t^&gUrVa!~vQyQ4RnkG7dSlvG!2*GU6VS~>tZ zFWMak*-jc}yEV2u9QmcAQAj!tjYZo`2qo2>fKt-QC@r0a_@mw&WfJmBXQ7aEE{aK2 zC@o!#oR{s6%TQOuBL{_0*j$TZ(mWKGYEV+T1*N2Vl$I8vSd-m*52}(MsTXs2uKj;B#lT7^>58kCk^LC!07-D}7%y@_II>w--vF1?4Ap>5`4JN>uavCU4U zG)hWep_J5)($asC^Qzsk8~LT*PzY^Z@E4knwwbJ(d0%a|%0?lS2==mi&91uv#Sy=I zr&9xN$#i$4q^94Y6bhS(|Ktp$$!I6qW~L!$ot;)9zjPrANi$GPnu+4lY?PF)M-9@A zC?(BDX{io5>+O;6K=yY=@-uvB8QNx+Am8h@dk6)jN0IY}?Vdn>X$1;N&!U+00*Xsb zC@G~-N_rhNqmAY*lveivvcErYquGL-H|=$_A|KjlzD9m^|3v|HyHQBppQv12mj#@G zx*n)fU0)Pe*ALaG8;FwX4nhs;hM|Z(wUx{Fa#-Ib_8-8Cqs z?nczCZazw@yB)QvyBqo5w&#*S0kqUzhC(Q88c|Go8pWkmC@HN$Da7|hQP=JEeWu^7 zd}NRYqV=EIZZK+1+v5#Iv7J_jqPTPf@_%K!V^ByMW2aI%N=hf9v=l+k*LKGQRQ?~U zGf<^;ww<=wk3Q$27~-`?C@xi_8tHPBlxCp@X%0%Y+a3QvY3U{u_{MhsMCHVn{ulYB-6)3m3kE3kqn%z> zPbXc4LO;a%%B50NDIJ2Er4cCkhuv`$vabvco6#sOxyZhz zlh>=EfK-9(D=)+5RNF~W6q2T(m~;+`OXs6BY6@P2oWHCtMSkf@l=|Bq?;5*Knu|h? zk1md4(#^K>+3r@`Nq3^Sv=}9&`%y}I7^S79w(DZ|E=Nw5)l(=gJ%^Igi&kCjbS+9t z%_!B)c5fhOAFGXaowV6brH|}%Upw83{L&Y8D(ytE96N18ap`-Mlzz7Bq&>*#ZrA;Z zLQdf;!;nPl=eeusSt&F*uDLczn7KYcG7_;CLN68(qSkm9f?xXv8Wj(f(Erp zPat1!+x5MJ$B=X#N+DibkDNYM-yk32>r3QUckZ36ld4cNN(3)PX>}i1^|gDqpyYm5 zpP`iWrJYLuK~AonevAClk0>Plf@0DiC@wh*IiA!FrKIjCE%iZ8o;_YZ@=N_tNE(P@ z(qI&qhN7f&C`w63ptN)ha`Nr*#vs2`jzZFjC{R8j4cVp(rgKft(V%;}{f^#-O-Vj*Gtf>O zkzab+YLLDER-rWF`}cRV&TlmU`K1F;NID3`q+uwD62Ze!O5OV?Eq#Lg0eh6~C?vI_ znDjM@OW&ZR^aDys|3hh%2>$NrN%!(anQj(x4)8fox?g%q1pkBl>LxDkP$D=Ph3FE& z*HBEVx`%6%y537S*xo~rp(JVw{>xJ$_zX(XC4vL*>rhkhc9hn-yOA@*?zj*6r3X>y zKzn-|P)vFp#ib`vQd)^p((|?}wL4z6o%AZQKhv5Bu19Ia z7^S2EC@md;oP+JUgOFbuhGNp;C@vk1l84xJ$Dx!ILTTv) zcEwh{ubaN~`Sj1lz4aA?X#n zPI}F*liozJlkB=pb}GGRr_#qLC2h0o#@TggyH5JbcBj}gXh&(p`^Q6^{i#;-kRLti z)}WAd3yMkgC@w8TN$DPxmL5Q%)9l_yJSBq5I(7KN97WRx6qg=H$qDv)pG3~-Rx6QT zdLD(Omr+c56(yzhC_d5dXtAC24oXQMptQ8bYMRek<$i|zmG-UwB??LZL2<n^tIMkZM&jY1(Qh+@+5C@!6ZlG1pT zl1@iy=}fz>+8%GJT_?rtI_UztPPzoeF0t#bKym466q;eX>+Dpz!A_-GWd9AAS3seZ zbUR8*cO(C$c6uKQNe`l!)PUmB<0vgXiJZ&qj+MwSJ&!`t%P1zjisI6GJH68GXt7i2 z9h8(lKq+YpN=u(1=PJA7OB9p-gW}S+C?)-f($X);Kils31BE1~fxS{U6qmZAq|^tc zqYKT!*w6rLVVVFmxH~=2{(!{L&F9 zBprid(ijw%%284}5v8OEN=p-vGtVCH4CKGT>TJ7CI?t|?rd!=;r`3or`OxLa{#(g5 zGYh3|vfUiJPWp#ct?h0?&U~wXqMc})xedi{wzu~#l)S}Ge?%$i7nDYc;2(B+x1ApS z7*pvul$Js$#xuIGIRV9`lTlJS4W*<>C@r0Z9G>Nc&ABKhRiU_aF-l37p|o@ra_+G^ zu0?)no?R!^*mcq^cHO;pUAaV$vEE zmtH|h={1y+-b86>6LR=W$@gE7U-}q@q-`iBrBPh^3MHj>l#>37($a3^B<%5iLw@Nm z6q2$Y=Xg>!ic7svQp!assR*T|66El?i@z~~{8A~hpJl`55EPR}pty7tN=lN>`$kbPY;NbCLZV!uLjy zU%D9$LEFr&D5UOAWIxU(f{RhS!S47QC8e%UaAedJ%t2|XH*$FYZwlri`!S&@Sd2o_ z02GrBKym3Hl$3^{lyo>sOGhL7QH1C1$S;LZNIC(2|u(?l{vmfk?lOSao+^|IAw( z#|4b%Vne;55<~r=QbU8}`$p+5m(S2}sLaqcP`RP8kn^q5O@ImvO;)U-n-u$j=Qow|8dPBDO{mDwJ5aHq%}|M&g zX-eLs*lVAmWJBYiVnf$MC5EO#j^~l?W~ji>EX5kS6Dl<{4=RV|HoIRwUv%NK_zb-O zIXUt*;Yv_o=xL}lS0y)OHZL=DGUV(l-)T^Rp(3cbit@G+Ra5N!P>G=hN_U{=EH8XS zK0}W~rG}n{$_y=s$_?o%Qgo1VtbvLRy$+QaS`U>PdKYr4E8PcBfuWC~B14}+#fH9y z$_(v*$_@PlIR`86Zm7V}f1wgX?sE2FCoxR zMTaQw0I1l|V5r2G@Ypi)B*L1l&(L*<4ZgNkb_?^95Tq35AeLo1;&LoY)G1xmLTDl+sIRBUJ?RAT6T zsNB$2$f=_o+n@qNUqMBNzJp2){RovA`V}fSv;M%JyJgA+A+0X#4HcX6hJ>_b$|$JB_^u17 zQQ@?ZwoJJfDmD9fAfzo*o(*Yr;R>kCWdBvY0H$lP=WCs8Pb+1jiDmrJ2j*&Q`$hq_!W*KO>Dj;q;-X#KxM>k zEc_fQH?$qnPt&h1{63_0g?mDp*xX?yTwr4TkR~?YKcsbq)uAF{Hx?cO6&tDpl|YOh zsMOFgP#Ltk@C3*?TGUKFXk+2o@*N}UBsx}fE>r|9FYEyo8@dQ8HPjC(Gjs`5aGcUz z1{E2)5-Kq?5-K$`1}Zl+9&(OXjvJsNL(`yQL$^YuhHit(4BZ7e4V2?vsKC$zO4nGv zMM`JrQKdUszGX^h=vk=P&0(RHb_rDl_y3JbcIR{ zoez~6>IIb>>I)UOSGs{viJ>7-si9#|nW3wpazmpbr-O2oC|yU@Ws=evx>2#6d@p#no~6>F#?RBouNVtXsy`B0IeUQmglzEG*5fl#@j zA&^t79K)a@Lsvt^hDJlBhDx9^Lz5tEsRBmWK5{UVzFCy#y8XQ{GpgB17w-5<_o8rG_>^<%YIEPJiY2MClBD zu5^aBE1jY5m2QC2?ShI7{RR~q+6#G3GsojeM2=G{Imd)GT0ODGY=>cwFzgeC<69}6 zQfP2d7GX!i62eY|WrUpxPtVt2;oFXEpF@~O*wx$0>U$N>J3b}6W`pZ|N%$?c6Z0EuCDhu!J5K{z6IOZMb=na&;~7H_!nN$T z58)chx|C4+8AhmQ5F-hvU?-60R>C{6`?1BCwx7gQAJs$QX6mBjcnN+LdlUPZxOWI` zn)l)D_&z552HS}p%03nUGptbdJKTh_Du#dIPyHu|+lNs3KP0{EK(-auAap6S38C&y zT45cruGr<+aBK`V9#i@o2yen>VA}Tsgp068!|i2+s^hbSwoH}xMi{?=P}{QXc)MSF zObV4}H?|F4OqmK*c3&*T-Hx`EZXa0X*)nYTb;C4wWaWL7bhZr}5q~;%2G$yDk9EOx zoGSNH_zG+UraX54*M{5jje{p)H)5)j&TU28#JN#<@^69XlTPP<5uyCu;bpMx0O>BeZqW_Q}Nk#C~<0 z@)xpwR%qI84=azXTbNdUrLkeZEWgUSob9WyQDK_v2&Z8>-r0mB*zdiB4`L5vuY|0; zyRmg_pZtz%>h(6PKDifDyV$yXiC^hu_L!7scbHe@==gM8vMRMavwZ;JS@?(3j*8bY zD3l!;#+^f`^Vgm5ILfr~HtdgIbskKped;`nhD$J=L)j!)^`1khy4*v!2Fqnmu;=M@ zwzYrNUwKrPw%^5Xjs>6UseQ@5!Ebq2RvP)L9_l$KQFg_2*?A5kjrOCys{T`(ZM#p^ zt0mj&KdP7NYU4WKzaG1gJTkSX`tekFI{s~JtKK@lik}(!ZYNY3c|5DNbIiT?3Q6-I z;iK5o*ky0I&I^PuV=Bk`Du!!`&!?XDyx6g%{eDT@&d`1))NyJ%+rNkH%JSN=R=svG z)->J<;3k;r{w4KQczU>fCZUeYhW2>R!ao+99Hvt{l~Z4}&#m}oV|QT{eLCg`!#wH> zkA|#q@C^JW_71i=^s6rA@UPgO3Vx@6YYaY>X~qiMx(*$Z?X}J+o`RXUPz$$Mxp|va}YjpU5-iHwb-6QyzKAN97USn=p#04z;+v~J*M-ecD2{= zZ>WzQV_k?>nHs;^*F|h=Ov^VB*4$8WUb+dt=82hv16d0w?Oa&(y_ZmB$!D)SOYrI1 zFOyGmi29b=z_x=z*dZc-2$q`eIo7*E!U>X&Zb6KDB{Z{%hD)Uz$jGKc+sk zfKYu$eM0sK+iNQLUT53JZ-teoVt@J#pU&4ee1@ga+W*+D8(asfhhZ(k6ES!0%P#HTvySbv7?zHO*|iWSy7+%tA0;oa=>c*2vgrkL7O){^6F$+oWJ>J#U| zJu#iD;xOICghQ}l*hp*)rtz&cmX1ZoI6d^u3ezav-I&I!^2!!sI`6hEbv!aVZ>Vp) zNgCBj=Xw*Yb0M>Hw_R&|PMp&0BGh_8{2Qz_<6gpaJ=W^X?>eS^VQs7Y0>XM>+|h*R zVKqpjzNT_)pEDtCV7Ggct`Bx`n8*4nZjT|pG4rX$-H))Y*MAafANHEmoO5Hxn9ij& zol{-ov=&Gl5v)zB5^Da@I;A#j)7B5;j|+V|2lo18+v>zHt}pvmKFtvdo8f;2-UjQK zDsG>Z6>rxG_IMTkpW^NOGn{gCF11fPH;%%0CpHgLS@&o00$Arp=@s`f+iSygZxQaq zY(H11bN@3wm8Jf!_LI-$sj7}^2*+sGaC!LD7wkE(bN`X}wU6e6T1QyF&DSQ(Cx7QK zt7wG7_KaEt78y+d3xMG+1_Pm_~Dqz2CF_YYuVQ_Y^9_)>-W$d!975 z-`acD)%X;rxmW#9{b4=6?=ks)BlLKhtNA9MQ0K+=ld5e0C$!pxCu3?$)%7$uyZ%LN z>-^ceD2*MH?TG7x*}hV7+orpiG`9b%zhA+&u2IKOZ>{^TWn1N|jv5OJC*jk$saW@E z__fZr)-}L>r?xw4vPC0(^|~N*?rh^m*Tng zzF0M^CZ_rp5H`nJC=Abuj>V2)rLp%$b}XMo+HaCN6l#v`Kz`XawzJb{&Xd_W zz=qX$j&J9m8nC^$SKfj!&c@4k6u!OT`o{Ltlkn-jT=!uu;Ips}S-!ro>Z5WLXE}TQ zl+6Q4GcGh+rt;eS3a=+#aVp!!**tdJrnmdk_Jd)*M+ujOta7xSy(VADw(Yw*ZjFb^ ze0FYso%AYS`^vVB;XZUu?cDVdKFwR%)gw?D~q-LJKO4iGNqAe9+Bnq zNsR5A^4oj9gYmCoJG=j=-`W0c!$zc2Kepq^&I>kdN4$-*V{HJwVb~Z!ECq#U@nnPiFfz?5+y_ zd)Zzcn(hzZgmt`nR{9RC`E4`dN0_b~UxZ}Z^*|1pl3H3vqj~96rZeLwcF^RfX-k9ILDVR(^3k*gj{r>rHzuk0nn1#E!p{+1CE$ z)0~^#XS2EDy_v4rJ!iURso&ZC>e#_JCWUWbtQw}{ zQ9bSTydFMXdyXM|oAcZ-48_)GLpvty_Nk<8iM7R4H{1UIx5JL?-`;1a{Ztnnr`kke zU*dJoVb^Gvu&s5f=I_~@H_dGd?KScm;T?dPyeiMm>D}?E z99>fsUdp!STcsNg+xb}a%ASj-5vR{VR8LzUZO_H8&l2@{qmKV*!baFy{BL2Z-$ugs zv5&D`nA%x&vUNK;yymGrep*a+gX`-kQ1wLy0JY_@ZS4JT2SZ41@oCblnQ zzcUH%#O&JH`sd->MmoFC1#I6>o4!D(d@4inGL^dq|GF@Z?SD$6JYV78f&GLjz0)|@ zXPQv`L*qcEv^Gw8mG<~BO>g34Hl4jkR65mPX7kuJhYjtuwijhxN!|Mqs%(2K^*JA^ z$FOi;)^GFuUHl}{Ps1vfXY<`k-0hfcTYK%b@pF|oY)ji_cHM2a?J+5oDgB3GKAUzY z+p53LgUz?k$-z47Ji-B(@+yrjN1;t?yT*@+>6*gXZ!1a@T*QrZ{v;&eRd90 zncGOC{VAP78)yA($)oF}p2x~;S(;NU4FB}W)f;2_Ym6iyAZBe zPkVfChH&ur^NB9Qv#>de_MXQcw+(F{w#VL)yjs6}K-*sk>pCNr*>iq1erpo#AW$3e2?Q14J?OQCH$F@TGbS+fb?FqFldyM$EuwQ5&ZC5N$c{dZk6VtuK zZz2Cls5PPulcxsT^4aTzjoXK~F&wx0i01Bt*w+#G6gD7iOCFtXnS7d8RnIet)B08U zY~C)RPwQ0c%g(1hF^n`Lu`!s+(fF7E+kMKno^&!>*V~ELzV8l0rI`;e!fblGu6_)k z?T@SB9;^q}hN0@DaVdKbpFZc2=@_@Mt$Rw_-@j&C>lc|FlZn%Ub%FM2=lDE)YWw{N z_1T1;R~`o2b%{-9!=s4PI!<;XT!nq+^Xx$9x3YcO`kX@AZR}TlEBpH29KY5TnvYah zJMU;*YVB#qd4JLk#%w+8*s|L;97-D9PpCfG$1xJWj%h66t)XqA-P9I3e%WpKFQN{* zhUl8Hi0x&V#)#6Dklv0R`K(|2lG*dUmOM%?pTf7Ot{R3X5jMkGV*~MPytfPEIuq(1t4A1$?RRW!eJ;<6t1O-E17k_2yb}p! z_k?EW=I7X6!v0qhE+kw-xDK=7+we!2(kT8@_yxl62wx$z=g5Y;@vHx;?R8wX9*Jhb zx?W>T?U!LYJHBdGyzMXBNT;+i%XLVnIkrAwV@&O@ZOxUoU)p|T`^TxIYln5lx`lcA za;`6c2ZkoU_A`Xg_5<55v~T&YCC;+8C$K#oy94`zW0mPU-U=TIL#2B(D_+~rvAq&| zIm@p+Z?pXk;k$&|k4)EG#eIzL(=5M@&wf_@HSs%0Yr`FEkECDPI_=8JuQF8^?eEVl zzdb(rbDIbC5zF=ox2uI=#qEQ#(%WluO?R|mkH{$EE zd^WDKbasr`emRqT^Rb24f7ze<+YFy+-cOssa+I!tBl z#BvIm(=qKs=~Zu8#m^M%_&J!g8Xt!eHV*SCuQhudg~Zviv|pL-W!r{+-Op-U_qONZ z(>yeQP}dppV0cuRR^`|-bS(1Q{agoMk4?pH$L_@*!1P((V}!D&uxF^_azfo_YtEAC zx}j$_y02DUY<|tRHqDph`40Or4E0>#4|qM-X;}kI>oClw^+}IWG58`=R(h` zl>bz=_1Q-eq2^Az-_C67I8~=&SaqmL`2%3xyX)ALZy4JuU-PBT=e2B?VD?$$Bv|cg z&J*$W`h9!o*LDHrDqfs@jn8J=#@W7wl%YIoFNM#r{X*!o=TPTIaWY+lRadp?2c-KF z+ll>*$#2&xV!J;Z?sG}MBBt2WOzmEVf=9kFw<8QASubB7>p5k5|xpT?GB53nsO&q}Mh+x4X_+irhL zx@MH)x8(UHRtu|(*|A{5?E8Rhwx69GNgj$%e)SkH8ZD&(3YpW0y*+X^fDOh@T858CH2_J1U1k*6j7TWzA}2x8s$>m1rN z_PaClNvm_HwA#sP`(nASKluQhGT zIch?vwo-fQ-az*S+Sa{+e5Vs{?+wm`Rd1DT=g_n8b;P=2>TB6)?0rlR;(BBKvBB6- zOl8Qff;E4LN5eYiRas{DGl4kuXVvW%SZ$}e%Cet{%?;D340}#(8TS(>zuLn-^RfF{ zniZ#bJ^xXilun^NM>e$QY9;wT3eTnPMa6msr24%}ob_#m^*xpyggRI9E6hG8KM_}z zzTvj{e}BKkwq*`+dj6*G1ndLb&yY@qJ@qTXwwTJuer74Z_J1y+oY)t|g`T9>nbZrfolk_FA}<_}^&1rwH}EE$v%vD$};?wXh83(_EzTw!yk* zv;R9`pW|;Lt*#A9tMKpsujUid>9Zw$uJk>81jq9;;W30KVD?(#okibgzLI5g2LFP? z0@Hq~vwb|KKCkZ(E4{u$tnUG9yAg4!liEh-@>I54V_mSGSbt1;uOuvF|4O5CGLmhN za4g|e>}E{g>zx&b;&L&v8*QB`c7pXLhZxW zL*J#e){r=T$5inOPiI@-e{Dr*&&}CzckDt;?W#4A9mjp}*>V-yac%PsBz_n+1)G8C ze{}95RR7vW`t0$b{Hlk&{@XcjA?fwJSl6K^;ny&&N95CbRu=WFE&q-lv|@4F-0s)r5F4YySf?e{{qb*y%sB!9&+#*tA{`Q_V08uR~|gdhHc{Ysq7Yv(!pVAV1E zoVOM{fH^dK?Rzvn)lX~DhVVk_+a&Z|!ntY=--E9c;T*zqv$oZb`i0vzyqs;V->)LP zi2O=38lHlQwZ7HbYC7B5-}$!R_nQ@_wZ~zf!$)g%;#FVuv2BD)sFSVteZ=Y59wpSX zY?&>`_7NM}zW)qq*J5vF*+$s*TicKAKHeuz_a54RIjsHdAp9NE+$Q@o+*UoU<+kVf zcWAoK6v6E=v3m>wEMSd&Lhu-Sf9|w5X$Zd?Fqscur=7bnEvng146AkJ`Q~z zKE>_C^5H)S4wmWYAkq|I_B<%ej;|NSY0RjdY#S(SNZhHR6%w9@ z={dYi<3pC+4i^!x|GiY+0a>haZF+@DW7l8`wQjciRa*J9ZQIp`lfp9ZC42zeMw*8S zmts$1w*Jq-+K1Aqob2x^+P<=yIN8UT)@(ZoThgxf-2Ke9)?~US%l>H`EAG!Qz1F>Y zKCQVzV@UIZ`e3z=!9A$zBfrM$q4?~0wPUhkXg~8jmb4nHx+j&{`q(~qN>=&WhxTtj z6FQ4H`PA<<2F_!<7iQbl?lamZPW_?cIkNFr5Puz}@iT=`WoMhtgH3D4w4EDfgy~b% z7L`Z6Ddn_BWXN zj~!dP*w)yx^ICSAKZ&!?F>*V_eN8^ihx_5vy|4I?EIu-ePs-w=EN-90=Vx*MEWRR( z$7J!8ES{akrCIz)7C)cGuVnE%S^ROxI)`7wzlOGlP(GRF8!W6b|R#+3Z zrh9v>k!1z=RYp@nTW%{@YhPQowr!k3`+UK^J3{YVXh$0LA&n~=ulF!i=I>0}CbgN% z2rtC?U<0usSa$mC&quQTwtTyP8(vNRF_^w9IG#}T(Rb#uKXcW05j7uV*Yg3=>YhN? zS%vyO;N$r0wtN~}`mWLoVYw>X_G86mmuJ5N^9pH|M)Sa%AuH`hSf9b`GiQ4&_Vc3; zh_j!0=yMO5-Bu{GpMQKuT75<&lmE9cuT8JdOO#(>ZkPCTE?aJPe0AcrZS&eR3XdZ$ zd)u5x$;}fE>m1en!k%%9PUfyDNV)wX78)w=YGq{YwMiNWnrCc+-nuKbsU@V zZN(I7pX&3r-eQ^3*<-dorBS)rX7k(q*)%HKTIQT!%&I)Q9~&MN#@T&Zzrs4i**q%$ zD7LfXE92~XH2D|lRYrE6*5vuS^Hp(w+4(BQWtZDKJPzBYHm#2N@=EGB0-tTW?9jH6 z%F$<;3Kg%~lIh@4ZAG`wU0vS7G+MX0H>c|4&w#?}ofJ4DI(gcd)HIs*}zC3qCz}()NEt-mfd) z$H5N66leEwB-6Q_G7`RqBc;acLd+fDoa zr?{he+tjfx|9jvjo#}4cx!KKg?sPNGTz6mR9=8fV3s8+;K|H{@&ppt2)vfNVbr0rU zQ#BLjr}Lb;gn#zosLw^t))f^(8H z(P`{VaZYxoI!&FMD1AC_51YwvR?cECvz^w?-R$Xp=PZ7PzOA#^Ionz4v~wPF+B;7; z9h~J(N8SzAiJv>}?7T(|);bqBZ%~8v)ZlHW*m=k4>uhxTJMU4O_o>aN)aEni66XtN zkn^=Om>(~_)cMgF;{4=X=Io-DyPcuV9_I?@FXu`p>0afe-4RYz_iE=LccgQOdksIP zH_9n+M>~hRB~E>JymOp8!D-;$;52e4JB{5b&MEFxelF`q=QMY^)7-t;Y3a^z+PE{F zv)ozE+3p=qXZKF$9Cwb>)xFC(*PZKhbMJO8cIP=m+eKyIlz0t zIoMm_9OkX$)tF_@vEED0iQX!wnYWtPFuv@Z<*niUYHN9C+8a)9Z@p9Oz3uezHaLU5 zcbrSTjm~A>Cg%!ovoqX#-x=Y3;9TQ<=#2J0cE)(0IM;dQygT|+XS}z~x!(KIxxxF& znd*J*%=ET9w|n0>cX{7BbG;qTz1~iz)ce7?-`nLp;Qiq|=D@gKKV;!wACqPBZ@qQE^OQO7+tahQ8TqORK{akzU*qMmzt;t01{qQ2WaairTK zag^IWakSehaje@p(ZKDNIKeGWG)cb{8bNxC;~KxQ`~z zb(bZ&xz8uMyDJkt+?Nvw^{OH zw{7wgw_S3u+c7!B?Vh~c?U@|v_DWvi_D){u7AJ?heUn$Y{gWfy0m+f>;N&&#kmM-$ z>g2WVwaL-$=;T;;O!7LnBstEVoE+~?Pfm1aB`3Lak~g?_Cnvl2C#SgclT+P?k~g}K zC2w+{NKSWGCU15(CTFc zFLnF*kGTW<$K8Sc6Yd~?nR}`KqH~QP$oBSW#oBiGHt^RNBOng@}BbB zde8W0d(Zjpz2$y4Z-rm%t@QhNtC-KXOyjL>`+LmvJD}_T1-Uo5&Qz1GDm2}YekXXQ zp$5<$hMGcm8!CeCGt?S-$WUi!v7sxWpp>Z*Jrt3CRrg7g?v02xLeCoCSI`PW`t93Q zhTQ4AAI?x!=#41ddxj3f_o1QYP_W+%Bf1g__SU?}aXvNa#^d|a(2dZyhUP)P7*Y-X zFtiBYUxu{bbTzfR8Q*IWZH0op?SZPB*h6l1omz$(LP4zdahUOGAN37s z9}Nw4Cf#X<;=T2a@?IO!bf}d{S6N*iCN^k|RZ)(QBl;tvYPZ;0HHauaj;@ifClr)- zRYX&x*m)5>8POXNeFOzP?2CwgfP&tsU+E3nC2_0Whkl1Q*xMmc(9R7aY5}z~M}AI3 zeIgnW(Nw6jNp}ZyzM%)8pf2&TEyCBgLhMp}L9L#L2AbH{q00=t16^t8vxxp1(ZMrp z?9mZ*il`rSwaI%WG{(?nU0CH9nv5@~->nhd7tv$T6q8OPYNnxQ@ZDkPMd*G*uSYqy zKnsoUi-^95mKfi!&@w}Nq2~oFgtJ&O3`zf?CakI-2qxgo1NaneQ=T&o${*Ko?ZVu>oJP z@oj~IBl-%e*bl1SX7|w%3i`nWD9Eed$qVxS7Yh1DWhJ+{-E}TDd+PvQYN%J_8wdsC zcN7$yxA76pgn}G*N4~gS{%yMZ$UDsJSHJH(+E6^+;?eU`w2wET@h06?XtJSSq2M^; zwolw)=Z)BRAif~oA<%S_w<$EskYa8eI!A@1#Q?6jx` z*HyBQ*->n1M5^B+Q`7hieip^XZ57wAvR3=P&>qq5C~sGb4|6E>tZ1MSs_Z#Pp zYY@*7aT`=+zrhuv0~E|=6QJPC?7h;~R7W28Zi!;`8`r@(S`blX<^A*VR+b|^qPU&o z+Q+@*Dfat>IUkyHo;9=?n2~^tLG_9?5b2=11wChJvvb zuYKb7dxh9drj*t_R!5y^t@lY_gSGMXqnb=^} z*D0cFBDy`Ig%PccNWV53G+5SMl?O5CnDM!QF5NmyMIJYpx_Ru4U|4mE1nA@ zx;mm8p(-XeUO~mz(8{iy^T{#Atfk^BXM8n{uc7NncaSOh6DVlicpsIm&El0?W!K+$ z`T9l_m#kk95BBTcYpEj? zlzdm@+X@9E;K)*&Ze&E2)xNSi$H%MRl@5=W-X5IaHzHp=whlbh&JpoQiN`|fK325m z%p3$&oCS1d4mGjIM6oAFbOsdMp|ypAx||zPZzvekLnDgo7tb%1jl4KE&M_`3IqnA642AfRed>>&}=kLcKl z^n5qSq362+HI8ESi_5`Lc8I8FM1vx_CZhj+j>+T=))D{vy#M170L&ca;vGq=TI;+d=CYC`!gb?yW6DOcd6ZP zoTEery2yL8U&;o1augA z*P9&rEMb$OxDAdcc8l@F=jaT4`t4xHiThRDo8lf8_r$n|wI=U&leZTX9Qg<+sLS;c z-3A5o?t&=YOA);vrTZqL+{bMx2SY*0b)lcl-cF2S|Ick2)I}{B(7$cTxP{_7(yh@Q zU)&o1eD@jOuePAhf0)`2x!Qil*B)QcC;x4E@jY>6CCB%*@jl}DH2y5%>N9K&;(0f& zi`Eg&LFy6u-TI*Ib&hh3uP?rU;=J)Eyd5~Upq;NIU2xrspXQCh7xs;aROftCa$LW- zP2>CDo1+|GMHJuv#`nbWeR8uW?B3Lyf_9FNawf6Cu{{IrZ))&bL?1?Ze~joaD413D zUuMgTTe7kisvV^}9y-MAqZxFVA>IETX{aT>Uu-D)K*2d51O?;c@`y%2LEpGG@=cB?o^5C23;Ou| z5xocnC9jEmao>0kU$D0x(Ww0v-(XX#ozNAA{(!DFlzPh6C0?^uHueu8-58T2UVX*= zS>K8XuJH{?H^HRS_Y|fW(zg?487d<79z*eG!p(~uXOZ!BAvX9->Eeh+Mx;-EmYQ_4 zBHxmTmPb_Cv;TjduPQsI5Y1-%Z*Q0oHd4a;#+4Z@w7dw@o0=k zK-|ZxkS-`sJ#mA{TN~fz|DQ{4z&^H`eYAptSyc1*XU2Ey{(O>dD89aRCtc7_9jB45vl&s9edkW!_3L3`<8SW8-vo@m zRd*+)RGi`d?aZ~5yuqp<-beiH!1z0X|MvTT@%IU<-C}E1**5{>HmGctUqP*cnLj>` zc#XM<*#4$nzKwvO`3pBf2-D z%JRM%#cqx0$A~g7+mhq&XdZztXrYrLioex)CcdBzIzd6NI}ZxJIocC?#2nGZ&=ZD6 zL(du-2L)qr3iP7!&4ykxbRQIamn0s^>f^!Q;=FOcf1Dien7q$H?;BbL1-1GJ3i5s( z`TmU3)m~$B6h_oHqHCd`em6kDz12O?HnWe1ptT10ardL*LfBYGnu{g+u#%C`}{6FueJgD*G^eFjwB z)L_3??GgPaq9Y?}6j4z`9igCU=v^o%`OApnw)!zj z_g6$!UbD52&-CGu?`SAEt4*MwDrRPNuxd#^A!J zlz6P_Yy~C%-|hGD3hHTU)y>p7o>k&I&3KN8=Z!eso8%4dLqCUlno@p&f>z7CZjbF~ zDDcJeMtoM|nIWD*;@%$jzj&rOfE7yc*KIYn2EFjjG@thjf%=#hit8L7M_hxrG_zb>Nk5!8)@BE>TGt$tw5nPEY_!eGceXZ)+bfczP-)&Hk_k}3$ zmt(B2<#je)`AF;Q6Zzu();Y}9Wo}enr|~v#S18zrD5&4dr`x(Ty21K>ZeV?#BHzNO zydjbAf(f>~6{Bt5Upv~oFOXx5X@e`zvb7pI+Qy248Z_x-eZLO3zAyS%-_O@t-(uQ6 z_};_nh&Dsx%|5n4!8wZiv%b?2_`Z%}e}X2P9DhQ=Q>Ojiu)Xf!h-yPYy2GKMlw%`` z%R2?%bW`5lQ1BlftD|(W&wY~~TOr+f_<|#fSEW7i1?>{&osRF$3VFS^_|KdQzCrkc z?;4DPf;!&>Ev%64uP8RN-lnSsJz62%t(Vg-#;2#N!Dko`eZSC4=G*p(SA1-h`Qm5cqsb8*$E1kjZ@k?Y`DR7*02It1iz8o5m9_4Zq}x!T zrpXOAB&!L!3S-M{teKY}Wr={#nJVAY&>$F86CosOUl;#liT@n6%t z7m5Fy<_&lJCHSxP&Ur~ZT~OZg$$zt_oOAMW@N`9aCnNvio^odFo5C{_jg-zl4)2;kQ_dax?u-9UlwUmI|KfQ+9-4CI?7JWS zyHMUX#GX^m+xza1X9LPR&iIdc{tFRJIk{C1z@I{SHzWT+&zb{GIVDvN!apA6z2W@7 zJRns*}KjeXv(?1%75@rLOth9{_CC<3z~A)RyhR!>nQK$acbfD zvdW=&zCw8mq*I%et13J>PYFn6H5rHQk_lM0ky z@8S&bJtEZO4FG4r!%*JZMoaVVGn8MIrbYR@2<2@>v?9+oP=0xvmg9RrC~s||wRqxy z@&++li2o=?d22rJDPRUi`Bh$8i1$9D{Gx!<6`q9hrbMS3JQd|l!L*a>Ohb7~1#QFJ zi}GeuT7~!ZqWsznE#W#dP~PIfI}iAs8I-rt(;oa^Bg&gZX%GJM2<1&3ya$2zP@*31 zRTv1*LwRc)ZNodzQO_x*ZTJsml((JIHvIPx${SN?8{Tb;dd@?%jq5Bxd21vs#B(2% zx1Z5M{3kQYn=WY~{^tedjf~DH_;Hk9DxjVCE(^+A_Gl;GH;D3B$PK+(N6r2Gs;``oXPMjsOP*&n{hXe@ zc4GEJ`9)*iF2TF2P~PN5oAGTD)Z;x7cfgxb-bhND@%}`Vx2Dr(JU2mk8!>Ih=R&CG zl+$LO^C_*xo8oCFeoqVK*B)pm-ur{{%c!&yci1RzV4BRkP|!}i6B*?f(`YB& zW>1ish*9t{{C5%DWrgmGHhO@7Z%- zg7-t272Vb7{_YyIn)@nxfV&nw#9fCT;l7DBa@UjoB$RiUx*On=QQm9jZiG)kndRI~ z@Tn;8v2{1Yr=z@!-TeS=j`BWU_e1n7cPpN@sOOyReuB1hKgH7?<#%t~&*1Y=-bw3z z0iTcZE7 z9Jea^vRe&ZwcA>oI$E^kbg7U6Aw>G>R<@~yJ;NMZs zuUi-Oyn1M!S06pVJBru?QQjKp9RpWK`Lz)5IJgGN70qh^*F-skUPHJR${XLjMsRJ^ za|*o1a2=F41bI!+CSFrKr=Xli?=<*Sl=J8{gHJ~}k6t0%9OXQEXTU`$ztiBgKwEjO z@U%v`c6e>zvrw)VUR(HVl(X!$gWIEA7rYK|N0eVZ^*X_wQLYPK7x)~Mp5S$b&qL`6 zUN^L-*B#G=DCgblfnMbGM0Fdc5ak6g&pym(#t`@O3D^^zMy?OHkg# z=Z!-rc;nHD-bD0zZxTAmn~YBOrjl|B$~&mNY3PmKbUf2g=5X&8csk0w?ahE^p!8U8 z7JLuN8%Dj`;8K*gD0z3l_oMt$vo{BR0p$%z-dyxWZyuhNDDO)4?uFk*c~`J^ANrm* zAKl_Th<@TNK+C;F=%?Od^b2nZ`lYuN{n~pR-R>=;gl|yhEAJ`zJCwJAdC$P#qrBD9 zdk+2qoGnn@(>Lk|U zaZ%n%lvoG*D8DX~coWV=d7D*YJ(@{uK=TtD@$ZB3M##h_xC+XuFtHh}n)m?E{wQ-@ z;zRfVl+l#fidIj2g6CkAw`V0jh5v&xjuM}thbF$jQyXQ}B))>{qMmbjVmn+9WwuOw z3)e?I=g7nk_$ZX$M@a01k3)I4dE!U3L1Gu46HtCRA@K`*BFgNV*bSeIGAa|l!>6E( z%ETV{RFqMf*bASIG7=Mi!9^$|G2wcw{Spa}wI9lQFX6+jP~MTA$c5XW%({s*+Afj7 z(;j6!Cia0lqKwBx6}U6XcuZ79yCtfj=OqqAyC

dp^pXoTvd`fHF1{HQ@_U#%7`x zd=bjnOw@*pQRd`C9k?&byQUL$(TfxH(1D5i_%A{E{fER+@L-hjn>Yp@f--Uw$Du>{ zd3Z){q9OiaC?hw~2p*0yaubc=5h%ZDmuLcyL>a}2rtq~WqnIBeWE7)}Q-17?RTj!P zO%%eDP*z!qGvKKxBQ((ho`y0)6RqIsD66bQ8~7HK5t?X=-jisD-ka!vzZ7MalIVm! zm*|2%pXiD%Pjo|HNOVV6BzmAPCVHYP6TQ%~L~rz^L?3ijq93|CF#uhk7>K@|7(~e% zP{wcKQgn0TGW7k#Q2ZaDyumOr4E`8pTqlOZ6QFy*a8QqD| z@HZ%{h{Ra*&%`+Nuf%xNNlqlzMY$d&C&3An@tB+p`>5ySCa1zFlwYz>PDAsO)A3|b zMpp6`v}SS!oi8ICd*k~`25$(`uc$sf^?$zA9*$zMn_3gxaO zxf>mq{2fmT%JnO`2cCd({YvhIuSdClCI5nNK)H$~Sspo4P_AOh1bidPFAgMq_$HKJ z8%*ZHH=~|&OEQh#n#|ytfqKrY-bK0oCY!?Vp^V?;Y4H0f?*&gbgFivJ7AFhgPfxAjzhWr`s3jSD8IqwPlOwy{ARL032ub)gvXx@ zH%57?<4;AK_|x#5f^sePr^BbBT#Nl%(9``HXfuBn+T6bl?cm>mcJ$|vvJ=Wo;?G69 z`18Vzh_91iiptiuUv$M=$i3p}qX4(2M+M z(BA%YXtBQ>?c=XN`}!-2|C>W6urv-3?1QrfnM!@g^u*Mqu2P~qNDsB z=(YY%bhQ5?I>z6Hj`e>*uk&}K{adb3|0y~VGA-s;yxXZW?ynSO0_mR|?m;@3q# z^y?-0{V0@cs9zub%s&eK+&>2Y7bqjnKMwv1WyJXn;O!`*#&3xJ*KdUG^&6vq`c2Tk z{HCara~kUAG()|dLNt+c2Aa%iK?y!eZ_jB3S4X*<%V`7GKvFoo=b-eBoE~sLl)jPE6CQxlH*$Kx z15x@$PH%V+O5e!o17C{LH*)&Hm!X{ToB`<7IRnv=IfKw^axO(j)L;ss|FS$~@5|B(mg}J|=kL2#gvjk-YoBKPw8s*tY?jH2D+`V|#qC9`g{R@37*Yz23xe1?DE6S=h z*N4kd?nZNS;cX~u)Z8@u4ayy8ZU+7i<&H9UAN1GUD(LRqs`!6HIs3WQ&^@^aqW{gU zj(;!8+0U&3|AjI(Q#DaHRSWe}wecrV#%8Jx>Zj_W=~O*5FIAt|49c}Ebrif0$~|W4 z7`O_`XiXi5)=V`(4@ot|UkhclrW&C~r5dA+QcdumgmSN!Y6_o>a(zjihMtmYhNmg& zIYp^Lv|Z{9Jnd1gDXA84N0ci_sukQ7gU6zb)>LMnIDd=JX%E_E4Pin6*( z4TbMVnKx3y;0I9Vjnr`XA=Go0rAEL{qWnrtY9#zL%CGIFM#0ab+>50~!_TAKi>1cG zFQD9urN+T8qTGw6#=~VO_hKooLe46bd$H6c_+^x*e5uLsD=5#FQ&Z8`Qq%CPMd{nA z>F9^4Tkw2@(!*0T;Ez#ycxo10j?%+Zx1rlocc7o8=HUMv1WWU>F3Z>)63D*(ksx@(<{+t>6g&v>D6dqdJS5Xeic0%@%D71X1&>2nnWWtu?u<}YCg}t` z1!Xmo_TigQMol^wz8PiIq|@-ND5EBwfoGzOj`Tk8ohYLtT?M`iWpt#g!gr&Lh;%i$ z6y;i(J`i1yu8uBD*TBCB<%*fE2`@&OjnlQ@B`89C7k#30pMU=6VZUmR1jGc62bbY!B zp0`oY*^q9EzMnn~&j%>0uXHo`LzG!PT?l`N@?0@}2K+tBbH#KE_y?5dis@GHPbkk7 z({13NQD*yeTXavl9iIQ9tg`Ytpvk;Wczl%clGg>z&FhM$^17kvyzc0}c|Fi7c|Fnn z@_M0F^LmqOf0W;a$?Jn2l-Ccfo;LtJIBy`aHBjdKyg_Kqyi3tT@-9Pb=M5#c0A)Rv zHw>g9i*3TP>9+fu=|IsMxioDVAaVYDGys>D5ym9CWdE@anL>akx z6X8ZEBR6jn+!*EBkvAD`iZW*NrlP0iO~Z3K%9zcY4mU>`vw63`MJQu7Zw7oO$}^L^ zS#V2~=lOZJp{?`oK-=ZbLEGoeMLXopLp$c(i=LZzAL+ZHjM=>TaCekDm%Inz9w>J% zc?;m4DA%UEMQ|^aJBz%<=+L|+c&)_HAt+}pvkyEJ<$f?z1s;ZS)-qMm;hAdaHJJnPk3yM0Gu6@2 znHuPrOigrbrWSf#rZze*Q-_o#DEEDty6A*VJ@m#*ef-lKmuK3cFJwBPYcieCS2JDE*D_tvwV7_{>zVH8x=auBjZ9B; zbEX%2d>`ev<}GUL$yX2zp?GZWE2Gn3H2 zGLuQ^jv+`d;+vcxE&(2?iw#$DN zZJ)mu?U26??U?^2+9`iM+Bts%+9iJ@dQSc(v}^um^xXUp&~Eu3qUYsrMZ4#Jf}WrM zDcU3dGxUP|FVLR(U!fP~Z%2FOe~Vs}zXR=^zY{Ia{}JtzzYFb~{|nkLe>d7c|95mi z{vPz={JrSF{J+pk^4%0;Fh79~&iBzv^K;Q5`DygB{0w^e|I^-iKu1w7e1FQOk=>cu zED#cU8X^WFp(-te76>hL5(q6oAS9544gyA{DoVMC3J55?V4=ws5v~P!5kxwKCLIy! z9RxDp@0r~!tM|M2obNm5J?A^$xtsI*&3~SGW_EUV$}_W@S-S)0*mXSI?!+VPE}UyG zh4bv8INu(IN7~EcQTFn9w7nu8W3Pb+vCse9VuCZ*;?(L$m=lQ60vt7Z@_H7_HN{jnC;iz zgZvd{`?aT%zs798_Fm+zn9p47>Ev%PpSjrk;$8Osc%MCk^8J`AxAsBggP7|K_Du3& z%ykC)P;w!rC1W2(K89(@*mKAyFy8>Nk0Aeoxvp!^BcH}x*R_u%pT%tB_R-|?m~GrX zmV6O&{nkF7dA+$12?2@d@tX_zdSb z)=+aeX03LtBj;k)YR3k0K4z_UY{WAiUs5s)bBu6&g%>!!rsQ2rE84LYf8h9rl0}#` z%JCifbIi9m9NWliG3%0JJ9z_UU2^QeI~+SH`4Q8Cb^L_)Iew;OKW5!<>?I$>tQ(H~ zurhsnn<>xQF{d;+r$IF8}7juVue!|dlBzu*gw)A*v}EdJGT9$#`? z#J@Q%;meN8_;<$@eARJ{aj#+43dard4a{2MxJAB&St}fO@Lk6}O73A=$c_hC(H>Ev zV%o;qW3nHnZLB>d2VmO9nu!ff4&sQQsX?@aF<0p|KXOS-t4RyMrL`a&ss&SC2J^YO z<{*b-T0WYN<25HGwJ_(HnhV#_O5wU%D6Xf4;l^57+(au+%>>MTUaN=`waU1e7Kxi{ z(YU2ng*vS;dw8uXxiw}FuT>)_W7bA3mfQ}rHflA<9WZO7_98h2v#-|T$-OZ9YOOXo z9kZ|2>XQ3n_R?B?JV1LHXJ`%aK&>$zq$S|NS|ZNUn&WJ(CC<^3@NlgS&ePiBe62km zsddDov`%=m)&-Bzy5X@}4?Ipw#pAVJc!HLWr)quiG_5~=U&~;AKEUihwLy5XmPyGH z%s270q2#5QZ{lgg$jdR;RJ9!P$C$mVHiEnovv<|<$g42tiP}i=Cz$g@Z8Z5a%>Gsz zOJ0N7-)iIWI&C68piQFuAZDG{rjQR~)_JXfT!>lcHO_{mW0-Ybn@T=`*&k}t$-iLs zhuTc?Y0S2uy-7Zc*&k}N$>%ZKg7yyiB4%6A=8`XAwgqiI`7&l(&=!!dV73TtA^93+ zi_qRD-@t4U+9L8T%od?7A>YAl7ur(tJxqH^TTXs}X)kFXlOJKu4fU0{guaTBV9a$t z{S&eSbIz!LM%FP~ioS;I#I&9Cbz~Q&?WAuYm%?l*`bKgnrtPGENe;ubo%FBBWif3h z{cCc0OxsD{O0I~x!mocru8cXO)W0J~V$LY_ZRBXo*^0iMTm^I0THisgiuv4J-$|~9 zIa|?xBFAF(_WIA{8koJkzL)$WW}DUbljAY%AN?S?3ua%fA0~Ih?5p)cat}-kM?XgH zgV{#(6Xb!IZAAZtJQ&lG(NB|yU|KTzS#lO;OVQ7hM_}45`bBacW~-8vQbP zG-eyouaGBTS}FQ9@++9OhkgT3)o)QU4fCmxeuq2*bBxgMk!N9!5&8r2TbT0*{SoNY=qCAZm?MiWm*B{PIkM;~`8~`Qs{7#&^Z>j_55kM}V1_Qi zTtCqrf(dL;P{W}Vlg$@ehpyk3R;0JF~PRmqPq#|XU|`7x$# zpvRJ*V$K)z8e|i5&D?mAEMtx)Mm$-?98HYcWIxQ&#HdRSz#L7C`s5(Y)?~a)4#sRv zMnkd#vo#rw$vS3hG7`v6%+_Qil3kds$!Jb4h1m*>mgGpxR$wHNqcK~7(S}?FvlSR^ zaaE%|e%|Pas~Mdb`U2+oVss%VVva9HH*#~#d4$n}+!AvhVWg6iFy|3QFLE2qd4!Qp zZi_jOF#3|)W6mRt{^X9B^9Un@+zGQC8H31OFx!!lN$!T(j*Ow?9+>k8V;DIVb8Iql z$h|PfCSwFS9dm3l^2mKL=Mlz8a(~Pb${0<~z#O5BvE)IRBa|_ooQXM)FeZ|RVvbqH zB=RuKk;|Au&cSStMge&QW_vVV$9cw7TwqMcuNgBL`Z{KdGu|Xm#T=)M+2rY%Gk4=1 z@=VN`yD=BPY0SrO84K`iV8dwpEY*kUyYyeCF5s&)!2)#8T;{V;~>6c9L5igLj1@$hW{{5VAJ>o zOU~2S&v_R6JI~`_=S6IHUcyf2WnA8Q1y^)l!%@x~IL3JkS9RXO9i8`Zit_>P4xHoE@kpl=k8!$ifwL5T z%^8ZYb=XIXsMSsovCR>U`)mGNz7B);#A4rY&mdDYG;*b!0{8zI$jSV$~G!!g$Z zLTZr9VYb1L7jdd4{3>4g(TrmL)zfAA#E9J9i~+u(w@8l)2a{YNZyE9b3!_izr>s^ zhIAo+g*g)p=|=tzv*v{Kz&k@yDcOZ-|A+J<@5ihOA?f&LNMHOYq(6QVl7SW1AnfPL z#KEqiSaS`-E>{jN?HYm0x$w^?SuHlkXvn!)5$O;c)*kxSan4T*3bpzhP1{{|5fU zq!#{-{IjL*)XA25QYTwVW2|hcH#M`RKGe+NTLBIHbND_$Bmd!i;y=o7xHOrX!=+cL zIb3>;n!}|xsF^Fxqa;`Q8+CG}cd3&ry~og8=>vx5^XY#JHJ{J@Td5k#r!i13na(f{z3yTAhfxGd^z|NH1 z4{WC{lVXCDpk>l?K{ot+kUxGQC=k~S(r~RH1J?-(!S#Yl;+KL-;|4)xaHF82z-4^$ zC6Sv3h2v&H<#3Cj3b<8JCEPkFB4`z#?@S0>CCv+ZC2%dDXiUI2$?GJk#00FA5ZP8@ zGWIX=YT$Z4gP4FrDBr;62orDw`3tW0Pr!AoT#x!+aGn3vz^}M^`MGTi*Y_UiTe$xA z2uIipgZ9#T|3KR-t=AUgFSHNw-?e3UllBqbtgX=Y(|TWqk5aOq7W)eA677WF^-Hu6 zuHuLKb^M2Z6H7+2dWoZUJM}k?x%+U8aX`Jy(Q_YeLH?a1-9Frv{D*Xk{0Do~11kSx z;oOI9&I4+ZwAeYvD3U&;q)1vui7vkvvfJjA4}^5)H#|GIiUP~XDK2gXA$N8K>Sg4v zt`fMrOTs-}3QluXVrXwy1n%Rifcv?^@c>sjJkVvM&S00n-dtW=x`o;{rAYi zpmTE1$m!ZSInBzwBNs^LV#}pT1VXov@6Nfv@7kXX;(T#-J&Fgns%i# zHSJ1QYF1Q!j|wm@?7*nN}i8CA;&4n)QnTwQ8P~IK+QNMg_?0nXKKbNU8xzTbf;#b zawt03NK}qcGf_E8%|zvRw1bk9)J#-PQ8Q6FL(LY-)o9&lp9 zsM$&>NzGPD>6kD|%22bF5>CxlN;zsKDV1W{>PbojHItMmY9=W$G3_aNj+#lz^VCdI zUZ7@cr6x67E48TETB$?L)=E8UwpL!EW^1JZHCroIQuv8z#amm=DWgJru$f zh+tw>Ar9(7b7%`)pcf1T{v}%)1^n~BGy}wQa|=a&r(5Fpxg}`@d=B5kP7uS-(!B&X zfG-(JP6&qxs0Q)yG9*GWbcQq-0Ha_M9AY}t=)Mi_!$+_NHo<>GA)JBBa2sS*l7gTl zl!G`ZWEy{^5#{2S!aGAB$bxZD0JC5ztcFeS9UKHPjpKCB!S8Sz#Opi`PsqVGNh$@A z5DT@TAvA}!FbG8b9J=G-HBY}7|1I(YSPH9PBW#78a2U?OZFmBH{5q}%4WT_`!d%z{ z-@s)k#V?^pLv3gTNzem6g40l$Uo2k-HCcfYAQOheXqWKC^0zbgda0J9_ zIZgKx+=Lo?-CVlkVIF)7f09WB2M6#n0ufH1Icz79-K)gp?J>A}PGhqabg(>hh zybmj2Eqnz(z#cdQm*F770`Ps_ zkLmvcw!lwt4z7b=DM=~|HK7sog^}=I@BEhQn|H zu7U}H{5Eh1l!a)h0gXV+TU$?8>>s+3hrmQn+3R%Qfkm(a4uTlxgr|F+?iIKLPrxsX zeL9qf7^n@cp*!?}aZms=VF|2;EwBUbfL}P{Lj{P3){p`d;SHD#@4`}84eQ|qoQHex z1WNGRpcNnn8bK1IKq_RyWDxrbalD#Fo&)dslr8hgpZes#`{ZwZ@-Clz$S0rj$-nvJ z+dlb;PxdeOY`zSie4hCXr$5H0th!IG=aZXyaxz`t^-ko@l%@KV_a|q8SQhzoC%|i- z{#kVAdGZHzSHgPO>?!-6?k+gs=|4{Q9Q+P<;0cr{&pHQU`r&jVJXtLF7d%-EtL4cJ zJl$q=lc6)D!2rktnqShd)c1Yw#Cs*$aiYB@+9P6^Z+k|x=|q`m*A>6k8$Q!`v8=`N7wef=zr=bambF;s#mBWy)a~V|FOGX+eJgI8Wq8Vm(H#w9 z{S)h*Sl`5YCf2Vho;u=v5$}(9PsDp6mcMu}#5yL{EwS!R_tX{hE!MGQ5ZjGd7Gk}r zHP|LK_kRhu^nVYx@(<6n(ONr>Tl>E>#3r@z-;9&}#|^bfZT*kqcK$uHZ2Z?r_%Iv) zb<%aLjsH3+#3}x^$sBRG_YV7m8oY5*K64|w;z8rs`WW@YldNe#5^l; zPtRRb3{$K44lAC5dpzA|*t1%a^a10o;M;M*S)hj_krKI0WHJ26xYD``A?KA9y-1JinZ&ak7dXTyA- zPmDLvXPVDyxnFzDvd>CWqB%Df_mElhLwwXpgI_Hp+Ovii>VbN9Vt^(`3a?%QVdZ5ZnAdusJ{8Sd_Tev+7G zM6SE9x7Bwu-`zLY>Z>u@-M823Q^&gdY?H-!cc;4h;;gO0rL-KW1QrkTtMvKaP~)fe5z-IrOvNd^T}uz{a)SMpcxO92q5m{O1uD3^d>r3BZqO2`hSjI1f;WL>Es8%ibF$$eKs zzy&3tlu}174WUp5!nmtSIFyBQP#!8kMedJM2`WQ`(pip#C?!pfh8XT}Qboy-pM$FK zJXC`hlp%5~ROjv{H6RXNRI=on5D&GWHupBE19hPu_cN&vFTu;ufcuy;BrDk!xX%<(K-jv%YZ*iSyw%k_vRBi|Dp#yY;6zBw< zl}%hBIw*Hlj>_GXlX7?EzT87mm7b6aY0wLLD>fxviB|eRU+4$@L9C79K5p)=xciqo ziTi!IAA==MIjl8uFn39FKeD_-M|p>ik}6mO4en6o9@pUBQ^ix6CyS|w$KO23Chb@5 zd7l5EHy!q-LT@^u6j}8+n^23V*IJEYT4FnCt;UPV@<>*jVo{dtEo-NC@RYSvhmpji zgDQ4hqFx7exhUX~qOQlHEJfWW3V3u@4`5N&S$!x9cyv|y_Y|wFtM@s2s?|JYJ=OZ6 zI*&B9y{9ZqP4krXwvy=Stq${)^-;%p>h)1Y8%#XW3XrFV70(gHpEI|j3MfLPg#~KuCa--EcFLZS+@F% zm2A>`-X*@mo4)m?AH3;;H~s2OzloD!>oLYw{JxFjehKbp8^=8p+(RdLh8o-jp}5{O zZ<^svtGy{cxVT<@Z+h9A^1NxZH;whC@xfxQ#Ooa&T)aNN=`DNHTQ)a1P<7XvYYi3i z`kA-hXWn{iyk%>=Wu5HB^EX~EPCH!gWJsnrg_SHW8x~qzufUt8ded@mTIo$Eyy>(z z1(zwFitbH4yvY?-{A`JyB+fC5$C&CJ8W3JwFT;~;(u1oPqIldqZyM=M6TNAQmEt1A-YAy4 zAPU#O@!Xk^^K8qp(l_LEX}2}>lx4Anr%Ph%j^+MsqJDW?+j3k)WAX-xA7`PCa4bh$ zuHHpFu>2HPCvbV+!+mFEQSBG0w*0?VOtD(6z6@+e%O)Zkigm@527S>bd^xT2bZD_d@0 z4UM)u*Qy`Of0>J#+i%9dmK|6Q(Rsj)cBa=O%>94n>b>56!z z^@4?8vOH0>a~2oNXTM?@#^VK6o!Z@WoE@Qboj^!J^!X0pJzCp}Yq<|T?qFRV~fALtG z@T;MZagoc(Ro8eW2JZ|IKCa~A0&8i6sbXozawk;bWjNkiKC#>pifdK6n8R`UW>K#E zh<64E$16vyEd1Xtu?~;2){U{Ym)VrZ1Pe!7Qyyy@W0eTEv6lJ$vi@96y>D$z_sfbo zyl-tyvjg4lyLiS>c|3K}rT6hfbt&E;ZN;(DHaylQwma2wtaOT!cQq*CTQ0;QVWR$$fV<=+ z0j0U-x->|5x#gBNu^gV16^>SiQ{F&zFB#!5E6)kuLiwm*cOCI8(W-csFjc%es;wN? zRyRn(4OHQHNz}Y=P4jD2)Mtz48tO##Im-@rsdt1D{)9omlANSG|2LD9IuGA zYiEFPm@1ZDm@1autD#~|3sc3?3sc1si;Fl#{goxe>y3-JLyn7hgcm6FxN3SpX^Eed z74x$|SwoHw7CxYCwEQ(La(!pz9hQH_>Fl?}{FLUp=|r^=E>PZQ9#)r2Ay-y1E$8ES zWiAd=g`=(I5N&1u@P$^nSTgMS$+e|lak~9^uA|0Ey>V?R4_8(;Ti$MYA5NEk$Fb54 z9Ix2878IrmS5{oOdl@lrd+oK!@k)OjtqR90BQSeroGytqR<((JZ%b?I;0~@Vs|D5? zwYr>*t3IDvUJ@X38{K*b756*~2XTkd65!xIts3ZHfD@W>-={=q20f&A)t-hck2*_o4p0u62_ipE&wA;CJ?{@A-yIq>RhK=0w z_#62PpZ?-<(VgZkPfyIrZI+eQwr^&(G%T-wPHsj<^#NH~R%J8#i!~j*qdgmkb^VhX z?Zp6AB<@EnNk^I9(RU0frBky`A!FLDdo(LOX~DoK^`)X=8`+si&0b3Dl9!R2m)19X zK;PW#oU}oi`Dp`k^0PDYbB1SRXAVf~mzkY5D!zK{wA_rWjJ|mpX(O{U2WDmrNNbjp z-!3D+J+%@><`1qud_X^@_n*iAPfI}MIxC+-@}UTuBKOSZrrLC;(WT?_5LXE$smcGQ zTvXa5^rr`F9#_ML|BL!@&n{JZ#&Ta9`tV=W?@aw4zcski-LofQp4rwVsS@ztqS*a# z(NYlJu9!K>Jn;QSbJv$E%~3s?nQdy6HNX4#E%UQC z2AT85WSF;(?=Tll$~1>0R=*?0pV_UEIk?I5=C>>6m_>g)FwLir&B9&ZnvZT@wermV z&CDzNHk%i=E;b+jT1eRw^T^uy=EQcjtmmK5Ex|myV}mIkmww)44s01`wv7unZ=U?g zD*NKqp60_tUz$ZXFPcwJ?=Xw5{$k$W`LX$KdZRmYQxk4{zj~on@4>G}dA(K4iEZnc z0~%K`Z+XVwFuA+=@W^JX&ds&2m_^r4oA-9DGM8i|-hQu7(;G*>U1JS9x91<`qz-W` zrx(rqq*(KgXZ)2DdzqJ(4K=T<9&N4|+R(iG`77pyrNhjb-5TC}uTS%9M?aoqUcGeA zd~ols`P19|%{ggx&1qe0nimiLU`=sz(ZH7G_6cpx^Yc^9>mLm&rjQrx@S6{rFD% zwUqki+BxIR%Ll$QdpD_O&Pz@F>%5D8G44NYzm!??RnW2it)We;-Jj8=!Oh~bzjRL) z?+5;GyG^zm63ru@huBvc?0UprN9>XKe+uf<5<61Qqn28W)K%(48>cIG_D>-tahLvf z^e5pKWbxQ)yHO;j<0n4ts$msbYV3((cPI9{zK>?~aF1)LuawJlGWorM45pb)TOh}( z7A1+XIy1B{rFjhROIszAq1m3vthLQ!qWrH3<+%*W=6?PEJf-1Qoj9rZua?x0EWVMa zGj4JHW;}ZyzXKqqGyG4_(~M`#=e1_w_6*D5c@k(b<@3u4;!#hs`%I@R!*iL^v-ymd zs?+wY&U04hHyLWujhE_L&+lS9@rv`Uak6=RSv*f)eo-KU;s5S=t4jl@>uzDS;tDVS z|H(LmtSKZizr*=80r5%(F^~C7>z~Uiai9H4{E7LA<27)tmEYvx|9L#)iKQv#r+E2@ zzW=lNYGN(l4ookHxgE)}6-%*rD*yiVF+2QvL{;YJ&*T4f=?>ugm2pg6bnCJNYVu1Y zby(W{SjP2vu73PtNiANTc#ZC5UyIbA^8VBizl9M`zxXwb4E|mePfOcCyq^iYhk29@ vqiz;Uvl46SpWoSk^}bpY`H%kRm%xVx?-buGD&EQb&p+dTp5gzYCGfuhS$*TZ diff --git a/src/SimpleSocialAuth.Mvc4/bin/Debug/DotNetOpenAuth.xml b/src/SimpleSocialAuth.Mvc4/bin/Debug/DotNetOpenAuth.xml deleted file mode 100644 index 32e5229..0000000 --- a/src/SimpleSocialAuth.Mvc4/bin/Debug/DotNetOpenAuth.xml +++ /dev/null @@ -1,39026 +0,0 @@ - - - - DotNetOpenAuth - - - -

- A design-time helper to give a Uri property an auto-complete functionality - listing the URIs in the class. - - - - - A type that generates suggested strings for Intellisense, - but doesn't actually convert between strings and other types. - - - - - A design-time helper to allow Intellisense to aid typing - ClaimType URIs. - - The strong-type of the property this class is affixed to. - - - - A cache of the standard claim types known to the application. - - - - - Initializes a new instance of the ConverterBase class. - - - - - Returns whether this object supports a standard set of values that can be picked from a list, using the specified context. - - An that provides a format context. - - true if should be called to find a common set of values the object supports; otherwise, false. - - - - - Returns a collection of standard values for the data type this type converter is designed for when provided with a format context. - - An that provides a format context that can be used to extract additional information about the environment from which this converter is invoked. This parameter or properties of this parameter can be null. - - A that holds a standard set of valid values, or null if the data type does not support a standard set of values. - - - - - Returns whether the collection of standard values returned from is an exclusive list of possible values, using the specified context. - - An that provides a format context. - - true if the returned from is an exhaustive list of possible values; false if other values are possible. - - - - - Returns whether this converter can convert an object of the given type to the type of this converter, using the specified context. - - An that provides a format context. - A that represents the type you want to convert from. - - true if this converter can perform the conversion; otherwise, false. - - - - - Returns whether this converter can convert the object to the specified type, using the specified context. - - An that provides a format context. - A that represents the type you want to convert to. - - true if this converter can perform the conversion; otherwise, false. - - - - - Converts the given object to the type of this converter, using the specified context and culture information. - - An that provides a format context. - The to use as the current culture. - The to convert. - - An that represents the converted value. - - - The conversion cannot be performed. - - - - - Converts the given value object to the specified type, using the specified context and culture information. - - An that provides a format context. - A . If null is passed, the current culture is assumed. - The to convert. - The to convert the parameter to. - - An that represents the converted value. - - - The parameter is null. - - - The conversion cannot be performed. - - - - - Creates an instance, protecting against the LinkDemand. - - The member info. - The arguments. - A , or null if sufficient permissions are unavailable. - - - - Gets the standard values to suggest with Intellisense in the designer. - - A collection of the standard values. - - Contract.Result<ICollection>() != null - - - - Converts a value from its string representation to its strongly-typed object. - - The value. - The strongly-typed object. - - - - - Creates the reflection instructions for recreating an instance later. - - The value to recreate later. - The description of how to recreate an instance. - - - - - Converts the strongly-typed value to a string. - - The value to convert. - The string representation of the object. - - - - - Creates an instance, protecting against the LinkDemand. - - The member info. - The arguments. - A . - - - - Gets a cache of the standard values to suggest. - - - - - Initializes a new instance of the class. - - - - - Gets the values of public static fields and properties on a given type. - - The type to reflect over. - A collection of values. - type != null - type == null - Contract.Result<ICollection>() != null - - - - Converts a value from its string representation to its strongly-typed object. - - The value. - The strongly-typed object. - - - - - Creates the reflection instructions for recreating an instance later. - - The value to recreate later. - - The description of how to recreate an instance. - - - - - - Converts the strongly-typed value to a string. - - The value to convert. - The string representation of the object. - - - - - Gets the standard values to suggest with Intellisense in the designer. - - A collection of the standard values. - - Contract.Result<ICollection>() != null - - - - Gets the type to reflect over for the well known values. - - - Contract.Result<Type>() != null - - - - - Initializes a new instance of the class. - - - - - Gets the type to reflect over to extract the well known values. - - - Contract.Result<Type>() != null - - - - - Contract class for the class. - - - - - Gets the type to reflect over for the well known values. - - - - - A design-time helper to give a Uri property an auto-complete functionality - listing the URIs in the class. - - - - - Initializes a new instance of the class. - - - - - Gets the type to reflect over to extract the well known values. - - - Contract.Result<Type>() != null - - - - - A design-time helper to give an OpenID Identifier property an auto-complete functionality - listing the OP Identifiers in the class. - - - - - Initializes a new instance of the class. - - - - - Converts a value from its string representation to its strongly-typed object. - - The value. - The strongly-typed object. - - - - Creates the reflection instructions for recreating an instance later. - - The value to recreate later. - - The description of how to recreate an instance. - - - - - Converts the strongly-typed value to a string. - - The value to convert. - The string representation of the object. - - - - Gets the standard values to suggest with Intellisense in the designer. - - A collection of the standard values. - Contract.Result<ICollection>() != null - - - - A design-time helper to allow controls to have properties - of type . - - - - - Initializes a new instance of the UriConverter class. - - - - - Returns whether the given value object is valid for this type and for the specified context. - - An that provides a format context. - The to test for validity. - - true if the specified value is valid for this object; otherwise, false. - - - - - Converts a value from its string representation to its strongly-typed object. - - The value. - The strongly-typed object. - - - - - Creates the reflection instructions for recreating an instance later. - - The value to recreate later. - - The description of how to recreate an instance. - - - - - - Converts the strongly-typed value to a string. - - The value to convert. - The string representation of the object. - - - - - Gets the standard claim type URIs known to the library. - - An array of the standard claim types. - - Contract.Result<ICollection>() != null - - - - Gets the type to reflect over to extract the well known values. - - - - - Describes a collection of association type sub-elements in a .config file. - - - - - Initializes a new instance of the class. - - - - - Returns an enumerator that iterates through the collection. - - - A that can be used to iterate through the collection. - - Contract.Result<IEnumerator<T>>() != null - Contract.Result<IEnumerator<T>>().Model == ((IEnumerable)this).Model - - - - When overridden in a derived class, creates a new . - - - A new . - - Contract.Result<ConfigurationElement>() != null - - - - Gets the element key for a specified configuration element when overridden in a derived class. - - The to return the key for. - - An that acts as the key for the specified . - - element != null - Contract.Result<object>() != null - - - - Describes an association type and its maximum lifetime as an element - in a .config file. - - - - - The name of the attribute that stores the association type. - - - - - The name of the attribute that stores the association's maximum lifetime. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the protocol name of the association. - - - - - Gets or sets the maximum time a shared association should live. - - The default value is 14 days. - - - - Represents the section in the host's .config file that configures - this library's settings. - - - - - The name of the section under which this library's settings must be found. - - - - - The name of the <messaging> sub-element. - - - - - The name of the <openid> sub-element. - - - - - The name of the <oauth> sub-element. - - - - - The name of the <reporting> sub-element. - - - - - The name of the <webResourceUrlProvider> sub-element. - - - - - Initializes a new instance of the class. - - - - - Gets the configuration section from the .config file. - - - Contract.Result<DotNetOpenAuthSection>() != null - - - - - Gets or sets the configuration for the messaging framework. - - - Contract.Result<MessagingElement>() != null - - - - - Gets or sets the configuration for OpenID. - - - Contract.Result<OpenIdElement>() != null - - - - - Gets or sets the configuration for OAuth. - - - Contract.Result<OAuthElement>() != null - - - - - Gets or sets the configuration for reporting. - - - Contract.Result<ReportingElement>() != null - - - - - Gets or sets the type to use for obtaining URLs that fetch embedded resource streams. - - - - - Represents the <messaging> element in the host's .config file. - - - - - The name of the <untrustedWebRequest> sub-element. - - - - - The name of the attribute that stores the association's maximum lifetime. - - - - - The name of the attribute that stores the maximum allowable clock skew. - - - - - The name of the attribute that indicates whether to disable SSL requirements across the library. - - - - - The name of the attribute that controls whether messaging rules are strictly followed. - - - - - Gets the actual maximum message lifetime that a program should allow. - - The sum of the and - property values. - - - - Gets or sets the time between a message's creation and its receipt - before it is considered expired. - - - The default value value is 3 minutes. - - - Smaller timespans mean lower tolerance for delays in message delivery. - Larger timespans mean more nonces must be stored to provide replay protection. - The maximum age a message implementing the - interface can be before - being discarded as too old. - This time limit should NOT take into account expected - time skew for servers across the Internet. Time skew is added to - this value and is controlled by the property. - - - - - Gets or sets the maximum clock skew. - - The default value is 10 minutes. - - Smaller timespans mean lower tolerance for - time variance due to server clocks not being synchronized. - Larger timespans mean greater chance for replay attacks and - larger nonce caches. - For example, if a server could conceivably have its - clock d = 5 minutes off UTC time, then any two servers could have - their clocks disagree by as much as 2*d = 10 minutes. - - - - - Gets or sets a value indicating whether SSL requirements within the library are disabled/relaxed. - Use for TESTING ONLY. - - - - - Gets or sets a value indicating whether messaging rules are strictly - adhered to. - - - true by default. - - Strict will require that remote parties adhere strictly to the specifications, - even when a loose interpretation would not compromise security. - true is a good default because it shakes out interoperability bugs in remote services - so they can be identified and corrected. But some web sites want things to Just Work - more than they want to file bugs against others, so false is the setting for them. - - - - - Gets or sets the configuration for the class. - - The untrusted web request. - - - - Represents the <oauth/consumer> element in the host's .config file. - - - - - Gets the name of the security sub-element. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the security settings. - - - - - Security settings that are applicable to consumers. - - - - - Initializes a new instance of the class. - - - - - Initializes a programmatically manipulatable bag of these security settings with the settings from the config file. - - The newly created security settings object. - - - - Represents the <oauth> element in the host's .config file. - - - - - The name of the <consumer> sub-element. - - - - - The name of the <serviceProvider> sub-element. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the configuration specific for Consumers. - - - - - Gets or sets the configuration specific for Service Providers. - - - - - Represents the <oauth/serviceProvider> element in the host's .config file. - - - - - The name of the custom store sub-element. - - - - - Gets the name of the security sub-element. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the type to use for storing application state. - - - - - Gets or sets the security settings. - - - - - Security settings that are applicable to service providers. - - - - - Gets the name of the @minimumRequiredOAuthVersion attribute. - - - - - Gets the name of the @maxAuthorizationTime attribute. - - - - - Initializes a new instance of the class. - - - - - Initializes a programmatically manipulatable bag of these security settings with the settings from the config file. - - The newly created security settings object. - - - - Gets or sets the minimum OAuth version a Consumer is required to support in order for this library to interoperate with it. - - - Although the earliest versions of OAuth are supported, for security reasons it may be desirable to require the - remote party to support a later version of OAuth. - - - - - Gets or sets the maximum time a user can take to complete authorization. - - - This time limit serves as a security mitigation against brute force attacks to - compromise (unauthorized or authorized) request tokens. - Longer time limits is more friendly to slow users or consumers, while shorter - time limits provide better security. - - - - - Represents the <openid> element in the host's .config file. - - - - - The name of the <relyingParty> sub-element. - - - - - The name of the <provider> sub-element. - - - - - The name of the <extensions> sub-element. - - - - - The name of the <xriResolver> sub-element. - - - - - The name of the @maxAuthenticationTime attribute. - - - - - The name of the @cacheDiscovery attribute. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the maximum time a user can take to complete authentication. - - - This time limit allows the library to decide how long to cache certain values - necessary to complete authentication. The lower the time, the less demand on - the server. But too short a time can frustrate the user. - - - Contract.Result<TimeSpan>() > TimeSpan.Zero - - - value > TimeSpan.Zero - - value <= TimeSpan.Zero - - - - Gets or sets a value indicating whether the results of Identifier discovery - should be cached. - - - Use true to allow identifier discovery to immediately return cached results when available; - otherwise, use false.to force fresh results every time at the cost of slightly slower logins. - The default value is true. - - - When enabled, caching is done according to HTTP standards. - - - - - Gets or sets the configuration specific for Relying Parties. - - - - - Gets or sets the configuration specific for Providers. - - - - - Gets or sets the registered OpenID extension factories. - - - - - Gets or sets the configuration for the XRI resolver. - - - - - The section in the .config file that allows customization of OpenID Provider behaviors. - - - - - The name of the security sub-element. - - - - - Gets the name of the <behaviors> sub-element. - - - - - The name of the custom store sub-element. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the security settings. - - - - - Gets or sets the special behaviors to apply. - - - - - Gets or sets the type to use for storing application state. - - - - - Represents the .config file element that allows for setting the security policies of the Provider. - - - - - Gets the name of the @protectDownlevelReplayAttacks attribute. - - - - - Gets the name of the @minimumHashBitLength attribute. - - - - - Gets the name of the @maximumHashBitLength attribute. - - - - - The name of the associations collection sub-element. - - - - - Gets the name of the @requireSsl attribute. - - - - - Gets the name of the @unsolicitedAssertionVerification attribute. - - - - - Initializes a new instance of the class. - - - - - Initializes a programmatically manipulatable bag of these security settings with the settings from the config file. - - The newly created security settings object. - - - - Gets or sets a value indicating whether all discovery and authentication should require SSL security. - - - - - Gets or sets the minimum length of the hash that protects the protocol from hijackers. - - - - - Gets or sets the maximum length of the hash that protects the protocol from hijackers. - - - - - Gets or sets a value indicating whether the Provider should take special care - to protect OpenID 1.x relying parties against replay attacks. - - - - - Gets or sets the level of verification a Provider performs on an identifier before - sending an unsolicited assertion for it. - - The default value is . - - - - Gets or sets the configured lifetimes of the various association types. - - - Contract.Result<AssociationTypeCollection>() != null - - - - - The section in the .config file that allows customization of OpenID Relying Party behaviors. - - - - - The name of the custom store sub-element. - - - - - The name of the attribute that specifies whether dnoa.userSuppliedIdentifier is tacked onto the openid.return_to URL. - - - - - Gets the name of the security sub-element. - - - - - The name of the <behaviors> sub-element. - - - - - The name of the <discoveryServices> sub-element. - - - - - The built-in set of identifier discovery services. - - - - - Initializes a new instance of the class. - - - - - Gets or sets a value indicating whether "dnoa.userSuppliedIdentifier" is tacked onto the openid.return_to URL in order to preserve what the user typed into the OpenID box. - - - The default value is true. - - - - - Gets or sets the security settings. - - - - - Gets or sets the special behaviors to apply. - - - - - Gets or sets the type to use for storing application state. - - - - - Gets or sets the services to use for discovering service endpoints for identifiers. - - - If no discovery services are defined in the (web) application's .config file, - the default set of discovery services built into the library are used. - - - - - Represents the .config file element that allows for setting the security policies of the Relying Party. - - - - - Gets the name of the @minimumRequiredOpenIdVersion attribute. - - - - - Gets the name of the @minimumHashBitLength attribute. - - - - - Gets the name of the @maximumHashBitLength attribute. - - - - - Gets the name of the @requireSsl attribute. - - - - - Gets the name of the @requireDirectedIdentity attribute. - - - - - Gets the name of the @requireAssociation attribute. - - - - - Gets the name of the @rejectUnsolicitedAssertions attribute. - - - - - Gets the name of the @rejectDelegatedIdentifiers attribute. - - - - - Gets the name of the @ignoreUnsignedExtensions attribute. - - - - - Gets the name of the @privateSecretMaximumAge attribute. - - - - - Gets the name of the @allowDualPurposeIdentifiers attribute. - - - - - Gets the name of the @allowApproximateIdentifierDiscovery attribute. - - - - - Gets the name of the @protectDownlevelReplayAttacks attribute. - - - - - Initializes a new instance of the class. - - - - - Initializes a programmatically manipulatable bag of these security settings with the settings from the config file. - - The newly created security settings object. - Contract.Result<RelyingPartySecuritySettings>() != null - - - - Gets or sets a value indicating whether all discovery and authentication should require SSL security. - - - - - Gets or sets a value indicating whether only OP Identifiers will be discoverable - when creating authentication requests. - - - - - Gets or sets a value indicating whether authentication requests - will only be created where an association with the Provider can be established. - - - - - Gets or sets the minimum OpenID version a Provider is required to support in order for this library to interoperate with it. - - - Although the earliest versions of OpenID are supported, for security reasons it may be desirable to require the - remote party to support a later version of OpenID. - - - - - Gets or sets the minimum length of the hash that protects the protocol from hijackers. - - - - - Gets or sets the maximum length of the hash that protects the protocol from hijackers. - - - - - Gets or sets the maximum allowable age of the secret a Relying Party - uses to its return_to URLs and nonces with 1.0 Providers. - - The default value is 7 days. - - - - Gets or sets a value indicating whether all unsolicited assertions should be ignored. - - The default value is false. - - - - Gets or sets a value indicating whether delegating identifiers are refused for authentication. - - The default value is false. - - When set to true, login attempts that start at the RP or arrive via unsolicited - assertions will be rejected if discovery on the identifier shows that OpenID delegation - is used for the identifier. This is useful for an RP that should only accept identifiers - directly issued by the Provider that is sending the assertion. - - - - - Gets or sets a value indicating whether unsigned extensions in authentication responses should be ignored. - - The default value is false. - - When set to true, the methods - will not return any extension that was not signed by the Provider. - - - - - Gets or sets a value indicating whether identifiers that are both OP Identifiers and Claimed Identifiers - should ever be recognized as claimed identifiers. - - - The default value is false, per the OpenID 2.0 spec. - - - - - Gets or sets a value indicating whether certain Claimed Identifiers that exploit - features that .NET does not have the ability to send exact HTTP requests for will - still be allowed by using an approximate HTTP request. - - - The default value is true. - - - - - Gets or sets a value indicating whether the Relying Party should take special care - to protect users against replay attacks when interoperating with OpenID 1.1 Providers. - - - - - Represents the <reporting> element in the host's .config file. - - - - - The name of the @enabled attribute. - - - - - The name of the @minimumReportingInterval attribute. - - - - - The name of the @minimumFlushInterval attribute. - - - - - The name of the @includeFeatureUsage attribute. - - - - - The name of the @includeEventStatistics attribute. - - - - - The name of the @includeLocalRequestUris attribute. - - - - - The name of the @includeCultures attribute. - - - - - The default value for the @minimumFlushInterval attribute. - - - - - Initializes a new instance of the class. - - - - - Gets or sets a value indicating whether this reporting is enabled. - - - true if enabled; otherwise, false. - - - - Gets or sets the maximum frequency that reports will be published. - - - - - Gets or sets the maximum frequency the set can be flushed to disk. - - - - - Gets or sets a value indicating whether to include a list of library features used in the report. - - - true to include a report of features used; otherwise, false. - - - - Gets or sets a value indicating whether to include statistics of certain events such as - authentication success and failure counting, and can include remote endpoint URIs. - - - true to include event counters in the report; otherwise, false. - - - - - Gets or sets a value indicating whether to include a few URLs to pages on the hosting - web site that host DotNetOpenAuth components. - - - - - Gets or sets a value indicating whether to include the cultures requested by the user agent - on pages that host DotNetOpenAuth components. - - - - - A collection of . - - The type that all types specified in the elements must derive from. - - - - Initializes a new instance of the TypeConfigurationCollection class. - - - - - Initializes a new instance of the TypeConfigurationCollection class. - - The elements that should be added to the collection initially. - elements != null - elements == null - - - - Creates instances of all the types listed in the collection. - - if set to true then internal types may be instantiated. - A sequence of instances generated from types in this collection. May be empty, but never null. - Contract.Result<IEnumerable<T>>() != null - - - - When overridden in a derived class, creates a new . - - - A new . - - Contract.Result<ConfigurationElement>() != null - - - - Gets the element key for a specified configuration element when overridden in a derived class. - - The to return the key for. - - An that acts as the key for the specified . - - element != null - Contract.Result<object>() != null - - - - Represents an element in a .config file that allows the user to provide a @type attribute specifying - the full type that provides some service used by this library. - - A constraint on the type the user may provide. - - - - The name of the attribute whose value is the full name of the type the user is specifying. - - - - - The name of the attribute whose value is the path to the XAML file to deserialize to obtain the type. - - - - - Initializes a new instance of the TypeConfigurationElement class. - - - - - Creates an instance of the type described in the .config file. - - The value to return if no type is given in the .config file. - The newly instantiated type. - Contract.Result<T>() != null || Contract.Result<T>() == defaultValue - - - - Creates an instance of the type described in the .config file. - - The value to return if no type is given in the .config file. - if set to true then internal types may be instantiated. - The newly instantiated type. - Contract.Result<T>() != null || Contract.Result<T>() == defaultValue - - - - Creates the instance from xaml. - - The stream of xaml to deserialize. - The deserialized object. - - This exists as its own method to prevent the CLR's JIT compiler from failing - to compile the CreateInstance method just because the PresentationFramework.dll - may be missing (which it is on some shared web hosts). This way, if the - XamlSource attribute is never used, the PresentationFramework.dll never need - be present. - - Contract.Result<T>() != null - - - - Gets or sets the full name of the type. - - The full name of the type, such as: "ConsumerPortal.Code.CustomStore, ConsumerPortal". - - - - Gets or sets the path to the XAML file to deserialize to obtain the instance. - - - - - Gets the type described in the .config file. - - - - - Gets a value indicating whether this type has no meaningful type to instantiate. - - - - - Represents the section of a .config file where security policies regarding web requests - to user-provided, untrusted servers is controlled. - - - - - Gets the name of the @timeout attribute. - - - - - Gets the name of the @readWriteTimeout attribute. - - - - - Gets the name of the @maximumBytesToRead attribute. - - - - - Gets the name of the @maximumRedirections attribute. - - - - - Gets the name of the @whitelistHosts attribute. - - - - - Gets the name of the @whitelistHostsRegex attribute. - - - - - Gets the name of the @blacklistHosts attribute. - - - - - Gets the name of the @blacklistHostsRegex attribute. - - - - - Gets or sets the read/write timeout after which an HTTP request will fail. - - - - - Gets or sets the timeout after which an HTTP request will fail. - - - - - Gets or sets the maximum bytes to read from an untrusted web server. - - - - - Gets or sets the maximum redirections that will be followed before an HTTP request fails. - - - - - Gets or sets the collection of hosts on the whitelist. - - - - - Gets or sets the collection of hosts on the blacklist. - - - - - Gets or sets the collection of regular expressions that describe hosts on the whitelist. - - - - - Gets or sets the collection of regular expressions that describe hosts on the blacklist. - - - - - Represents a collection of child elements that describe host names either as literal host names or regex patterns. - - - - - Initializes a new instance of the class. - - - - - Creates a new child host name element. - - - A new . - - Contract.Result<ConfigurationElement>() != null - - - - Gets the element key for a specified configuration element. - - The to return the key for. - - An that acts as the key for the specified . - - element != null - Contract.Result<object>() != null - - - - Gets all the members of the collection assuming they are all literal host names. - - - - - Gets all the members of the collection assuming they are all host names regex patterns. - - - - - Represents the name of a single host or a regex pattern for host names. - - - - - Gets the name of the @name attribute. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The default value of the property. - - - - Gets or sets the name of the host on the white or black list. - - - - - Represents the <xriResolver> element in the host's .config file. - - - - - Gets the name of the @enabled attribute. - - - - - The default value for . - - - - - The name of the <proxy> sub-element. - - - - - The default XRI proxy resolver to use. - - - - - Initializes a new instance of the class. - - - - - Gets or sets a value indicating whether this XRI resolution is enabled. - - The default value is true. - - - - Gets or sets the proxy to use for resolving XRIs. - - The default value is "xri.net". - - - - An interface that provides URLs from which embedded resources can be obtained. - - - - - Gets the URL from which the given manifest resource may be downloaded by the user agent. - - Some type in the assembly containing the desired resource. - Manifest name of the desired resource. - An absolute URL. - - - - Description of a claim that is requested or required in a submitted Information Card. - - - - - Initializes a new instance of the class. - - - - - Returns a that represents the current . - - - A that represents the current . - - Contract.Result<string>() != null - - - - Gets or sets the URI of a requested claim. - - - For a list of well-known claim type URIs, see the class. - - - - - Gets or sets a value indicating whether this claim is optional. - - - true if this instance is optional; otherwise, false. - - - - - A set of sizes for which standard InfoCard icons are available. - - - - - A standard InfoCard icon with size 14x10 - - - - - A standard InfoCard icon with size 23x16 - - - - - A standard InfoCard icon with size 34x24 - - - - - A standard InfoCard icon with size 41x29 - - - - - A standard InfoCard icon with size 50x35 - - - - - A standard InfoCard icon with size 60x42 - - - - - A standard InfoCard icon with size 71x50 - - - - - A standard InfoCard icon with size 92x64 - - - - - A standard InfoCard icon with size 114x80 - - - - - A standard InfoCard icon with size 164x108 - - - - - A standard InfoCard icon with size 214x50 - - - - - A standard InfoCard icon with size 300x210 - - - - - A standard InfoCard icon with size 365x256 - - - - - Assists in selecting the InfoCard image to display in the user agent. - - - - - The default size of the InfoCard icon to use. - - - - - The format to use when generating the image manifest resource stream name. - - - - - Gets the name of the image manifest resource stream for an InfoCard image of the given size. - - The size of the desired InfoCard image. - The manifest resource stream name. - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to The token is invalid: The audience restrictions does not match the Relying Party.. - - - - - Looks up a localized string similar to The list of claims requested for inclusion in the InfoCard must be non-empty.. - - - - - Looks up a localized string similar to Failed to find the encryptionAlgorithm.. - - - - - Looks up a localized string similar to This operation requires the PPID claim to be included in the InfoCard token.. - - - - - Looks up a localized string similar to The PrivacyVersion property must be set whenever the PrivacyUrl property is set.. - - - - - Looks up a localized string similar to Click here to select your Information Card.. - - - - - An exception class for Information Cards. - - - - - An exception to represent errors in the local or remote implementation of the protocol. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - A message describing the specific error the occurred or was detected. - - - - Initializes a new instance of the class. - - A message describing the specific error the occurred or was detected. - The inner exception to include. - - - - Initializes a new instance of the class - such that it can be sent as a protocol message response to a remote caller. - - The human-readable exception message. - The message that was the cause of the exception. Must not be null. - faultedMessage != null - faultedMessage == null - - - - Initializes a new instance of the class. - - The - that holds the serialized object data about the exception being thrown. - The System.Runtime.Serialization.StreamingContext - that contains contextual information about the source or destination. - - - - When overridden in a derived class, sets the with information about the exception. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - - The parameter is a null reference (Nothing in Visual Basic). - - - - - - - - - Gets the message that caused the exception. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class with a specified - error message. - - The error message. - - - - Initializes a new instance of the class - with a specified error message and a reference to the inner exception that is - the cause of this exception. - - The error message that explains the reason for the exception. - - The exception that is the cause of the current exception, or a null reference - (Nothing in Visual Basic) if no inner exception is specified. - - - - - Initializes a new instance of the class - with serialized data. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - - The parameter is null. - - - The class name is null or is zero (0). - - - - - The decrypted token that was submitted as an Information Card. - - this.AuthorizationContext != null - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - Xml token, which may be encrypted. - The audience. May be null to avoid audience checking. - The decryptor to use to decrypt the token, if necessary.. - Thrown for any problem decoding or decrypting the token. - !String.IsNullOrEmpty(tokenXml) - String.IsNullOrEmpty(tokenXml) - decryptor != null || !IsEncrypted(tokenXml) - decryptor == null && IsEncrypted(tokenXml) - this.AuthorizationContext != null - - - - Deserializes an XML document into a token. - - The token XML. - The deserialized token. - !String.IsNullOrEmpty(tokenXml) - String.IsNullOrEmpty(tokenXml) - - - - Deserializes an XML document into a token. - - The token XML. - The URI that this token must have been crafted to be sent to. Use null to accept any intended audience. - The deserialized token. - !String.IsNullOrEmpty(tokenXml) - String.IsNullOrEmpty(tokenXml) - - - - Deserializes an XML document into a token. - - The token XML. - Any X.509 certificates that may be used to decrypt the token, if necessary. - The deserialized token. - !String.IsNullOrEmpty(tokenXml) - String.IsNullOrEmpty(tokenXml) - decryptionTokens != null - decryptionTokens == null - - - - Deserializes an XML document into a token. - - The token XML. - The URI that this token must have been crafted to be sent to. Use null to accept any intended audience. - Any X.509 certificates that may be used to decrypt the token, if necessary. - The deserialized token. - !String.IsNullOrEmpty(tokenXml) - String.IsNullOrEmpty(tokenXml) - decryptionTokens != null - decryptionTokens == null - Contract.Result<Token>() != null - - - - Determines whether the specified token XML is encrypted. - - The token XML. - - true if the specified token XML is encrypted; otherwise, false. - - - tokenXml != null - tokenXml == null - - - - Determines whether the specified token XML is encrypted. - - The token XML. - - true if the specified token XML is encrypted; otherwise, false. - - tokenXmlReader != null - tokenXmlReader == null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Flattens the claims into a dictionary - - A dictionary of claim type URIs and claim values. - - - - - Gets the AuthorizationContext behind this token. - - - - - Gets the the decrypted token XML. - - - - - Gets the UniqueID of this token, usable as a stable username that the user - has already verified belongs to him/her. - - - By default, this uses the PPID and the Issuer's Public Key and hashes them - together to generate a UniqueID. - - - - - Gets the hash of the card issuer's public key. - - - - - Gets the Site Specific ID that the user sees in the Identity Selector. - - - this.Claims.ContainsKey(ClaimTypes.PPID) && !string.IsNullOrEmpty(this.Claims[ClaimTypes.PPID]) - - !(this.Claims.ContainsKey(ClaimTypes.PPID)) || string.IsNullOrEmpty(this.Claims[ClaimTypes.PPID]) - - - - Gets the claims in all the claimsets as a dictionary of strings. - - - - - Tools for reading InfoCard tokens. - - - - - Token Authentication. Translates the decrypted data into a AuthContext. - - The token XML reader. - The audience that the token must be scoped for. - Use null to indicate any audience is acceptable. - - The authorization context carried by the token. - - Contract.Result<AuthorizationContext>() != null - - - - Translates claims to strings - - Claim to translate to a string - The string representation of a claim's value. - - - - Generates a UniqueID based off the Issuer's key - - the Authorization Context - the hash of the internal key of the issuer - - - - Generates a UniqueID based off the Issuer's key and the PPID. - - The Authorization Context - A unique ID for this user at this web site. - authzContext != null - authzContext == null - - - - Generates the Site Specific ID to match the one in the Identity Selector. - - The ID displayed by the Identity Selector. - The personal private identifier. - A string containing the XXX-XXXX-XXX cosmetic value. - ppid != null - ppid == null - !string.IsNullOrEmpty(Contract.Result<string>()) - - - - Gets the Unique RSA Claim from the SAML token. - - the claimset which contains the claim - a RSA claim - cs != null - cs == null - - - - Does the actual calculation of a combined ID from a value and an RSA key. - - The key of the issuer of the token - the claim value to hash with. - A base64 representation of the combined ID. - issuerKey != null - issuerKey == null - claimValue != null - claimValue == null - Contract.Result<string>() != null - - - - Gets the maximum amount the token can be out of sync with time. - - - - - A utility class for decrypting InfoCard tokens. - - this.Tokens != null - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - - - - Adds a certificate to the list of certificates to decrypt with. - - The x509 cert to use for decryption - - - - Adds a certificate to the list of certificates to decrypt with. - - store name of the certificate - store location - thumbprint of the cert to use - - - - Adds a store of certificates to the list of certificates to decrypt with. - - store name of the certificates - store location - - - - Decrpyts a security token from an XML EncryptedData - - The encrypted token XML reader. - A byte array of the contents of the encrypted token - reader != null - reader == null - Contract.Result<byte[]>() != null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Adds a store of certificates to the list of certificates to decrypt with. - - store name of the certificates - store location - A filter to on the certificates to add. - - - - Gets a list of possible decryption certificates, from the store/location set - - - Defaults to localmachine:my (same place SSL certs are) - - - - - A set of strings used in parsing the XML token. - - - - - The "http://www.w3.org/2001/04/xmlenc#" value. - - - - - The "EncryptionMethod" value. - - - - - The "CipherValue" value. - - - - - The "Algorithm" value. - - - - - The "EncryptedData" value. - - - - - The "CipherData" value. - - - - - Common InfoCard issuers. - - - - - The Issuer URI to use for self-issued cards. - - - - - Prevents a default instance of the class from being created. - - - - - Cached details on the response from a direct web request to a remote party. - - - - - Details on the incoming response from a direct web request to a remote party. - - - - - The encoding to use in reading a response that does not declare its own content encoding. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The original request URI. - The response to initialize from. The network stream is used by this class directly. - requestUri != null - requestUri == null - response != null - response == null - - - - Initializes a new instance of the class. - - The request URI. - The final URI to respond to the request. - The headers. - The status code. - Type of the content. - The content encoding. - requestUri != null - requestUri == null - - - - Returns a that represents the current . - - - A that represents the current . - - Contract.Result<string>() != null - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Creates a text reader for the response stream. - - The text reader, initialized for the proper encoding. - Contract.Result<StreamReader>() != null - - - - Gets an offline snapshot version of this instance. - - The maximum bytes from the response stream to cache. - A snapshot version of this instance. - - If this instance is a creating a snapshot - will automatically close and dispose of the underlying response stream. - If this instance is a , the result will - be the self same instance. - - maximumBytesToCache >= 0 - maximumBytesToCache < 0 - this.RequestUri != null - this.RequestUri == null - Contract.Result<CachedDirectWebResponse>() != null - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets the type of the content. - - - - - Gets the content encoding. - - - - - Gets the URI of the initial request. - - - - - Gets the URI that finally responded to the request. - - - This can be different from the in cases of - redirection during the request. - - - - - Gets the headers that must be included in the response to the user agent. - - - The headers in this collection are not meant to be a comprehensive list - of exactly what should be sent, but are meant to augment whatever headers - are generally included in a typical response. - - - - - Gets the HTTP status code to use in the HTTP response. - - - - - Gets the body of the HTTP response. - - - - - A seekable, repeatable response stream. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The request URI. - The response. - The maximum bytes to read. - requestUri != null - requestUri == null - response != null - response == null - - - - Initializes a new instance of the class. - - The request URI. - The final URI to respond to the request. - The headers. - The status code. - Type of the content. - The content encoding. - The response stream. - requestUri != null - requestUri == null - responseStream != null - responseStream == null - - - - Creates a text reader for the response stream. - - The text reader, initialized for the proper encoding. - Contract.Result<StreamReader>() != null - - - - Gets the body of the response as a string. - - The entire body of the response. - - - - Gets an offline snapshot version of this instance. - - The maximum bytes from the response stream to cache. - A snapshot version of this instance. - - If this instance is a creating a snapshot - will automatically close and dispose of the underlying response stream. - If this instance is a , the result will - be the self same instance. - - maximumBytesToCache >= 0 - maximumBytesToCache < 0 - this.RequestUri != null - this.RequestUri == null - Contract.Result<CachedDirectWebResponse>() != null - - - - Sets the response to some string, encoded as UTF-8. - - The string to set the response to. - - - - Caches the network stream and closes it if it is open. - - The response whose stream is to be cloned. - The maximum bytes to cache. - The seekable Stream instance that contains a copy of what was returned in the HTTP response. - response != null - response == null - Contract.Result<MemoryStream>() != null - - - - Gets a value indicating whether the cached response stream was - truncated to a maximum allowable length. - - - - - Gets the body of the HTTP response. - - - - - Gets or sets the cached response stream. - - - - - Code contract for the class. - - - - - Manages sending direct messages to a remote party and receiving responses. - - this.MessageDescriptions != null - - - - The content-type used on HTTP POST requests where the POST entity is a - URL-encoded series of key=value pairs. - - - - - The content-type used for JSON serialized objects. - - - - - The content-type for plain text. - - - - - The maximum allowable size for a 301 Redirect response before we send - a 200 OK response with a scripted form POST with the parameters instead - in order to ensure successfully sending a large payload to another server - that might have a maximum allowable size restriction on its GET request. - - - - - The HTML that should be returned to the user agent as part of a 301 Redirect. - - A string that should be used as the first argument to String.Format, where the {0} should be replaced with the URL to redirect to. - - - - The template for indirect messages that require form POST to forward through the user agent. - - - We are intentionally using " instead of the html single quote ' below because - the HtmlEncode'd values that we inject will only escape the double quote, so - only the double-quote used around these values is safe. - - - - - The encoding to use when writing out POST entity strings. - - - - - The content-type used on HTTP POST requests where the POST entity is a - URL-encoded series of key=value pairs. - This includes the character encoding. - - - - - A list of binding elements in the order they must be applied to outgoing messages. - - - - - A list of binding elements in the order they must be applied to incoming messages. - - - - - The default cache of message descriptions to use unless they are customized. - - - This is a perf optimization, so that we don't reflect over every message type - every time a channel is constructed. - - - - - A cache of reflected message types that may be sent or received on this channel. - - - - - A tool that can figure out what kind of message is being received - so it can be deserialized. - - - - - Backing store for the property. - - - - - Initializes a new instance of the class. - - - A class prepared to analyze incoming messages and indicate what concrete - message types can deserialize from it. - - The binding elements to use in sending and receiving messages. - messageTypeProvider != null - messageTypeProvider == null - - - - Sends an indirect message (either a request or response) - or direct message response for transmission to a remote party - and ends execution on the current page or handler. - - The one-way message to send - Thrown by ASP.NET in order to prevent additional data from the page being sent to the client and corrupting the response. - - Requires an HttpContext.Current context. - - HttpContext.Current != null - HttpContext.Current == null - message != null - message == null - - - - Prepares an indirect message (either a request or response) - or direct message response for transmission to a remote party. - - The one-way message to send - The pending user agent redirect based message to be sent as an HttpResponse. - message != null - message == null - Contract.Result<OutgoingWebResponse>() != null - - - - Gets the protocol message embedded in the given HTTP request, if present. - - The deserialized message, if one is found. Null otherwise. - - Requires an HttpContext.Current context. - - Thrown when is null. - - - - Gets the protocol message embedded in the given HTTP request, if present. - - The expected type of the message to be received. - The deserialized message, if one is found. Null otherwise. - True if the expected message was recognized and deserialized. False otherwise. - - Requires an HttpContext.Current context. - - Thrown when is null. - Thrown when a request message of an unexpected type is received. - - - - Gets the protocol message embedded in the given HTTP request, if present. - - The expected type of the message to be received. - The request to search for an embedded message. - The deserialized message, if one is found. Null otherwise. - True if the expected message was recognized and deserialized. False otherwise. - Thrown when is null. - Thrown when a request message of an unexpected type is received. - httpRequest != null - httpRequest == null - Contract.Result<bool>() == (Contract.ValueAtReturn<TRequest>(out request) != null) - - - - Gets the protocol message embedded in the current HTTP request. - - The expected type of the message to be received. - The deserialized message. Never null. - - Requires an HttpContext.Current context. - - Thrown when is null. - Thrown if the expected message was not recognized in the response. - - - - Gets the protocol message embedded in the given HTTP request. - - The expected type of the message to be received. - The request to search for an embedded message. - The deserialized message. Never null. - Thrown if the expected message was not recognized in the response. - httpRequest != null - httpRequest == null - - - - Gets the protocol message that may be embedded in the given HTTP request. - - The request to search for an embedded message. - The deserialized message, if one is found. Null otherwise. - httpRequest != null - httpRequest == null - - - - Sends a direct message to a remote party and waits for the response. - - The expected type of the message to be received. - The message to send. - The remote party's response. - - Thrown if no message is recognized in the response - or an unexpected type of message is received. - - requestMessage != null - requestMessage == null - Contract.Result<TResponse>() != null - - - - Sends a direct message to a remote party and waits for the response. - - The message to send. - The remote party's response. Guaranteed to never be null. - Thrown if the response does not include a protocol message. - requestMessage != null - requestMessage == null - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Verifies the integrity and applicability of an incoming message. - - The message just received. - - Thrown when the message is somehow invalid. - This can be due to tampering, replay attack or expiration, among other things. - - - - - Prepares an HTTP request that carries a given message. - - The message to send. - The prepared to send the request. - - This method must be overridden by a derived class, unless the method - is overridden and does not require this method. - - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - The pending user agent redirect based message to be sent as an HttpResponse. - - This method implements spec OAuth V1.0 section 5.3. - - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - The deserialized message parts, if found. Null otherwise. - Thrown when the response is not valid. - - - - This method should NOT be called by derived types - except when sending ONE WAY request messages. - - - Prepares a message for transmit by applying signatures, nonces, etc. - - The message to prepare for sending. - - - - Gets the current HTTP request being processed. - - The HttpRequestInfo for the current request. - - Requires an context. - - Thrown if HttpContext.Current == null. - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - Contract.Result<HttpRequestInfo>() != null - Contract.Result<HttpRequestInfo>().Url != null - Contract.Result<HttpRequestInfo>().RawUrl != null - Contract.Result<HttpRequestInfo>().UrlBeforeRewriting != null - - - - Checks whether a given HTTP method is expected to include an entity body in its request. - - The HTTP method. - - true if the HTTP method is supposed to have an entity; false otherwise. - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Fires the event. - - The message about to be encoded and sent. - message != null - message == null - - - - Gets the direct response of a direct HTTP request. - - The web request. - The response to the web request. - Thrown on network or protocol errors. - webRequest != null - webRequest == null - - - - Submits a direct request message to some remote party and blocks waiting for an immediately reply. - - The request message. - The response message, or null if the response did not carry a message. - - Typically a deriving channel will override to customize this method's - behavior. However in non-HTTP frameworks, such as unit test mocks, it may be appropriate to override - this method to eliminate all use of an HTTP transport. - - request != null - request == null - request.Recipient != null - request.Recipient == null - - - - Called when receiving a direct response message, before deserialization begins. - - The HTTP direct response. - The newly instantiated message, prior to deserialization. - - - - Gets the protocol message that may be embedded in the given HTTP request. - - The request to search for an embedded message. - The deserialized message, if one is found. Null otherwise. - request != null - request == null - - - - Deserializes a dictionary of values into a message. - - The dictionary of values that were read from an HTTP request or response. - Information about where the message was directed. Null for direct response messages. - The deserialized message, or null if no message could be recognized in the provided data. - fields != null - fields == null - - - - Queues an indirect message for transmittal via the user agent. - - The message to send. - The pending user agent redirect based message to be sent as an HttpResponse. - message != null - message == null - message.Recipient != null - message.Recipient == null - (message.HttpMethods & (HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.PostRequest)) != 0 - !((message.HttpMethods & (HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.PostRequest)) != 0) - Contract.Result<OutgoingWebResponse>() != null - - - - Encodes an HTTP response that will instruct the user agent to forward a message to - some remote third party using a 301 Redirect GET method. - - The message to forward. - The pre-serialized fields from the message. - if set to true the redirect will contain the message payload in the #fragment portion of the URL rather than the ?querystring. - The encoded HTTP response. - - message != null - message == null - message.Recipient != null - message.Recipient == null - fields != null - fields == null - Contract.Result<OutgoingWebResponse>() != null - - - - Encodes an HTTP response that will instruct the user agent to forward a message to - some remote third party using a form POST method. - - The message to forward. - The pre-serialized fields from the message. - The encoded HTTP response. - message != null - message == null - message.Recipient != null - message.Recipient == null - fields != null - fields == null - Contract.Result<OutgoingWebResponse>() != null - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - The deserialized message parts, if found. Null otherwise. - Thrown when the response is not valid. - response != null - response == null - - - - Prepares an HTTP request that carries a given message. - - The message to send. - The prepared to send the request. - - This method must be overridden by a derived class, unless the method - is overridden and does not require this method. - - request != null - request == null - request.Recipient != null - request.Recipient == null - Contract.Result<HttpWebRequest>() != null - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - The pending user agent redirect based message to be sent as an HttpResponse. - - This method implements spec OAuth V1.0 section 5.3. - - response != null - response == null - Contract.Result<OutgoingWebResponse>() != null - - - - Serializes the given message as a JSON string. - - The message to serialize. - A JSON string. - message != null - message == null - - - - Deserializes from flat data from a JSON object. - - A JSON string. - The simple "key":"value" pairs from a JSON-encoded object. - !String.IsNullOrEmpty(json) - String.IsNullOrEmpty(json) - - - - Prepares a message for transmit by applying signatures, nonces, etc. - - The message to prepare for sending. - - This method should NOT be called by derived types - except when sending ONE WAY request messages. - - message != null - message == null - - - - Prepares to send a request to the Service Provider as the query string in a GET request. - - The message to be transmitted to the ServiceProvider. - The web request ready to send. - - This method is simply a standard HTTP Get request with the message parts serialized to the query string. - This method satisfies OAuth 1.0 section 5.2, item #3. - - requestMessage != null - requestMessage == null - requestMessage.Recipient != null - requestMessage.Recipient == null - - - - Prepares to send a request to the Service Provider as the query string in a HEAD request. - - The message to be transmitted to the ServiceProvider. - The web request ready to send. - - This method is simply a standard HTTP HEAD request with the message parts serialized to the query string. - This method satisfies OAuth 1.0 section 5.2, item #3. - - requestMessage != null - requestMessage == null - requestMessage.Recipient != null - requestMessage.Recipient == null - - - - Prepares to send a request to the Service Provider as the payload of a POST request. - - The message to be transmitted to the ServiceProvider. - The web request ready to send. - - This method is simply a standard HTTP POST request with the message parts serialized to the POST entity - with the application/x-www-form-urlencoded content type - This method satisfies OAuth 1.0 section 5.2, item #2 and OpenID 2.0 section 4.1.2. - - requestMessage != null - requestMessage == null - Contract.Result<HttpWebRequest>() != null - - - - Prepares to send a request to the Service Provider as the query string in a PUT request. - - The message to be transmitted to the ServiceProvider. - The web request ready to send. - - This method is simply a standard HTTP PUT request with the message parts serialized to the query string. - - requestMessage != null - requestMessage == null - Contract.Result<HttpWebRequest>() != null - - - - Prepares to send a request to the Service Provider as the query string in a DELETE request. - - The message to be transmitted to the ServiceProvider. - The web request ready to send. - - This method is simply a standard HTTP DELETE request with the message parts serialized to the query string. - - requestMessage != null - requestMessage == null - Contract.Result<HttpWebRequest>() != null - - - - Sends the given parameters in the entity stream of an HTTP request. - - The HTTP request. - The parameters to send. - - This method calls and closes - the request stream, but does not call . - - httpRequest != null - httpRequest == null - fields != null - fields == null - - - - Sends the given parameters in the entity stream of an HTTP request in multi-part format. - - The HTTP request. - The parameters to send. - - This method calls and closes - the request stream, but does not call . - - - - - Verifies the integrity and applicability of an incoming message. - - The message just received. - - Thrown when the message is somehow invalid. - This can be due to tampering, replay attack or expiration, among other things. - - message != null - message == null - - - - Customizes the binding element order for outgoing and incoming messages. - - The outgoing order. - The incoming order. - - No binding elements can be added or removed from the channel using this method. - Only a customized order is allowed. - - Thrown if a binding element is new or missing in one of the ordered lists. - outgoingOrder != null - outgoingOrder == null - incomingOrder != null - incomingOrder == null - - - - Ensures a consistent and secure set of binding elements and - sorts them as necessary for a valid sequence of operations. - - The binding elements provided to the channel. - The properly ordered list of elements. - Thrown when the binding elements are incomplete or inconsistent with each other. - - - - Puts binding elements in their correct outgoing message processing order. - - The first protection type to compare. - The second protection type to compare. - - -1 if should be applied to an outgoing message before . - 1 if should be applied to an outgoing message before . - 0 if it doesn't matter. - - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Verifies that all required message parts are initialized to values - prior to sending the message to a remote party. - - The message to verify. - - Thrown when any required message part does not have a value. - - message != null - message == null - - - - Determines whether a given ordered list of binding elements includes every - binding element in this channel exactly once. - - The list of binding elements to test. - - true if the given list is a valid description of a binding element ordering; otherwise, false. - - - order != null - order == null - - - - An event fired whenever a message is about to be encoded and sent. - - - - - Gets or sets an instance to a that will be used when - submitting HTTP requests and waiting for responses. - - - This defaults to a straightforward implementation, but can be set - to a mock object for testing purposes. - - - - - Gets or sets the message descriptions. - - - value != null - - value == null - - - - Gets a tool that can figure out what kind of message is being received - so it can be deserialized. - - - - - Gets the binding elements used by this channel, in no particular guaranteed order. - - - Contract.Result<ReadOnlyCollection<IChannelBindingElement>>() != null - - - - - Gets the binding elements used by this channel, in the order applied to outgoing messages. - - - - - Gets the binding elements used by this channel, in the order applied to incoming messages. - - - Contract.Result<ReadOnlyCollection<IChannelBindingElement>>().All(be => be.Channel != null) - Contract.Result<ReadOnlyCollection<IChannelBindingElement>>().All(be => be != null) - - - - - Gets or sets a value indicating whether this instance is disposed. - - - true if this instance is disposed; otherwise, false. - - - - - Gets or sets a tool that can figure out what kind of message is being received - so it can be deserialized. - - - - - Gets or sets the cache policy to use for direct message requests. - - Default is . - - value != null - - value == null - - - - Gets or sets the XML dictionary reader quotas. - - The XML dictionary reader quotas. - - - - Prevents a default instance of the ChannelContract class from being created. - - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - - The deserialized message parts, if found. Null otherwise. - - Thrown when the response is not valid. - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - - The pending user agent redirect based message to be sent as an HttpResponse. - - - This method implements spec V1.0 section 5.3. - - - - - An interface that allows indirect response messages to specify - HTTP transport specific properties. - - - - - Gets a value indicating whether the payload for the message should be included - in the redirect fragment instead of the query string or POST entity. - - - - - A set of flags that can control the behavior of an individual web request. - - - - - Indicates that default behavior is required. - - - - - Indicates that any response from the remote server, even those - with HTTP status codes that indicate errors, should not result - in a thrown exception. - - - Even with this flag set, should - be thrown when an HTTP protocol error occurs (i.e. timeouts). - - - - - Indicates that the HTTP request must be completed entirely - using SSL (including any redirects). - - - - - Extension methods for types. - - - - - Caches the results of enumerating over a given object so that subsequence enumerations - don't require interacting with the object a second time. - - The type of element found in the enumeration. - The enumerable object. - - Either a new enumerable object that caches enumerated results, or the original, - object if no caching is necessary to avoid additional CPU work. - - - This is designed for use on the results of generator methods (the ones with yield return in them) - so that only those elements in the sequence that are needed are ever generated, while not requiring - regeneration of elements that are enumerated over multiple times. - This can be a huge performance gain if enumerating multiple times over an expensive generator method. - Some enumerable types such as collections, lists, and already-cached generators do not require - any (additional) caching, and this method will simply return those objects rather than caching them - to avoid double-caching. - - sequence != null - sequence == null - - - - A wrapper for types and returns a caching - from its method. - - The type of element in the sequence. - - - - The results from enumeration of the live object that have been collected thus far. - - - - - The original generator method or other enumerable object whose contents should only be enumerated once. - - - - - The enumerator we're using over the generator method's results. - - - - - The sync object our caching enumerators use when adding a new live generator method result to the cache. - - - Although individual enumerators are not thread-safe, this should be - thread safe so that multiple enumerators can be created from it and used from different threads. - - - - - Initializes a new instance of the EnumerableCache class. - - The generator. - generator != null - generator == null - - - - Returns an enumerator that iterates through the collection. - - - A that can be used to iterate through the collection. - - Contract.Result<IEnumerator<T>>() != null - Contract.Result<IEnumerator<T>>().Model == ((IEnumerable)this).Model - - - - Returns an enumerator that iterates through a collection. - - - An object that can be used to iterate through the collection. - - Contract.Result<IEnumerator>() != null - Contract.Result<IEnumerator>().Model == this.Model - Contract.Result<IEnumerator>().CurrentIndex == -1 - - - - An enumerator that uses cached enumeration results whenever they are available, - and caches whatever results it has to pull from the original object. - - - - - The parent enumeration wrapper class that stores the cached results. - - - - - The position of this enumerator in the cached list. - - - - - Initializes a new instance of the class. - - The parent cached enumerable whose GetEnumerator method is calling this constructor. - parent != null - parent == null - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Advances the enumerator to the next element of the collection. - - - true if the enumerator was successfully advanced to the next element; false if the enumerator has passed the end of the collection. - - - The collection was modified after the enumerator was created. - - this.Model == Contract.OldValue(this.Model) - this.CurrentIndex < this.Model.Length - this.CurrentIndex >= 0 - this.CurrentIndex == Contract.OldValue(this.CurrentIndex) + 1 - - - - Sets the enumerator to its initial position, which is before the first element in the collection. - - - The collection was modified after the enumerator was created. - - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets the element in the collection at the current position of the enumerator. - - - The element in the collection at the current position of the enumerator. - - - - - Gets the element in the collection at the current position of the enumerator. - - - The element in the collection at the current position of the enumerator. - - - Contract.Result<object>() == this.Model[this.CurrentIndex] - - - - - An exception to call out a configuration or runtime failure on the part of the - (web) application that is hosting this library. - - - This exception is used rather than for those errors - that should never be caught because they indicate a major error in the app itself - or its configuration. - It is an internal exception to assist in making it uncatchable. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The message. - - - - Initializes a new instance of the class. - - The message. - The inner exception. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - - The parameter is null. - - - The class name is null or is zero (0). - - - - - An interface that allows direct response messages to specify - HTTP transport specific properties. - - - - - Gets the HTTP status code that the direct response should be sent with. - - - - - Gets the HTTP headers to add to the response. - - May be an empty collection, but must not be null. - - Contract.Result<WebHeaderCollection>() != null - - - - - An interface that extension messages must implement. - - - - - The interface that classes must implement to be serialized/deserialized - as protocol or extension messages. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<Version>() != null - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IDictionary<string, string>>() != null - - - - - Contract class for the interface. - - - - - Gets the HTTP status code that the direct response should be sent with. - - - - - - Gets the HTTP headers to add to the response. - - May be an empty collection, but must not be null. - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - - Implementations of this interface should ensure that this property never returns null. - - - - - Undirected messages that serve as direct responses to direct requests. - - - - - The interface that classes must implement to be serialized/deserialized - as protocol messages. - - - - - Gets the level of protection this message requires. - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - Gets the originating request message that caused this response to be formed. - - - - - An empty dictionary. Useful for avoiding memory allocations in creating new dictionaries to represent empty ones. - - The type of the key. - The type of the value. - - - - The singleton instance of the empty dictionary. - - - - - Prevents a default instance of the EmptyDictionary class from being created. - - - - - Adds an element with the provided key and value to the . - - The object to use as the key of the element to add. - The object to use as the value of the element to add. - - is null. - - - An element with the same key already exists in the . - - - The is read-only. - - - - - Determines whether the contains an element with the specified key. - - The key to locate in the . - - true if the contains an element with the key; otherwise, false. - - - is null. - - !Contract.Result<bool>() || @this.Count > 0 - - - - Removes the element with the specified key from the . - - The key of the element to remove. - - true if the element is successfully removed; otherwise, false. This method also returns false if was not found in the original . - - - is null. - - - The is read-only. - - - - - Gets the value associated with the specified key. - - The key whose value to get. - When this method returns, the value associated with the specified key, if the key is found; otherwise, the default value for the type of the parameter. This parameter is passed uninitialized. - - true if the object that implements contains an element with the specified key; otherwise, false. - - - is null. - - Contract.Result<bool>() == @this.ContainsKey(key) - - - - Adds an item to the . - - The object to add to the . - - The is read-only. - - - - - Removes all items from the . - - - The is read-only. - - this.Count == 0 - - - - Determines whether the contains a specific value. - - The object to locate in the . - - true if is found in the ; otherwise, false. - - - - - Copies the elements of the to an , starting at a particular index. - - The one-dimensional that is the destination of the elements copied from . The must have zero-based indexing. - The zero-based index in at which copying begins. - - is null. - - - is less than 0. - - - is multidimensional. - -or- - is equal to or greater than the length of . - -or- - The number of elements in the source is greater than the available space from to the end of the destination . - -or- - Type cannot be cast automatically to the type of the destination . - - - - - Removes the first occurrence of a specific object from the . - - The object to remove from the . - - true if was successfully removed from the ; otherwise, false. This method also returns false if is not found in the original . - - - The is read-only. - - - - - Returns an enumerator that iterates through the collection. - - - A that can be used to iterate through the collection. - - Contract.Result<IEnumerator<T>>() != null - Contract.Result<IEnumerator<T>>().Model == ((IEnumerable)this).Model - - - - Returns an enumerator that iterates through a collection. - - - An object that can be used to iterate through the collection. - - Contract.Result<IEnumerator>() != null - Contract.Result<IEnumerator>().Model == this.Model - Contract.Result<IEnumerator>().CurrentIndex == -1 - - - - Gets an containing the values in the . - - - - An containing the values in the object that implements . - - - Contract.Result<ICollection<TValue>>() != null - - - - - Gets the number of elements contained in the . - - - - The number of elements contained in the . - - - Contract.Result<int>() >= 0 - - - - - Gets a value indicating whether the is read-only. - - - true if the is read-only; otherwise, false. - - - - - Gets an containing the keys of the . - - - - An containing the keys of the object that implements . - - - Contract.Result<ICollection<TKey>>() != null - - - - - Gets or sets the value with the specified key. - - The key being read or written. - - - - An enumerator that always generates zero elements. - - - - - The singleton instance of this empty enumerator. - - - - - Prevents a default instance of the class from being created. - - - - - Advances the enumerator to the next element of the collection. - - - true if the enumerator was successfully advanced to the next element; false if the enumerator has passed the end of the collection. - - - The collection was modified after the enumerator was created. - - this.Model == Contract.OldValue(this.Model) - this.CurrentIndex < this.Model.Length - this.CurrentIndex >= 0 - this.CurrentIndex == Contract.OldValue(this.CurrentIndex) + 1 - - - - Sets the enumerator to its initial position, which is before the first element in the collection. - - - The collection was modified after the enumerator was created. - - - - - Gets the current element in the collection. - - - - The current element in the collection. - - - The enumerator is positioned before the first element of the collection or after the last element. - - - Contract.Result<object>() == this.Model[this.CurrentIndex] - - - - - An empty, read-only list. - - The type the list claims to include. - - - - The singleton instance of the empty list. - - - - - Prevents a default instance of the EmptyList class from being created. - - - - - Determines the index of a specific item in the . - - The object to locate in the . - - The index of if found in the list; otherwise, -1. - - Contract.Result<int>() >= -1 - Contract.Result<int>() < @this.Count - - - - Inserts an item to the at the specified index. - - The zero-based index at which should be inserted. - The object to insert into the . - - is not a valid index in the . - - - The is read-only. - - index >= 0 - - - - Removes the item at the specified index. - - The zero-based index of the item to remove. - - is not a valid index in the . - - - The is read-only. - - index >= 0 - index < @this.Count - @this.Count == Contract.OldValue(@this.Count) - 1 - - - - Adds an item to the . - - The object to add to the . - - The is read-only. - - - - - Removes all items from the . - - - The is read-only. - - this.Count == 0 - - - - Determines whether the contains a specific value. - - The object to locate in the . - - true if is found in the ; otherwise, false. - - - - - Copies the elements of the to an , starting at a particular index. - - The one-dimensional that is the destination of the elements copied from . The must have zero-based indexing. - The zero-based index in at which copying begins. - - is null. - - - is less than 0. - - - is multidimensional. - -or- - is equal to or greater than the length of . - -or- - The number of elements in the source is greater than the available space from to the end of the destination . - -or- - Type cannot be cast automatically to the type of the destination . - - - - - Removes the first occurrence of a specific object from the . - - The object to remove from the . - - true if was successfully removed from the ; otherwise, false. This method also returns false if is not found in the original . - - - The is read-only. - - - - - Returns an enumerator that iterates through the collection. - - - A that can be used to iterate through the collection. - - Contract.Result<IEnumerator<T>>() != null - Contract.Result<IEnumerator<T>>().Model == ((IEnumerable)this).Model - - - - Returns an enumerator that iterates through a collection. - - - An object that can be used to iterate through the collection. - - Contract.Result<IEnumerator>() != null - Contract.Result<IEnumerator>().Model == this.Model - Contract.Result<IEnumerator>().CurrentIndex == -1 - - - - Gets the number of elements contained in the . - - - - The number of elements contained in the . - - - Contract.Result<int>() >= 0 - - - - - Gets a value indicating whether the is read-only. - - - true if the is read-only; otherwise, false. - - - - - Gets or sets the at the specified index. - - The index of the element in the list to change. - - index >= 0 - index < @this.Count - - - index >= 0 - index < @this.Count - - - - - A collection of error checking and reporting methods. - - - - - Wraps an exception in a new . - - The inner exception to wrap. - The error message for the outer exception. - The string formatting arguments, if any. - The newly constructed (unthrown) exception. - - args != null - args == null - - - - Throws an internal error exception. - - The error message. - Nothing. But included here so callers can "throw" this method for C# safety. - Always thrown. - - - - - Checks a condition and throws an internal error exception if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - Thrown if evaluates to false. - - condition - !condition - !condition will be true on throw. - - - - Checks a condition and throws an internal error exception if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - The formatting arguments. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Checks a condition and throws an if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - Thrown if evaluates to false. - - condition - !condition - !condition will be true on throw. - - - - Checks a condition and throws a if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - Thrown if evaluates to false. - - condition - !condition - !condition will be true on throw. - - - - Checks a condition and throws a if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - The string formatting arguments for . - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Checks a condition and throws an if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - The formatting arguments. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Checks a condition and throws an - if it evaluates to false. - - The condition to check. - The message to include in the exception, if created. - The formatting arguments. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Throws a if some evaluates to false. - - True to do nothing; false to throw the exception. - The error message for the exception. - The string formatting arguments, if any. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Throws a if some evaluates to false. - - True to do nothing; false to throw the exception. - The message being processed that would be responsible for the exception if thrown. - The error message for the exception. - The string formatting arguments, if any. - Thrown if evaluates to false. - - args != null - args == null - faultedMessage != null - faultedMessage == null - condition - !condition - !condition will be true on throw. - - - - Throws a if some evaluates to false. - - True to do nothing; false to throw the exception. - The error message for the exception. - The string formatting arguments, if any. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Throws a . - - The message to set in the exception. - The formatting arguments of the message. - - An InternalErrorException, which may be "thrown" by the caller in order - to satisfy C# rules to show that code will never be reached, but no value - actually is ever returned because this method guarantees to throw. - - Always thrown. - - args != null - args == null - - - - Throws a . - - The message for the exception. - The string formatting arguments for . - Nothing. It's just here so the caller can throw this method for C# compilation check. - - args != null - args == null - - - - Throws a if some condition is false. - - The expression to evaluate. A value of false will cause the exception to be thrown. - The message for the exception. - The string formatting arguments for . - Thrown when is false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Verifies something about the argument supplied to a method. - - The condition that must evaluate to true to avoid an exception. - The message to use in the exception if the condition is false. - The string formatting arguments, if any. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Throws an . - - Name of the parameter. - The message to use in the exception if the condition is false. - The string formatting arguments, if any. - Never returns anything. It always throws. - - args != null - args == null - - - - Verifies something about the argument supplied to a method. - - The condition that must evaluate to true to avoid an exception. - Name of the parameter. - The message to use in the exception if the condition is false. - The string formatting arguments, if any. - Thrown if evaluates to false. - - args != null - args == null - condition - !condition - !condition will be true on throw. - - - - Verifies that some given value is not null. - - The value to check. - Name of the parameter, which will be used in the , if thrown. - Thrown if is null. - - value != null - value == null - value == null will be true on throw. - - - - Verifies that some string is not null and has non-zero length. - - The value to check. - Name of the parameter, which will be used in the , if thrown. - Thrown if is null. - Thrown if has zero length. - - - - - Verifies that != null. - - Thrown if == null - - HttpContext.Current != null - HttpContext.Current.Request != null - - - - An interface that messages wishing to perform custom serialization/deserialization - may implement to be notified of events. - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Code contract for the class. - - - - - Creates a text reader for the response stream. - - - The text reader, initialized for the proper encoding. - - - - - Gets an offline snapshot version of this instance. - - The maximum bytes from the response stream to cache. - A snapshot version of this instance. - - If this instance is a creating a snapshot - will automatically close and dispose of the underlying response stream. - If this instance is a , the result will - be the self same instance. - - - - - Gets the body of the HTTP response. - - - - - - A protocol message that supports adding extensions to the payload for transmission. - - - - - Gets the list of extensions that are included with this message. - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IList<IExtensionMessage>>() != null - - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the list of extensions that are included with this message. - - - Implementations of this interface should ensure that this property never returns null. - - - - - Gets the level of protection this message requires. - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - Implementations of this interface should ensure that this property never returns null. - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - Implementations of this interface should ensure that this property never returns null. - - - - - An internal exception to throw if an internal error within the library requires - an abort of the operation. - - - This exception is internal to prevent clients of the library from catching what is - really an unexpected, potentially unrecoverable exception. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The message. - - - - Initializes a new instance of the class. - - The message. - The inner exception. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - - The parameter is null. - - - The class name is null or is zero (0). - - - - - A KeyedCollection whose item -> key transform is provided via a delegate - to its constructor, and null items are disallowed. - - The type of the key. - The type of the item. - - - - The delegate that returns a key for the given item. - - - - - Initializes a new instance of the KeyedCollectionDelegate class. - - The delegate that gets the key for a given item. - getKeyForItemDelegate != null - getKeyForItemDelegate == null - - - - When implemented in a derived class, extracts the key from the specified element. - - The element from which to extract the key. - The key for the specified element. - - - - Represents a single part in a HTTP multipart POST request. - - !string.IsNullOrEmpty(this.ContentDisposition) - this.PartHeaders != null - this.ContentAttributes != null - - - - The "Content-Disposition" string. - - - - - The two-character \r\n newline character sequence to use. - - - - - Initializes a new instance of the class. - - The content disposition of the part. - !string.IsNullOrEmpty(contentDisposition) - string.IsNullOrEmpty(contentDisposition) - - - - Creates a part that represents a simple form field. - - The name of the form field. - The value. - The constructed part. - !string.IsNullOrEmpty(name) - string.IsNullOrEmpty(name) - value != null - value == null - - - - Creates a part that represents a file attachment. - - The name of the form field. - The path to the file to send. - Type of the content in HTTP Content-Type format. - The constructed part. - !string.IsNullOrEmpty(name) - string.IsNullOrEmpty(name) - !string.IsNullOrEmpty(filePath) - string.IsNullOrEmpty(filePath) - !string.IsNullOrEmpty(contentType) - string.IsNullOrEmpty(contentType) - - - - Creates a part that represents a file attachment. - - The name of the form field. - Name of the file as the server should see it. - Type of the content in HTTP Content-Type format. - The content of the file. - The constructed part. - !string.IsNullOrEmpty(name) - string.IsNullOrEmpty(name) - !string.IsNullOrEmpty(fileName) - string.IsNullOrEmpty(fileName) - !string.IsNullOrEmpty(contentType) - string.IsNullOrEmpty(contentType) - content != null - content == null - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Serializes the part to a stream. - - The stream writer. - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the content disposition. - - The content disposition. - - - - Gets the key=value attributes that appear on the same line as the Content-Disposition. - - The content attributes. - - - - Gets the headers that appear on subsequent lines after the Content-Disposition. - - - - - Gets or sets the content of the part. - - - - - Gets the length of this entire part. - - Useful for calculating the ContentLength HTTP header to send before actually serializing the content. - - - - A live network HTTP response - - - - - The network response object, used to initialize this instance, that still needs - to be closed if applicable. - - - - - The incoming network response stream. - - - - - A value indicating whether a stream reader has already been - created on this instance. - - - - - Initializes a new instance of the class. - - The request URI. - The response. - requestUri != null - requestUri == null - response != null - response == null - - - - Creates a text reader for the response stream. - - The text reader, initialized for the proper encoding. - Contract.Result<StreamReader>() != null - - - - Gets an offline snapshot version of this instance. - - The maximum bytes from the response stream to cache. - A snapshot version of this instance. - - If this instance is a creating a snapshot - will automatically close and dispose of the underlying response stream. - If this instance is a , the result will - be the self same instance. - - maximumBytesToCache >= 0 - maximumBytesToCache < 0 - this.RequestUri != null - this.RequestUri == null - Contract.Result<CachedDirectWebResponse>() != null - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets the body of the HTTP response. - - - - - An ASP.NET MVC structure to represent the response to send - to the user agent when the controller has finished its work. - - - - - The outgoing web response to send when the ActionResult is executed. - - - - - Initializes a new instance of the class. - - The response. - response != null - response == null - - - - Enables processing of the result of an action method by a custom type that inherits from . - - The context in which to set the response. - - - - An interface describing how various objects can be serialized and deserialized between their object and string forms. - - - Implementations of this interface must include a default constructor and must be thread-safe. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - The in string form, ready for message transport. - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - The deserialized form of the given string. - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Code contract for the type. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - - - - A message part encoder that has a special encoding for a null value. - - - - - Gets the string representation to include in a serialized message - when the message part has a null value. - - - - - An interface describing how various objects can be serialized and deserialized between their object and string forms. - - - Implementations of this interface must include a default constructor and must be thread-safe. - - - - - Encodes the specified value as the original value that was formerly decoded. - - The value. Guaranteed to never be null. - The in string form, ready for message transport. - - - - A cache of instances. - - - - - A dictionary of reflected message types and the generated reflection information. - - - - - Initializes a new instance of the class. - - - - - Returns an enumerator that iterates through a collection. - - - An object that can be used to iterate through the collection. - - Contract.Result<IEnumerator<T>>() != null - Contract.Result<IEnumerator<T>>().Model == ((IEnumerable)this).Model - - - - Returns an enumerator that iterates through a collection. - - - An object that can be used to iterate through the collection. - - Contract.Result<IEnumerator>() != null - Contract.Result<IEnumerator>().Model == this.Model - Contract.Result<IEnumerator>().CurrentIndex == -1 - - - - Gets a instance prepared for the - given message type. - - A type that implements . - The protocol version of the message. - A instance. - - messageType != null - messageType == null - typeof(IMessage).IsAssignableFrom(messageType) - !(typeof(IMessage).IsAssignableFrom(messageType)) - messageVersion != null - messageVersion == null - Contract.Result<MessageDescription>() != null - - - - Gets a instance prepared for the - given message type. - - The message for which a should be obtained. - - A instance. - - - message != null - message == null - Contract.Result<MessageDescription>() != null - - - - Gets the dictionary that provides read/write access to a message. - - The message. - The dictionary. - - message != null - message == null - - - - Gets the dictionary that provides read/write access to a message. - - The message. - A value indicating whether this message dictionary will retrieve original values instead of normalized ones. - The dictionary. - - message != null - message == null - - - - A struct used as the key to bundle message type and version. - - - - - Backing store for the property. - - - - - Backing store for the property. - - - - - Initializes a new instance of the struct. - - Type of the message. - The message version. - messageType != null - messageType == null - messageVersion != null - messageVersion == null - - - - Implements the operator ==. - - The first object to compare. - The second object to compare. - The result of the operator. - - - - Implements the operator !=. - - The first object to compare. - The second object to compare. - The result of the operator. - - - - Indicates whether this instance and a specified object are equal. - - Another object to compare to. - - true if and this instance are the same type and represent the same value; otherwise, false. - - - - - Returns the hash code for this instance. - - - A 32-bit signed integer that is the hash code for this instance. - - - - - Gets the message type. - - - - - Gets the message version. - - - - - A set of customizations available for the scripts sent to the browser in AJAX OpenID scenarios. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the ID of the hidden field that should carry the positive assertion - until it is posted to the RP. - - - - - Gets or sets the ID of the hidden field that should be set with the parent window/frame's URL - prior to posting the form with the positive assertion. Useful for jQuery popup dialogs. - - - - - Gets or sets the index of the form in the document.forms array on the browser that should - be submitted when the user is ready to send the positive assertion to the RP. - - - - - Gets or sets the id of the form in the document.forms array on the browser that should - be submitted when the user is ready to send the positive assertion to the RP. A value - in this property takes precedence over any value in the property. - - The form id. - - - - Gets or sets the preloaded discovery results. - - - - - Gets or sets a value indicating whether to print diagnostic trace messages in the browser. - - - - - Gets or sets a value indicating whether to show all the "hidden" iframes that facilitate - asynchronous authentication of the user for diagnostic purposes. - - - - - Gets the form key to use when accessing the relevant form. - - - - - A message factory that automatically selects the message type based on the incoming data. - - - - - A tool to analyze an incoming message to figure out what concrete class - is designed to deserialize it and instantiates that class. - - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The intended or actual recipient of the request message. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - recipient != null - recipient == null - fields != null - fields == null - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - - The message that was sent as a request that resulted in the response. - - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - request != null - request == null - fields != null - fields == null - - - - The request message types and their constructors to use for instantiating the messages. - - - - - The response message types and their constructors to use for instantiating the messages. - - - The value is a dictionary, whose key is the type of the constructor's lone parameter. - - - - - Initializes a new instance of the class. - - - - - Adds message types to the set that this factory can create. - - The message types that this factory may instantiate. - messageTypes != null - messageTypes == null - messageTypes.All(msg => msg != null) - !(messageTypes.All(msg => msg != null)) - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The intended or actual recipient of the request message. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - recipient != null - recipient == null - fields != null - fields == null - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The message that was sent as a request that resulted in the response. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - request != null - request == null - fields != null - fields == null - - - - Gets the message type that best fits the given incoming request data. - - The recipient of the incoming data. Typically not used, but included just in case. - The data of the incoming message. - - The message type that matches the incoming data; or null if no match. - - May be thrown if the incoming data is ambiguous. - recipient != null - recipient == null - fields != null - fields == null - - - - Gets the message type that best fits the given incoming direct response data. - - The request message that prompted the response data. - The data of the incoming message. - - The message type that matches the incoming data; or null if no match. - - May be thrown if the incoming data is ambiguous. - request != null - request == null - fields != null - fields == null - - - - Instantiates the given request message type. - - The message description. - The recipient. - The instantiated message. Never null. - messageDescription != null - messageDescription == null - recipient != null - recipient == null - Contract.Result<IDirectedProtocolMessage>() != null - - - - Instantiates the given request message type. - - The message description. - The request that resulted in this response. - The instantiated message. Never null. - messageDescription != null - messageDescription == null - request != null - request == null - Contract.Result<IDirectResponseProtocolMessage>() != null - - - - Gets the hierarchical distance between a type and a type it derives from or implements. - - The base type or interface. - The concrete class that implements the . - The distance between the two types. 0 if the types are equivalent, 1 if the type immediately derives from or implements the base type, or progressively higher integers. - assignableType != null - assignableType == null - derivedType != null - derivedType == null - assignableType.IsAssignableFrom(derivedType) - !(assignableType.IsAssignableFrom(derivedType)) - - - - Finds constructors for response messages that take a given request message type. - - The message description. - Type of the request message. - A sequence of matching constructors. - messageDescription != null - messageDescription == null - requestType != null - requestType == null - - - - Counts how many strings are in the intersection of two collections. - - The first collection. - The second collection. - The string comparison method to use. - A non-negative integer no greater than the count of elements in the smallest collection. - collection1 != null - collection1 == null - collection2 != null - collection2 == null - Contract.Result<int>() >= 0 && Contract.Result<int>() <= Math.Min(collection1.Count, collection2.Count) - - - - A simple in-memory copy of an authorization state. - - - - - Provides access to a persistent object that tracks the state of an authorization. - - - - - Deletes this authorization, including access token and refresh token where applicable. - - - This method is invoked when an authorization attempt fails, is rejected, is revoked, or - expires and cannot be renewed. - - - - - Saves any changes made to this authorization object's properties. - - - This method is invoked after DotNetOpenAuth changes any property. - - - - - Gets or sets the callback URL used to obtain authorization. - - The callback URL. - - - - Gets or sets the long-lived token used to renew the short-lived . - - The refresh token. - - - - Gets or sets the access token. - - The access token. - - - - Gets or sets the access token issue date UTC. - - The access token issue date UTC. - - - - Gets or sets the access token UTC expiration date. - - - - - Gets the scope the token is (to be) authorized for. - - The scope. - - - - Initializes a new instance of the class. - - The scopes of access being requested or that was obtained. - - - - Deletes this authorization, including access token and refresh token where applicable. - - - This method is invoked when an authorization attempt fails, is rejected, is revoked, or - expires and cannot be renewed. - - - - - Saves any changes made to this authorization object's properties. - - - This method is invoked after DotNetOpenAuth changes any property. - - - - - Gets or sets the callback URL used to obtain authorization. - - The callback URL. - - - - Gets or sets the long-lived token used to renew the short-lived . - - The refresh token. - - - - Gets or sets the access token. - - The access token. - - - - Gets or sets the access token UTC expiration date. - - - - - - Gets or sets the access token issue date UTC. - - The access token issue date UTC. - - - - Gets the scope the token is (to be) authorized for. - - The scope. - - - - Gets or sets a value indicating whether this instance is deleted. - - - true if this instance is deleted; otherwise, false. - - - - - Decodes verification codes, refresh tokens and access tokens on incoming messages. - - - This binding element also ensures that the code/token coming in is issued to - the same client that is sending the code/token and that the authorization has - not been revoked and that an access token has not expired. - - - - - The base class for any authorization server channel binding element. - - - - - An interface that must be implemented by message transforms/validators in order - to be included in the channel stack. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets or sets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - Initializes a new instance of the class. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets or sets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - Gets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the authorization server hosting this channel. - - The authorization server. - - - - Initializes a new instance of the class. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - A short-lived token that accompanies HTTP requests to protected data to authorize the request. - - - - - A data bag that stores authorization data. - - - - - A collection of message parts that will be serialized into a single string, - to be set into a larger message. - - - - - A common message base class for OAuth messages. - - - - - Implemented by messages that have explicit recipients - (direct requests and all indirect messages). - - - - - Gets the preferred method of transport for the message. - - - For indirect messages this will likely be GET+POST, which both can be simulated in the user agent: - the GET with a simple 301 Redirect, and the POST with an HTML form in the response with javascript - to automate submission. - - - - - Gets the URL of the intended receiver of this message. - - - - - A dictionary to contain extra message data. - - - - - The originating request. - - - - - The backing field for the property. - - - - - A value indicating whether this message is a direct or indirect message. - - - - - Initializes a new instance of the class - that is used for direct response messages. - - The version. - version != null - version == null - - - - Initializes a new instance of the class. - - The originating request. - The recipient of the directed message. Null if not applicable. - request != null - request == null - - - - Initializes a new instance of the class - that is used for directed messages. - - The version. - The message transport. - The recipient. - version != null - version == null - recipient != null - recipient == null - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<Version>() != null - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IDictionary<string, string>>() != null - - - - - Gets the level of protection this message requires. - - - - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - - Gets the preferred method of transport for the message. - - - For indirect messages this will likely be GET+POST, which both can be simulated in the user agent: - the GET with a simple 301 Redirect, and the POST with an HTML form in the response with javascript - to automate submission. - - - - - Gets the URL of the intended receiver of this message. - - - - - Gets the originating request message that caused this response to be formed. - - - - - Gets or sets the preferred method of transport for the message. - - - For indirect messages this will likely be GET+POST, which both can be simulated in the user agent: - the GET with a simple 301 Redirect, and the POST with an HTML form in the response with javascript - to automate submission. - - - - - Gets the URL of the intended receiver of this message. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the nonce. - - The nonce. - - - - Gets or sets the UTC creation date of this token. - - The UTC creation date. - - - - Gets or sets the signature. - - The signature. - - - - Gets or sets the message that delivered this DataBag instance to this host. - - - - - Gets the type of this instance. - - The type of the bag. - - This ensures that one token cannot be misused as another kind of token. - - - - - Describes a delegated authorization between a resource server, a client, and a user. - - - - - Gets the identifier of the client authorized to access protected data. - - - !string.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the date this authorization was established or the token was issued. - - A date/time expressed in UTC. - - - - Gets the name on the account whose data on the resource server is accessible using this authorization. - - - !string.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the scope of operations the client is allowed to invoke. - - - Contract.Result<HashSet<string>>() != null - - - - - Initializes a new instance of the class. - - - - - Gets or sets the identifier of the client authorized to access protected data. - - - - !string.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the date this authorization was established or the token was issued. - - A date/time expressed in UTC. - - - - Gets or sets the name on the account whose data on the resource server is accessible using this authorization. - - - !string.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the scope of operations the client is allowed to invoke. - - - Contract.Result<HashSet<string>>() != null - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The authorization to be described by the access token. - The lifetime of the access token. - authorization != null - authorization == null - - - - Creates a formatter capable of serializing/deserializing an access token. - - The authorization server's private key used to asymmetrically sign the access token. - The resource server's public key used to encrypt the access token. - An access token serializer. - Contract.Result<IDataBagFormatter<AccessToken>>() != null - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets or sets the lifetime of the access token. - - The lifetime. - - - - Encodes/decodes the OAuth 2.0 grant_type argument. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Encodes/decodes the OAuth 2.0 response_type argument. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - A serializer for -derived types - - The DataBag-derived type that is to be serialized/deserialized. - - - - Serializes the specified message. - - The message to serialize. Must not be null. - A non-null, non-empty value. - message != null - message == null - !String.IsNullOrEmpty(Contract.Result<string>()) - - - - Deserializes a . - - The message that contains the serialized value. Must not be nulll. - The serialized form of the to deserialize. Must not be null or empty. - The deserialized value. Never null. - containingMessage != null - containingMessage == null - !String.IsNullOrEmpty(data) - String.IsNullOrEmpty(data) - Contract.Result<T>() != null - - - - Contract class for the IDataBagFormatter interface. - - The type of DataBag to serialize. - - - - Prevents a default instance of the class from being created. - - - - - Serializes the specified message. - - The message to serialize. Must not be null. - A non-null, non-empty value. - - - - Deserializes a . - - The message that contains the serialized value. Must not be nulll. - The serialized form of the to deserialize. Must not be null or empty. - The deserialized value. Never null. - - - - The base messaging channel used by OAuth 2.0 parties. - - - - - A channel that uses the standard message factory. - - - - - The message types receivable by this channel. - - - - - The protocol versions supported by this channel. - - - - - Initializes a new instance of the class. - - The message types that might be encountered. - All the possible message versions that might be encountered. - The binding elements to apply to the channel. - messageTypes != null - messageTypes == null - versions != null - versions == null - - - - Generates all the message descriptions for a given set of message types and versions. - - The message types. - The message versions. - The cache to use when obtaining the message descriptions. - The generated/retrieved message descriptions. - messageTypes != null - messageTypes == null - descriptionsCache != null - descriptionsCache == null - Contract.Result<IEnumerable<MessageDescription>>() != null - - - - Gets or sets a tool that can figure out what kind of message is being received - so it can be deserialized. - - - - - Gets or sets the message descriptions. - - - value != null - - value == null - - - - Gets or sets a tool that can figure out what kind of message is being received - so it can be deserialized. - - - - - The messages receivable by this channel. - - - - - The protocol versions supported by this channel. - - - - - Initializes a new instance of the class. - - The channel binding elements. - - - - The messaging channel used by OAuth 2.0 Clients. - - - - - Initializes a new instance of the class. - - - - - Prepares an HTTP request that carries a given message. - - The message to send. - - The prepared to send the request. - - - This method must be overridden by a derived class, unless the method - is overridden and does not require this method. - - request != null - request == null - request.Recipient != null - request.Recipient == null - Contract.Result<HttpWebRequest>() != null - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - - The deserialized message parts, if found. Null otherwise. - - Thrown when the response is not valid. - response != null - response == null - - - - Gets the protocol message that may be embedded in the given HTTP request. - - The request to search for an embedded message. - - The deserialized message, if one is found. Null otherwise. - - request != null - request == null - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - - The pending user agent redirect based message to be sent as an HttpResponse. - - - This method implements spec OAuth V1.0 section 5.3. - - response != null - response == null - Contract.Result<OutgoingWebResponse>() != null - - - - Encodes or decodes a set of scopes into the OAuth 2.0 scope message part. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - A serializer for -derived types - - The DataBag-derived type that is to be serialized/deserialized. - - - - The length of the nonce to include in tokens that can be decoded once only. - - - - - The message description cache to use for data bag types. - - - - - The symmetric secret used for signing/encryption of verification codes and refresh tokens. - - - - - The hashing algorithm to use while signing when using a symmetric secret. - - - - - The crypto to use for signing access tokens. - - - - - The crypto to use for encrypting access tokens. - - - - - The hashing algorithm to use for asymmetric signatures. - - - - - A value indicating whether the data in this instance will be protected against tampering. - - - - - The nonce store to use to ensure that this instance is only decoded once. - - - - - The maximum age of a token that can be decoded; useful only when is true. - - - - - A value indicating whether the data in this instance will be protected against eavesdropping. - - - - - A value indicating whether the data in this instance will be GZip'd. - - - - - Initializes a new instance of the class. - - A value indicating whether the data in this instance will be protected against tampering. - A value indicating whether the data in this instance will be protected against eavesdropping. - A value indicating whether the data in this instance will be GZip'd. - The maximum age of a token that can be decoded; useful only when is true. - The nonce store to use to ensure that this instance is only decoded once. - signed || decodeOnceOnly == null - signed || decodeOnceOnly != null - maximumAge.HasValue || decodeOnceOnly == null - maximumAge.HasValue || decodeOnceOnly != null - - - - Initializes a new instance of the class. - - The asymmetric private key to use for signing the token. - The asymmetric public key to use for encrypting the token. - A value indicating whether the data in this instance will be GZip'd. - The maximum age of a token that can be decoded; useful only when is true. - The nonce store to use to ensure that this instance is only decoded once. - - - - Initializes a new instance of the class. - - The symmetric secret to use for signing and encrypting. - A value indicating whether the data in this instance will be protected against tampering. - A value indicating whether the data in this instance will be protected against eavesdropping. - A value indicating whether the data in this instance will be GZip'd. - The maximum age of a token that can be decoded; useful only when is true. - The nonce store to use to ensure that this instance is only decoded once. - symmetricSecret != null || (!signed && !encrypted) - symmetricSecret == null && (signed && !encrypted) - - - - Serializes the specified message. - - The message to serialize. Must not be null. - A non-null, non-empty value. - message != null - message == null - !String.IsNullOrEmpty(Contract.Result<string>()) - - - - Deserializes a . - - The message that contains the serialized value. Must not be nulll. - The serialized form of the to deserialize. Must not be null or empty. - The deserialized value. Never null. - containingMessage != null - containingMessage == null - !String.IsNullOrEmpty(data) - String.IsNullOrEmpty(data) - Contract.Result<T>() != null - - - - Determines whether the signature on this instance is valid. - - The message whose signature is to be checked. - - true if the signature is valid; otherwise, false. - - message != null - message == null - - - - Calculates the signature for the data in this verification code. - - The message whose signature is to be calculated. - The calculated signature. - message != null - message == null - this.asymmetricSigning != null || this.symmetricHasher != null - this.asymmetricSigning == null && this.symmetricHasher == null - Contract.Result<byte[]>() != null - - - - Gets the bytes to sign. - - The message to be encoded as normalized bytes for signing. - A buffer of the bytes to sign. - message != null - message == null - - - - Encrypts the specified value using either the symmetric or asymmetric encryption algorithm as appropriate. - - The value. - The encrypted value. - this.asymmetricEncrypting != null || this.symmetricSecret != null - this.asymmetricEncrypting == null && this.symmetricSecret == null - - - - Decrypts the specified value using either the symmetric or asymmetric encryption algorithm as appropriate. - - The value. - The decrypted value. - this.asymmetricEncrypting != null || this.symmetricSecret != null - this.asymmetricEncrypting == null && this.symmetricSecret == null - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Gets the identifier of the client authorized to access protected data. - - - - - Gets the date this authorization was established or the token was issued. - - A date/time expressed in UTC. - - - - Gets the name on the account whose data on the resource server is accessible using this authorization. - - - - - Gets the scope of operations the client is allowed to invoke. - - - - - The various types of tokens created by the authorization server. - - - - - The code issued to the client after the user has approved authorization. - - - - - The long-lived token issued to the client that enables it to obtain - short-lived access tokens later. - - - - - A (typically) short-lived token. - - - - - A message that carries some kind of token from the client to the authorization or resource server. - - - - - Gets or sets the verification code or refresh/access token. - - The code or token. - - - - Gets the type of the code or token. - - The type of the code or token. - - - - Gets or sets the authorization that the token describes. - - - - - The channel for the OAuth protocol. - - - - - The messages receivable by this channel. - - - - - The protocol versions supported by this channel. - - - - - Initializes a new instance of the class. - - - - - Gets the protocol message that may be embedded in the given HTTP request. - - The request to search for an embedded message. - - The deserialized message, if one is found. Null otherwise. - - request != null - request == null - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - - The deserialized message parts, if found. Null otherwise. - - Thrown when the response is not valid. - response != null - response == null - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - - The pending user agent redirect based message to be sent as an HttpResponse. - - - This method implements spec OAuth V1.0 section 5.3. - - response != null - response == null - Contract.Result<OutgoingWebResponse>() != null - - - - The refresh token issued to a client by an authorization server that allows the client - to periodically obtain new short-lived access tokens. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The authorization this refresh token should describe. - authorization != null - authorization == null - - - - Creates a formatter capable of serializing/deserializing a refresh token. - - The symmetric secret used by the authorization server to sign/encrypt refresh tokens. Must not be null. - A DataBag formatter. Never null. - symmetricSecret != null - symmetricSecret == null - Contract.Result<IDataBagFormatter<RefreshToken>>() != null - - - - Translates between a and the number of seconds between it and 1/1/1970 12 AM - - - - - The reference date and time for calculating time stamps. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Represents the authorization code created when a user approves authorization that - allows the client to request an access/refresh token. - - - - - The hash algorithm used on the callback URI. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The client identifier. - The callback the client used to obtain authorization. - The authorized scopes. - The name on the account that authorized access. - !String.IsNullOrEmpty(clientIdentifier) - String.IsNullOrEmpty(clientIdentifier) - callback != null - callback == null - - - - Creates a serializer/deserializer for this type. - - The authorization server that will be serializing/deserializing this authorization code. Must not be null. - A DataBag formatter. - authorizationServer != null - authorizationServer == null - Contract.Result<IDataBagFormatter<AuthorizationCode>>() != null - - - - Verifies the the given callback URL matches the callback originally given in the authorization request. - - The callback. - - This method serves to verify that the callback URL given in the original authorization request - and the callback URL given in the access token request match. - - Thrown when the callback URLs do not match. - - - - Calculates the hash of the callback URL. - - The callback whose hash should be calculated. - - A base64 encoding of the hash of the URL. - - - - - Gets or sets the hash of the callback URL. - - - - - A binding element for OAuth 2.0 authorization servers that create/verify - issued authorization codes as part of obtaining access/refresh tokens. - - - - - Initializes a new instance of the class. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Gets the protection commonly offered (if any) by this binding element. - - Always MessageProtections.None - - This value is used to assist in sorting binding elements in the channel stack. - - - - - Gets the maximum message age from the standard expiration binding element. - - - - - A binding element that should be applied for authorization server channels regardless of which flows - are supported. - - - - - Initializes a new instance of the class. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - An interface that resource server hosts should implement if they accept access tokens - issued by non-DotNetOpenAuth authorization servers. - - - - - Reads an access token to find out what data it authorizes access to. - - The message carrying the access token. - The access token. - The user whose data is accessible with this access token. - The scope of access authorized by this access token. - A value indicating whether this access token is valid. - message != null - message == null - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - Contract.Result<bool>() == (Contract.ValueAtReturn<string>(out user) != null) - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Reads an access token to find out what data it authorizes access to. - - The message carrying the access token. - The access token. - The user whose data is accessible with this access token. - The scope of access authorized by this access token. - - A value indicating whether this access token is valid. - - - - - Provides host-specific authorization server services needed by this library. - - - - - Gets the client with a given identifier. - - The client identifier. - The client registration. Never null. - Thrown when no client with the given identifier is registered with this authorization server. - !String.IsNullOrEmpty(clientIdentifier) - String.IsNullOrEmpty(clientIdentifier) - Contract.Result<IConsumerDescription>() != null - - - - Determines whether a described authorization is (still) valid. - - The authorization. - - true if the original authorization is still valid; otherwise, false. - - - When establishing that an authorization is still valid, - it's very important to only match on recorded authorizations that - meet these criteria: - 1) The client identifier matches. - 2) The user account matches. - 3) The scope on the recorded authorization must include all scopes in the given authorization. - 4) The date the recorded authorization was issued must be no later that the date the given authorization was issued. - One possible scenario is where the user authorized a client, later revoked authorization, - and even later reinstated authorization. This subsequent recorded authorization - would not satisfy requirement #4 in the above list. This is important because the revocation - the user went through should invalidate all previously issued tokens as a matter of - security in the event the user was revoking access in order to sever authorization on a stolen - account or piece of hardware in which the tokens were stored. - authorization != null - authorization == null - - - - Gets the secret used to symmetrically encrypt and sign authorization codes and refresh tokens. - - - This secret should be kept strictly confidential in the authorization server(s) - and NOT shared with the resource server. Anyone with this secret can mint - tokens to essentially grant themselves access to anything they want. - - - Contract.Result<byte[]>() != null - - - - - Gets the asymmetric private key to use for signing access tokens. - - - The public key in the private/public key pair will be used by the resource - servers to validate that the access token is minted by a trusted authorization server. - - - - - Gets the authorization code nonce store to use to ensure that authorization codes can only be used once. - - The authorization code nonce store. - - Contract.Result<INonceStore>() != null - - - - - Code Contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Gets the client with a given identifier. - - The client identifier. - The client registration. Never null. - Thrown when no client with the given identifier is registered with this authorization server. - - - - Determines whether a described authorization is (still) valid. - - The authorization. - - true if the original authorization is still valid; otherwise, false. - - - When establishing that an authorization is still valid, - it's very important to only match on recorded authorizations that - meet these criteria: - 1) The client identifier matches. - 2) The user account matches. - 3) The scope on the recorded authorization must include all scopes in the given authorization. - 4) The date the recorded authorization was issued must be no later that the date the given authorization was issued. - One possible scenario is where the user authorized a client, later revoked authorization, - and even later reinstated authorization. This subsequent recorded authorization - would not satisfy requirement #4 in the above list. This is important because the revocation - the user went through should invalidate all previously issued tokens as a matter of - security in the event the user was revoking access in order to sever authorization on a stolen - account or piece of hardware in which the tokens were stored. - - - - Gets the secret used to symmetrically encrypt and sign authorization codes and refresh tokens. - - - - This secret should be kept strictly confidential in the authorization server(s) - and NOT shared with the resource server. Anyone with this secret can mint - tokens to essentially grant themselves access to anything they want. - - - - - Gets the asymmetric private key to use for signing access tokens. - - - - The public key in the private/public key pair will be used by the resource - servers to validate that the access token is minted by a trusted authorization server. - - - - - Gets the authorization code nonce store to use to ensure that authorization codes can only be used once. - - The authorization code nonce store. - - - - A token manager implemented by some clients to assist in tracking authorization state. - - - - - Gets the state of the authorization for a given callback URL and client state. - - The callback URL. - State of the client stored at the beginning of an authorization request. - The authorization state; may be null if no authorization state matches. - callbackUrl != null - callbackUrl == null - - - - Contract class for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Gets the state of the authorization for a given callback URL and client state. - - The callback URL. - State of the client stored at the beginning of an authorization request. - - The authorization state; may be null if no authorization state matches. - - - - - A description of a client from an Authorization Server's point of view. - - - - - Gets the client secret. - - - - - Gets the allowed callback URIs that this client has pre-registered with the service provider, if any. - - The URIs that user authorization responses may be directed to; must not be null, but may be empty. - - The first element in this list (if any) will be used as the default client redirect URL if the client sends an authorization request without a redirect URL. - If the list is empty, any callback is allowed for this client. - - - Contract.Result<List<Uri>>() != null - Contract.Result<List<Uri>>().TrueForAll(v => v != null && v.IsAbsoluteUri) - - - - - Contract class for the interface. - - - - - Gets the client secret. - - - - - - Gets the allowed callback URIs that this client has pre-registered with the service provider, if any. - - - The URIs that user authorization responses may be directed to; must not be null, but may be empty. - - - The first element in this list (if any) will be used as the default client redirect URL if the client sends an authorization request without a redirect URL. - If the list is empty, any callback is allowed for this client. - - - - - A message that accompanies an HTTP request to a resource server that provides authorization. - - - - - Initializes a new instance of the class. - - The recipient. - The version. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the type of the code or token. - - The type of the code or token. - - - - Gets or sets the verification code or refresh/access token. - - The code or token. - - - - Gets or sets the authorization that the token describes. - - - - - Gets or sets the access token. - - The access token. - - - - Gets or sets the nonce. - - The nonce. - - - - Gets or sets the timestamp. - - The timestamp. - - - - Gets or sets the signature. - - The signature. - - - - Gets or sets the algorithm. - - The algorithm. - - - - Gets a value indicating whether this request is signed. - - - - - A request from a Client to an Authorization Server to exchange some assertion for an access token. - - - - - A message sent from the client to the authorization server to exchange a previously obtained grant for an access token. - - - - - A direct message from the client to the authorization server that includes the client's credentials. - - - - - Initializes a new instance of the class. - - The Authorization Server's access token endpoint URL. - The version. - - - - Gets the client identifier previously obtained from the Authorization Server. - - The client identifier. - - - - Gets the client secret. - - The client secret. - - REQUIRED. The client secret as described in Section 2.1 (Client Credentials). OPTIONAL if no client secret was issued. - - - - - Initializes a new instance of the class. - - The Authorization Server's access token endpoint URL. - The version. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the type of the grant. - - The type of the grant. - - - - Gets the set of scopes the Client would like the access token to provide access to. - - A set of scopes. Never null. - - - - Initializes a new instance of the class. - - The Authorization Server's access token endpoint URL. - The version. - - - - Gets or sets the format of the assertion as defined by the Authorization Server. - - The assertion format. - - - - Gets or sets the assertion. - - The assertion. - - - - Gets the type of the grant. - - The type of the grant. - - - - A request from a Client to an Authorization Server to exchange an authorization code for an access token. - - - - - Initializes a new instance of the class. - - The Authorization Server's access token endpoint URL. - The version. - - - - Initializes a new instance of the class. - - The authorization server. - authorizationServer != null - authorizationServer == null - - - - Gets the type of the code or token. - - The type of the code or token. - - - - Gets or sets the verification code or refresh/access token. - - The code or token. - - - - Gets or sets the authorization that the token describes. - - - - - Gets the type of the grant. - - The type of the grant. - - - - Gets or sets the verification code previously communicated to the Client - in . - - The verification code received from the authorization server. - - - - Gets or sets the callback URL used in - - The Callback URL used to obtain the Verification Code. - - - - - A request from a Client to an Authorization Server to exchange the user's username and password for an access token. - - - - - Initializes a new instance of the class. - - The access token endpoint. - The protocol version. - - - - Gets the type of the grant. - - The type of the grant. - - - - Gets or sets the user's account username. - - The username on the user's account. - - - - Gets or sets the user's password. - - The password. - - - - A request for an access token for a client application that has its - own (non-user affiliated) client name and password. - - - This is somewhat analogous to 2-legged OAuth. - - - - - Initializes a new instance of the class. - - The authorization server. - The version. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the type of the grant. - - The type of the grant. - - - - The message sent by the Authorization Server to the Client via the user agent - to indicate that user authorization was granted, carrying only an access token, - and to return the user to the Client where they started their experience. - - - - - The message sent by the Authorization Server to the Client via the user agent - to indicate that user authorization was granted, and to return the user - to the Client where they started their experience. - - - - - A message carrying client state the authorization server should preserve on behalf of the client - during an authorization. - - - - - Gets or sets the state of the client. - - The state of the client. - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The protocol version. - version != null - version == null - clientCallback != null - clientCallback == null - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The authorization request from the user agent on behalf of the client. - clientCallback != null - clientCallback == null - request != null - request == null - - - - Gets or sets some state as provided by the client in the authorization request. - - An opaque value defined by the client. - - REQUIRED if the Client sent the value in the . - - - - - Gets the scope of the if one is given; otherwise the scope of the authorization code. - - The scope. - - - - Gets or sets the lifetime of the authorization. - - The lifetime. - - - - Gets or sets the authorizing user's account name. - - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The protocol version. - version != null - version == null - clientCallback != null - clientCallback == null - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The authorization request from the user agent on behalf of the client. - clientCallback != null - clientCallback == null - request != null - request == null - - - - Gets or sets the verification code or refresh/access token. - - The code or token. - - - - Gets the type of the code or token. - - The type of the code or token. - - - - Gets or sets the authorization that the token describes. - - - - - - Gets or sets the access token. - - The access token. - - - - The message that an Authorization Server responds to a Client with when the user denies a user authorization request. - - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The protocol version. - version != null - version == null - clientCallback != null - clientCallback == null - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The authorization request from the user agent on behalf of the client. - request != null - request == null - - - - Gets or sets the error. - - One of the values given in . - - - - Gets or sets a human readable description of the error. - - Human-readable text providing additional information, used to assist in the understanding and resolution of the error that occurred. - - - - Gets or sets the location of the web page that describes the error and possible resolution. - - A URI identifying a human-readable web page with information about the error, used to provide the end-user with additional information about the error. - - - - Gets or sets some state as provided by the client in the authorization request. - - An opaque value defined by the client. - - REQUIRED if the Client sent the value in the . - - - - - The message sent by the Authorization Server to the Client via the user agent - to indicate that user authorization was granted, carrying an authorization code and possibly an access token, - and to return the user to the Client where they started their experience. - - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The protocol version. - version != null - version == null - clientCallback != null - clientCallback == null - - - - Initializes a new instance of the class. - - The URL to redirect to so the client receives the message. This may not be built into the request message if the client pre-registered the URL with the authorization server. - The authorization request from the user agent on behalf of the client. - clientCallback != null - clientCallback == null - request != null - request == null - - - - Gets or sets the verification code or refresh/access token. - - The code or token. - - - - Gets the type of the code or token. - - The type of the code or token. - - - - Gets or sets the authorization that the token describes. - - - - - Gets or sets the authorization code. - - The authorization code. - - - - Gets or sets the access token. - - The access token. - - - - The types of authorizations that a client can use to obtain - a refresh token and/or an access token. - - - - - The client is providing the authorization code previously obtained from an end user authorization response. - - - - - The client is providing the end user's username and password to the authorization server. - - - - - The client is providing an assertion it obtained from another source. - - - - - The client is providing a refresh token. - - - - - No authorization to access a user's data has been given. The client is requesting - an access token authorized for its own private data. This fits the classic OAuth 1.0(a) "2-legged OAuth" scenario. - - - When requesting an access token using the none access grant type (no access grant is included), the client is requesting access to the protected resources under its control, or those of another resource owner which has been previously arranged with the authorization server (the method of which is beyond the scope of this specification). - - - - - A request from the client to the token endpoint for a new access token - in exchange for a refresh token that the client has previously obtained. - - - - - Initializes a new instance of the class. - - The token endpoint. - The version. - - - - Initializes a new instance of the class. - - The authorization server. - - - - Gets the type of the code or token. - - The type of the code or token. - - - - Gets or sets the verification code or refresh/access token. - - The code or token. - - - - Gets or sets the authorization that the token describes. - - - - - Gets or sets the refresh token. - - The refresh token. - - REQUIRED. The refresh token associated with the access token to be refreshed. - - - - - Gets the type of the grant. - - The type of the grant. - - - - An indication of what kind of response the client is requesting from the authorization server - after the user has granted authorized access. - - - - - An access token should be returned immediately. - - - - - An authorization code should be returned, which can later be exchanged for refresh and access tokens. - - - - - Both an access token and an authorization code should be returned. - - - - - A direct response that is simply a 401 Unauthorized with an - WWW-Authenticate: OAuth header. - - - - - Initializes a new instance of the class. - - The exception. - The protocol version. - exception != null - exception == null - - - - Initializes a new instance of the class. - - The request. - - - - Initializes a new instance of the class. - - The request. - The exception. - exception != null - exception == null - - - - Gets the HTTP status code that the direct response should be sent with. - - - - - Gets the HTTP headers to add to the response. - - May be an empty collection, but must not be null. - - Contract.Result<WebHeaderCollection>() != null - - - - - Gets or sets the error message. - - The error message. - - - - Gets or sets the realm. - - The realm. - - - - Gets or sets the scope. - - The scope. - - - - Gets or sets the algorithms. - - The algorithms. - - - - Gets or sets the user endpoint. - - The user endpoint. - - - - Gets or sets the token endpoint. - - The token endpoint. - - - - A response from the Authorization Server to the Client to indicate that a - request for an access token renewal failed, probably due to an invalid - refresh token. - - - This message type is shared by the Web App, Rich App, and Username/Password profiles. - - - - - A value indicating whether this error response is in result to a request that had invalid client credentials which were supplied in the HTTP Authorization header. - - - - - Initializes a new instance of the class. - - The faulty request. - - - - Initializes a new instance of the class. - - The faulty request. - A value indicating whether this error response is in result to a request that had invalid client credentials which were supplied in the HTTP Authorization header. - - - - Gets the HTTP status code that the direct response should be sent with. - - - - - Gets the HTTP headers to add to the response. - - May be an empty collection, but must not be null. - - Contract.Result<WebHeaderCollection>() != null - - - - - Gets or sets the error. - - One of the values given in . - - - - Gets or sets a human readable description of the error. - - Human-readable text providing additional information, used to assist in the understanding and resolution of the error that occurred. - - - - Gets or sets the location of the web page that describes the error and possible resolution. - - A URI identifying a human-readable web page with information about the error, used to provide the end-user with additional information about the error. - - - - A response from the Authorization Server to the Client containing a delegation code - that the Client should use to obtain an access token. - - - This message type is shared by the Web App, Rich App, and Username/Password profiles. - - - - - Initializes a new instance of the class. - - The request. - - - - Gets the HTTP status code that the direct response should be sent with. - - Always HttpStatusCode.OK - - - - Gets the HTTP headers to add to the response. - - May be an empty collection, but must not be null. - - Contract.Result<WebHeaderCollection>() != null - - - - - Gets or sets the access token. - - The access token. - - - - Gets or sets the lifetime of the access token. - - The lifetime. - - - - Gets or sets the refresh token. - - The refresh token. - - OPTIONAL. The refresh token used to obtain new access tokens using the same end-user access grant as described in Section 6 (Refreshing an Access Token). - - - - - Gets the scope of access being requested. - - The scope of the access request expressed as a list of space-delimited strings. The value of the scope parameter is defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope. - - - - Provides services for validating OAuth access tokens. - - - - - Initializes a new instance of the class. - - The access token analyzer. - accessTokenAnalyzer != null - accessTokenAnalyzer == null - - - - Discovers what access the client should have considering the access token in the current request. - - The name on the account the client has access to. - The set of operations the client is authorized for. - An error to return to the client if access is not authorized; null if access is granted. - - - - Discovers what access the client should have considering the access token in the current request. - - The HTTP request info. - The name on the account the client has access to. - The set of operations the client is authorized for. - - An error to return to the client if access is not authorized; null if access is granted. - - httpRequestInfo != null - httpRequestInfo == null - - - - Discovers what access the client should have considering the access token in the current request. - - The HTTP request info. - The principal that contains the user and roles that the access token is authorized for. - - An error to return to the client if access is not authorized; null if access is granted. - - - - - Discovers what access the client should have considering the access token in the current request. - - HTTP details from an incoming WCF message. - The URI of the WCF service endpoint. - The principal that contains the user and roles that the access token is authorized for. - - An error to return to the client if access is not authorized; null if access is granted. - - request != null - request == null - requestUri != null - requestUri == null - - - - Gets the access token analyzer. - - The access token analyzer. - - - - Gets the channel. - - The channel. - - - - An access token reader that understands DotNetOpenAuth authorization server issued tokens. - - - - - Initializes a new instance of the class. - - The authorization server public signing key. - The resource server private encryption key. - - - - Reads an access token to find out what data it authorizes access to. - - The message carrying the access token. - The access token. - The user whose data is accessible with this access token. - The scope of access authorized by this access token. - - A value indicating whether this access token is valid. - - - This method also responsible to throw a or return - false when the access token is expired, invalid, or from an untrusted authorization server. - - message != null - message == null - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - Contract.Result<bool>() == (Contract.ValueAtReturn<string>(out user) != null) - - - - Gets the authorization server public signing key. - - The authorization server public signing key. - - - - Gets the resource server private encryption key. - - The resource server private encryption key. - - - - The OAuth client for the user-agent flow, providing services for installed apps - and in-browser Javascript widgets. - - - - - A base class for common OAuth Client behaviors. - - - - - Initializes a new instance of the class. - - The token issuer. - The client identifier. - The client secret. - authorizationServer != null - authorizationServer == null - - - - Adds the necessary HTTP Authorization header to an HTTP request for protected resources - so that the Service Provider will allow the request through. - - The request for protected resources from the service provider. - The access token previously obtained from the Authorization Server. - request != null - request == null - !string.IsNullOrEmpty(accessToken) - string.IsNullOrEmpty(accessToken) - - - - Adds the OAuth authorization token to an outgoing HTTP request, renewing a - (nearly) expired access token if necessary. - - The request for protected resources from the service provider. - The authorization for this request previously obtained via OAuth. - request != null - request == null - authorization != null - authorization == null - !string.IsNullOrEmpty(authorization.AccessToken) - string.IsNullOrEmpty(authorization.AccessToken) - - - - Refreshes a short-lived access token using a longer-lived refresh token. - - The authorization to update. - If given, the access token will not be refreshed if its remaining lifetime exceeds this value. - A value indicating whether the access token was actually renewed; true if it was renewed, or false if it still had useful life remaining. - authorization != null - authorization == null - !string.IsNullOrEmpty(authorization.RefreshToken) - string.IsNullOrEmpty(authorization.RefreshToken) - - - - Updates the authorization state maintained by the client with the content of an outgoing response. - - The authorization state maintained by the client. - The access token containing response message. - authorizationState != null - authorizationState == null - accessTokenSuccess != null - accessTokenSuccess == null - - - - Updates the authorization state maintained by the client with the content of an outgoing response. - - The authorization state maintained by the client. - The access token containing response message. - authorizationState != null - authorizationState == null - accessTokenSuccess != null - accessTokenSuccess == null - - - - Updates authorization state with a success response from the Authorization Server. - - The authorization state to update. - The authorization success message obtained from the authorization server. - authorizationState != null - authorizationState == null - authorizationSuccess != null - authorizationSuccess == null - - - - Calculates the fraction of life remaining in an access token. - - The authorization to measure. - A fractional number no greater than 1. Could be negative if the access token has already expired. - authorization != null - authorization == null - authorization.AccessTokenIssueDateUtc.HasValue - !(authorization.AccessTokenIssueDateUtc.HasValue) - authorization.AccessTokenExpirationUtc.HasValue - !(authorization.AccessTokenExpirationUtc.HasValue) - - - - Gets the token issuer. - - The token issuer. - - - - Gets the OAuth channel. - - The channel. - - - - Gets or sets the identifier by which this client is known to the Authorization Server. - - - - - Gets or sets the client secret shared with the Authorization Server. - - - - - Initializes a new instance of the class. - - The token issuer. - The client identifier. - The client secret. - - - - Initializes a new instance of the class. - - The authorization endpoint. - authorizationEndpoint != null - authorizationEndpoint == null - - - - Generates a URL that the user's browser can be directed to in order to authorize - this client to access protected data at some resource server. - - The scope of authorized access requested. - A fully-qualified URL suitable to initiate the authorization flow. - - - - Generates a URL that the user's browser can be directed to in order to authorize - this client to access protected data at some resource server. - - The authorization state that is tracking this particular request. Optional. - A fully-qualified URL suitable to initiate the authorization flow. - authorization != null - authorization == null - !string.IsNullOrEmpty(this.ClientIdentifier) - string.IsNullOrEmpty(this.ClientIdentifier) - - - - Scans the incoming request for an authorization response message. - - The actual URL of the incoming HTTP request. - The authorization. - The granted authorization, or null if the incoming HTTP request did not contain an authorization server response or authorization was rejected. - actualRedirectUrl != null - actualRedirectUrl == null - - - - Authorization Server supporting the web server flow. - - - - - Initializes a new instance of the class. - - The authorization server. - authorizationServer != null - authorizationServer == null - - - - Reads in a client's request for the Authorization Server to obtain permission from - the user to authorize the Client's access of some protected resource(s). - - The HTTP request to read from. - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - - - Approves an authorization request and sends an HTTP response to the user agent to redirect the user back to the Client. - - The authorization request to approve. - The username of the account that approved the request (or whose data will be accessed by the client). - The scope of access the client should be granted. If null, all scopes in the original request will be granted. - The Client callback URL to use when formulating the redirect to send the user agent back to the Client. - authorizationRequest != null - authorizationRequest == null - - - - Rejects an authorization request and sends an HTTP response to the user agent to redirect the user back to the Client. - - The authorization request to disapprove. - The Client callback URL to use when formulating the redirect to send the user agent back to the Client. - authorizationRequest != null - authorizationRequest == null - - - - Checks the incoming HTTP request for an access token request and prepares a response if the request message was found. - - The formulated response, or null if the request was not found.. - A value indicating whether any access token request was found in the HTTP request. - - This method assumes that the authorization server and the resource server are the same and that they share a single - asymmetric key for signing and encrypting the access token. If this is not true, use the method instead. - - - - - Checks the incoming HTTP request for an access token request and prepares a response if the request message was found. - - The HTTP request info. - The formulated response, or null if the request was not found.. - A value indicating whether any access token request was found in the HTTP request. - - This method assumes that the authorization server and the resource server are the same and that they share a single - asymmetric key for signing and encrypting the access token. If this is not true, use the method instead. - - httpRequestInfo != null - httpRequestInfo == null - Contract.Result<bool>() == (Contract.ValueAtReturn<IDirectResponseProtocolMessage>(out response) != null) - - - - Reads the access token request. - - The request info. - The Client's request for an access token; or null if no such message was found in the request. - - - - Prepares a response to inform the Client that the user has rejected the Client's authorization request. - - The authorization request. - The Client callback URL to use when formulating the redirect to send the user agent back to the Client. - The authorization response message to send to the Client. - authorizationRequest != null - authorizationRequest == null - Contract.Result<EndUserAuthorizationFailedResponse>() != null - - - - Approves an authorization request. - - The authorization request to approve. - The username of the account that approved the request (or whose data will be accessed by the client). - The scope of access the client should be granted. If null, all scopes in the original request will be granted. - The Client callback URL to use when formulating the redirect to send the user agent back to the Client. - The authorization response message to send to the Client. - authorizationRequest != null - authorizationRequest == null - !String.IsNullOrEmpty(username) - String.IsNullOrEmpty(username) - Contract.Result<EndUserAuthorizationSuccessResponseBase>() != null - - - - Prepares the response to an access token request. - - The request for an access token. - The public key to encrypt the access token to, such that the resource server will be able to decrypt it. - The access token's lifetime. - If set to true, the response will include a long-lived refresh token. - The response message to send to the client. - request != null - request == null - - - - Gets the redirect URL to use for a particular authorization request. - - The authorization request. - The URL to redirect to. Never null. - Thrown if no callback URL could be determined. - authorizationRequest != null - authorizationRequest == null - Contract.Result<Uri>() != null - - - - Gets the channel. - - The channel. - - - - Gets the authorization server. - - The authorization server. - - - - Gets the channel. - - - - - Some common utility methods for OAuth 2.0. - - - - - The instance to use when comparing scope equivalence. - - - - - The delimiter between scope elements. - - - - - The characters that may appear in an access token that is included in an HTTP Authorization header. - - - This is defined in OAuth 2.0 DRAFT 10, section 5.1.1. (http://tools.ietf.org/id/draft-ietf-oauth-v2-10.html#authz-header) - - - - - Determines whether one given scope is a subset of another scope. - - The requested scope, which may be a subset of . - The granted scope, the suspected superset. - - true if all the elements that appear in also appear in ; - false otherwise. - - - - - Identifies individual scope elements - - The space-delimited list of scopes. - A set of individual scopes, with any duplicates removed. - - - - Serializes a set of scopes as a space-delimited list. - - The scopes to serialize. - A space-delimited list. - scopes != null - scopes == null - - - - Authorizes an HTTP request using an OAuth 2.0 access token in an HTTP Authorization header. - - The request to authorize. - The access token previously obtained from the Authorization Server. - request != null - request == null - !string.IsNullOrEmpty(accessToken) - string.IsNullOrEmpty(accessToken) - - - - Gets information about the client with a given identifier. - - The authorization server. - The client identifier. - The client information. Never null. - !String.IsNullOrEmpty(clientIdentifier) - String.IsNullOrEmpty(clientIdentifier) - Contract.Result<IConsumerDescription>() != null - - - - An interface that providers that play a dual role as OpenID Provider - and OAuth Service Provider should implement on their token manager classes. - - - This interface should be implemented by the same class that implements - in order to enable the OpenID+OAuth extension. - - - - - Additional methods an implementing class - may implement to support the OpenID+OAuth extension. - - - - - Stores a new request token obtained over an OpenID request. - - The consumer key. - The authorization message carrying the request token and authorized access scope. - - The token secret is the empty string. - Tokens stored by this method should be short-lived to mitigate - possible security threats. Their lifetime should be sufficient for the - relying party to receive the positive authentication assertion and immediately - send a follow-up request for the access token. - - - - - An interface OAuth hosts must implement for persistent storage - and recall of tokens and secrets for an individual OAuth consumer - or service provider. - - - - - Gets the Token Secret given a request or access token. - - The request or access token. - The secret associated with the given token. - Thrown if the secret cannot be found for the given token. - !String.IsNullOrEmpty(token) - String.IsNullOrEmpty(token) - Contract.Result<string>() != null - - - - Stores a newly generated unauthorized request token, secret, and optional - application-specific parameters for later recall. - - The request message that resulted in the generation of a new unauthorized request token. - The response message that includes the unauthorized request token. - Thrown if the consumer key is not registered, or a required parameter was not found in the parameters collection. - - Request tokens stored by this method SHOULD NOT associate any user account with this token. - It usually opens up security holes in your application to do so. Instead, you associate a user - account with access tokens (not request tokens) in the - method. - - request != null - request == null - response != null - response == null - - - - Deletes a request token and its associated secret and stores a new access token and secret. - - The Consumer that is exchanging its request token for an access token. - The Consumer's request token that should be deleted/expired. - The new access token that is being issued to the Consumer. - The secret associated with the newly issued access token. - - - Any scope of granted privileges associated with the request token from the - original call to should be carried over - to the new Access Token. - - - To associate a user account with the new access token, - HttpContext.Current.User may be - useful in an ASP.NET web application within the implementation of this method. - Alternatively you may store the access token here without associating with a user account, - and wait until or - return the access - token to associate the access token with a user account at that point. - - - !String.IsNullOrEmpty(consumerKey) - String.IsNullOrEmpty(consumerKey) - !String.IsNullOrEmpty(requestToken) - String.IsNullOrEmpty(requestToken) - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - accessTokenSecret != null - accessTokenSecret == null - - - - Classifies a token as a request token or an access token. - - The token to classify. - Request or Access token, or invalid if the token is not recognized. - !String.IsNullOrEmpty(token) - String.IsNullOrEmpty(token) - - - - Gets the OAuth consumer key for a given OpenID relying party realm. - - The relying party's OpenID realm. - The OAuth consumer key for a given OpenID realm. - This is a security-critical function. Since OpenID requests - and OAuth extensions for those requests can be formulated by ANYONE - (no signing is required by the relying party), and since the response to - the authentication will include access the user is granted to the - relying party who CLAIMS to be from some realm, it is of paramount - importance that the realm is recognized as belonging to the consumer - key by the host service provider in order to protect against phishers. - - - - A description of a consumer from a Service Provider's point of view. - - - - - Gets the Consumer key. - - - - - Gets the consumer secret. - - - - - Gets the certificate that can be used to verify the signature of an incoming - message from a Consumer. - - The public key from the Consumer's X.509 Certificate, if one can be found; otherwise null. - - This property must be implemented only if the RSA-SHA1 algorithm is supported by the Service Provider. - - - - - Gets the callback URI that this consumer has pre-registered with the service provider, if any. - - A URI that user authorization responses should be directed to; or null if no preregistered callback was arranged. - - - - Gets the verification code format that is most appropriate for this consumer - when a callback URI is not available. - - A set of characters that can be easily keyed in by the user given the Consumer's - application type and form factor. - - The value should NEVER be returned - since this property is only used in no callback scenarios anyway. - - - - - Gets the length of the verification code to issue for this Consumer. - - A positive number, generally at least 4. - - - - A token manager for use by a web site in its role as a consumer of - an individual ServiceProvider. - - - - - Gets the consumer key. - - The consumer key. - - - - Gets the consumer secret. - - The consumer secret. - - - - A description of an access token and its metadata as required by a Service Provider. - - - - - Gets the token itself. - - - - - Gets the expiration date (local time) for the access token. - - The expiration date, or null if there is no expiration date. - - - - Gets the username of the principal that will be impersonated by this access token. - - - The name of the user who authorized the OAuth request token originally. - - - - - Gets the roles that the OAuth principal should belong to. - - - The roles that the user belongs to, or a subset of these according to the rights - granted when the user authorized the request token. - - - - - A token manager for use by a web site in its role as a - service provider. - - - - - Gets the Consumer description for a given a Consumer Key. - - The Consumer Key. - A description of the consumer. Never null. - Thrown if the consumer key cannot be found. - !String.IsNullOrEmpty(consumerKey) - String.IsNullOrEmpty(consumerKey) - Contract.Result<IConsumerDescription>() != null - - - - Checks whether a given request token has already been authorized - by some user for use by the Consumer that requested it. - - The Consumer's request token. - - True if the request token has already been fully authorized by the user - who owns the relevant protected resources. False if the token has not yet - been authorized, has expired or does not exist. - - !String.IsNullOrEmpty(requestToken) - String.IsNullOrEmpty(requestToken) - - - - Gets details on the named request token. - - The request token. - A description of the token. Never null. - Thrown if the token cannot be found. - - It is acceptable for implementations to find the token, see that it has expired, - delete it from the database and then throw , - or alternatively it can return the expired token anyway and the OAuth channel will - log and throw the appropriate error. - - !String.IsNullOrEmpty(token) - String.IsNullOrEmpty(token) - Contract.Result<IServiceProviderRequestToken>() != null - - - - Gets details on the named access token. - - The access token. - A description of the token. Never null. - Thrown if the token cannot be found. - - It is acceptable for implementations to find the token, see that it has expired, - delete it from the database and then throw , - or alternatively it can return the expired token anyway and the OAuth channel will - log and throw the appropriate error. - - !String.IsNullOrEmpty(token) - String.IsNullOrEmpty(token) - Contract.Result<IServiceProviderAccessToken>() != null - - - - Persists any changes made to the token. - - The token whose properties have been changed. - - This library will invoke this method after making a set - of changes to the token as part of a web request to give the host - the opportunity to persist those changes to a database. - Depending on the object persistence framework the host site uses, - this method MAY not need to do anything (if changes made to the token - will automatically be saved without any extra handling). - - token != null - token == null - - - - Code contract class for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Gets the Consumer description for a given a Consumer Key. - - The Consumer Key. - - A description of the consumer. Never null. - - Thrown if the consumer key cannot be found. - - - - Checks whether a given request token has already been authorized - by some user for use by the Consumer that requested it. - - The Consumer's request token. - - True if the request token has already been fully authorized by the user - who owns the relevant protected resources. False if the token has not yet - been authorized, has expired or does not exist. - - - - - Gets details on the named request token. - - The request token. - A description of the token. Never null. - Thrown if the token cannot be found. - - It is acceptable for implementations to find the token, see that it has expired, - delete it from the database and then throw , - or alternatively it can return the expired token anyway and the OAuth channel will - log and throw the appropriate error. - - - - - Gets details on the named access token. - - The access token. - A description of the token. Never null. - Thrown if the token cannot be found. - - It is acceptable for implementations to find the token, see that it has expired, - delete it from the database and then throw , - or alternatively it can return the expired token anyway and the OAuth channel will - log and throw the appropriate error. - - - - - Persists any changes made to the token. - - The token whose properties have been changed. - - This library will invoke this method after making a set - of changes to the token as part of a web request to give the host - the opportunity to persist those changes to a database. - Depending on the object persistence framework the host site uses, - this method MAY not need to do anything (if changes made to the token - will automatically be saved without any extra handling). - - - - - Gets the Token Secret given a request or access token. - - The request or access token. - - The secret associated with the given token. - - Thrown if the secret cannot be found for the given token. - - - - Stores a newly generated unauthorized request token, secret, and optional - application-specific parameters for later recall. - - The request message that resulted in the generation of a new unauthorized request token. - The response message that includes the unauthorized request token. - Thrown if the consumer key is not registered, or a required parameter was not found in the parameters collection. - - Request tokens stored by this method SHOULD NOT associate any user account with this token. - It usually opens up security holes in your application to do so. Instead, you associate a user - account with access tokens (not request tokens) in the - method. - - - - - Deletes a request token and its associated secret and stores a new access token and secret. - - The Consumer that is exchanging its request token for an access token. - The Consumer's request token that should be deleted/expired. - The new access token that is being issued to the Consumer. - The secret associated with the newly issued access token. - - - Any scope of granted privileges associated with the request token from the - original call to should be carried over - to the new Access Token. - - - To associate a user account with the new access token, - HttpContext.Current.User may be - useful in an ASP.NET web application within the implementation of this method. - Alternatively you may store the access token here without associating with a user account, - and wait until or - return the access - token to associate the access token with a user account at that point. - - - - - - Classifies a token as a request token or an access token. - - The token to classify. - - Request or Access token, or invalid if the token is not recognized. - - - - - An OAuth-protocol specific implementation of the - interface. - - - - - Initializes a new instance of the class. - - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The intended or actual recipient of the request message. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - - The request messages are: - UserAuthorizationResponse - - recipient != null - recipient == null - fields != null - fields == null - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - - The message that was sent as a request that resulted in the response. - Null on a Consumer site that is receiving an indirect message from the Service Provider. - - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - - The response messages are: - UnauthorizedTokenResponse - AuthorizedTokenResponse - - request != null - request == null - fields != null - fields == null - - - - An interface allowing OAuth hosts to inject their own algorithm for generating tokens and secrets. - - - - - Generates a new token to represent a not-yet-authorized request to access protected resources. - - The consumer that requested this token. - The newly generated token. - - This method should not store the newly generated token in any persistent store. - This will be done in . - - - - - Generates a new token to represent an authorized request to access protected resources. - - The consumer that requested this token. - The newly generated token. - - This method should not store the newly generated token in any persistent store. - This will be done in . - - - - - Returns a cryptographically strong random string for use as a token secret. - - The generated string. - - - - The code contract class for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Gets the Token Secret given a request or access token. - - The request or access token. - - The secret associated with the given token. - - Thrown if the secret cannot be found for the given token. - - - - Stores a newly generated unauthorized request token, secret, and optional - application-specific parameters for later recall. - - The request message that resulted in the generation of a new unauthorized request token. - The response message that includes the unauthorized request token. - Thrown if the consumer key is not registered, or a required parameter was not found in the parameters collection. - - Request tokens stored by this method SHOULD NOT associate any user account with this token. - It usually opens up security holes in your application to do so. Instead, you associate a user - account with access tokens (not request tokens) in the - method. - - - - - Deletes a request token and its associated secret and stores a new access token and secret. - - The Consumer that is exchanging its request token for an access token. - The Consumer's request token that should be deleted/expired. - The new access token that is being issued to the Consumer. - The secret associated with the newly issued access token. - - - Any scope of granted privileges associated with the request token from the - original call to should be carried over - to the new Access Token. - - - To associate a user account with the new access token, - HttpContext.Current.User may be - useful in an ASP.NET web application within the implementation of this method. - Alternatively you may store the access token here without associating with a user account, - and wait until or - return the access - token to associate the access token with a user account at that point. - - - - - - Classifies a token as a request token or an access token. - - The token to classify. - - Request or Access token, or invalid if the token is not recognized. - - - - - Sets the HTTP Method property on a signed message before the signing module gets to it. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - True if the applied to this binding element - and the operation was successful. False otherwise. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - True if the applied to this binding element - and the operation was successful. False if the operation did not apply to this message. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets the protection offered (if any) by this binding element. - - - - - Gets or sets the channel that this binding element belongs to. - - - - - Represents an OAuth consumer that is impersonating a known user on the system. - - - - - Initializes a new instance of the class. - - The username. - !String.IsNullOrEmpty(username) - String.IsNullOrEmpty(username) - - - - Gets the type of authentication used. - - The constant "OAuth" - - The type of authentication used to identify the user. - - - - - Gets a value indicating whether the user has been authenticated. - - The value true - true if the user was authenticated; otherwise, false. - - - - - Gets the name of the user who authorized the OAuth token the consumer is using for authorization. - - - The name of the user on whose behalf the code is running. - - - - - Represents an OAuth consumer that is impersonating a known user on the system. - - - - - The roles this user belongs to. - - - - - Initializes a new instance of the class. - - The username. - The roles this user belongs to. - - - - Initializes a new instance of the class. - - The access token. - token != null - token == null - - - - Initializes a new instance of the class. - - The identity. - The roles this user belongs to. - - - - Determines whether the current principal belongs to the specified role. - - The name of the role for which to check membership. - - true if the current principal is a member of the specified role; otherwise, false. - - - The role membership check uses . - - - - - Gets the access token used to create this principal. - - A non-empty string. - - - - Gets the identity of the current principal. - - - - The object associated with the current principal. - - - Contract.Result<IIdentity>() != null - - - - - A binding element that signs outgoing messages and verifies the signature on incoming messages. - - - - - A binding element that signs outgoing messages and verifies the signature on incoming messages. - - - - - An interface that must be implemented by message transforms/validators in order - to be included in the channel stack. - - - - - Clones this instance. - - The cloned instance. - Contract.Result<ITamperProtectionChannelBindingElement>() != null - - - - Gets or sets the delegate that will initialize the non-serialized properties necessary on a - signable message so that its signature can be correctly calculated or verified. - - - - - The signature method this binding element uses. - - - - - Initializes a new instance of the class. - - The OAuth signature method that the binding element uses. - - - - Creates a new object that is a copy of the current instance. - - - A new object that is a copy of this instance. - - Contract.Result<ITamperProtectionChannelBindingElement>() != null - - - - Signs the outgoing message. - - The message to sign. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Verifies the signature on an incoming message. - - The message whose signature should be verified. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - Thrown if the signature is invalid. - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Constructs the OAuth Signature Base String and returns the result. - - The message. - The message to derive the signature base string from. - The signature base string. - - This method implements OAuth 1.0 section 9.1. - - message != null - message == null - !string.IsNullOrEmpty(message.HttpMethod) - string.IsNullOrEmpty(message.HttpMethod) - messageDictionary != null - messageDictionary == null - messageDictionary.Message == message - messageDictionary.Message != message - - - - Calculates a signature for a given message. - - The message to sign. - The signature for the message. - - This method signs the message per OAuth 1.0 section 9.2. - - - - - Gets the "ConsumerSecret&TokenSecret" string, allowing either property to be empty or null. - - The message to extract the secrets from. - The concatenated string. - - - - Determines whether the signature on some message is valid. - - The message to check the signature on. - - true if the signature on the message is valid; otherwise, false. - - message != null - message == null - - - - Clones this instance. - - A new instance of the binding element. - - Implementations of this method need not clone the SignatureVerificationCallback member, as the - class does this. - - - - - Calculates a signature for a given message. - - The message to sign. - The signature for the message. - message != null - message == null - this.Channel != null - this.Channel == null - - - - Checks whether this binding element applies to this message. - - The message that needs to be signed. - True if this binding element can be used to sign the message. False otherwise. - - - - Sorts parameters according to OAuth signature base string rules. - - The first parameter to compare. - The second parameter to compare. - Negative, zero or positive. - - - - Gets the message protection provided by this binding element. - - - - - Gets or sets the channel that this binding element belongs to. - - - - - Gets or sets the delegate that will initialize the non-serialized properties necessary on a signed - message so that its signature can be correctly calculated for verification. - - - - - Initializes a new instance of the class. - - - - - Calculates a signature for a given message. - - The message to sign. - The signature for the message. - - This method signs the message according to OAuth 1.0 section 9.4.1. - - message != null - message == null - this.Channel != null - this.Channel == null - - - - Checks whether this binding element applies to this message. - - The message that needs to be signed. - True if this binding element can be used to sign the message. False otherwise. - - - - Clones this instance. - - A new instance of the binding element. - - - - A binding element that signs outgoing messages and verifies the signature on incoming messages. - - - - - Initializes a new instance of the class - - - - - Calculates a signature for a given message. - - The message to sign. - The signature for the message. - - This method signs the message per OAuth 1.0 section 9.2. - - message != null - message == null - this.Channel != null - this.Channel == null - - - - Clones this instance. - - A new instance of the binding element. - - - - A description of a request token and its metadata as required by a Service Provider - - - - - Gets the token itself. - - - - - Gets the consumer key that requested this token. - - - - - Gets the (local) date that this request token was first created on. - - - - - Gets or sets the callback associated specifically with this token, if any. - - The callback URI; or null if no callback was specifically assigned to this token. - - - - Gets or sets the verifier that the consumer must include in the - message to exchange this request token for an access token. - - The verifier code, or null if none has been assigned (yet). - - - - Gets or sets the version of the Consumer that requested this token. - - - This property is used to determine whether a must be - generated when the user authorizes the Consumer or not. - - - - - Code Contract for the class. - - - - - Prevents a default instance of the SigningBindingElementBaseContract class from being created. - - - - - Clones this instance. - - A new instance of the binding element. - - Implementations of this method need not clone the SignatureVerificationCallback member, as the - class does this. - - - - - Calculates a signature for a given message. - - The message to sign. - The signature for the message. - - - - A tamper protection applying binding element that can use any of several given - binding elements to apply the protection. - - - - - The various signing binding elements that may be applicable to a message in preferred use order. - - - - - Initializes a new instance of the class. - - - The signing binding elements that may be used for some outgoing message, - in preferred use order. - - signers != null - signers == null - signers.Length > 0 - signers.Length <= 0 - !signers.Contains(null) - signers.Contains(null) - signers.Select(s => s.Protection).Distinct().Count() == 1 - !(signers.Select(s => s.Protection).Distinct().Count() == 1) - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Creates a new object that is a copy of the current instance. - - - A new object that is a copy of this instance. - - Contract.Result<ITamperProtectionChannelBindingElement>() != null - - - - Gets or sets the delegate that will initialize the non-serialized properties necessary on a signed - message so that its signature can be correctly calculated for verification. - May be null for Consumers (who never have to verify signatures). - - - - - Gets the protection offered (if any) by this binding element. - - - - - Gets or sets the channel that this binding element belongs to. - - - - - A cryptographically strong random string generator for tokens and secrets. - - - - - Generates a new token to represent a not-yet-authorized request to access protected resources. - - The consumer that requested this token. - The newly generated token. - - This method should not store the newly generated token in any persistent store. - This will be done in . - - - - - Generates a new token to represent an authorized request to access protected resources. - - The consumer that requested this token. - The newly generated token. - - This method should not store the newly generated token in any persistent store. - This will be done in . - - - - - Returns a cryptographically strong random string for use as a token secret. - - The generated string. - - - - Returns a new random string. - - The new random string. - - - - The two types of tokens that exist in the OAuth protocol. - - - - - A token that is freely issued to any known Consumer. - It does not grant any authorization to access protected resources, - but is used as a step in obtaining that access. - - - - - A token only obtained after the owner of some protected resource(s) - has approved a Consumer's access to said resource(s). - - - - - An unrecognized, expired or invalid token. - - - - - An URI encoder that translates null references as "oob" - instead of an empty/missing argument. - - - - - The string constant "oob", used to indicate an out-of-band configuration. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Gets the string representation to include in a serialized message - when the message part has a null value. - - - - - - A binding element for Service Providers to manage the - callbacks and verification codes on applicable messages. - - - - - The token manager offered by the service provider. - - - - - Initializes a new instance of the class. - - The token manager. - tokenManager != null - tokenManager == null - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Ensures that access tokens have not yet expired. - - The incoming message carrying the access token. - message != null - message == null - - - - Ensures that short-lived request tokens included in incoming messages have not expired. - - The incoming message. - Thrown when the token in the message has expired. - - - - Gets or sets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - Base class for and types. - - - - - Initializes a new instance of the class. - - The endpoints and behavior of the Service Provider. - The host's method of storing and recalling tokens and secrets. - serviceDescription != null - serviceDescription == null - tokenManager != null - tokenManager == null - - - - Creates a web request prepared with OAuth authorization - that may be further tailored by adding parameters by the caller. - - The URL and method on the Service Provider to send the request to. - The access token that permits access to the protected resource. - The initialized WebRequest object. - endpoint != null - endpoint == null - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - - - - Creates a web request prepared with OAuth authorization - that may be further tailored by adding parameters by the caller. - - The URL and method on the Service Provider to send the request to. - The access token that permits access to the protected resource. - Extra parameters to include in the message. Must not be null, but may be empty. - The initialized WebRequest object. - endpoint != null - endpoint == null - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - extraData != null - extraData == null - - - - Prepares an authorized request that carries an HTTP multi-part POST, allowing for binary data. - - The URL and method on the Service Provider to send the request to. - The access token that permits access to the protected resource. - Extra parameters to include in the message. Must not be null, but may be empty. - The initialized WebRequest object. - endpoint != null - endpoint == null - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - binaryData != null - binaryData == null - - - - Prepares an HTTP request that has OAuth authorization already attached to it. - - The OAuth authorization message to attach to the HTTP request. - - The HttpWebRequest that can be used to send the HTTP request to the remote service provider. - - - If property on the - has the - flag set and - is set to an HTTP method - that includes an entity body, the request stream is automatically sent - if and only if the dictionary is non-empty. - - message != null - message == null - - - - Creates a web request prepared with OAuth authorization - that may be further tailored by adding parameters by the caller. - - The URL and method on the Service Provider to send the request to. - The access token that permits access to the protected resource. - The initialized WebRequest object. - Thrown if the request fails for any reason after it is sent to the Service Provider. - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Creates a web request prepared with OAuth authorization - that may be further tailored by adding parameters by the caller. - - The URL and method on the Service Provider to send the request to. - The access token that permits access to the protected resource. - The initialized WebRequest object. - endpoint != null - endpoint == null - !String.IsNullOrEmpty(accessToken) - String.IsNullOrEmpty(accessToken) - - - - Prepares an OAuth message that begins an authorization request that will - redirect the user to the Service Provider to provide that authorization. - - - An optional Consumer URL that the Service Provider should redirect the - User Agent to upon successful authorization. - - Extra parameters to add to the request token message. Optional. - Extra parameters to add to the redirect to Service Provider message. Optional. - The request token that must be exchanged for an access token after the user has provided authorization. - The pending user agent redirect based message to be sent as an HttpResponse. - - - - Exchanges a given request token for access token. - - The request token that the user has authorized. - The verifier code. - - The access token assigned by the Service Provider. - - !String.IsNullOrEmpty(requestToken) - String.IsNullOrEmpty(requestToken) - Contract.Result<AuthorizedTokenResponse>() != null - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets the Consumer Key used to communicate with the Service Provider. - - - - - Gets the Service Provider that will be accessed. - - - - - Gets the persistence store for tokens and secrets. - - - - - Gets the channel to use for sending/receiving messages. - - - - - Gets the security settings for this consumer. - - - - - Gets or sets the channel to use for sending/receiving messages. - - - - - Security settings that are applicable to consumers. - - - - - Security settings that may be applicable to both consumers and service providers. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - - - - Used by a desktop application to use OAuth to access the Service Provider on behalf of the User. - - - The methods on this class are thread-safe. Provided the properties are set and not changed - afterward, a single instance of this class may be used by an entire desktop application safely. - - - - - Initializes a new instance of the class. - - The endpoints and behavior of the Service Provider. - The host's method of storing and recalling tokens and secrets. - - - - Begins an OAuth authorization request. - - Extra parameters to add to the request token message. Optional. - Extra parameters to add to the redirect to Service Provider message. Optional. - The request token that must be exchanged for an access token after the user has provided authorization. - The URL to open a browser window to allow the user to provide authorization. - - - - Exchanges a given request token for access token. - - The request token that the user has authorized. - The access token assigned by the Service Provider. - - - - Exchanges a given request token for access token. - - The request token that the user has authorized. - The verifier code typed in by the user. Must not be Null for OAuth 1.0a service providers and later. - - The access token assigned by the Service Provider. - - - - - The interface that classes must implement to be serialized/deserialized - as protocol or extension messages that uses POST multi-part data for binary content. - - - - - Gets the parts of the message that carry binary data. - - A list of parts. Never null. - - Contract.Result<IList<MultipartPostPart>>() != null - - - - - Gets a value indicating whether this message should be sent as multi-part POST. - - - - - The contract class for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the parts of the message that carry binary data. - - A list of parts. Never null. - - - - Gets a value indicating whether this message should be sent as multi-part POST. - - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - - Implementations of this interface should ensure that this property never returns null. - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - - Implementations of this interface should ensure that this property never returns null. - - - - - Gets the preferred method of transport for the message. - - - For indirect messages this will likely be GET+POST, which both can be simulated in the user agent: - the GET with a simple 301 Redirect, and the POST with an HTML form in the response with javascript - to automate submission. - - - - - Gets the URL of the intended receiver of this message. - - - - - Gets the level of protection this message requires. - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - An interface implemented by all OAuth messages that have a request or access token and secret properties. - - - - - An interface implemented by all OAuth messages that have a request or access token property. - - - - - Gets or sets the Request or Access Token. - - - - - Gets or sets the Request or Access Token secret. - - - - - The data packet sent with Channel events. - - - - - Initializes a new instance of the class. - - The message behind the fired event.. - message != null - message == null - - - - Gets the message that caused the event to fire. - - - - - Contract class for the interface. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Clones this instance. - - The cloned instance. - - - - Gets or sets the delegate that will initialize the non-serialized properties necessary on a - signable message so that its signature can be correctly calculated or verified. - - - - - Gets or sets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to Cannot send access token to Consumer for request token '{0}' before it has been authorized.. - - - - - Looks up a localized string similar to The access token '{0}' is invalid or expired.. - - - - - Looks up a localized string similar to Failure looking up secret for consumer or token.. - - - - - Looks up a localized string similar to oauth_verifier argument was incorrect.. - - - - - Looks up a localized string similar to An invalid OAuth message received and discarded.. - - - - - Looks up a localized string similar to The {0} message included extra data which is not allowed.. - - - - - Looks up a localized string similar to This OAuth service provider requires OAuth consumers to implement OAuth {0}, but this consumer appears to only support {1}.. - - - - - Looks up a localized string similar to Cannot send OAuth message as multipart POST without an authorization HTTP header because sensitive data would not be signed.. - - - - - Looks up a localized string similar to Use of the OpenID+OAuth extension requires that the token manager in use implement the {0} interface.. - - - - - Looks up a localized string similar to The OpenID Relying Party's realm is not recognized as belonging to the OAuth Consumer identified by the consumer key given.. - - - - - Looks up a localized string similar to The request URL query MUST NOT contain any OAuth Protocol Parameters.. - - - - - Looks up a localized string similar to The signing element already has been associated with a channel.. - - - - - Looks up a localized string similar to All signing elements must offer the same message protection.. - - - - - Looks up a localized string similar to A token in the message was not recognized by the service provider.. - - - - - Looks up a localized string similar to The RSA-SHA1 signing binding element has not been set with a certificate for signing.. - - - - - A description of the endpoints on a Service Provider. - - - - - The field used to store the value of the property. - - - - - Initializes a new instance of the class. - - - - - Creates a signing element that includes all the signing elements this service provider supports. - - The created signing element. - this.TamperProtectionElements != null - - - - Gets or sets the OAuth version supported by the Service Provider. - - - - - Gets or sets the URL used to obtain an unauthorized Request Token, - described in Section 6.1 (Obtaining an Unauthorized Request Token). - - - The request URL query MUST NOT contain any OAuth Protocol Parameters. - This is the URL that messages are directed to. - - Thrown if this property is set to a URI with OAuth protocol parameters. - - - - Gets or sets the URL used to obtain User authorization for Consumer access, - described in Section 6.2 (Obtaining User Authorization). - - - This is the URL that messages are - indirectly (via the user agent) sent to. - - - - - Gets or sets the URL used to exchange the User-authorized Request Token - for an Access Token, described in Section 6.3 (Obtaining an Access Token). - - - This is the URL that messages are directed to. - - - - - Gets or sets the signing policies that apply to this Service Provider. - - - - - Gets the OAuth version supported by the Service Provider. - - - - - A base class for all signed OAuth messages. - - - - - A base class for all OAuth messages. - - - - - A store for extra name/value data pairs that are attached to this message. - - - - - Gets a value indicating whether signing this message is required. - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - The URI to the remote endpoint to send this message to. - - - - - Backing store for the properties. - - - - - Backing store for the properties. - - - - - Initializes a new instance of the class for direct response messages. - - The level of protection the message requires. - The request that asked for this direct response. - The OAuth version. - originatingRequest != null - originatingRequest == null - version != null - version == null - - - - Initializes a new instance of the class for direct requests or indirect messages. - - The level of protection the message requires. - A value indicating whether this message requires a direct or indirect transport. - The URI that a directed message will be delivered to. - The OAuth version. - recipient != null - recipient == null - version != null - version == null - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - - - Returns a human-friendly string describing the message and all serializable properties. - - The channel that will carry this message. - - The string representation of this object. - - channel != null - channel == null - - - - Sets a flag indicating that this message is received (as opposed to sent). - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - - - Gets the version of the protocol this message is prepared to implement. - - - Contract.Result<Version>() != null - - - - - Gets the level of protection this message requires. - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - Gets the dictionary of additional name/value fields tacked on to this message. - - - Contract.Result<IDictionary<string, string>>() != null - - - - - Gets the URI to the Service Provider endpoint to send this message to. - - - - - Gets the preferred method of transport for the message. - - - - - Gets the originating request message that caused this response to be formed. - - - - - Gets or sets a value indicating whether security sensitive strings are - emitted from the ToString() method. - - - - - Gets a value indicating whether this message was deserialized as an incoming message. - - - - - Gets the version of the protocol this message is prepared to implement. - - - - - Gets the level of protection this message requires. - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - Gets the dictionary of additional name/value fields tacked on to this message. - - - - - Gets the preferred method of transport for the message. - - - - - Gets or sets the URI to the Service Provider endpoint to send this message to. - - - - - Gets the originating request message that caused this response to be formed. - - - - - An interface that OAuth messages implement to support signing. - - - - - The contract a message that is signed must implement. - - - This type might have appeared in the DotNetOpenAuth.Messaging.Bindings namespace since - it is only used by types in that namespace, but all those types are internal and this - is the only one that was public. - - - - - Gets or sets the message signature. - - - - - Gets or sets the method used to sign the message. - - - - - Gets or sets the Token Secret used to sign the message. - - - - - Gets or sets the Consumer key. - - - - - Gets or sets the Consumer Secret used to sign the message. - - - - - Gets or sets the HTTP method that will be used to transmit the message. - - - - - Gets or sets the URL of the intended receiver of this message. - - - - - The contract a message that has an allowable time window for processing must implement. - - - All expiring messages must also be signed to prevent tampering with the creation date. - - - - - Gets or sets the UTC date/time the message was originally sent onto the network. - - - The property setter should ensure a UTC date/time, - and throw an exception if this is not possible. - - - Thrown when a DateTime that cannot be converted to UTC is set. - - - - - The contract a message that has an allowable time window for processing must implement. - - - All replay-protected messages must also be set to expire so the nonces do not have - to be stored indefinitely. - - - - - Gets the context within which the nonce must be unique. - - - The value of this property must be a value assigned by the nonce consumer - to represent the entity that generated the nonce. The value must never be - null but may be the empty string. - This value is treated as case-sensitive. - - - - - Gets or sets the nonce that will protect the message from replay attacks. - - - - - The reference date and time for calculating time stamps. - - - - - The number of seconds since 1/1/1970, consistent with the OAuth timestamp requirement. - - - - - Initializes a new instance of the class. - - A value indicating whether this message requires a direct or indirect transport. - The URI that a directed message will be delivered to. - The OAuth version. - - - - Gets or sets the signature method used to sign the request. - - - - - Gets or sets the Token Secret used to sign the message. - - - - - Gets or sets the Consumer key. - - - - - Gets or sets the Consumer Secret used to sign the message. - - - - - Gets or sets the HTTP method that will be used to transmit the message. - - - - - Gets or sets the URI to the Service Provider endpoint to send this message to. - - - - - Gets or sets the message signature. - - - - - Gets or sets the OAuth timestamp of the message. - - - - - Gets the context within which the nonce must be unique. - - The consumer key. - - - - Gets or sets the message nonce used for replay detection. - - - - - Gets or sets the signature method used to sign the request. - - - - - Gets or sets the Token Secret used to sign the message. - - - - - Gets or sets the Consumer Secret used to sign the message. - - - - - Gets or sets the HTTP method that will be used to transmit the message. - - - - - Gets or sets the message signature. - - - - - Gets or sets the version of the protocol this message was created with. - - - - - An in-memory nonce store. Useful for single-server web applications. - NOT for web farms. - - - - - Describes the contract a nonce store must fulfill. - - - - - Stores a given nonce and timestamp. - - The context, or namespace, within which the - must be unique. - The context SHOULD be treated as case-sensitive. - The value will never be null but may be the empty string. - A series of random characters. - The UTC timestamp that together with the nonce string make it unique - within the given . - The timestamp may also be used by the data store to clear out old nonces. - - True if the context+nonce+timestamp (combination) was not previously in the database. - False if the nonce was stored previously with the same timestamp and context. - - - The nonce must be stored for no less than the maximum time window a message may - be processed within before being discarded as an expired message. - This maximum message age can be looked up via the - - property, accessible via the - property. - - - - - How frequently we should take time to clear out old nonces. - - - - - The maximum age a message can be before it is discarded. - - - This is useful for knowing how long used nonces must be retained. - - - - - A list of the consumed nonces. - - - - - A lock object used around accesses to the field. - - - - - Where we're currently at in our periodic nonce cleaning cycle. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The maximum age a message can be before it is discarded. - - - - Stores a given nonce and timestamp. - - The context, or namespace, within which the must be unique. - A series of random characters. - The timestamp that together with the nonce string make it unique. - The timestamp may also be used by the data store to clear out old nonces. - - True if the nonce+timestamp (combination) was not previously in the database. - False if the nonce was stored previously with the same timestamp. - - - The nonce must be stored for no less than the maximum time window a message may - be processed within before being discarded as an expired message. - If the binding element is applicable to your channel, this expiration window - is retrieved or set using the - property. - - - - - Clears consumed nonces from the cache that are so old they would be - rejected if replayed because it is expired. - - - - - Security settings that are applicable to service providers. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the minimum required version of OAuth that must be implemented by a Consumer. - - - - - The different formats a user authorization verifier code can take - in order to be as secure as possible while being compatible with - the type of OAuth Consumer requesting access. - - - Some Consumers may be set-top boxes, video games, mobile devies, etc. - with very limited character entry support and no ability to receive - a callback URI. OAuth 1.0a requires that these devices operators - must manually key in a verifier code, so in these cases it better - be possible to do so given the input options on that device. - - - - - The strongest verification code. - The best option for web consumers since a callback is usually an option. - - - - - A combination of upper and lowercase letters and numbers may be used, - allowing a computer operator to easily read from the screen and key - in the verification code. - - - Some letters and numbers will be skipped where they are visually similar - enough that they can be difficult to distinguish when displayed with most fonts. - - - - - Only uppercase letters will be used in the verification code. - Verification codes are case-sensitive, so consumers with fixed - keyboards with only one character case option may require this option. - - - - - Only lowercase letters will be used in the verification code. - Verification codes are case-sensitive, so consumers with fixed - keyboards with only one character case option may require this option. - - - - - Only the numbers 0-9 will be used in the verification code. - Must useful for consumers running on mobile phone devices. - - - - - A website or application that uses OAuth to access the Service Provider on behalf of the User. - - - The methods on this class are thread-safe. Provided the properties are set and not changed - afterward, a single instance of this class may be used by an entire web application safely. - - - - - Initializes a new instance of the class. - - The endpoints and behavior of the Service Provider. - The host's method of storing and recalling tokens and secrets. - - - - Begins an OAuth authorization request and redirects the user to the Service Provider - to provide that authorization. Upon successful authorization, the user is redirected - back to the current page. - - The pending user agent redirect based message to be sent as an HttpResponse. - - Requires HttpContext.Current. - - - - - Prepares an OAuth message that begins an authorization request that will - redirect the user to the Service Provider to provide that authorization. - - - An optional Consumer URL that the Service Provider should redirect the - User Agent to upon successful authorization. - - Extra parameters to add to the request token message. Optional. - Extra parameters to add to the redirect to Service Provider message. Optional. - The pending user agent redirect based message to be sent as an HttpResponse. - - - - Processes an incoming authorization-granted message from an SP and obtains an access token. - - The access token, or null if no incoming authorization message was recognized. - - Requires HttpContext.Current. - - - - - Attaches an OAuth authorization request to an outgoing OpenID authentication request. - - The OpenID authentication request. - The scope of access that is requested of the service provider. - openIdAuthenticationRequest != null - openIdAuthenticationRequest == null - - - - Processes an incoming authorization-granted message from an SP and obtains an access token. - - The OpenID authentication response that may be carrying an authorized request token. - - The access token, or null if OAuth authorization was denied by the user or service provider. - - - The access token, if granted, is automatically stored in the . - The token manager instance must implement . - - openIdAuthenticationResponse != null - openIdAuthenticationResponse == null - this.TokenManager is IOpenIdOAuthTokenManager - !(this.TokenManager is IOpenIdOAuthTokenManager) - - - - Processes an incoming authorization-granted message from an SP and obtains an access token. - - The incoming HTTP request. - The access token, or null if no incoming authorization message was recognized. - request != null - request == null - - - - A contract for handling. - - - Implementations of this interface must be thread safe. - - - - - Determines whether this instance can support the specified options. - - The set of options that might be given in a subsequent web request. - - true if this instance can support the specified options; otherwise, false. - - - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - - The stream the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Callers must close and dispose of the request stream when they are done - writing to it to avoid taking up the connection too long and causing long waits on - subsequent requests. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - request != null - request == null - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - The options to apply to this web request. - - The stream the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Callers must close and dispose of the request stream when they are done - writing to it to avoid taking up the connection too long and causing long waits on - subsequent requests. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - request != null - request == null - ((IDirectWebRequestHandler)this).CanSupport(options) - !(((IDirectWebRequestHandler)this).CanSupport(options)) - - - - Processes an and converts the - to a instance. - - The to handle. - An instance of describing the response. - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - request != null - request == null - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Processes an and converts the - to a instance. - - The to handle. - The options to apply to this web request. - An instance of describing the response. - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - request != null - request == null - ((IDirectWebRequestHandler)this).CanSupport(options) - !(((IDirectWebRequestHandler)this).CanSupport(options)) - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Code contract for the type. - - - - - Determines whether this instance can support the specified options. - - The set of options that might be given in a subsequent web request. - - true if this instance can support the specified options; otherwise, false. - - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - - The stream the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Callers must close and dispose of the request stream when they are done - writing to it to avoid taking up the connection too long and causing long waits on - subsequent requests. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - The options to apply to this web request. - - The stream the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Callers must close and dispose of the request stream when they are done - writing to it to avoid taking up the connection too long and causing long waits on - subsequent requests. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - - - - Processes an and converts the - to a instance. - - The to handle. - - An instance of describing the response. - - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - - - - Processes an and converts the - to a instance. - - The to handle. - The options to apply to this web request. - - An instance of describing the response. - - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - - - - A direct message sent by the Consumer to exchange an authorized Request Token - for an Access Token and Token Secret. - - - The class is sealed because the OAuth spec forbids adding parameters to this message. - - - - - Initializes a new instance of the class. - - The URI of the Service Provider endpoint to send this message to. - The OAuth version. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - - - Gets or sets the Token. - - - - - Gets or sets the verification code received by the Consumer from the Service Provider - in the property. - - - - - Gets or sets the authorized Request Token used to obtain authorization. - - - - - A binding element that checks/verifies a nonce message part. - - - - - These are the characters that may be chosen from when forming a random nonce. - - - - - The persistent store for nonces received. - - - - - The length of generated nonces. - - - - - Initializes a new instance of the class. - - The store where nonces will be persisted and checked. - - - - Initializes a new instance of the class. - - The store where nonces will be persisted and checked. - A value indicating whether zero-length nonces will be allowed. - nonceStore != null - nonceStore == null - - - - Applies a nonce to the message. - - The message to apply replay protection to. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Verifies that the nonce in an incoming message has not been seen before. - - The incoming message. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - Thrown when the nonce check revealed a replayed message. - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Generates a string of random characters for use as a nonce. - - The nonce string. - - - - Gets the protection that this binding element provides messages. - - - - - Gets or sets the channel that this binding element belongs to. - - - - - Gets or sets the strength of the nonce, which is measured by the number of - nonces that could theoretically be generated. - - - The strength of the nonce is equal to the number of characters that might appear - in the nonce to the power of the length of the nonce. - - - - - Gets or sets a value indicating whether empty nonces are allowed. - - Default is false. - - - - Applied to fields and properties that form a key/value in a protocol message. - - - - - The overridden name to use as the serialized name for the property. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - - A special name to give the value of this member in the serialized message. - When null or empty, the name of the member will be used in the serialized message. - - - - - Gets the name of the serialized form of this member in the message. - - - - - Gets or sets the level of protection required by this member in the serialized message. - - - Message part protection must be provided and verified by the channel binding element(s) - that provide security. - - - - - Gets or sets a value indicating whether this member is a required part of the serialized message. - - - - - Gets or sets a value indicating whether the string value is allowed to be empty in the serialized message. - - Default is true. - - - - Gets or sets an IMessagePartEncoder custom encoder to use - to translate the applied member to and from a string. - - - - - Gets or sets the minimum version of the protocol this attribute applies to - and overrides any attributes with lower values for this property. - - Defaults to 0.0. - - - - Gets or sets the maximum version of the protocol this attribute applies to. - - Defaults to int.MaxValue for the major version number. - - Specifying on another attribute on the same member - automatically turns this attribute off. This property should only be set when - a property is totally dropped from a newer version of the protocol. - - - - - Gets or sets the minimum version of the protocol this attribute applies to - and overrides any attributes with lower values for this property. - - Defaults to 0.0. - - - - Gets or sets the maximum version of the protocol this attribute applies to. - - Defaults to int.MaxValue for the major version number. - - Specifying on another attribute on the same member - automatically turns this attribute off. This property should only be set when - a property is totally dropped from a newer version of the protocol. - - - - - Categorizes the various types of channel binding elements so they can be properly ordered. - - - The order of these enum values is significant. - Each successive value requires the protection offered by all the previous values - in order to be reliable. For example, message expiration is meaningless without - tamper protection to prevent a user from changing the timestamp on a message. - - - - - No protection. - - - - - A binding element that signs a message before sending and validates its signature upon receiving. - - - - - A binding element that enforces a maximum message age between sending and processing on the receiving side. - - - - - A binding element that prepares messages for replay detection and detects replayed messages on the receiving side. - - - - - All forms of protection together. - - - - - Code Contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - - - - Gets or sets the channel that this binding element belongs to. - - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - An exception thrown when a message is received for the second time, signalling a possible - replay attack. - - - - - Initializes a new instance of the class. - - The replayed message. - - - - Initializes a new instance of the class. - - The - that holds the serialized object data about the exception being thrown. - The System.Runtime.Serialization.StreamingContext - that contains contextual information about the source or destination. - - - - An exception thrown when a message is received that exceeds the maximum message age limit. - - - - - Initializes a new instance of the class. - - The date the message expired. - The expired message. - utcExpirationDate.Kind == DateTimeKind.Utc - utcExpirationDate.Kind != DateTimeKind.Utc - faultedMessage != null - faultedMessage == null - - - - Initializes a new instance of the class. - - The - that holds the serialized object data about the exception being thrown. - The System.Runtime.Serialization.StreamingContext - that contains contextual information about the source or destination. - - - - An exception thrown when a signed message does not pass signature validation. - - - - - Initializes a new instance of the class. - - The message with the invalid signature. - - - - Initializes a new instance of the class. - - The - that holds the serialized object data about the exception being thrown. - The System.Runtime.Serialization.StreamingContext - that contains contextual information about the source or destination. - - - - A message attached to a request for protected resources that provides the necessary - credentials to be granted access to those resources. - - - - - A store for the binary data that is carried in the message. - - - - - Initializes a new instance of the class. - - The URI of the Service Provider endpoint to send this message to. - The OAuth version. - - - - Gets or sets the Token. - - - - - Gets or sets the Access Token. - - - In addition to just allowing OAuth to verify a valid message, - this property is useful on the Service Provider to verify that the access token - has proper authorization for the resource being requested, and to know the - context around which user provided the authorization. - - - - - Gets the parts of the message that carry binary data. - - A list of parts. Never null. - - Contract.Result<IList<MultipartPostPart>>() != null - - - - - Gets a value indicating whether this message should be sent as multi-part POST. - - - - - A direct message sent from Service Provider to Consumer in response to - a Consumer's request. - - - - - Initializes a new instance of the class. - - The originating request. - - - - Gets or sets the Access Token assigned by the Service Provider. - - - - - Gets or sets the Request or Access Token. - - - - - Gets or sets the Request or Access Token secret. - - - - - Gets the extra, non-OAuth parameters that will be included in the message. - - - - - Gets or sets the Token Secret. - - - - - A message used to redirect the user from a Service Provider to a Consumer's web site. - - - The class is sealed because extra parameters are determined by the callback URI provided by the Consumer. - - - - - Initializes a new instance of the class. - - The URI of the Consumer endpoint to send this message to. - The OAuth version. - - - - Gets or sets the Request or Access Token. - - - - - Gets or sets the verification code that must accompany the request to exchange the - authorized request token for an access token. - - An unguessable value passed to the Consumer via the User and REQUIRED to complete the process. - - If the Consumer did not provide a callback URL, the Service Provider SHOULD display the value of the - verification code, and instruct the User to manually inform the Consumer that authorization is - completed. If the Service Provider knows a Consumer to be running on a mobile device or set-top box, - the Service Provider SHOULD ensure that the verifier value is suitable for manual entry. - - - - - Gets or sets the Request Token. - - - - - A message used to redirect the user from a Consumer to a Service Provider's web site - so the Service Provider can ask the user to authorize the Consumer's access to some - protected resource(s). - - - - - Initializes a new instance of the class. - - The URI of the Service Provider endpoint to send this message to. - The request token. - The OAuth version. - - - - Initializes a new instance of the class. - - The URI of the Service Provider endpoint to send this message to. - The OAuth version. - - - - Gets or sets the Request or Access Token. - - - - - Gets the extra, non-OAuth parameters that will be included in the message. - - - - - Gets a value indicating whether this is a safe OAuth authorization request. - - - true if the Consumer is using OAuth 1.0a or later; otherwise, false. - - - - Gets or sets the Request Token obtained in the previous step. - - - The Service Provider MAY declare this parameter as REQUIRED, or - accept requests to the User Authorization URL without it, in which - case it will prompt the User to enter it manually. - - - - - Gets or sets a URL the Service Provider will use to redirect the User back - to the Consumer when Obtaining User Authorization is complete. Optional. - - - - - A direct message sent from Service Provider to Consumer in response to - a Consumer's request. - - - - - Initializes a new instance of the class. - - The unauthorized request token message that this message is being generated in response to. - The request token. - The token secret. - - This constructor is used by the Service Provider to send the message. - - requestToken != null - requestToken == null - tokenSecret != null - tokenSecret == null - - - - Initializes a new instance of the class. - - The originating request. - The OAuth version. - This constructor is used by the consumer to deserialize the message. - - - - Gets or sets the Request or Access Token. - - - - - Gets or sets the Request or Access Token secret. - - - - - Gets the extra, non-OAuth parameters that will be included in the message. - - - - - Gets or sets the Request Token. - - - - - Gets the original request for an unauthorized token. - - - - - Gets or sets the Token Secret. - - - - - Gets a value indicating whether the Service Provider recognized the callback parameter in the request. - - - - - A property store of details of an incoming HTTP request. - - - This serves a very similar purpose to , except that - ASP.NET does not let us fully initialize that class, so we have to write one - of our one. - - - - - The key/value pairs found in the entity of a POST request. - - - - - The key/value pairs found in the querystring of the incoming request. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - The ASP.NET structure to copy from. - request != null - request == null - this.HttpMethod == request.HttpMethod - this.Url == request.Url - this.RawUrl == request.RawUrl - this.UrlBeforeRewriting != null - this.Headers != null - this.InputStream == request.InputStream - this.form == request.Form - this.queryString == request.QueryString - - - - Initializes a new instance of the class. - - The HTTP method (i.e. GET or POST) of the incoming request. - The URL being requested. - The raw URL that appears immediately following the HTTP verb in the request, - before any URL rewriting takes place. - Headers in the HTTP request. - The entity stream, if any. (POST requests typically have these). Use null for GET requests. - !string.IsNullOrEmpty(httpMethod) - string.IsNullOrEmpty(httpMethod) - requestUrl != null - requestUrl == null - rawUrl != null - rawUrl == null - headers != null - headers == null - - - - Initializes a new instance of the class. - - Details on the incoming HTTP request. - listenerRequest != null - listenerRequest == null - - - - Initializes a new instance of the class. - - The WCF incoming request structure to get the HTTP information from. - The URI of the service endpoint. - request != null - request == null - requestUri != null - requestUri == null - - - - Initializes a new instance of the class. - - this.HttpMethod == "GET" - this.Headers != null - - - - Initializes a new instance of the class. - - The HttpWebRequest (that was never used) to copy from. - request != null - request == null - - - - Initializes a new instance of the class. - - The message being passed in through a mock transport. May be null. - The HTTP method that the incoming request came in on, whether or not is null. - - - - Gets the public facing URL for the given incoming HTTP request. - - The request. - The server variables to consider part of the request. - - The URI that the outside world used to create this request. - - - Although the value can be obtained from - , it's useful to be able to pass them - in so we can simulate injected values from our unit tests since the actual property - is a read-only kind of . - - request != null - request == null - serverVariables != null - serverVariables == null - - - - Gets the query or form data from the original request (before any URL rewriting has occurred.) - - A set of name=value pairs. - - - - Gets the public facing URL for the given incoming HTTP request. - - The request. - The URI that the outside world used to create this request. - request != null - request == null - - - - Makes up a reasonable guess at the raw URL from the possibly rewritten URL. - - A full URL. - A raw URL that might have come in on the HTTP verb. - url != null - url == null - - - - Converts a NameValueCollection to a WebHeaderCollection. - - The collection a HTTP headers. - A new collection of the given headers. - pairs != null - pairs == null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets or sets the message that is being sent over a mock transport (for testing). - - - - - Gets or sets the verb in the request (i.e. GET, POST, etc.) - - - - - Gets or sets the entire URL of the request, after any URL rewriting. - - - - - Gets or sets the raw URL that appears immediately following the HTTP verb in the request, - before any URL rewriting takes place. - - - - - Gets or sets the full public URL used by the remote client to initiate this request, - before any URL rewriting and before any changes made by web farm load distributors. - - - - - Gets the query part of the URL (The ? and everything after it), after URL rewriting. - - - - - Gets or sets the collection of headers that came in with the request. - - - - - Gets or sets the entity, or body of the request, if any. - - - - - Gets the key/value pairs found in the entity of a POST request. - - - Contract.Result<NameValueCollection>() != null - - - - - Gets the key/value pairs found in the querystring of the incoming request. - - - - - Gets the query data from the original request (before any URL rewriting has occurred.) - - A containing all the parameters in the query string. - - - - Gets a value indicating whether the request's URL was rewritten by ASP.NET - or some other module. - - - true if this request's URL was rewritten; otherwise, false. - - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The intended or actual recipient of the request message. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The message that was sent as a request that resulted in the response. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - - - - Serializes/deserializes OAuth messages for/from transit. - - this.messageType != null - - - - The specific -derived type - that will be serialized and deserialized using this class. - - - - - Initializes a new instance of the MessageSerializer class. - - The specific -derived type - that will be serialized and deserialized using this class. - messageType != null - messageType == null - typeof(IMessage).IsAssignableFrom(messageType) - !(typeof(IMessage).IsAssignableFrom(messageType)) - this.messageType != null - - - - Creates or reuses a message serializer for a given message type. - - The type of message that will be serialized/deserialized. - A message serializer for the given message type. - messageType != null - messageType == null - typeof(IMessage).IsAssignableFrom(messageType) - !(typeof(IMessage).IsAssignableFrom(messageType)) - - - - Reads JSON as a flat dictionary into a message. - - The message dictionary to fill with the JSON-deserialized data. - The JSON reader. - messageDictionary != null - messageDictionary == null - reader != null - reader == null - - - - Reads the data from a message instance and returns a series of name=value pairs for the fields that must be included in the message. - - The message to be serialized. - The dictionary of values to send for the message. - - messageDictionary != null - messageDictionary == null - Contract.Result<IDictionary<string, string>>() != null - - - - Reads the data from a message instance and writes a XML/JSON encoding of it. - - The message to be serialized. - The writer to use for the serialized form. - - Use - to create the instance capable of emitting JSON. - - - messageDictionary != null - messageDictionary == null - writer != null - writer == null - - - - Reads name=value pairs into a message. - - The name=value pairs that were read in from the transport. - The message to deserialize into. - Thrown when protocol rules are broken by the incoming message. - fields != null - fields == null - messageDictionary != null - messageDictionary == null - - - - Reads XML/JSON into a message dictionary. - - The message to deserialize into. - The XML/JSON to read into the message. - Thrown when protocol rules are broken by the incoming message. - - Use - to create the instance capable of reading JSON. - - messageDictionary != null - messageDictionary == null - reader != null - reader == null - - - - Determines whether the specified type is numeric. - - The type to test. - - true if the specified type is numeric; otherwise, false. - - - - - Verifies conditions that should be true for any valid state of this object. - - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to Argument's {0}.{1} property is required but is empty or null.. - - - - - Looks up a localized string similar to Unable to send all message data because some of it requires multi-part POST, but IMessageWithBinaryData.SendAsMultipart was false.. - - - - - Looks up a localized string similar to HttpContext.Current is null. There must be an ASP.NET request in process for this operation to succeed.. - - - - - Looks up a localized string similar to DataContractSerializer could not be initialized on message type {0}. Is it missing a [DataContract] attribute?. - - - - - Looks up a localized string similar to DataContractSerializer could not be initialized on message type {0} because the DataContractAttribute.Namespace property is not set.. - - - - - Looks up a localized string similar to An instance of type {0} was expected, but received unexpected derived type {1}.. - - - - - Looks up a localized string similar to The directed message's Recipient property must not be null.. - - - - - Looks up a localized string similar to The given set of options is not supported by this web request handler.. - - - - - Looks up a localized string similar to Unable to instantiate the message part encoder/decoder type {0}.. - - - - - Looks up a localized string similar to Error while deserializing message {0}.. - - - - - Looks up a localized string similar to Error occurred while sending a direct message or getting the response.. - - - - - Looks up a localized string similar to This exception was not constructed with a root request message that caused it.. - - - - - Looks up a localized string similar to This exception must be instantiated with a recipient that will receive the error message, or a direct request message instance that this exception will respond to.. - - - - - Looks up a localized string similar to Expected {0} message but received no recognizable message.. - - - - - Looks up a localized string similar to The message expired at {0} and it is now {1}.. - - - - - Looks up a localized string similar to Failed to add extra parameter '{0}' with value '{1}'.. - - - - - Looks up a localized string similar to At least one of GET or POST flags must be present.. - - - - - Looks up a localized string similar to This method requires a current HttpContext. Alternatively, use an overload of this method that allows you to pass in information without an HttpContext.. - - - - - Looks up a localized string similar to Messages that indicate indirect transport must implement the {0} interface.. - - - - - Looks up a localized string similar to Insecure web request for '{0}' aborted due to security requirements demanding HTTPS.. - - - - - Looks up a localized string similar to The {0} message required protections {{{1}}} but the channel could only apply {{{2}}}.. - - - - - Looks up a localized string similar to The customized binding element ordering is invalid.. - - - - - Looks up a localized string similar to Some part(s) of the message have invalid values: {0}. - - - - - Looks up a localized string similar to The incoming message had an invalid or missing nonce.. - - - - - Looks up a localized string similar to An item with the same key has already been added.. - - - - - Looks up a localized string similar to The {0} message does not support extensions.. - - - - - Looks up a localized string similar to The value for {0}.{1} on member {1} was expected to derive from {2} but was {3}.. - - - - - Looks up a localized string similar to Error while reading message '{0}' parameter '{1}' with value '{2}'.. - - - - - Looks up a localized string similar to Message parameter '{0}' with value '{1}' failed to base64 decode.. - - - - - Looks up a localized string similar to Error while preparing message '{0}' parameter '{1}' for sending.. - - - - - Looks up a localized string similar to This message has a timestamp of {0}, which is beyond the allowable clock skew for in the future.. - - - - - Looks up a localized string similar to A non-empty string was expected.. - - - - - Looks up a localized string similar to A message response is already queued for sending in the response stream.. - - - - - Looks up a localized string similar to This message has already been processed. This could indicate a replay attack in progress.. - - - - - Looks up a localized string similar to This channel does not support replay protection.. - - - - - Looks up a localized string similar to The following message parts had constant value requirements that were unsatisfied: {0}. - - - - - Looks up a localized string similar to The following required non-empty parameters were empty in the {0} message: {1}. - - - - - Looks up a localized string similar to The following required parameters were missing from the {0} message: {1}. - - - - - Looks up a localized string similar to The binding element offering the {0} protection requires other protection that is not provided.. - - - - - Looks up a localized string similar to The list is empty.. - - - - - Looks up a localized string similar to The list contains a null element.. - - - - - Looks up a localized string similar to An HttpContext.Current.Session object is required.. - - - - - Looks up a localized string similar to Message signature was incorrect.. - - - - - Looks up a localized string similar to This channel does not support signing messages. To support signing messages, a derived Channel type must override the Sign and IsSignatureValid methods.. - - - - - Looks up a localized string similar to This message factory does not support message type(s): {0}. - - - - - Looks up a localized string similar to The stream must have a known length.. - - - - - Looks up a localized string similar to The stream's CanRead property returned false.. - - - - - Looks up a localized string similar to The stream's CanWrite property returned false.. - - - - - Looks up a localized string similar to Expected at most 1 binding element to apply the {0} protection, but more than one applied.. - - - - - Looks up a localized string similar to The maximum allowable number of redirects were exceeded while requesting '{0}'.. - - - - - Looks up a localized string similar to The array must not be empty.. - - - - - Looks up a localized string similar to The empty string is not allowed.. - - - - - Looks up a localized string similar to Expected direct response to use HTTP status code {0} but was {1} instead.. - - - - - Looks up a localized string similar to Message parameter '{0}' had unexpected value '{1}'.. - - - - - Looks up a localized string similar to Expected message {0} parameter '{1}' to have value '{2}' but had '{3}' instead.. - - - - - Looks up a localized string similar to Expected message {0} but received {1} instead.. - - - - - Looks up a localized string similar to Unexpected message type received.. - - - - - Looks up a localized string similar to A null key was included and is not allowed.. - - - - - Looks up a localized string similar to A null or empty key was included and is not allowed.. - - - - - Looks up a localized string similar to A null value was included for key '{0}' and is not allowed.. - - - - - Looks up a localized string similar to The type {0} or a derived type was expected, but {1} was given.. - - - - - Looks up a localized string similar to {0} property has unrecognized value {1}.. - - - - - Looks up a localized string similar to The URL '{0}' is rated unsafe and cannot be requested this way.. - - - - - Looks up a localized string similar to This blob is not a recognized encryption format.. - - - - - Looks up a localized string similar to The HTTP verb '{0}' is unrecognized and unsupported.. - - - - - Looks up a localized string similar to '{0}' messages cannot be received with HTTP verb '{1}'.. - - - - - Looks up a localized string similar to Redirects on POST requests that are to untrusted servers is not supported.. - - - - - Looks up a localized string similar to Web request to '{0}' failed.. - - - - - A grab-bag of utility methods useful for the channel stack of the protocol. - - - - - The uppercase alphabet. - - - - - The lowercase alphabet. - - - - - The set of base 10 digits. - - - - - The set of digits, and alphabetic letters (upper and lowercase) that are clearly - visually distinguishable. - - - - - The cryptographically strong random data generator used for creating secrets. - - The random number generator is thread-safe. - - - - A pseudo-random data generator (NOT cryptographically strong random data) - - - - - A character array containing just the = character. - - - - - A character array containing just the , character. - - - - - A character array containing just the " character. - - - - - The set of characters that are unreserved in RFC 2396 but are NOT unreserved in RFC 3986. - - - - - A set of escaping mappings that help secure a string from javscript execution. - - - The characters to escape here are inspired by - http://code.google.com/p/doctype/wiki/ArticleXSSInJavaScript - - - - - Transforms an OutgoingWebResponse to an MVC-friendly ActionResult. - - The response to send to the user agent. - The instance to be returned by the Controller's action method. - response != null - response == null - - - - Gets the original request URL, as seen from the browser before any URL rewrites on the server if any. - Cookieless session directory (if applicable) is also included. - - The URL in the user agent's Location bar. - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - - - - Strips any and all URI query parameters that start with some prefix. - - The URI that may have a query with parameters to remove. - The prefix for parameters to remove. A period is NOT automatically appended. - Either a new Uri with the parameters removed if there were any to remove, or the same Uri instance if no parameters needed to be removed. - uri != null - uri == null - !String.IsNullOrEmpty(prefix) - String.IsNullOrEmpty(prefix) - - - - Sends a multipart HTTP POST request (useful for posting files). - - The HTTP request. - The request handler. - The parts to include in the POST entity. - The HTTP response. - request != null - request == null - requestHandler != null - requestHandler == null - parts != null - parts == null - - - - Assembles a message comprised of the message on a given exception and all inner exceptions. - - The exception. - The assembled message. - - - - Flattens the specified sequence of sequences. - - The type of element contained in the sequence. - The sequence of sequences to flatten. - A sequence of the contained items. - - - - Cuts off precision beyond a second on a DateTime value. - - The value. - A DateTime with a 0 millisecond component. - - - - Adds a name-value pair to the end of a given URL - as part of the querystring piece. Prefixes a ? or & before - first element as necessary. - - The UriBuilder to add arguments to. - The name of the parameter to add. - The value of the argument. - - If the parameters to add match names of parameters that already are defined - in the query string, the existing ones are not replaced. - - - - - Adds a set of values to a collection. - - The type of value kept in the collection. - The collection to add to. - The values to add to the collection. - collection != null - collection == null - values != null - values == null - - - - Clears any existing elements in a collection and fills the collection with a given set of values. - - The type of value kept in the collection. - The collection to modify. - The new values to fill the collection. - collection != null - collection == null - - - - Strips any and all URI query parameters that serve as parts of a message. - - The URI that may contain query parameters to remove. - The message description whose parts should be removed from the URL. - A cleaned URL. - uri != null - uri == null - messageDescription != null - messageDescription == null - - - - Sends a multipart HTTP POST request (useful for posting files) but doesn't call GetResponse on it. - - The HTTP request. - The request handler. - The parts to include in the POST entity. - request != null - request == null - requestHandler != null - requestHandler == null - parts != null - parts == null - - - - Assembles the content of the HTTP Authorization or WWW-Authenticate header. - - The scheme. - The fields to include. - A value prepared for an HTTP header. - !String.IsNullOrEmpty(scheme) - String.IsNullOrEmpty(scheme) - fields != null - fields == null - - - - Parses the authorization header. - - The scheme. Must not be null or empty. - The authorization header. May be null or empty. - A sequence of key=value pairs discovered in the header. Never null, but may be empty. - !String.IsNullOrEmpty(scheme) - String.IsNullOrEmpty(scheme) - Contract.Result<IEnumerable<KeyValuePair<string, string>>>() != null - - - - Gets a buffer of random data (not cryptographically strong). - - The length of the sequence to generate. - The generated values, which may contain zeros. - - - - Gets a cryptographically strong random sequence of values. - - The length of the sequence to generate. - The generated values, which may contain zeros. - - - - Gets a cryptographically strong random sequence of values. - - The length of the byte sequence to generate. - A base64 encoding of the generated random data, - whose length in characters will likely be greater than . - - - - Gets a random string made up of a given set of allowable characters. - - The length of the desired random string. - The allowable characters. - A random string. - length >= 0 - length < 0 - allowableCharacters != null && allowableCharacters.Length >= 2 - allowableCharacters == null || allowableCharacters.Length < 2 - - - - Computes the hash of a string. - - The hash algorithm to use. - The value to hash. - The encoding to use when converting the string to a byte array. - A base64 encoded string. - algorithm != null - algorithm == null - value != null - value == null - Contract.Result<string>() != null - - - - Computes the hash of a sequence of key=value pairs. - - The hash algorithm to use. - The data to hash. - The encoding to use when converting the string to a byte array. - A base64 encoded string. - algorithm != null - algorithm == null - data != null - data == null - Contract.Result<string>() != null - - - - Computes the hash of a sequence of key=value pairs. - - The hash algorithm to use. - The data to hash. - The encoding to use when converting the string to a byte array. - A base64 encoded string. - algorithm != null - algorithm == null - sortedData != null - sortedData == null - Contract.Result<string>() != null - - - - Encrypts a byte buffer. - - The buffer to encrypt. - The symmetric secret to use to encrypt the buffer. Allowed values are 128, 192, or 256 bytes in length. - The encrypted buffer - - - - Decrypts a byte buffer. - - The buffer to decrypt. - The symmetric secret to use to decrypt the buffer. Allowed values are 128, 192, and 256. - The encrypted buffer - - - - Encrypts a string. - - The text to encrypt. - The symmetric secret to use to encrypt the buffer. Allowed values are 128, 192, and 256. - The encrypted buffer - - - - Decrypts a string previously encrypted with . - - The text to decrypt. - The symmetric secret to use to decrypt the buffer. Allowed values are 128, 192, and 256. - The encrypted buffer - - - - Performs asymmetric encryption of a given buffer. - - The asymmetric encryption provider to use for encryption. - The buffer to encrypt. - The encrypted data. - crypto != null - crypto == null - buffer != null - buffer == null - - - - Performs asymmetric decryption of a given buffer. - - The asymmetric encryption provider to use for decryption. - The buffer to decrypt. - The decrypted data. - crypto != null - crypto == null - buffer != null - buffer == null - - - - Compresses a given buffer. - - The buffer to compress. - The compressed data. - - - - Decompresses a given buffer. - - The buffer to decompress. - The decompressed data. - - - - Compares to string values for ordinal equality in such a way that its execution time does not depend on how much of the value matches. - - The first value. - The second value. - A value indicating whether the two strings share ordinal equality. - - In signature equality checks, a difference in execution time based on how many initial characters match MAY - be used as an attack to figure out the expected signature. It is therefore important to make a signature - equality check's execution time independent of how many characters match the expected value. - See http://codahale.com/a-lesson-in-timing-attacks/ for more information. - - - - - Adds a set of HTTP headers to an instance, - taking care to set some headers to the appropriate properties of - - The headers to add. - The instance to set the appropriate values to. - headers != null - headers == null - response != null - response == null - - - - Adds a set of HTTP headers to an instance, - taking care to set some headers to the appropriate properties of - - The headers to add. - The instance to set the appropriate values to. - headers != null - headers == null - response != null - response == null - - - - Copies the contents of one stream to another. - - The stream to copy from, at the position where copying should begin. - The stream to copy to, at the position where bytes should be written. - The total number of bytes copied. - - Copying begins at the streams' current positions. - The positions are NOT reset after copying is complete. - - copyFrom != null - copyFrom == null - copyTo != null - copyTo == null - copyFrom.CanRead - !(copyFrom.CanRead) - copyTo.CanWrite - !(copyTo.CanWrite) - - - - Copies the contents of one stream to another. - - The stream to copy from, at the position where copying should begin. - The stream to copy to, at the position where bytes should be written. - The maximum bytes to copy. - The total number of bytes copied. - - Copying begins at the streams' current positions. - The positions are NOT reset after copying is complete. - - copyFrom != null - copyFrom == null - copyTo != null - copyTo == null - copyFrom.CanRead - !(copyFrom.CanRead) - copyTo.CanWrite - !(copyTo.CanWrite) - - - - Creates a snapshot of some stream so it is seekable, and the original can be closed. - - The stream to copy bytes from. - A seekable stream with the same contents as the original. - copyFrom != null - copyFrom == null - copyFrom.CanRead - !(copyFrom.CanRead) - - - - Clones an in order to send it again. - - The request to clone. - The newly created instance. - request != null - request == null - request.RequestUri != null - request.RequestUri == null - - - - Clones an in order to send it again. - - The request to clone. - The new recipient of the request. - The newly created instance. - request != null - request == null - newRequestUri != null - newRequestUri == null - - - - Tests whether two arrays are equal in contents and ordering. - - The type of elements in the arrays. - The first array in the comparison. May not be null. - The second array in the comparison. May not be null. - True if the arrays equal; false otherwise. - first != null - first == null - second != null - second == null - - - - Tests whether two arrays are equal in contents and ordering, - guaranteeing roughly equivalent execution time regardless of where a signature mismatch may exist. - - The first array in the comparison. May not be null. - The second array in the comparison. May not be null. - True if the arrays equal; false otherwise. - - Guaranteeing equal execution time is useful in mitigating against timing attacks on a signature - or other secret. - - first != null - first == null - second != null - second == null - - - - Tests two sequences for same contents and ordering. - - The type of elements in the arrays. - The first sequence in the comparison. May not be null. - The second sequence in the comparison. May not be null. - True if the arrays equal; false otherwise. - - - - Tests two unordered collections for same contents. - - The type of elements in the collections. - The first collection in the comparison. May not be null. - The second collection in the comparison. May not be null. - True if the collections have the same contents; false otherwise. - - - - Tests whether two dictionaries are equal in length and contents. - - The type of keys in the dictionaries. - The type of values in the dictionaries. - The first dictionary in the comparison. May not be null. - The second dictionary in the comparison. May not be null. - True if the arrays equal; false otherwise. - first != null - first == null - second != null - second == null - - - - Concatenates a list of name-value pairs as key=value&key=value, - taking care to properly encode each key and value for URL - transmission according to RFC 3986. No ? is prefixed to the string. - - The dictionary of key/values to read from. - The formulated querystring style string. - args != null - args == null - Contract.Result<string>() != null - - - - Adds a set of name-value pairs to the end of a given URL - as part of the querystring piece. Prefixes a ? or & before - first element as necessary. - - The UriBuilder to add arguments to. - - The arguments to add to the query. - If null, is not changed. - - - If the parameters to add match names of parameters that already are defined - in the query string, the existing ones are not replaced. - - builder != null - builder == null - - - - Adds a set of name-value pairs to the end of a given URL - as part of the fragment piece. Prefixes a # or & before - first element as necessary. - - The UriBuilder to add arguments to. - - The arguments to add to the query. - If null, is not changed. - - - If the parameters to add match names of parameters that already are defined - in the fragment, the existing ones are not replaced. - - builder != null - builder == null - - - - Adds parameters to a query string, replacing parameters that - match ones that already exist in the query string. - - The UriBuilder to add arguments to. - - The arguments to add to the query. - If null, is not changed. - - builder != null - builder == null - - - - Extracts the recipient from an HttpRequestInfo. - - The request to get recipient information from. - The recipient. - Thrown if the HTTP request is something we can't handle. - - - - Gets the enum value for a given HTTP verb. - - The HTTP verb. - A enum value that is within the . - Thrown if the HTTP request is something we can't handle. - - - - Gets the HTTP verb to use for a given enum value. - - The HTTP method. - An HTTP verb, such as GET, POST, PUT, or DELETE. - - - - Copies some extra parameters into a message. - - The message to copy the extra data into. - The extra data to copy into the message. May be null to do nothing. - messageDictionary != null - messageDictionary == null - - - - Collects a sequence of key=value pairs into a dictionary. - - The type of the key. - The type of the value. - The sequence. - A dictionary. - sequence != null - sequence == null - - - - Converts a to an IDictionary<string, string>. - - The NameValueCollection to convert. May be null. - The generated dictionary, or null if is null. - - If a null key is encountered, its value is ignored since - Dictionary<string, string> does not allow null keys. - - - - - Converts a to an IDictionary<string, string>. - - The NameValueCollection to convert. May be null. - - A value indicating whether a null key in the should be silently skipped since it is not a valid key in a Dictionary. - Use true to throw an exception if a null key is encountered. - Use false to silently continue converting the valid keys. - - The generated dictionary, or null if is null. - Thrown if is true and a null key is encountered. - - - - Sorts the elements of a sequence in ascending order by using a specified comparer. - - The type of the elements of source. - The type of the key returned by keySelector. - A sequence of values to order. - A function to extract a key from an element. - A comparison function to compare keys. - An System.Linq.IOrderedEnumerable<TElement> whose elements are sorted according to a key. - source != null - source == null - comparer != null - comparer == null - keySelector != null - keySelector == null - Contract.Result<IOrderedEnumerable<TSource>>() != null - - - - Determines whether the specified message is a request (indirect message or direct request). - - The message in question. - - true if the specified message is a request; otherwise, false. - - - Although an may implement the - interface, it may only be doing that for its derived classes. These objects are only requests - if their property is non-null. - - message != null - message == null - - - - Determines whether the specified message is a direct response. - - The message in question. - - true if the specified message is a direct response; otherwise, false. - - - Although an may implement the - interface, it may only be doing - that for its derived classes. These objects are only requests if their - property is non-null. - - message != null - message == null - - - - Constructs a Javascript expression that will create an object - on the user agent when assigned to a variable. - - The untrusted names and untrusted values to inject into the JSON object. - if set to true the values will NOT be escaped as if it were a pure string. - The Javascript JSON object as a string. - - - - Prepares what SHOULD be simply a string value for safe injection into Javascript - by using appropriate character escaping. - - The untrusted string value to be escaped to protected against XSS attacks. May be null. - The escaped string, surrounded by single-quotes. - - - - Escapes a string according to the URI data string rules given in RFC 3986. - - The value to escape. - The escaped value. - - The method is supposed to take on - RFC 3986 behavior if certain elements are present in a .config file. Even if this - actually worked (which in my experiments it doesn't), we can't rely on every - host actually having this configuration element present. - - value != null - value == null - - - - Ensures that UTC times are converted to local times. Unspecified kinds are unchanged. - - The date-time to convert. - The date-time in local time. - - - - Ensures that local times are converted to UTC times. Unspecified kinds are unchanged. - - The date-time to convert. - The date-time in UTC time. - - - - Creates a symmetric algorithm for use in encryption/decryption. - - The symmetric key to use for encryption/decryption. - A symmetric algorithm. - - - - A class to convert a into an . - - The type of objects being compared. - - - - The comparison method to use. - - - - - Initializes a new instance of the ComparisonHelper class. - - The comparison method to use. - comparison != null - comparison == null - - - - Compares two instances of . - - The first object to compare. - The second object to compare. - Any of -1, 0, or 1 according to standard comparison rules. - - - - A message expiration enforcing binding element that supports messages - implementing the interface. - - - - - Initializes a new instance of the class. - - - - - Sets the timestamp on an outgoing message. - - The outgoing message. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Reads the timestamp on a message and throws an exception if the message is too old. - - The incoming message. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - Thrown if the given message has already expired. - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets the protection offered by this binding element. - - - - - - - - Gets or sets the channel that this binding element belongs to. - - - - - Gets the maximum age a message implementing the - interface can be before - being discarded as too old. - - - - - A pair of conversion functions to map some type to a string and back again. - - - - - The mapping function that converts some custom type to a string. - - - - - The mapping function that converts some custom type to the original string - (possibly non-normalized) that represents it. - - - - - The mapping function that converts a string to some custom type. - - - - - Initializes a new instance of the struct. - - The mapping function that converts some custom value to a string. - The mapping function that converts some custom value to its original (non-normalized) string. May be null if the same as the function. - The mapping function that converts a string to some custom value. - toString != null - toString == null - toValue != null - toValue == null - - - - Initializes a new instance of the struct. - - The encoder. - encoder != null - encoder == null - - - - A mapping between serialized key names and instances describing - those key/values pairs. - - this.MessageType != null - this.MessageVersion != null - this.Constructors != null - - - - A mapping between the serialized key names and their - describing instances. - - - - - Initializes a new instance of the class. - - Type of the message. - The message version. - messageType != null - messageType == null - typeof(IMessage).IsAssignableFrom(messageType) - !(typeof(IMessage).IsAssignableFrom(messageType)) - messageVersion != null - messageVersion == null - - - - Returns a that represents this instance. - - - A that represents this instance. - - Contract.Result<string>() != null - - - - Gets a dictionary that provides read/write access to a message. - - The message the dictionary should provide access to. - The dictionary accessor to the message - - message != null - message == null - Contract.Result<MessageDictionary>() != null - - - - Gets a dictionary that provides read/write access to a message. - - The message the dictionary should provide access to. - A value indicating whether this message dictionary will retrieve original values instead of normalized ones. - The dictionary accessor to the message - - message != null - message == null - Contract.Result<MessageDictionary>() != null - - - - Ensures the message parts pass basic validation. - - The key/value pairs of the serialized message. - - - - Tests whether all the required message parts pass basic validation for the given data. - - The key/value pairs of the serialized message. - A value indicating whether the provided data fits the message's basic requirements. - parts != null - parts == null - - - - Verifies that a given set of keys include all the required parameters - for this message type or throws an exception. - - The names of all parameters included in a message. - if set to true an exception is thrown on failure with details. - A value indicating whether the provided data fits the message's basic requirements. - - Thrown when required parts of a message are not in - if is true. - - keys != null - keys == null - - - - Ensures the protocol message parts that must not be empty are in fact not empty. - - A dictionary of key/value pairs that make up the serialized message. - if set to true an exception is thrown on failure with details. - A value indicating whether the provided data fits the message's basic requirements. - - Thrown when required parts of a message are not in - if is true. - - partValues != null - partValues == null - - - - Checks that a bunch of message part values meet the constant value requirements of this message description. - - The part values. - if set to true, this method will throw on failure. - A value indicating whether all the requirements are met. - partValues != null - partValues == null - - - - Reflects over some -implementing type - and prepares to serialize/deserialize instances of that type. - - - - - Describes traits of this class that are always true. - - - - - Gets the mapping between the serialized key names and their describing - instances. - - - - - Gets the message version this instance was generated from. - - - - - Gets the type of message this instance was generated from. - - The type of the described message. - - - - Gets the constructors available on the message type. - - - - - Wraps an instance in a dictionary that - provides access to both well-defined message properties and "extra" - name/value pairs that have no properties associated with them. - - this.Message != null - this.Description != null - - - - The instance manipulated by this dictionary. - - - - - The instance that describes the message type. - - - - - Whether original string values should be retrieved instead of normalized ones. - - - - - Initializes a new instance of the class. - - The message instance whose values will be manipulated by this dictionary. - The message description. - A value indicating whether this message dictionary will retrieve original values instead of normalized ones. - - message != null - message == null - description != null - description == null - - - - Adds a named value to the message. - - The serialized form of the name whose value is being set. - The serialized form of the value. - - Thrown if already has a set value in this message. - - - Thrown if is null. - - - - - Checks whether some named parameter has a value set in the message. - - The serialized form of the message part's name. - True if the parameter by the given name has a set value. False otherwise. - !Contract.Result<bool>() || @this.Count > 0 - - - - Removes a name and value from the message given its name. - - The serialized form of the name to remove. - True if a message part by the given name was found and removed. False otherwise. - - - - Gets some named value if the key has a value. - - The name (in serialized form) of the value being sought. - The variable where the value will be set. - True if the key was found and was set. False otherwise. - Contract.Result<bool>() == @this.ContainsKey(key) - - - - Sets a named value in the message. - - The name-value pair to add. The name is the serialized form of the key. - - - - Removes all values in the message. - - - - - Removes all items from the . - - - The is read-only. - - - This method cannot be implemented because keys are not guaranteed to be removed - since some are inherent to the type of message that this dictionary provides - access to. - - this.Count == 0 - - - - Checks whether a named value has been set on the message. - - The name/value pair. - True if the key exists and has the given value. False otherwise. - - - - Copies all the serializable data from the message to a key/value array. - - The array to copy to. - The index in the to begin copying to. - - - - Removes a named value from the message if it exists. - - The serialized form of the name and value to remove. - True if the name/value was found and removed. False otherwise. - - - - Gets an enumerator that generates KeyValuePair<string, string> instances - for all the key/value pairs that are set in the message. - - The enumerator that can generate the name/value pairs. - Contract.Result<IEnumerator<T>>() != null - Contract.Result<IEnumerator<T>>().Model == ((IEnumerable)this).Model - - - - Gets an enumerator that generates KeyValuePair<string, string> instances - for all the key/value pairs that are set in the message. - - The enumerator that can generate the name/value pairs. - Contract.Result<IEnumerator>() != null - Contract.Result<IEnumerator>().Model == this.Model - Contract.Result<IEnumerator>().CurrentIndex == -1 - - - - Saves the data in a message to a standard dictionary. - - The generated dictionary. - - Contract.Result<IDictionary<string, string>>() != null - - - - Loads data from a dictionary into the message. - - The data to load into the message. - fields != null - fields == null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the message this dictionary provides access to. - - - Contract.Result<IMessage>() != null - - - - - Gets the description of the type of message this dictionary provides access to. - - - Contract.Result<MessageDescription>() != null - - - - - Gets the number of explicitly set values in the message. - - - Contract.Result<int>() >= 0 - - - - - Gets a value indicating whether this message is read only. - - - - - Gets all the keys that have values associated with them. - - - Contract.Result<ICollection<TKey>>() != null - - - - - Gets the set of official message part names that have non-null values associated with them. - - - - - Gets the keys that are in the message but not declared as official OAuth properties. - - - - - Gets all the values. - - - Contract.Result<ICollection<TValue>>() != null - - - - - Gets the serializer for the message this dictionary provides access to. - - - - - Gets or sets a value for some named value. - - The serialized form of a name for the value to read or write. - The named value. - - If the key matches a declared property or field on the message type, - that type member is set. Otherwise the key/value is stored in a - dictionary for extra (weakly typed) strings. - - Thrown when setting a value that is not allowed for a given . - - - - Describes an individual member of a message and assists in its serialization. - - - - - A map of converters that help serialize custom objects to string values and back again. - - - - - A map of instantiated custom encoders used to encode/decode message parts. - - - - - The string-object conversion routines to use for this individual message part. - - - - - The property that this message part is associated with, if aplicable. - - - - - The field that this message part is associated with, if aplicable. - - - - - The type of the message part. (Not the type of the message itself). - - - - - The default (uninitialized) value of the member inherent in its type. - - - - - Initializes static members of the class. - - - - - Initializes a new instance of the class. - - - A property or field of an implementing type - that has a attached to it. - - - The attribute discovered on that describes the - serialization requirements of the message part. - - member != null - member == null - member is FieldInfo || member is PropertyInfo - !(member is FieldInfo) && !(member is PropertyInfo) - attribute != null - attribute == null - - - - Sets the member of a given message to some given value. - Used in deserialization. - - The message instance containing the member whose value should be set. - The string representation of the value to set. - message != null - message == null - - - - Gets the normalized form of a value of a member of a given message. - Used in serialization. - - The message instance to read the value from. - The string representation of the member's value. - - - - Gets the value of a member of a given message. - Used in serialization. - - The message instance to read the value from. - A value indicating whether the original value should be retrieved (as opposed to a normalized form of it). - The string representation of the member's value. - - - - Gets whether the value has been set to something other than its CLR type default value. - - The message instance to check the value on. - True if the value is not the CLR default value. - - - - Figures out the CLR default value for a given type. - - The type whose default value is being sought. - Either null, or some default value like 0 or 0.0. - - - - Adds a pair of type conversion functions to the static conversion map. - - The custom type to convert to and from strings. - The function to convert the custom type to a string. - The mapping function that converts some custom value to its original (non-normalized) string. May be null if the same as the function. - The function to convert a string to the custom type. - toString != null - toString == null - toValue != null - toValue == null - - - - Checks whether a type is a nullable value type (i.e. int?) - - The type in question. - True if this is a nullable value type. - - - - Retrieves a previously instantiated encoder of a given type, or creates a new one and stores it for later retrieval as well. - - The message part encoder type. - An instance of the desired encoder. - messagePartEncoder != null - messagePartEncoder == null - Contract.Result<IMessagePartEncoder>() != null - - - - Converts a string representation of the member's value to the appropriate type. - - The string representation of the member's value. - - An instance of the appropriate type for setting the member. - - - - - Converts the member's value to its string representation. - - The value of the member. - A value indicating whether a string matching the originally decoded string should be returned (as opposed to a normalized string). - - The string representation of the member's value. - - - - - Gets the value of the message part, without converting it to/from a string. - - The message instance to read from. - The value of the member. - - - - Validates that the message part and its attribute have agreeable settings. - - - Thrown when a non-nullable value type is set as optional. - - - - - Gets or sets the name to use when serializing or deserializing this parameter in a message. - - - - - Gets or sets whether this message part must be signed. - - - - - Gets or sets a value indicating whether this message part is required for the - containing message to be valid. - - - - - Gets or sets a value indicating whether the string value is allowed to be empty in the serialized message. - - - - - Gets or sets a value indicating whether the field or property must remain its default value. - - - - - Gets or sets a value indicating whether this part is defined as a constant field and can be read without a message instance. - - - - - Gets the static constant value for this message part without a message instance. - - - this.IsConstantValueAvailableStatically - - !(this.IsConstantValueAvailableStatically) - - - - Gets the type of the declared member. - - - - - An exception thrown when messages cannot receive all the protections they require. - - - - - Initializes a new instance of the class. - - The message whose protection requirements could not be met. - The protection requirements that were fulfilled. - - - - Initializes a new instance of the class. - - The - that holds the serialized object data about the exception being thrown. - The System.Runtime.Serialization.StreamingContext - that contains contextual information about the source or destination. - - - - An OAuth-specific implementation of the class. - - - - - Initializes a new instance of the class. - - The binding element to use for signing. - The web application store to use for nonces. - The token manager instance to use. - - - - Initializes a new instance of the class. - - The binding element to use for signing. - The web application store to use for nonces. - The token manager instance to use. - - - - Initializes a new instance of the class. - - The binding element to use for signing. - The web application store to use for nonces. - The ITokenManager instance to use. - - An injected message type provider instance. - Except for mock testing, this should always be one of - or . - - tokenManager != null - tokenManager == null - signingBindingElement != null - signingBindingElement == null - signingBindingElement.SignatureCallback == null - signingBindingElement.SignatureCallback != null - - - - Uri-escapes the names and values in a dictionary per OAuth 1.0 section 5.1. - - The message with data to encode. - A dictionary of name-value pairs with their strings encoded. - - - - Initializes a web request for sending by attaching a message to it. - Use this method to prepare a protected resource request that you do NOT - expect an OAuth message response to. - - The message to attach. - The initialized web request. - request != null - request == null - - - - Searches an incoming HTTP request for data that could be used to assemble - a protocol request message. - - The HTTP request to search. - The deserialized message, if one is found. Null otherwise. - request != null - request == null - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - - The deserialized message parts, if found. Null otherwise. - - response != null - response == null - - - - Prepares an HTTP request that carries a given message. - - The message to send. - - The prepared to send the request. - - request != null - request == null - request.Recipient != null - request.Recipient == null - Contract.Result<HttpWebRequest>() != null - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - The pending user agent redirect based message to be sent as an HttpResponse. - - This method implements spec V1.0 section 5.3. - - response != null - response == null - Contract.Result<OutgoingWebResponse>() != null - - - - Initializes the binding elements for the OAuth channel. - - The signing binding element. - The nonce store. - The token manager. - An array of binding elements used to initialize the channel. - - - - Uri-escapes the names and values in a dictionary per OAuth 1.0 section 5.1. - - The dictionary with names and values to encode. - The dictionary to add the encoded pairs to. - source != null - source == null - destination != null - destination == null - - - - Gets the HTTP method to use for a message. - - The message. - "POST", "GET" or some other similar http verb. - message != null - message == null - - - - Prepares to send a request to the Service Provider via the Authorization header. - - The message to be transmitted to the ServiceProvider. - The web request ready to send. - - If the message has non-empty ExtraData in it, the request stream is sent to - the server automatically. If it is empty, the request stream must be sent by the caller. - This method implements OAuth 1.0 section 5.2, item #1 (described in section 5.4). - - - - - Fills out the secrets in a message so that signing/verification can be performed. - - The message about to be signed or whose signature is about to be verified. - - - - Gets the consumer secret for a given consumer key. - - The consumer key. - The consumer secret. - - - - Gets or sets the Consumer web application path. - - - - - Gets the token manager being used. - - - - - A protocol message (request or response) that passes from this - to a remote party via the user agent using a redirect or form - POST submission, OR a direct message response. - - - An instance of this type describes the HTTP response that must be sent - in response to the current HTTP request. - It is important that this response make up the entire HTTP response. - A hosting ASPX page should not be allowed to render its normal HTML output - after this response is sent. The normal rendered output of an ASPX page - can be canceled by calling after this message - is sent on the response stream. - - - - - The encoder to use for serializing the response body. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - based on the contents of an . - - The to clone. - The maximum bytes to read from the response stream. - response != null - response == null - - - - Creates a text reader for the response stream. - - The text reader, initialized for the proper encoding. - - - - Automatically sends the appropriate response to the user agent - and ends execution on the current page or handler. - - Typically thrown by ASP.NET in order to prevent additional data from the page being sent to the client and corrupting the response. - - Requires a current HttpContext. - - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - - - - Automatically sends the appropriate response to the user agent - and ends execution on the current page or handler. - - The context of the HTTP request whose response should be set. - Typically this is . - Typically thrown by ASP.NET in order to prevent additional data from the page being sent to the client and corrupting the response. - context != null - context == null - - - - Automatically sends the appropriate response to the user agent. - - The response to set to this message. - response != null - response == null - - - - Gets the URI that, when requested with an HTTP GET request, - would transmit the message that normally would be transmitted via a user agent redirect. - - The channel to use for encoding. - - The URL that would transmit the original message. This URL may exceed the normal 2K limit, - and should therefore be broken up manually and POSTed as form fields when it exceeds this length. - - - This is useful for desktop applications that will spawn a user agent to transmit the message - rather than cause a redirect. - - channel != null - channel == null - - - - Sets the response to some string, encoded as UTF-8. - - The string to set the response to. - Type of the content. May be null. - - - - Gets the headers that must be included in the response to the user agent. - - - The headers in this collection are not meant to be a comprehensive list - of exactly what should be sent, but are meant to augment whatever headers - are generally included in a typical response. - - - - - Gets the body of the HTTP response. - - - - - Gets a value indicating whether the response stream is incomplete due - to a length limitation imposed by the HttpWebRequest or calling method. - - - - - Gets or sets the body of the response as a string. - - - - - Gets the HTTP status code to use in the HTTP response. - - - - - Gets or sets a reference to the actual protocol message that - is being sent via the user agent. - - - - - A general logger for the entire DotNetOpenAuth library. - - - Because this logger is intended for use with non-localized strings, the - overloads that take have been removed, and - is used implicitly. - - - - - The instance that is to be used - by this static Logger for the duration of the appdomain. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Creates an additional logger on demand for a subsection of the application. - - A name that will be included in the log file. - The instance created with the given name. - !String.IsNullOrEmpty(name) - String.IsNullOrEmpty(name) - - - - Creates the main logger for the library, and emits an INFO message - that is the name and version of the library. - - A name that will be included in the log file. - The instance created with the given name. - !String.IsNullOrEmpty(name) - String.IsNullOrEmpty(name) - - - - Creates an additional logger on demand for a subsection of the application. - - A type whose full name that will be included in the log file. - The instance created with the given type name. - type != null - type == null - - - - Discovers the presence of Log4net.dll and other logging mechanisms - and returns the best available logger. - - The name of the log to initialize. - The instance of the logger to use. - - - - Gets the logger for general library logging. - - - - - Gets the logger for service discovery and selection events. - - - - - Gets the logger for Messaging events. - - - - - Gets the logger for Channel events. - - - - - Gets the logger for binding elements and binding-element related events on the channel. - - - - - Gets the logger specifically used for logging verbose text on everything about the signing process. - - - - - Gets the logger for HTTP-level events. - - - - - Gets the logger for events logged by ASP.NET controls. - - - - - Gets the logger for high-level OpenID events. - - - - - Gets the logger for high-level OAuth events. - - - - - Gets the logger for high-level InfoCard events. - - - - - The ILog interface is use by application to log messages into - the log4net framework. - - - - Use the to obtain logger instances - that implement this interface. The - static method is used to get logger instances. - - - This class contains methods for logging at different levels and also - has properties for determining if those logging levels are - enabled in the current configuration. - - - This interface can be implemented in different ways. This documentation - specifies reasonable behavior that a caller can expect from the actual - implementation, however different implementations reserve the right to - do things differently. - - - Simple example of logging messages - - ILog log = LogManager.GetLogger("application-log"); - - log.Info("Application Start"); - log.Debug("This is a debug message"); - - if (log.IsDebugEnabled) - { - log.Debug("This is another debug message"); - } - - - - Nicko Cadell - Gert Driesen - - - Log a message object with the level. - - Log a message object with the level. - - The message object to log. - - - This method first checks if this logger is DEBUG - enabled by comparing the level of this logger with the - level. If this logger is - DEBUG enabled, then it converts the message object - (passed as parameter) to a string by invoking the appropriate - . It then - proceeds to call all the registered appenders in this logger - and also higher in the hierarchy depending on the value of - the additivity flag. - - - WARNING Note that passing an - to this method will print the name of the - but no stack trace. To print a stack trace use the - form instead. - - - - - - - - Log a message object with the level including - the stack trace of the passed - as a parameter. - - The message object to log. - The exception to log, including its stack trace. - - - See the form for more detailed information. - - - - - - - Log a formatted string with the level. - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object array containing zero or more objects to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - Log a message object with the level. - - Logs a message object with the level. - - - - This method first checks if this logger is INFO - enabled by comparing the level of this logger with the - level. If this logger is - INFO enabled, then it converts the message object - (passed as parameter) to a string by invoking the appropriate - . It then - proceeds to call all the registered appenders in this logger - and also higher in the hierarchy depending on the value of the - additivity flag. - - - WARNING Note that passing an - to this method will print the name of the - but no stack trace. To print a stack trace use the - form instead. - - - The message object to log. - - - - - - Logs a message object with the INFO level including - the stack trace of the passed - as a parameter. - - The message object to log. - The exception to log, including its stack trace. - - - See the form for more detailed information. - - - - - - - Log a formatted message string with the level. - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object array containing zero or more objects to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - Log a message object with the level. - - Log a message object with the level. - - - - This method first checks if this logger is WARN - enabled by comparing the level of this logger with the - level. If this logger is - WARN enabled, then it converts the message object - (passed as parameter) to a string by invoking the appropriate - . It then - proceeds to call all the registered appenders in this logger - and also higher in the hierarchy depending on the value of the - additivity flag. - - - WARNING Note that passing an - to this method will print the name of the - but no stack trace. To print a stack trace use the - form instead. - - - The message object to log. - - - - - - Log a message object with the level including - the stack trace of the passed - as a parameter. - - The message object to log. - The exception to log, including its stack trace. - - - See the form for more detailed information. - - - - - - - Log a formatted message string with the level. - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object array containing zero or more objects to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - Log a message object with the level. - - Logs a message object with the level. - - The message object to log. - - - This method first checks if this logger is ERROR - enabled by comparing the level of this logger with the - level. If this logger is - ERROR enabled, then it converts the message object - (passed as parameter) to a string by invoking the appropriate - . It then - proceeds to call all the registered appenders in this logger - and also higher in the hierarchy depending on the value of the - additivity flag. - - - WARNING Note that passing an - to this method will print the name of the - but no stack trace. To print a stack trace use the - form instead. - - - - - - - - Log a message object with the level including - the stack trace of the passed - as a parameter. - - The message object to log. - The exception to log, including its stack trace. - - - See the form for more detailed information. - - - - - - - Log a formatted message string with the level. - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object array containing zero or more objects to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - Log a message object with the level. - - Log a message object with the level. - - - - This method first checks if this logger is FATAL - enabled by comparing the level of this logger with the - level. If this logger is - FATAL enabled, then it converts the message object - (passed as parameter) to a string by invoking the appropriate - . It then - proceeds to call all the registered appenders in this logger - and also higher in the hierarchy depending on the value of the - additivity flag. - - - WARNING Note that passing an - to this method will print the name of the - but no stack trace. To print a stack trace use the - form instead. - - - The message object to log. - - - - - - Log a message object with the level including - the stack trace of the passed - as a parameter. - - The message object to log. - The exception to log, including its stack trace. - - - See the form for more detailed information. - - - - - - - Log a formatted message string with the level. - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object array containing zero or more objects to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Logs a formatted message string with the level. - - A String containing zero or more format items - An Object to format - An Object to format - An Object to format - - - The message is formatted using the String.Format method. See - for details of the syntax of the format string and the behavior - of the formatting. - - - This method does not take an object to include in the - log event. To pass an use one of the - methods instead. - - - - - - - - Checks if this logger is enabled for the level. - - - true if this logger is enabled for events, false otherwise. - - - - This function is intended to lessen the computational cost of - disabled log debug statements. - - For some ILog interface log, when you write: - - log.Debug("This is entry number: " + i ); - - - You incur the cost constructing the message, string construction and concatenation in - this case, regardless of whether the message is logged or not. - - - If you are worried about speed (who isn't), then you should write: - - - if (log.IsDebugEnabled) - { - log.Debug("This is entry number: " + i ); - } - - - This way you will not incur the cost of parameter - construction if debugging is disabled for log. On - the other hand, if the log is debug enabled, you - will incur the cost of evaluating whether the logger is debug - enabled twice. Once in and once in - the . This is an insignificant overhead - since evaluating a logger takes about 1% of the time it - takes to actually log. This is the preferred style of logging. - - Alternatively if your logger is available statically then the is debug - enabled state can be stored in a static variable like this: - - - private static readonly bool isDebugEnabled = log.IsDebugEnabled; - - - Then when you come to log you can write: - - - if (isDebugEnabled) - { - log.Debug("This is entry number: " + i ); - } - - - This way the debug enabled state is only queried once - when the class is loaded. Using a private static readonly - variable is the most efficient because it is a run time constant - and can be heavily optimized by the JIT compiler. - - - Of course if you use a static readonly variable to - hold the enabled state of the logger then you cannot - change the enabled state at runtime to vary the logging - that is produced. You have to decide if you need absolute - speed or runtime flexibility. - - - - - - - Checks if this logger is enabled for the level. - - - true if this logger is enabled for events, false otherwise. - - - For more information see . - - - - - - - Checks if this logger is enabled for the level. - - - true if this logger is enabled for events, false otherwise. - - - For more information see . - - - - - - - Checks if this logger is enabled for the level. - - - true if this logger is enabled for events, false otherwise. - - - For more information see . - - - - - - - Checks if this logger is enabled for the level. - - - true if this logger is enabled for events, false otherwise. - - - For more information see . - - - - - - - Returns a new log4net logger if it exists, or returns null if the assembly cannot be found. - - The created instance. - - - - Creates the log4net.LogManager. Call ONLY after log4net.dll is known to be present. - - The created instance. - - - - Returns a new logger that does nothing when invoked. - - The created instance. - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - Returns a new logger that uses the class - if sufficient CAS permissions are granted to use it, otherwise returns false. - - The created instance. - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - See . - - - - - The methods available for the local party to send messages to a remote party. - - - See OAuth 1.0 spec section 5.2. - - - - - No HTTP methods are allowed. - - - - - In the HTTP Authorization header as defined in OAuth HTTP Authorization Scheme (OAuth HTTP Authorization Scheme). - - - - - As the HTTP POST request body with a content-type of application/x-www-form-urlencoded. - - - - - Added to the URLs in the query part (as defined by [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) section 3). - - - - - Added to the URLs in the query part (as defined by [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) section 3). - - - - - Added to the URLs in the query part (as defined by [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) section 3). - - - - - Added to the URLs in the query part (as defined by [RFC3986] (Berners-Lee, T., “Uniform Resource Identifiers (URI): Generic Syntax,” .) section 3). - - - - - The flags that control HTTP verbs. - - - - - The type of transport mechanism used for a message: either direct or indirect. - - - - - A message that is sent directly from the Consumer to the Service Provider, or vice versa. - - - - - A message that is sent from one party to another via a redirect in the user agent. - - - - - An OAuth-protocol specific implementation of the - interface. - - - - - The token manager to use for discerning between request and access tokens. - - - - - Initializes a new instance of the class. - - The token manager instance to use. - tokenManager != null - tokenManager == null - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The intended or actual recipient of the request message. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - - The request messages are: - UnauthorizedTokenRequest - AuthorizedTokenRequest - UserAuthorizationRequest - AccessProtectedResourceRequest - - recipient != null - recipient == null - fields != null - fields == null - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - - The message that was sent as a request that resulted in the response. - Null on a Consumer site that is receiving an indirect message from the Service Provider. - - The name/value pairs that make up the message payload. - - The -derived concrete class that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - - The response messages are: - None. - - request != null - request == null - fields != null - fields == null - - - - Stores a secret used in signing and verifying messages. - - - OpenID associations may be shared between Provider and Relying Party (smart - associations), or be a way for a Provider to recall its own secret for later - (dumb associations). - - !string.IsNullOrEmpty(this.Handle) - this.TotalLifeLength > TimeSpan.Zero - this.SecretKey != null - - - - Initializes a new instance of the class. - - The handle. - The secret. - How long the association will be useful. - The UTC time of when this association was originally issued by the Provider. - !string.IsNullOrEmpty(handle) - string.IsNullOrEmpty(handle) - secret != null - secret == null - totalLifeLength > TimeSpan.Zero - totalLifeLength <= TimeSpan.Zero - issued.Kind == DateTimeKind.Utc - issued.Kind != DateTimeKind.Utc - issued <= DateTime.UtcNow - issued > DateTime.UtcNow - this.TotalLifeLength == totalLifeLength - - - - Re-instantiates an previously persisted in a database or some - other shared store. - - - The property of the previous instance. - - - The UTC value of the property of the previous instance. - - - The byte array returned by a call to on the previous - instance. - - - The newly dehydrated , which can be returned - from a custom association store's - method. - - !String.IsNullOrEmpty(handle) - String.IsNullOrEmpty(handle) - privateData != null - privateData == null - Contract.Result<Association>() != null - - - - Returns private data required to persist this in - permanent storage (a shared database for example) for deserialization later. - - - An opaque byte array that must be stored and returned exactly as it is provided here. - The byte array may vary in length depending on the specific type of , - but in current versions are no larger than 256 bytes. - - - Values of public properties on the base class are not included - in this byte array, as they are useful for fast database lookup and are persisted separately. - - Contract.Result<byte[]>() != null - - - - Tests equality of two objects. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - - - Returns the hash code. - - - A hash code for the current . - - - - - The string to pass as the assoc_type value in the OpenID protocol. - - The protocol version of the message that the assoc_type value will be included in. - The value that should be used for the openid.assoc_type parameter. - protocol != null - protocol == null - - - - Generates a signature from a given blob of data. - - The data to sign. This data will not be changed (the signature is the return value). - The calculated signature of the data. - data != null - data == null - - - - Returns the specific hash algorithm used for message signing. - - The hash algorithm used for message signing. - Contract.Result<HashAlgorithm>() != null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets a unique handle by which this may be stored or retrieved. - - - - - Gets the UTC time when this will expire. - - - - - Gets a value indicating whether this has already expired. - - - - - Gets the length (in bits) of the hash this association creates when signing. - - - Contract.Result<int>() > 0 - - - - - Gets a value indicating whether this instance has useful life remaining. - - - true if this instance has useful life remaining; otherwise, false. - - - - - Gets or sets the UTC time that this was first created. - - - - - Gets the number of seconds until this expires. - Never negative (counter runs to zero). - - - Contract.Result<long>() >= 0 - - - - - Gets the shared secret key between the consumer and provider. - - - - - Gets the duration a secret key used for signing dumb client requests will be good for. - - - Contract.Result<TimeSpan>() > TimeSpan.Zero - - - - - Gets the lifetime the OpenID provider permits this . - - - - - Gets the minimum lifetime an association must still be good for in order for it to be used for a future authentication. - - - Associations that are not likely to last the duration of a user login are not worth using at all. - - - Contract.Result<TimeSpan>() > TimeSpan.Zero - - - - - Gets the TimeSpan till this association expires. - - - - - Manages a set of associations in memory only (no database). - - The type of the key. - - This class should be used for low-to-medium traffic relying party sites that can afford to lose associations - if the app pool was ever restarted. High traffic relying parties and providers should write their own - implementation of that works against their own database schema - to allow for persistance and recall of associations across servers in a web farm and server restarts. - - - - - Stores s for lookup by their handle, keeping - associations separated by a given distinguishing factor (like which server the - association is with). - - - for consumers (to distinguish associations across servers) or - for providers (to distinguish dumb and smart client associations). - - - Expired associations should be periodically cleared out of an association store. - This should be done frequently enough to avoid a memory leak, but sparingly enough - to not be a performance drain. Because this balance can vary by host, it is the - responsibility of the host to initiate this cleaning. - - - - - Saves an for later recall. - - The Uri (for relying parties) or Smart/Dumb (for providers). - The association to store. - - TODO: what should implementations do on association handle conflict? - - - - - Gets the best association (the one with the longest remaining life) for a given key. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The security requirements that the returned association must meet. - - The requested association, or null if no unexpired s exist for the given key. - - - In the event that multiple associations exist for the given - , it is important for the - implementation for this method to use the - to pick the best (highest grade or longest living as the host's policy may dictate) - association that fits the security requirements. - Associations that are returned that do not meet the security requirements will be - ignored and a new association created. - - - - - Gets the association for a given key and handle. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be recalled. - The requested association, or null if no unexpired s exist for the given key and handle. - - - Removes a specified handle that may exist in the store. - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be deleted. - True if the association existed in this store previous to this call. - - No exception should be thrown if the association does not exist in the store - before this call. - - - - - How many association store requests should occur between each spring cleaning. - - - - - For Relying Parties, this maps OP Endpoints to a set of associations with that endpoint. - For Providers, this keeps smart and dumb associations in two distinct pools. - - - - - A counter to track how close we are to an expired association cleaning run. - - - - - Stores a given association for later recall. - - The distinguishing factor, either an OP Endpoint or smart/dumb mode. - The association to store. - - - - Gets the best association (the one with the longest remaining life) for a given key. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The security settings. - - The requested association, or null if no unexpired s exist for the given key. - - - - - Gets the association for a given key and handle. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be recalled. - - The requested association, or null if no unexpired s exist for the given key and handle. - - - - - Removes a specified handle that may exist in the store. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be deleted. - - True if the association existed in this store previous to this call. - - - No exception should be thrown if the association does not exist in the store - before this call. - - - - - Gets the server associations for a given OP Endpoint or dumb/smart mode. - - The distinguishing factor, either an OP Endpoint (for relying parties) or smart/dumb (for providers). - The collection of associations that fit the . - - - - Clears all expired associations from the store. - - - - - A dictionary of handle/Association pairs. - - - Each method is locked, even if it is only one line, so that they are thread safe - against each other, particularly the ones that enumerate over the list, since they - can break if the collection is changed by another thread during enumeration. - - this.associations != null - - - - The lookup table where keys are the association handles and values are the associations themselves. - - - - - Initializes a new instance of the class. - - - - - Stores an in the collection. - - The association to add to the collection. - association != null - association == null - this.Get(association.Handle) == association - - - - Returns the with the given handle. Null if not found. - - The handle to the required association. - The desired association, or null if none with the given handle could be found. - - !string.IsNullOrEmpty(handle) - string.IsNullOrEmpty(handle) - - - - Removes the with the given handle. - - The handle to the required association. - Whether an with the given handle was in the collection for removal. - !string.IsNullOrEmpty(handle) - string.IsNullOrEmpty(handle) - - - - Removes all expired associations from the collection. - - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the s ordered in order of descending issue date - (most recently issued comes first). An empty sequence if no valid associations exist. - - - This property is used by relying parties that are initiating authentication requests. - It does not apply to Providers, which always need a specific association by handle. - - - Contract.Result<IEnumerable<Association>>() != null - - - - - An Attribute Exchange and Simple Registration filter to make all incoming attribute - requests look like Simple Registration requests, and to convert the response - to the originally requested extension and format. - - - - - Applies a custom security policy to certain OpenID security settings and behaviors. - - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - securitySettings != null - securitySettings == null - - - - Called when an authentication request is about to be sent. - - The request. - - Implementations should be prepared to be called multiple times on the same outgoing message - without malfunctioning. - - request != null - request == null - - - - Called when an incoming positive assertion is received. - - The positive assertion. - assertion != null - assertion == null - - - - Applies a custom security policy to certain OpenID security settings and behaviors. - - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - securitySettings != null - securitySettings == null - - - - Called when a request is received by the Provider. - - The incoming request. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - - Implementations may set a new value to but - should not change the properties on the instance of - itself as that instance may be shared across many requests. - - request != null - request == null - - - - Called when the Provider is preparing to send a response to an authentication request. - - The request that is configured to generate the outgoing response. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - request != null - request == null - - - - Initializes static members of the class. - - - - - Initializes a new instance of the class. - - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - securitySettings != null - securitySettings == null - - - - Called when an authentication request is about to be sent. - - The request. - - Implementations should be prepared to be called multiple times on the same outgoing message - without malfunctioning. - - request != null - request == null - - - - Called when an incoming positive assertion is received. - - The positive assertion. - assertion != null - assertion == null - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - securitySettings != null - securitySettings == null - - - - Called when a request is received by the Provider. - - The incoming request. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - - Implementations may set a new value to but - should not change the properties on the instance of - itself as that instance may be shared across many requests. - - request != null - request == null - - - - Called when the Provider is preparing to send a response to an authentication request. - - The request that is configured to generate the outgoing response. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - request != null - request == null - - - - Gets or sets the AX attribute type URI formats this transform is willing to work with. - - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to The PAPE request has an incomplete set of authentication policies.. - - - - - Looks up a localized string similar to A PAPE response is missing or is missing required policies.. - - - - - Looks up a localized string similar to No personally identifiable information should be included in authentication responses when the PAPE authentication policy http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf is present.. - - - - - Looks up a localized string similar to No personally identifiable information should be requested when the http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf PAPE policy is present.. - - - - - Looks up a localized string similar to No PPID provider has been configured.. - - - - - Looks up a localized string similar to Discovery on the Realm URL MUST be performed before sending a positive assertion.. - - - - - Looks up a localized string similar to The Realm in an authentication request must be an HTTPS URL.. - - - - - Offers OpenID Providers automatic PPID Claimed Identifier generation when requested - by a PAPE request. - - - PPIDs are set on positive authentication responses when the PAPE request includes - the authentication policy. - The static member MUST - be set prior to any PPID requests come in. Typically this should be set in the - Application_Start method in the global.asax.cs file. - - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - securitySettings != null - securitySettings == null - - - - Called when a request is received by the Provider. - - The incoming request. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - - Implementations may set a new value to but - should not change the properties on the instance of - itself as that instance may be shared across many requests. - - request != null - request == null - - - - Called when the Provider is preparing to send a response to an authentication request. - - The request that is configured to generate the outgoing response. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - request != null - request == null - - - - Gets or sets the provider for generating PPID identifiers. - - - - - Provides a mechanism for Relying Parties to work with OpenID 1.0 Providers - without losing claimed_id and op_endpoint data, which OpenID 2.0 Providers - are required to send back with positive assertions. - - - - - The "dnoa.op_endpoint" callback parameter that stores the Provider Endpoint URL - to tack onto the return_to URI. - - - - - The "dnoa.claimed_id" callback parameter that stores the Claimed Identifier - to tack onto the return_to URI. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets or sets the channel that this binding element belongs to. - - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection offered (if any) by this binding element. - - - - - - - - The binding element that serializes/deserializes OpenID extensions to/from - their carrying OpenID messages. - - - - - The security settings that apply to this relying party, if it is a relying party. - - - - - Initializes a new instance of the class. - - The extension factory. - The security settings. - extensionFactory != null - extensionFactory == null - securitySettings != null - securitySettings == null - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets the extensions on a message. - - The carrier of the extensions. - If set to true only signed extensions will be available. - A optional filter that takes an extension type URI and - returns a value indicating whether that extension should be deserialized and - returned in the sequence. May be null. - A sequence of extensions in the message. - - - - Gets the dictionary of message parts that should be deserialized into extensions. - - The message. - If set to true only signed extensions will be available. - - A dictionary of message parts, including only signed parts when appropriate. - - this.Channel != null - this.Channel == null - - - - Gets or sets the channel that this binding element belongs to. - - - - This property is set by the channel when it is first constructed. - - - - - Gets the extension factory. - - - - - Gets the protection offered (if any) by this binding element. - - - - - - - - OpenID extension factory class for creating extensions based on received Type URIs. - - - OpenID extension factories must be registered with the library. This can be - done by adding a factory to - or , or by adding a snippet - such as the following to your web.config file: - - <dotNetOpenAuth> - <openid> - <extensionFactories> - <add type="DotNetOpenAuth.ApplicationBlock.CustomExtensions.Acme, DotNetOpenAuth.ApplicationBlock" /> - </extensionFactories> - </openid> - </dotNetOpenAuth> - - - - - Creates a new instance of some extension based on the received extension parameters. - - The type URI of the extension. - The parameters associated specifically with this extension. - The OpenID message carrying this extension. - A value indicating whether this extension is being received at the OpenID Provider. - - An instance of if the factory recognizes - the extension described in the input parameters; null otherwise. - - - This factory method need only initialize properties in the instantiated extension object - that are not bound using . - - - - - An interface that OAuth messages implement to support signing. - - - - - Gets or sets the association handle used to sign the message. - - The handle for the association that was used to sign this assertion. - - - - Gets or sets the association handle that the Provider wants the Relying Party to not use any more. - - If the Relying Party sent an invalid association handle with the request, it SHOULD be included here. - - - - Gets or sets the signed parameter order. - - Comma-separated list of signed fields. - "op_endpoint,identity,claimed_id,return_to,assoc_handle,response_nonce" - - This entry consists of the fields without the "openid." prefix that the signature covers. - This list MUST contain at least "op_endpoint", "return_to" "response_nonce" and "assoc_handle", - and if present in the response, "claimed_id" and "identity". - Additional keys MAY be signed as part of the message. See Generating Signatures. - - - - - A Uri encoder that serializes using - rather than the standard . - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Helps ensure compliance to some properties in the . - - - - - The security settings that are active on the relying party. - - - - - Initializes a new instance of the class. - - The security settings. - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets or sets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - This binding element adds a nonce to a Relying Party's outgoing - authentication request when working against an OpenID 1.0 Provider - in order to protect against replay attacks or on all authentication - requests to distinguish solicited from unsolicited assertions. - - - This nonce goes beyond the OpenID 1.x spec, but adds to security. - Since this library's Provider implementation also provides special nonce - protection for 1.0 messages, this security feature overlaps with that one. - This means that if an RP from this library were talking to an OP from this - library, but the Identifier being authenticated advertised the OP as a 1.x - OP, then both RP and OP might try to use a nonce for protecting the assertion. - There's no problem with that--it will still all work out. And it would be a - very rare combination of elements anyway. - - - This binding element deactivates itself for OpenID 2.0 (or later) messages - since they are automatically protected in the protocol by the Provider's - openid.response_nonce parameter. The exception to this is when - is - set to true, which will not only add a request nonce to every outgoing - authentication request but also require that it be present in positive - assertions, effectively disabling unsolicited assertions. - - In the messaging stack, this binding element looks like an ordinary - transform-type of binding element rather than a protection element, - due to its required order in the channel stack and that it exists - only on the RP side and only on some messages. - - - - - The parameter of the callback parameter we tack onto the return_to URL - to store the replay-detection nonce. - - - - - The length of the generated nonce's random part. - - - - - The nonce store that will allow us to recall which nonces we've seen before. - - - - - The security settings at the RP. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - The nonce store to use. - The security settings of the RP. - nonceStore != null - nonceStore == null - securitySettings != null - securitySettings == null - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Determines whether a request nonce should be applied the request - or should be expected in the response. - - The authentication request or the positive assertion response. - - true if the message exchanged with an OpenID 1.x provider - or if unsolicited assertions should be rejected at the RP; otherwise false. - - - - - Gets or sets the channel that this binding element belongs to. - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection offered (if any) by this binding element. - - - - - Gets the maximum message age from the standard expiration binding element. - - - - - A special DotNetOpenAuth-only nonce used by the RP when talking to 1.0 OPs in order - to protect against replay attacks. - - - - - The random bits generated for the nonce. - - - - - Initializes a new instance of the class. - - The creation date of the nonce. - The random bits that help make the nonce unique. - - - - Creates a new nonce. - - The newly instantiated instance. - - - - Deserializes a nonce from the return_to parameter. - - The base64-encoded value of the nonce. - The instantiated and initialized nonce. - !String.IsNullOrEmpty(value) - String.IsNullOrEmpty(value) - - - - Serializes the entire nonce for adding to the return_to URL. - - The base64-encoded string representing the nonce. - - - - Gets the creation date. - - - - - Gets the random part of the nonce as a base64 encoded string. - - - - - Signs and verifies authentication assertions. - - - - - The association store used by Relying Parties to look up the secrets needed for signing. - - - - - The association store used by Providers to look up the secrets needed for signing. - - - - - The security settings at the Provider. - Only defined when this element is instantiated to service a Provider. - - - - - Initializes a new instance of the SigningBindingElement class for use by a Relying Party. - - The association store used to look up the secrets needed for signing. May be null for dumb Relying Parties. - - - - Initializes a new instance of the SigningBindingElement class for use by a Provider. - - The association store used to look up the secrets needed for signing. - The security settings. - associationStore != null - associationStore == null - securitySettings != null - securitySettings == null - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Determines whether the relying party sending an authentication request is - vulnerable to replay attacks. - - The request message from the Relying Party. Useful, but may be null for conservative estimate results. - The response message to be signed. - - true if the relying party is vulnerable; otherwise, false. - - response != null - response == null - - - - Ensures that all message parameters that must be signed are in fact included - in the signature. - - The signed message. - - - - Calculates the signature for a given message. - - The message to sign or verify. - The association to use to sign the message. - The calculated signature of the method. - signedMessage != null - signedMessage == null - !String.IsNullOrEmpty(signedMessage.SignedParameterOrder) - String.IsNullOrEmpty(signedMessage.SignedParameterOrder) - association != null - association == null - - - - Gets the value to use for the openid.signed parameter. - - The signable message. - - A comma-delimited list of parameter names, omitting the 'openid.' prefix, that determines - the inclusion and order of message parts that will be signed. - - this.Channel != null - this.Channel == null - signedMessage != null - signedMessage == null - - - - Gets the association to use to sign or verify a message. - - The message to sign or verify. - The association to use to sign or verify the message. - signedMessage != null - signedMessage == null - - - - Gets a specific association referenced in a given message's association handle. - - The signed message whose association handle should be used to lookup the association to return. - The referenced association; or null if such an association cannot be found. - - If the association handle set in the message does not match any valid association, - the association handle property is cleared, and the - property is set to the - handle that could not be found. - - - - - Gets a private Provider association used for signing messages in "dumb" mode. - - An existing or newly created association. - - - - Gets the protection offered (if any) by this binding element. - - - - - - - - Gets or sets the channel that this binding element belongs to. - - - - - Gets a value indicating whether this binding element is on a Provider channel. - - - - - Indicates the level of strictness to require when decoding a - Key-Value Form encoded dictionary. - - - - - Be as forgiving as possible to errors made while encoding. - - - - - Allow for certain errors in encoding attributable to ambiguities - in the OpenID 1.1 spec's description of the encoding. - - - - - The strictest mode. The decoder requires the encoded dictionary - to be in strict compliance with OpenID 2.0's description of - the encoding. - - - - - Performs conversion to and from the Key-Value Form Encoding defined by - OpenID Authentication 2.0 section 4.1.1. - http://openid.net/specs/openid-authentication-2_0.html#anchor4 - - - This class is thread safe and immutable. - - - - - The newline character sequence to use. - - - - - Characters that must not appear in parameter names. - - - - - Characters that must not appaer in parameter values. - - - - - The character encoding to use. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - How strictly an incoming Key-Value Form message will be held to the spec. - - - - Encodes key/value pairs to Key-Value Form. - - - The dictionary of key/value pairs to convert to a byte stream. - - The UTF8 byte array. - - Enumerating a Dictionary<TKey, TValue> has undeterministic ordering. - If ordering of the key=value pairs is important, a deterministic enumerator must - be used. - - keysAndValues != null - keysAndValues == null - - - - Decodes bytes in Key-Value Form to key/value pairs. - - The stream of Key-Value Form encoded bytes. - The deserialized dictionary. - Thrown when the data is not in the expected format. - - - - Gets a value controlling how strictly an incoming Key-Value Form message will be held to the spec. - - - - - A channel that knows how to send and receive OpenID messages. - - - - - The HTTP Content-Type to use in Key-Value Form responses. - - - OpenID 2.0 section 5.1.2 says this SHOULD be text/plain. But this value - does not prevent free hosters like GoDaddy from tacking on their ads - to the end of the direct response, corrupting the data. So we deviate - from the spec a bit here to improve the story for free Providers. - - - - - The encoder that understands how to read and write Key-Value Form. - - - - - Initializes a new instance of the class - for use by a Relying Party. - - The association store to use. - The nonce store to use. - The security settings to apply. - securitySettings != null - securitySettings == null - - - - Initializes a new instance of the class - for use by a Provider. - - The association store to use. - The nonce store to use. - The security settings. - securitySettings != null - securitySettings == null - - - - Initializes a new instance of the class - for use by a Relying Party. - - The association store to use. - The nonce store to use. - An object that knows how to distinguish the various OpenID message types for deserialization purposes. - The security settings to apply. - A value indicating whether the channel is set up with no functional security binding elements. - messageTypeProvider != null - messageTypeProvider == null - securitySettings != null - securitySettings == null - !nonVerifying || securitySettings is RelyingPartySecuritySettings - nonVerifying || securitySettings is RelyingPartySecuritySettings - - - - Initializes a new instance of the class - for use by a Provider. - - The association store to use. - The nonce store to use. - An object that knows how to distinguish the various OpenID message types for deserialization purposes. - The security settings. - messageTypeProvider != null - messageTypeProvider == null - securitySettings != null - securitySettings == null - - - - Initializes a new instance of the class. - - A class prepared to analyze incoming messages and indicate what concrete - message types can deserialize from it. - The binding elements to use in sending and receiving messages. - messageTypeProvider != null - messageTypeProvider == null - - - - A value indicating whether the channel is set up - with no functional security binding elements. - - A new instance that will not perform verification on incoming messages or apply any security to outgoing messages. - - A value of true allows the relying party to preview incoming - messages without invalidating nonces or checking signatures. - Setting this to true poses a great security risk and is only - present to support the which needs to preview - messages, and will validate them later. - - Contract.Result<OpenIdChannel>() != null - - - - Verifies the integrity and applicability of an incoming message. - - The message just received. - - Thrown when the message is somehow invalid, except for check_authentication messages. - This can be due to tampering, replay attack or expiration, among other things. - - message != null - message == null - - - - Prepares an HTTP request that carries a given message. - - The message to send. - - The prepared to send the request. - - request != null - request == null - request.Recipient != null - request.Recipient == null - Contract.Result<HttpWebRequest>() != null - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - - The deserialized message parts, if found. Null otherwise. - - Thrown when the response is not valid. - response != null - response == null - - - - Called when receiving a direct response message, before deserialization begins. - - The HTTP direct response. - The newly instantiated message, prior to deserialization. - - - - Queues a message for sending in the response stream where the fields - are sent in the response stream in querystring style. - - The message to send as a response. - - The pending user agent redirect based message to be sent as an HttpResponse. - - - This method implements spec V1.0 section 5.3. - - response != null - response == null - Contract.Result<OutgoingWebResponse>() != null - - - - Gets the direct response of a direct HTTP request. - - The web request. - The response to the web request. - Thrown on network or protocol errors. - webRequest != null - webRequest == null - - - - Initializes the binding elements. - - The distinguishing factor used by the association store. - The association store. - The nonce store to use. - The security settings to apply. Must be an instance of either or . - A value indicating whether the channel is set up with no functional security binding elements. - - An array of binding elements which may be used to construct the channel. - - securitySettings != null - securitySettings == null - !nonVerifying || securitySettings is RelyingPartySecuritySettings - nonVerifying || securitySettings is RelyingPartySecuritySettings - - - - Distinguishes the various OpenID message types for deserialization purposes. - - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The intended or actual recipient of the request message. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - recipient != null - recipient == null - fields != null - fields == null - - - - Analyzes an incoming request message payload to discover what kind of - message is embedded in it and returns the type, or null if no match is found. - - The message that was sent as a request that resulted in the response. - The name/value pairs that make up the message payload. - - A newly instantiated -derived object that this message can - deserialize to. Null if the request isn't recognized as a valid protocol message. - - request != null - request == null - fields != null - fields == null - - - - This binding element signs a Relying Party's openid.return_to parameter - so that upon return, it can verify that it hasn't been tampered with. - - - Since Providers can send unsolicited assertions, not all openid.return_to - values will be signed. But those that are signed will be validated, and - any invalid or missing signatures will cause this library to not trust - the parameters in the return_to URL. - In the messaging stack, this binding element looks like an ordinary - transform-type of binding element rather than a protection element, - due to its required order in the channel stack and that it doesn't sign - anything except a particular message part. - - - - - The name of the callback parameter we'll tack onto the return_to value - to store our signature on the return_to parameter. - - - - - The name of the callback parameter we'll tack onto the return_to value - to store the handle of the association we use to sign the return_to parameter. - - - - - The hashing algorithm used to generate the private signature on the return_to parameter. - - - - - Initializes a new instance of the class. - - The secret store from which to retrieve the secret used for signing. - The security settings. - secretStore != null - secretStore == null - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets the return to signature. - - The return to. - The generated signature. - - Only the parameters in the return_to URI are signed, rather than the base URI - itself, in order that OPs that might change the return_to's implicit port :80 part - or other minor changes do not invalidate the signature. - - returnTo != null - returnTo == null - - - - Gets or sets the channel that this binding element belongs to. - - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection offered (if any) by this binding element. - - - - - - No message protection is reported because this binding element - does not protect the entire message -- only a part. - - - - - Spoofs security checks on incoming OpenID messages. - - - - - Prepares a message for sending based on the rules of this channel binding element. - - The message to prepare for sending. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Performs any transformation on an incoming message that may be necessary and/or - validates an incoming message based on the rules of this channel binding element. - - The incoming message to process. - - The protections (if any) that this binding element applied to the message. - Null if this binding element did not even apply to this binding element. - - - Thrown when the binding element rules indicate that this message is invalid and should - NOT be processed. - - - Implementations that provide message protection must honor the - properties where applicable. - - message != null - message == null - ((IChannelBindingElement)this).Channel != null - !(((IChannelBindingElement)this).Channel != null) - - - - Gets or sets the channel that this binding element belongs to. - - - - This property is set by the channel when it is first constructed. - - - - - Gets the protection commonly offered (if any) by this binding element. - - - - - - This value is used to assist in sorting binding elements in the channel stack. - - - - - Code contract for the class. - - - - - Prevents a default instance of the class from being created. - - - - - The string to pass as the assoc_type value in the OpenID protocol. - - The protocol version of the message that the assoc_type value will be included in. - - The value that should be used for the openid.assoc_type parameter. - - - - - Returns the specific hash algorithm used for message signing. - - - The hash algorithm used for message signing. - - - - - Gets the length (in bits) of the hash this association creates when signing. - - - - - Manages a fast, two-way mapping between type URIs and their aliases. - - - - - The format of auto-generated aliases. - - - - - Tracks extension Type URIs and aliases assigned to them. - - - - - Tracks extension aliases and Type URIs assigned to them. - - - - - Gets an alias assigned for a given Type URI. A new alias is assigned if necessary. - - The type URI. - The alias assigned to this type URI. Never null. - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Sets an alias and the value that will be returned by . - - The alias. - The type URI. - !String.IsNullOrEmpty(alias) - String.IsNullOrEmpty(alias) - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Takes a sequence of type URIs and assigns aliases for all of them. - - The type URIs to create aliases for. - An optional dictionary of URI/alias pairs that suggest preferred aliases to use if available for certain type URIs. - typeUris != null - typeUris == null - - - - Sets up aliases for any Type URIs in a dictionary that do not yet have aliases defined, - and where the given preferred alias is still available. - - A dictionary of type URI keys and alias values. - preferredTypeUriToAliases != null - preferredTypeUriToAliases == null - - - - Gets the Type Uri encoded by a given alias. - - The alias. - The Type URI. - Thrown if the given alias does not have a matching TypeURI. - !String.IsNullOrEmpty(alias) - String.IsNullOrEmpty(alias) - - - - Gets the Type Uri encoded by a given alias. - - The alias. - The Type URI for the given alias, or null if none for that alias exist. - !String.IsNullOrEmpty(alias) - String.IsNullOrEmpty(alias) - - - - Returns a value indicating whether an alias has already been assigned to a type URI. - - The alias in question. - True if the alias has already been assigned. False otherwise. - !String.IsNullOrEmpty(alias) - String.IsNullOrEmpty(alias) - - - - Determines whether a given TypeURI has an associated alias assigned to it. - - The type URI. - - true if the given type URI already has an alias assigned; false otherwise. - - typeUri != null - typeUri == null - - - - Assigns a new alias to a given Type URI. - - The type URI to assign a new alias to. - The newly generated alias. - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Gets the aliases that have been set. - - - - - An individual attribute to be requested of the OpenID Provider using - the Attribute Exchange extension. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class - with = false, = 1. - - - - - Initializes a new instance of the class - with = false, = 1. - - The unique TypeURI for that describes the attribute being sought. - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Initializes a new instance of the class - with = 1. - - The unique TypeURI for that describes the attribute being sought. - A value indicating whether the Relying Party considers this attribute to be required for registration. - - - - Initializes a new instance of the class. - - The unique TypeURI for that describes the attribute being sought. - A value indicating whether the Relying Party considers this attribute to be required for registration. - The maximum number of values for this attribute the Relying Party is prepared to receive. - - - - Used by a Provider to create a response to a request for an attribute's value(s) - using a given array of strings. - - The values for the requested attribute. - - The newly created object that should be added to - the object. - - values != null - values == null - values.Length <= this.Count - values.Length > this.Count - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Gets or sets the URI uniquely identifying the attribute being requested. - - - - - Gets or sets a value indicating whether the relying party considers this a required field. - Note that even if set to true, the Provider may not provide the value. - - - - - Gets or sets the maximum number of values for this attribute the - Relying Party wishes to receive from the OpenID Provider. - A value of int.MaxValue is considered infinity. - - - value > 0 - - value <= 0 - - - - An individual attribute's value(s) as supplied by an OpenID Provider - in response to a prior request by an OpenID Relying Party as part of - a fetch request, or by a relying party as part of a store request. - - - - - Initializes a new instance of the class. - - The TypeURI that uniquely identifies the attribute. - The values for the attribute. - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Initializes a new instance of the class. - - - This is internal because web sites should be using the - method to instantiate. - - - - - Initializes a new instance of the class. - - The TypeURI of the attribute whose values are being provided. - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Gets the URI uniquely identifying the attribute whose value is being supplied. - - - - - Gets the values supplied by the Provider. - - - - - The various Type URI formats an AX attribute may use by various remote parties. - - - - - No attribute format. - - - - - AX attributes should use the Type URI format starting with http://axschema.org/. - - - - - AX attributes should use the Type URI format starting with http://schema.openid.net/. - - - - - AX attributes should use the Type URI format starting with http://openid.net/schema/. - - - - - All known schemas. - - - - - The most common schemas. - - - - - Helper methods shared by multiple messages in the Attribute Exchange extension. - - - - - Adds a request for an attribute considering it 'required'. - - The attribute request collection. - The type URI of the required attribute. - collection != null - collection == null - - - - Adds a request for an attribute without considering it 'required'. - - The attribute request collection. - The type URI of the requested attribute. - collection != null - collection == null - - - - Adds a given attribute with one or more values to the request for storage. - Applicable to Relying Parties only. - - The collection of to add to. - The type URI of the attribute. - The attribute values. - collection != null - collection == null - - - - Serializes a set of attribute values to a dictionary of fields to send in the message. - - The dictionary to fill with serialized attributes. - The attributes. - fields != null - fields == null - attributes != null - attributes == null - - - - Deserializes attribute values from an incoming set of message data. - - The data coming in with the message. - The attribute values found in the message. - - - - Reads through the attributes included in the response to discover - the alias-TypeURI relationships. - - The data included in the extension message. - The alias manager that provides lookup between aliases and type URIs. - fields != null - fields == null - - - - Attribute Exchange constants - - - - - The TypeURI by which the AX extension is recognized in - OpenID messages and in XRDS documents. - - - - - The Attribute Exchange Fetch message, request leg. - - - - - A handy base class for built-in extensions. - - - - - The contract any OpenID extension for DotNetOpenAuth must implement. - - - Classes that implement this interface should be marked as - [] to allow serializing state servers - to cache messages, particularly responses. - - - - - Gets the TypeURI the extension uses in the OpenID protocol and in XRDS advertisements. - - - !String.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the additional TypeURIs that are supported by this extension, in preferred order. - May be empty if none other than is supported, but - should not be null. - - - Useful for reading in messages with an older version of an extension. - The value in the property is always checked before - trying this list. - If you do support multiple versions of an extension using this method, - consider adding a CreateResponse method to your request extension class - so that the response can have the context it needs to remain compatible - given the version of the extension in the request message. - The for an example. - - - Contract.Result<IEnumerable<string>>() != null - - - - - Gets or sets a value indicating whether this extension was - signed by the sender. - - - true if this instance is signed by the sender; otherwise, false. - - - - - Backing store for the property. - - - - - Backing store for the property. - - - - - Backing store for the property. - - - - - Initializes a new instance of the class. - - The version of the extension. - The type URI to use in the OpenID message. - The additional supported type URIs by which this extension might be recognized. May be null. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the TypeURI the extension uses in the OpenID protocol and in XRDS advertisements. - - - !String.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the additional TypeURIs that are supported by this extension, in preferred order. - May be empty if none other than is supported, but - should not be null. - - - Useful for reading in messages with an older version of an extension. - The value in the property is always checked before - trying this list. - If you do support multiple versions of an extension using this method, - consider adding a CreateResponse method to your request extension class - so that the response can have the context it needs to remain compatible - given the version of the extension in the request message. - The for an example. - - - Contract.Result<IEnumerable<string>>() != null - - - - - Gets or sets a value indicating whether this extension was - signed by the OpenID Provider. - - - true if this instance is signed by the provider; otherwise, false. - - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - Contract.Result<Version>() != null - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IDictionary<string, string>>() != null - - - - - Gets the TypeURI the extension uses in the OpenID protocol and in XRDS advertisements. - - - - - Gets or sets a value indicating whether this extension was - signed by the OpenID Provider. - - - true if this instance is signed by the provider; otherwise, false. - - - - - Gets the additional TypeURIs that are supported by this extension, in preferred order. - May be empty if none other than is supported, but - should not be null. - - - - Useful for reading in messages with an older version of an extension. - The value in the property is always checked before - trying this list. - If you do support multiple versions of an extension using this method, - consider adding a CreateResponse method to your request extension class - so that the response can have the context it needs to remain compatible - given the version of the extension in the request message. - The for an example. - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - - Implementations of this interface should ensure that this property never returns null. - - - - - The value for the 'mode' parameter. - - - - - The factory method that may be used in deserialization of this message. - - - - - Characters that may not appear in an attribute alias list. - - - - - Characters that may not appear in an attribute Type URI alias. - - - - - The collection of requested attributes. - - - - - Initializes a new instance of the class. - - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Splits a list of aliases by their commas. - - The comma-delimited list of aliases. May be null or empty. - The list of aliases. Never null, but may be empty. - - - - Gets a collection of the attributes whose values are - requested by the Relying Party. - - A collection where the keys are the attribute type URIs, and the value - is all the attribute request details. - - Contract.Result<KeyedCollection<string, AttributeRequest>>() != null - - - - - Gets or sets the URL that the OpenID Provider may re-post the fetch response - message to at some time after the initial response has been sent, using an - OpenID Authentication Positive Assertion to inform the relying party of updates - to the requested fields. - - - - - Gets or sets a list of aliases for optional attributes. - - A comma-delimited list of aliases. - - - - Gets or sets a list of aliases for required attributes. - - A comma-delimited list of aliases. - - - - The Attribute Exchange Fetch message, response leg. - - - - - The value of the 'mode' parameter. - - - - - The factory method that may be used in deserialization of this message. - - - - - The collection of provided attributes. This field will never be null. - - - - - Initializes a new instance of the class. - - - - - Gets the first attribute value provided for a given attribute Type URI. - - - The type URI of the attribute. - Usually a constant from . - - The first value provided for the attribute, or null if the attribute is missing or no values were provided. - - - This is meant as a helper method for the common case of just wanting one attribute value. - For greater flexibility or to retrieve more than just the first value for an attribute, - use the collection directly. - - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets a sequence of the attributes whose values are provided by the OpenID Provider. - - - Contract.Result<KeyedCollection<string, AttributeValues>>() != null - - - - - Gets a value indicating whether the OpenID Provider intends to - honor the request for updates. - - - - - Gets or sets the URL the OpenID Provider will post updates to. - Must be set if the Provider supports and will use this feature. - - - - - Gets a value indicating whether this extension is signed by the Provider. - - - true if this instance is signed by the Provider; otherwise, false. - - - - - The Attribute Exchange Store message, request leg. - - - - - The value of the 'mode' parameter. - - - - - The factory method that may be used in deserialization of this message. - - - - - The collection of provided attribute values. This field will never be null. - - - - - Initializes a new instance of the class. - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Gets the collection of all the attributes that are included in the store request. - - - - - The Attribute Exchange Store message, response leg. - - - - - The value of the mode parameter used to express a successful store operation. - - - - - The value of the mode parameter used to express a store operation failure. - - - - - The factory method that may be used in deserialization of this message. - - - - - Initializes a new instance of the class - to represent a successful store operation. - - - - - Initializes a new instance of the class - to represent a failed store operation. - - The reason for failure. - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets or sets a value indicating whether the storage request succeeded. - - Defaults to true. - - - - Gets or sets the reason for the failure, if applicable. - - - - - Gets a value indicating whether this extension is signed by the Provider. - - - true if this instance is signed by the Provider; otherwise, false. - - - - - Gets or sets the mode argument. - - One of 'store_response_success' or 'store_response_failure'. - - - - Attribute types defined at http://www.axschema.org/types/. - - - If you don't see what you need here, check that URL to see if any have been added. - You can use new ones directly without adding them to this class, and can even make - up your own if you expect the other end to understand what you make up. - - - - - Inherent attributes about a personality such as gender and bio. - - - - Gender, either "M" or "F" - "M", "F" - - - Biography (text) - "I am the very model of a modern Major General." - - - - Preferences such as language and timezone. - - - - Preferred language, as per RFC4646 - "en-US" - - - Home time zone information (as specified in zoneinfo) - "America/Pacific" - - - - The names a person goes by. - - - - Subject's alias or "screen" name - "Johnny5" - - - Full name of subject - "John Doe" - - - Honorific prefix for the subject's name - "Mr.", "Mrs.", "Dr." - - - First or given name of subject - "John" - - - Last name or surname of subject - "Smith" - - - Middle name(s) of subject - "Robert" - - - Suffix of subject's name - "III", "Jr." - - - - Business affiliation. - - - - Company name (employer) - "Springfield Power" - - - Employee title - "Engineer" - - - - Information about a person's birthdate. - - - - Date of birth. - "1979-01-01" - - - Year of birth (four digits) - "1979" - - - Month of birth (1-12) - "05" - - - Day of birth - "31" - - - - Various ways to contact a person. - - - - Internet SMTP email address as per RFC2822 - "jsmith@isp.example.com" - - - - Various types of phone numbers. - - - - Main phone number (preferred) - +1-800-555-1234 - - - Home phone number - +1-800-555-1234 - - - Business phone number - +1-800-555-1234 - - - Cellular (or mobile) phone number - +1-800-555-1234 - - - Fax number - +1-800-555-1234 - - - - The many fields that make up an address. - - - - Home postal address: street number, name and apartment number - "#42 135 East 1st Street" - - - "#42 135 East 1st Street" - "Box 67" - - - Home city name - "Vancouver" - - - Home state or province name - "BC" - - - Home country code in ISO.3166.1988 (alpha 2) format - "CA" - - - Home postal code; region specific format - "V5A 4B2" - - - - The many fields that make up an address. - - - - Business postal address: street number, name and apartment number - "#42 135 East 1st Street" - - - "#42 135 East 1st Street" - "Box 67" - - - Business city name - "Vancouver" - - - Business state or province name - "BC" - - - Business country code in ISO.3166.1988 (alpha 2) format - "CA" - - - Business postal code; region specific format - "V5A 4B2" - - - - Various handles for instant message clients. - - - - AOL instant messaging service handle - "jsmith421234" - - - ICQ instant messaging service handle - "1234567" - - - MSN instant messaging service handle - "jsmith42@hotmail.com" - - - Yahoo! instant messaging service handle - "jsmith421234" - - - Jabber instant messaging service handle - "jsmith@jabber.example.com" - - - Skype instant messaging service handle - "jsmith42" - - - - Various web addresses connected with this personality. - - - - Web site URL - "http://example.com/~jsmith/" - - - Blog home page URL - "http://example.com/jsmith_blog/" - - - LinkedIn URL - "http://www.linkedin.com/pub/1/234/56" - - - Amazon URL - "http://www.amazon.com/gp/pdp/profile/A24DLKJ825" - - - Flickr URL - "http://flickr.com/photos/jsmith42/" - - - del.icio.us URL - "http://del.icio.us/jsmith42" - - - - Audio and images of this personality. - - - - Spoken name (web URL) - "http://example.com/~jsmith/john_smith.wav" - - - Audio greeting (web URL) - "http://example.com/~jsmith/i_greet_you.wav" - - - Video greeting (web URL) - "http://example.com/~jsmith/i_greet_you.mov" - - - - Images of this personality. - - - - Image (web URL); unspecified dimension - "http://example.com/~jsmith/image.jpg" - - - Image (web URL) with equal width and height - "http://example.com/~jsmith/image.jpg" - - - Image (web URL) 4:3 aspect ratio - landscape - "http://example.com/~jsmith/image.jpg" - - - Image (web URL) 4:3 aspect ratio - landscape - "http://example.com/~jsmith/image.jpg" - - - Image (web URL); favicon format as per FAVICON-W3C. The format for the image must be 16x16 pixels or 32x32 pixels, using either 8-bit or 24-bit colors. The format of the image must be one of PNG (a W3C standard), GIF, or ICO. - "http://example.com/~jsmith/image.jpg" - - - - Manages the processing and construction of OpenID extensions parts. - - - - - This contains a set of aliases that we must be willing to implicitly - match to namespaces for backward compatibility with other OpenID libraries. - - - - - The version of OpenID that the message is using. - - - - - Whether extensions are being read or written. - - - - - The alias manager that will track Type URI to alias mappings. - - - - - A complex dictionary where the key is the Type URI of the extension, - and the value is another dictionary of the name/value args of the extension. - - - - - Prevents a default instance of the class from being created. - - - - - Creates a instance to process incoming extensions. - - The parameters in the OpenID message. - The newly created instance of . - query != null - query == null - - - - Creates a instance to prepare outgoing extensions. - - The protocol version used for the outgoing message. - - The newly created instance of . - - - - - Adds query parameters for OpenID extensions to the request directed - at the OpenID provider. - - The extension type URI. - The arguments for this extension to add to the message. - !this.ReadMode - this.ReadMode - !String.IsNullOrEmpty(extensionTypeUri) - String.IsNullOrEmpty(extensionTypeUri) - arguments != null - arguments == null - - - - Gets the actual arguments to add to a querystring or other response, - where type URI, alias, and actual key/values are all defined. - - - true if the generated parameter names should include the 'openid.' prefix. - This should be true for all but direct response messages. - - A dictionary of key=value pairs to add to the message to carry the extension. - !this.ReadMode - this.ReadMode - - - - Gets the fields carried by a given OpenId extension. - - The type URI of the extension whose fields are being queried for. - - The fields included in the given extension, or null if the extension is not present. - - !String.IsNullOrEmpty(extensionTypeUri) - String.IsNullOrEmpty(extensionTypeUri) - this.ReadMode - !(this.ReadMode) - - - - Gets whether any arguments for a given extension are present. - - The extension Type URI in question. - - true if this extension is present; false otherwise. - - - - Gets the type URIs of all discovered extensions in the message. - - A sequence of the type URIs. - - - - Gets a value indicating whether the extensions are being read (as opposed to written). - - - - - An interface that OpenID extensions can implement to allow authentication response - messages with included extensions to be processed by Javascript on the user agent. - - - - - Reads the extension information on an authentication response from the provider. - - The incoming OpenID response carrying the extension. - - A Javascript snippet that when executed on the user agent returns an object with - the information deserialized from the extension response. - - - This method is called before the signature on the assertion response has been - verified. Therefore all information in these fields should be assumed unreliable - and potentially falsified. - - - - - An extension to include with an authentication request in order to also - obtain authorization to access user data at the combined OpenID Provider - and Service Provider. - - - When requesting OpenID Authentication via the protocol mode "checkid_setup" - or "checkid_immediate", this extension can be used to request that the end - user authorize an OAuth access token at the same time as an OpenID - authentication. This is done by sending the following parameters as part - of the OpenID request. (Note that the use of "oauth" as part of the parameter - names here and in subsequent sections is just an example. See Section 5 for details.) - See section 8. - - - - - The factory method that may be used in deserialization of this message. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the consumer key agreed upon between the Consumer and Service Provider. - - - - - Gets or sets a string that encodes, in a way possibly specific to the Combined Provider, one or more scopes for the OAuth token expected in the authentication response. - - - - - The OAuth response that a Provider may include with a positive - OpenID identity assertion with an approved request token. - - - - - The factory method that may be used in deserialization of this message. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the user-approved request token. - - The request token. - - - - Gets or sets a string that encodes, in a way possibly specific to the Combined Provider, one or more scopes that the returned request token is valid for. This will typically indicate a subset of the scopes requested in Section 8. - - - - - Constants used in the OpenID OAuth extension. - - - - - The TypeURI for the OpenID OAuth extension. - - - - - The name of the parameter that carries the request token in the response. - - - - - The OAuth response that a Provider should include with a positive - OpenID identity assertion when OAuth authorization was declined. - - - - - The factory method that may be used in deserialization of this message. - - - - - Initializes a new instance of the class. - - - - - An OpenID extension factory that only delegates extension - instantiation requests to other factories. - - - - - The list of factories this factory delegates to. - - - - - Initializes a new instance of the class. - - - - - Creates a new instance of some extension based on the received extension parameters. - - The type URI of the extension. - The parameters associated specifically with this extension. - The OpenID message carrying this extension. - A value indicating whether this extension is being received at the OpenID Provider. - - An instance of if the factory recognizes - the extension described in the input parameters; null otherwise. - - - This factory method need only initialize properties in the instantiated extension object - that are not bound using . - - - - - Loads the default factory and additional ones given by the configuration. - - A new instance of . - Contract.Result<OpenIdExtensionFactoryAggregator>() != null - - - - Gets the extension factories that this aggregating factory delegates to. - - A list of factories. May be empty, but never null. - - - - An OpenID extension factory that supports registration so that third-party - extensions can add themselves to this library's supported extension list. - - - - - A collection of the registered OpenID extensions. - - - - - Initializes a new instance of the class. - - - - - Creates a new instance of some extension based on the received extension parameters. - - The type URI of the extension. - The parameters associated specifically with this extension. - The OpenID message carrying this extension. - A value indicating whether this extension is being received at the OpenID Provider. - - An instance of if the factory recognizes - the extension described in the input parameters; null otherwise. - - - This factory method need only initialize properties in the instantiated extension object - that are not bound using . - - - - - Registers a new extension delegate. - - The factory method that can create the extension. - - - - A delegate that individual extensions may register with this factory. - - The type URI of the extension. - The parameters associated specifically with this extension. - The OpenID message carrying this extension. - A value indicating whether this extension is being received at the OpenID Provider. - - An instance of if the factory recognizes - the extension described in the input parameters; null otherwise. - - - - - Well-known authentication policies defined in the PAPE extension spec or by a recognized - standards body. - - - This is a class of constants rather than a flags enum because policies may be - freely defined and used by anyone, just by using a new Uri. - - - - - An authentication mechanism where the End User does not provide a shared secret to a party potentially under the control of the Relying Party. (Note that the potentially malicious Relying Party controls where the User-Agent is redirected to and thus may not send it to the End User's actual OpenID Provider). - - - - - An authentication mechanism where the End User authenticates to the OpenID Provider by providing over one authentication factor. Common authentication factors are something you know, something you have, and something you are. An example would be authentication using a password and a software token or digital certificate. - - - - - An authentication mechanism where the End User authenticates to the OpenID Provider by providing over one authentication factor where at least one of the factors is a physical factor such as a hardware device or biometric. Common authentication factors are something you know, something you have, and something you are. This policy also implies the Multi-Factor Authentication policy (http://schemas.openid.net/pape/policies/2007/06/multi-factor) and both policies MAY BE specified in conjunction without conflict. An example would be authentication using a password and a hardware token. - - - - - Indicates that the Provider MUST use a pair-wise pseudonym for the user that is persistent - and unique across the requesting realm as the openid.claimed_id and openid.identity (see Section 4.2). - - - - - Indicates that the OP MUST only respond with a positive assertion if the requirements demonstrated - by the OP to obtain certification by a Federally adopted Trust Framework Provider have been met. - - - Notwithstanding the RP may request this authentication policy, the RP MUST still - verify that this policy appears in the positive assertion response rather than assume the OP - recognized and complied with the request. - - - - - Indicates that the OP MUST not include any OpenID Attribute Exchange or Simple Registration - information regarding the user in the assertion. - - - - - Used in a PAPE response to indicate that no PAPE authentication policies could be satisfied. - - - Used internally by the PAPE extension, so that users don't have to know about it. - - - - - OpenID Provider Authentication Policy extension constants. - - - - - The namespace used by this extension in messages. - - - - - The namespace alias to use for OpenID 1.x interop, where aliases are not defined in the message. - - - - - The string to prepend on an Auth Level Type alias definition. - - - - - Well-known assurance level Type URIs. - - - - - The Type URI of the NIST assurance level. - - - - - A mapping between the PAPE TypeURI and the alias to use if - possible for backward compatibility reasons. - - - - - Parameters to be included with PAPE requests. - - - - - Optional. If the End User has not actively authenticated to the OP within the number of seconds specified in a manner fitting the requested policies, the OP SHOULD authenticate the End User for this request. - - Integer value greater than or equal to zero in seconds. - - The OP should realize that not adhering to the request for re-authentication most likely means that the End User will not be allowed access to the services provided by the RP. If this parameter is absent in the request, the OP should authenticate the user at its own discretion. - - - - - Zero or more authentication policy URIs that the OP SHOULD conform to when authenticating the user. If multiple policies are requested, the OP SHOULD satisfy as many as it can. - - Space separated list of authentication policy URIs. - - If no policies are requested, the RP may be interested in other information such as the authentication age. - - - - - The space separated list of the name spaces of the custom Assurance Level that RP requests, in the order of its preference. - - - - - An encoder/decoder design for DateTimes that must conform to the PAPE spec. - - - The timestamp MUST be formatted as specified in section 5.6 of [RFC3339] (Klyne, G. and C. Newman, “Date and Time on the Internet: Timestamps,” .), with the following restrictions: - * All times must be in the UTC timezone, indicated with a "Z". - * No fractional seconds are allowed - For example: 2005-05-15T17:11:51Z - - - - - An array of the date/time formats allowed by the PAPE extension. - - - TODO: This array of formats is not yet a complete list. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Descriptions for NIST-defined levels of assurance that a credential - has not been compromised and therefore the extent to which an - authentication assertion can be trusted. - - - One using this enum should review the following publication for details - before asserting or interpreting what these levels signify, notwithstanding - the brief summaries attached to each level in DotNetOpenAuth documentation. - http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf - - See PAPE spec Appendix A.1.2 (NIST Assurance Levels) for high-level example classifications of authentication methods within the defined levels. - - - - - - Not an assurance level defined by NIST, but rather SHOULD be used to - signify that the OP recognizes the parameter and the End User - authentication did not meet the requirements of Level 1. - - - - - See this document for a thorough description: - http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf - - - - - See this document for a thorough description: - http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf - - - - - See this document for a thorough description: - http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf - - - - - See this document for a thorough description: - http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf - - - - - Utility methods for use by the PAPE extension. - - - - - Looks at the incoming fields and figures out what the aliases and name spaces for auth level types are. - - The incoming message data in which to discover TypeURIs and aliases. - The initialized with the given data. - - - - Concatenates a sequence of strings using a space as a separator. - - The elements to concatenate together.. - The concatenated string of elements. - Thrown if any element in the sequence includes a space. - values != null - values == null - - - - The PAPE request part of an OpenID Authentication request message. - - - - - The factory method that may be used in deserialization of this message. - - - - - The transport field for the RP's preferred authentication policies. - - - This field is written to/read from during custom serialization. - - - - - Initializes a new instance of the class. - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Serializes the policies as a single string per the PAPE spec.. - - The policies to include in the list. - The concatenated string of the given policies. - - - - Serializes the auth levels to a list of aliases. - - The preferred auth level types. - The alias manager. - A space-delimited list of aliases. - - - - Gets or sets the maximum acceptable time since the End User has - actively authenticated to the OP in a manner fitting the requested - policies, beyond which the Provider SHOULD authenticate the - End User for this request. - - - The OP should realize that not adhering to the request for re-authentication - most likely means that the End User will not be allowed access to the - services provided by the RP. If this parameter is absent in the request, - the OP should authenticate the user at its own discretion. - - - - - Gets the list of authentication policy URIs that the OP SHOULD - conform to when authenticating the user. If multiple policies are - requested, the OP SHOULD satisfy as many as it can. - - List of authentication policy URIs obtainable from - the class or from a custom - list. - - If no policies are requested, the RP may be interested in other - information such as the authentication age. - - - - - Gets the namespaces of the custom Assurance Level the - Relying Party requests, in the order of its preference. - - - - - The PAPE response part of an OpenID Authentication response message. - - - - - The first part of a parameter name that gives the custom string value for - the assurance level. The second part of the parameter name is the alias for - that assurance level. - - - - - The factory method that may be used in deserialization of this message. - - - - - One or more authentication policy URIs that the OP conformed to when authenticating the End User. - - Space separated list of authentication policy URIs. - - If no policies were met though the OP wishes to convey other information in the response, this parameter MUST be included with the value of "none". - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Serializes the applied policies for transmission from the Provider - to the Relying Party. - - The applied policies. - A space-delimited list of applied policies. - - - - Gets a list of authentication policy URIs that the - OP conformed to when authenticating the End User. - - - - - Gets or sets the most recent timestamp when the End User has - actively authenticated to the OP in a manner fitting the asserted policies. - - - If the RP's request included the "openid.max_auth_age" parameter - then the OP MUST include "openid.auth_time" in its response. - If "openid.max_auth_age" was not requested, the OP MAY choose to include - "openid.auth_time" in its response. - - - - - Gets or sets the Assurance Level as defined by the National - Institute of Standards and Technology (NIST) in Special Publication - 800-63 (Burr, W., Dodson, D., and W. Polk, Ed., “Electronic - Authentication Guideline,” April 2006.) [NIST_SP800‑63] corresponding - to the authentication method and policies employed by the OP when - authenticating the End User. - - - See PAPE spec Appendix A.1.2 (NIST Assurance Levels) for high-level - example classifications of authentication methods within the defined - levels. - - - - - Gets a dictionary where keys are the authentication level type URIs and - the values are the per authentication level defined custom value. - - - A very common key is - and values for this key are available in . - - - - - Gets a value indicating whether this extension is signed by the Provider. - - - true if this instance is signed by the Provider; otherwise, false. - - - - - Encodes and decodes the as an integer of total seconds. - - - - - Initializes a new instance of the class. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Carries the request/require/none demand state of the simple registration fields. - - - - - The factory method that may be used in deserialization of this message. - - - - - The type URI that this particular (deserialized) extension was read in using, - allowing a response to alter be crafted using the same type URI. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - by deserializing from a message. - - The type URI this extension was recognized by in the OpenID message. - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Tests equality between two structs. - - One instance to compare. - Another instance to compare. - The result of the operator. - - - - Tests inequality between two structs. - - One instance to compare. - Another instance to compare. - The result of the operator. - - - - Tests equality between two structs. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Renders the requested information as a string. - - - A that represents the current . - - Contract.Result<string>() != null - - - - Prepares a Simple Registration response extension that is compatible with the - version of Simple Registration used in the request message. - - The newly created instance. - - - - Sets the profile request properties according to a list of - field names that might have been passed in the OpenId query dictionary. - - - The list of field names that should receive a given - . These field names should match - the OpenId specification for field names, omitting the 'openid.sreg' prefix. - - The none/request/require state of the listed fields. - - - - Assembles the profile parameter names that have a given . - - The demand level (request, require, none). - An array of the profile parameter names that meet the criteria. - - - - Gets or sets the URL the consumer site provides for the authenticating user to review - for how his claims will be used by the consumer web site. - - - - - Gets or sets the level of interest a relying party has in the nickname of the user. - - - - - Gets or sets the level of interest a relying party has in the email of the user. - - - - - Gets or sets the level of interest a relying party has in the full name of the user. - - - - - Gets or sets the level of interest a relying party has in the birthdate of the user. - - - - - Gets or sets the level of interest a relying party has in the gender of the user. - - - - - Gets or sets the level of interest a relying party has in the postal code of the user. - - - - - Gets or sets the level of interest a relying party has in the Country of the user. - - - - - Gets or sets the level of interest a relying party has in the language of the user. - - - - - Gets or sets the level of interest a relying party has in the time zone of the user. - - - - - Gets or sets a value indicating whether this instance - is synthesized from an AX request at the Provider. - - - - - Gets or sets the value of the sreg.required parameter. - - A comma-delimited list of sreg fields. - - - - Gets or sets the value of the sreg.optional parameter. - - A comma-delimited list of sreg fields. - - - - A struct storing Simple Registration field values describing an - authenticating user. - - - - - The factory method that may be used in deserialization of this message. - - - - - The allowed format for birthdates. - - - - - Storage for the raw string birthdate value. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - - The type URI that must be used to identify this extension in the response message. - This value should be the same one the relying party used to send the extension request. - - !String.IsNullOrEmpty(typeUriToUse) - String.IsNullOrEmpty(typeUriToUse) - - - - Tests equality of two objects. - - One instance to compare. - Another instance to compare. - The result of the operator. - - - - Tests inequality of two objects. - - One instance to compare. - Another instance to compare. - The result of the operator. - - - - Tests equality of two objects. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Reads the extension information on an authentication response from the provider. - - The incoming OpenID response carrying the extension. - - A Javascript snippet that when executed on the user agent returns an object with - the information deserialized from the extension response. - - - This method is called before the signature on the assertion response has been - verified. Therefore all information in these fields should be assumed unreliable - and potentially falsified. - - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Translates an empty string value to null, or passes through non-empty values. - - The value to consider changing to null. - Either null or a non-empty string. - - - - Gets or sets the nickname the user goes by. - - - - - Gets or sets the user's email address. - - - - - Gets or sets the full name of a user as a single string. - - - - - Gets or sets the user's birthdate. - - - - - Gets or sets the raw birth date string given by the extension. - - A string in the format yyyy-MM-dd. - - - - Gets or sets the gender of the user. - - - - - Gets or sets the zip code / postal code of the user. - - - - - Gets or sets the country of the user. - - - - - Gets or sets the primary/preferred language of the user. - - - - - Gets or sets the user's timezone. - - - - - Gets a combination of the user's full name and email address. - - - - - Gets or sets a combination o the language and country of the user. - - - - - Gets a value indicating whether this extension is signed by the Provider. - - - true if this instance is signed by the Provider; otherwise, false. - - - - - Simple Registration constants - - - - - Additional type URIs that this extension is sometimes known by remote parties. - - - - - Specifies what level of interest a relying party has in obtaining the value - of a given field offered by the Simple Registration extension. - - - - - The relying party has no interest in obtaining this field. - - - - - The relying party would like the value of this field, but wants - the Provider to display the field to the user as optionally provided. - - - - - The relying party considers this a required field as part of - authentication. The Provider and/or user agent MAY still choose to - not provide the value of the field however, according to the - Simple Registration extension specification. - - - - - Indicates the gender of a user. - - - - - The user is male. - - - - - The user is female. - - - - - Encodes/decodes the Simple Registration Gender type to its string representation. - - - - - Encodes the specified value. - - The value. Guaranteed to never be null. - - The in string form, ready for message transport. - - value != null - value == null - - - - Decodes the specified value. - - The string value carried by the transport. Guaranteed to never be null, although it may be empty. - - The deserialized form of the given string. - - Thrown when the string value given cannot be decoded into the required object type. - value != null - value == null - - - - Constants used to support the UI extension. - - - - - The type URI associated with this extension. - - - - - The Type URI that appears in an XRDS document when the OP supports popups through the UI extension. - - - - - The Type URI that appears in an XRDS document when the OP supports the RP - specifying the user's preferred language through the UI extension. - - - - - The Type URI that appears in the XRDS document when the OP supports the RP - specifying the icon for the OP to display during authentication through the UI extension. - - - - - Constants used in implementing support for the UI extension. - - - - - The required width of the popup window the relying party creates for the provider. - - - - - The required height of the popup window the relying party creates for the provider. - - - - - Gets the window.open javascript snippet to use to open a popup window - compliant with the UI extension. - - The relying party. - The authentication request to place in the window. - The name to assign to the popup window. - A string starting with 'window.open' and forming just that one method call. - relyingParty != null - relyingParty == null - request != null - request == null - !string.IsNullOrEmpty(windowName) - string.IsNullOrEmpty(windowName) - - - - Valid values for the mode parameter of the OpenID User Interface extension. - - - - - Indicates that the Provider's authentication page appears in a popup window. - - The constant "popup". - - The RP SHOULD create the popup to be 450 pixels wide and 500 pixels tall. The popup MUST have the address bar displayed, and MUST be in a standalone browser window. The contents of the popup MUST NOT be framed by the RP. - The RP SHOULD open the popup centered above the main browser window, and SHOULD dim the contents of the parent window while the popup is active. The RP SHOULD ensure that the user is not surprised by the appearance of the popup, and understands how to interact with it. - To keep the user popup user experience consistent, it is RECOMMENDED that the OP does not resize the popup window unless the OP requires additional space to show special features that are not usually displayed as part of the default popup user experience. - The OP MAY close the popup without returning a response to the RP. Closing the popup without sending a response should be interpreted as a negative assertion. - The response to an authentication request in a popup is unchanged from [OpenID 2.0] (OpenID 2.0 Workgroup, “OpenID 2.0,” .). Relying Parties detecting that the popup was closed without receiving an authentication response SHOULD interpret the close event to be a negative assertion. - - - - - OpenID User Interface extension 1.0 request message. - - - Implements the extension described by: http://wiki.openid.net/f/openid_ui_extension_draft01.html - This extension only applies to checkid_setup requests, since checkid_immediate requests display - no UI to the user. - For rules about how the popup window should be displayed, please see the documentation of - . - An RP may determine whether an arbitrary OP supports this extension (and thereby determine - whether to use a standard full window redirect or a popup) via the - method. - - - - - The factory method that may be used in deserialization of this message. - - - - - Additional type URIs that this extension is sometimes known by remote parties. - - - - - Backing store for . - - - - - Initializes a new instance of the class. - - - - - Gets the URL of the RP icon for the OP to display. - - The realm of the RP where the authentication request originated. - The web request handler to use for discovery. - Usually available via OpenIdProvider.Channel.WebRequestHandler. - - A sequence of the RP's icons it has available for the Provider to display, in decreasing preferred order. - - The icon URL. - - This property is automatically set for the OP with the result of RP discovery. - RPs should set this value by including an entry such as this in their XRDS document. - - <Service xmlns="xri://$xrd*($v*2.0)"> - <Type>http://specs.openid.net/extensions/ui/icon</Type> - <URI>http://consumer.example.com/images/image.jpg</URI> - </Service> - - realm != null - webRequestHandler != null - - - - Gets the URL of the RP icon for the OP to display. - - The realm of the RP where the authentication request originated. - The Provider instance used to obtain the authentication request. - - A sequence of the RP's icons it has available for the Provider to display, in decreasing preferred order. - - The icon URL. - - This property is automatically set for the OP with the result of RP discovery. - RPs should set this value by including an entry such as this in their XRDS document. - - <Service xmlns="xri://$xrd*($v*2.0)"> - <Type>http://specs.openid.net/extensions/ui/icon</Type> - <URI>http://consumer.example.com/images/image.jpg</URI> - </Service> - - realm != null - provider != null - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Called when the message is about to be transmitted, - before it passes through the channel binding elements. - - - - - Called when the message has been received, - after it passes through the channel binding elements. - - - - - Gets or sets the list of user's preferred languages, sorted in decreasing preferred order. - - The default is the of the thread that created this instance. - - The user's preferred languages as a [BCP 47] language priority list, represented as a comma-separated list of BCP 47 basic language ranges in descending priority order. For instance, the value "fr-CA,fr-FR,en-CA" represents the preference for French spoken in Canada, French spoken in France, followed by English spoken in Canada. - - - - - Gets or sets the style of UI that the RP is hosting the OP's authentication page in. - - Some value from the class. Defaults to . - - - - Gets or sets a value indicating whether the Relying Party has an icon - it would like the Provider to display to the user while asking them - whether they would like to log in. - - - true if the Provider should display an icon; otherwise, false. - - By default, the Provider displays the relying party's favicon.ico. - - - - - Gets the TypeURI the extension uses in the OpenID protocol and in XRDS advertisements. - - - - !String.IsNullOrEmpty(Contract.Result<string>()) - - - - - Gets the additional TypeURIs that are supported by this extension, in preferred order. - May be empty if none other than is supported, but - should not be null. - - - Useful for reading in messages with an older version of an extension. - The value in the property is always checked before - trying this list. - If you do support multiple versions of an extension using this method, - consider adding a CreateResponse method to your request extension class - so that the response can have the context it needs to remain compatible - given the version of the extension in the request message. - The for an example. - - - Contract.Result<IEnumerable<string>>() != null - - - - - Gets or sets a value indicating whether this extension was - signed by the sender. - - - true if this instance is signed by the sender; otherwise, false. - - - - - Gets the version of the protocol or extension this message is prepared to implement. - - The value 1.0. - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<Version>() != null - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IDictionary<string, string>>() != null - - - - - The discovery service to support host-meta based discovery, such as Google Apps for Domains. - - - The spec for this discovery mechanism can be found at: - http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains - and the XMLDSig spec referenced in that spec can be found at: - http://wiki.oasis-open.org/xri/XrdOne/XmlDsigProfile - - - - - A module that provides discovery services for OpenID identifiers. - - - - - Performs discovery on the specified identifier. - - The identifier to perform discovery on. - The means to place outgoing HTTP requests. - if set to true, no further discovery services will be called for this identifier. - - A sequence of service endpoints yielded by discovery. Must not be null, but may be empty. - - - identifier != null - identifier == null - requestHandler != null - requestHandler == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Path to the well-known location of the host-meta document at a domain. - - - - - The URI template for discovery host-meta on domains hosted by - Google Apps for Domains. - - - - - The pattern within a host-meta file to look for to obtain the URI to the XRDS document. - - - - - Initializes a new instance of the class. - - - - - Performs discovery on the specified identifier. - - The identifier to perform discovery on. - The means to place outgoing HTTP requests. - if set to true, no further discovery services will be called for this identifier. - - A sequence of service endpoints yielded by discovery. Must not be null, but may be empty. - - identifier != null - identifier == null - requestHandler != null - requestHandler == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Gets the XRD elements that have a given CanonicalID. - - The XRDS document. - The CanonicalID to match on. - A sequence of XRD elements. - - - - Gets the described-by services in XRD elements. - - The XRDs to search. - A sequence of services. - xrds != null - xrds == null - Contract.Result<IEnumerable<ServiceElement>>() != null - - - - Gets the services for an identifier that are described by an external XRDS document. - - The XRD elements to search for described-by services. - The identifier under discovery. - The request handler. - The discovered services. - xrds != null - xrds == null - identifier != null - identifier == null - requestHandler != null - requestHandler == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Validates the XML digital signature on an XRDS document. - - The XRDS document whose signature should be validated. - The identifier under discovery. - The response. - The host name on the certificate that should be used to verify the signature in the XRDS. - Thrown if the XRDS document has an invalid or a missing signature. - document != null - document == null - identifier != null - identifier == null - response != null - response == null - - - - Verifies the cert chain. - - The certs. - - This must be in a method of its own because there is a LinkDemand on the - method. By being in a method of its own, the caller of this method may catch a - that is thrown if we're not running with full trust and execute - an alternative plan. - - Thrown if the certificate chain is invalid or unverifiable. - - - - Gets the XRDS HTTP response for a given identifier. - - The identifier. - The request handler. - The location of the XRDS document to retrieve. - - A HTTP response carrying an XRDS document. - - Thrown if the XRDS document could not be obtained. - identifier != null - identifier == null - requestHandler != null - requestHandler == null - xrdsLocation != null - xrdsLocation == null - Contract.Result<IncomingWebResponse>() != null - - - - Gets the XRDS HTTP response for a given identifier. - - The identifier. - The request handler. - The host name on the certificate that should be used to verify the signature in the XRDS. - A HTTP response carrying an XRDS document, or null if one could not be obtained. - Thrown if the XRDS document could not be obtained. - identifier != null - identifier == null - requestHandler != null - requestHandler == null - - - - Gets the location of the XRDS document that describes a given identifier. - - The identifier under discovery. - The request handler. - The host name on the certificate that should be used to verify the signature in the XRDS. - An absolute URI, or null if one could not be determined. - identifier != null - identifier == null - requestHandler != null - requestHandler == null - - - - Gets the host-meta for a given identifier. - - The identifier. - The request handler. - The host name on the certificate that should be used to verify the signature in the XRDS. - - The host-meta response, or null if no host-meta document could be obtained. - - identifier != null - identifier == null - requestHandler != null - requestHandler == null - - - - Gets the URIs authorized to host host-meta documents on behalf of a given domain. - - The identifier. - A sequence of URIs that MAY provide the host-meta for a given identifier. - identifier != null - identifier == null - - - - Gets the set of URI templates to use to contact host-meta hosting proxies - for domain discovery. - - - - - Gets or sets a value indicating whether to trust Google to host domains' host-meta documents. - - - This property is just a convenient mechanism for checking or changing the set of - trusted host-meta proxies in the property. - - - - - A description of a web server that hosts host-meta documents. - - - - - Initializes a new instance of the class. - - The proxy formatting string. - The signing host formatting string. - !String.IsNullOrEmpty(proxyFormat) - String.IsNullOrEmpty(proxyFormat) - !String.IsNullOrEmpty(signingHostFormat) - String.IsNullOrEmpty(signingHostFormat) - - - - Gets the absolute proxy URI. - - The identifier being discovered. - The an absolute URI. - identifier != null - identifier == null - - - - Gets the signing host URI. - - The identifier being discovered. - A host name. - identifier != null - identifier == null - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Gets the URL of the host-meta proxy. - - The absolute proxy URL, which may include {0} to be replaced with the host of the identifier to be discovered. - - - - Gets the formatting string to determine the expected host name on the certificate - that is expected to be used to sign the XRDS document. - - - Either a string literal, or a formatting string where these placeholders may exist: - {0} the host on the identifier discovery was originally performed on; - {1} the host on this proxy. - - - - - An Identifier is either a "http" or "https" URI, or an XRI. - - - - - Initializes a new instance of the class. - - The original string before any normalization. - Whether the derived class is prepared to guarantee end-to-end discovery - and initial redirect for authentication is performed using SSL. - - - - Converts the string representation of an Identifier to its strong type. - - The identifier. - The particular Identifier instance to represent the value given. - identifier == null || identifier.Length > 0 - identifier != null && identifier.Length <= 0 - (identifier == null) == (Contract.Result<Identifier>() == null) - - - - Converts a given Uri to a strongly-typed Identifier. - - The identifier to convert. - The result of the conversion. - (identifier == null) == (Contract.Result<Identifier>() == null) - - - - Converts an Identifier to its string representation. - - The identifier to convert to a string. - The result of the conversion. - (identifier == null) == (Contract.Result<string>() == null) - - - - Parses an identifier string and automatically determines - whether it is an XRI or URI. - - Either a URI or XRI identifier. - An instance for the given value. - !String.IsNullOrEmpty(identifier) - String.IsNullOrEmpty(identifier) - Contract.Result<Identifier>() != null - - - - Parses an identifier string and automatically determines - whether it is an XRI or URI. - - Either a URI or XRI identifier. - if set to true this Identifier will serialize exactly as given rather than in its normalized form. - - An instance for the given value. - - !String.IsNullOrEmpty(identifier) - String.IsNullOrEmpty(identifier) - Contract.Result<Identifier>() != null - - - - Attempts to parse a string for an OpenId Identifier. - - The string to be parsed. - The parsed Identifier form. - - True if the operation was successful. False if the string was not a valid OpenId Identifier. - - - - - Checks the validity of a given string representation of some Identifier. - - The identifier. - - true if the specified identifier is valid; otherwise, false. - - !string.IsNullOrEmpty(identifier) - string.IsNullOrEmpty(identifier) - - - - Tests equality between two s. - - The first Identifier. - The second Identifier. - - true if the two instances should be considered equal; false otherwise. - - - - - Tests inequality between two s. - - The first Identifier. - The second Identifier. - - true if the two instances should be considered unequal; false if they are equal. - - - - - Tests equality between two s. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Gets the hash code for an for storage in a hashtable. - - - A hash code for the current . - - - - - Reparses the specified identifier in order to be assured that the concrete type that - implements the identifier is one of the well-known ones. - - The identifier. - Either or . - identifier != null - identifier == null - Contract.Result<Identifier>() != null - - - - Returns an that has no URI fragment. - Quietly returns the original if it is not - a or no fragment exists. - - A new instance if there was a - fragment to remove, otherwise this same instance.. - - Contract.Result<Identifier>() != null - - - - Converts a given identifier to its secure equivalent. - UriIdentifiers originally created with an implied HTTP scheme change to HTTPS. - Discovery is made to require SSL for the entire resolution process. - - - The newly created secure identifier. - If the conversion fails, retains - this identifiers identity, but will never discover any endpoints. - - - True if the secure conversion was successful. - False if the Identifier was originally created with an explicit HTTP scheme. - - Contract.ValueAtReturn(out secureIdentifier) != null - - - - Gets the original string that was normalized to create this Identifier. - - - - - Gets the Identifier in the form in which it should be serialized. - - - For Identifiers that were originally deserialized, this is the exact same - string that was deserialized. For Identifiers instantiated in some other way, this is - the normalized form of the string used to instantiate the identifier. - - - - - Gets or sets a value indicating whether instances are considered equal - based solely on their string reprsentations. - - - This property serves as a test hook, so that MockIdentifier instances can be considered "equal" - to UriIdentifier instances. - - - - - Gets a value indicating whether this Identifier will ensure SSL is - used throughout the discovery phase and initial redirect of authentication. - - - If this is false, a value of true may be obtained by calling - . - - - - - Gets a value indicating whether this instance was initialized from - deserializing a message. - - - This is interesting because when an Identifier comes from the network, - we can't normalize it and then expect signatures to still verify. - But if the Identifier is initialized locally, we can and should normalize it - before serializing it. - - - - - Code Contract for the class. - - - - - Prevents a default instance of the IdentifierContract class from being created. - - - - - Returns an that has no URI fragment. - Quietly returns the original if it is not - a or no fragment exists. - - - A new instance if there was a - fragment to remove, otherwise this same instance.. - - - - - Converts a given identifier to its secure equivalent. - UriIdentifiers originally created with an implied HTTP scheme change to HTTPS. - Discovery is made to require SSL for the entire resolution process. - - The newly created secure identifier. - If the conversion fails, retains - this identifiers identity, but will never discover any endpoints. - - True if the secure conversion was successful. - False if the Identifier was originally created with an explicit HTTP scheme. - - - - - A set of methods designed to assist in improving interop across different - OpenID implementations and their extensions. - - - - - The gender decoder to translate AX genders to Sreg. - - - - - Adds an Attribute Exchange (AX) extension to the authentication request - that asks for the same attributes as the Simple Registration (sreg) extension - that is already applied. - - The authentication request. - The attribute formats to use in the AX request. - - If discovery on the user-supplied identifier yields hints regarding which - extensions and attribute formats the Provider supports, this method MAY ignore the - argument and accomodate the Provider to minimize - the size of the request. - If the request does not carry an sreg extension, the method logs a warning but - otherwise quietly returns doing nothing. - - request != null - request == null - - - - Looks for Simple Registration and Attribute Exchange (all known formats) - response extensions and returns them as a Simple Registration extension. - - The authentication response. - if set to true unsigned extensions will be included in the search. - - The Simple Registration response if found, - or a fabricated one based on the Attribute Exchange extension if found, - or just an empty if there was no data. - Never null. - response != null - response == null - - - - Looks for Simple Registration and Attribute Exchange (all known formats) - request extensions and returns them as a Simple Registration extension, - and adds the new extension to the original request message if it was absent. - - The authentication request. - - The Simple Registration request if found, - or a fabricated one based on the Attribute Exchange extension if found, - or null if no attribute extension request is found. - request != null - request == null - - - - Converts the Simple Registration extension response to whatever format the original - attribute request extension came in. - - The authentication request with the response extensions already added. - - If the original attribute request came in as AX, the Simple Registration extension is converted - to an AX response and then the Simple Registration extension is removed from the response. - - - - - Gets the attribute value if available. - - The AX fetch response extension to look for the attribute value. - The type URI of the attribute, using the axschema.org format of . - The AX type URI formats to search. - - The first value of the attribute, if available. - - - - - Transforms an AX attribute type URI from the axschema.org format into a given format. - - The ax schema org format type URI. - The target format. Only one flag should be set. - The AX attribute type URI in the target format. - - - - Adds the AX attribute value to the response if it is non-empty. - - The AX Fetch response to add the attribute value to. - The attribute type URI in axschema.org format. - The target format of the actual attribute to write out. - The value of the attribute. - - - - Gets the demand level for an AX attribute. - - The AX fetch request to search for the attribute. - The type URI of the attribute in axschema.org format. - The demand level for the attribute. - ax != null - ax == null - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Tries to find the exact format of AX attribute Type URI supported by the Provider. - - The authentication request. - The attribute formats the RP will try if this discovery fails. - The AX format(s) to use based on the Provider's advertised AX support. - request != null - request == null - - - - Detects the AX attribute type URI format from a given sample. - - The type URIs to scan for recognized formats. - The first AX type URI format recognized in the list. - typeURIs != null - typeURIs == null - - - - Transforms an AX attribute type URI from the axschema.org format into a given format. - - The ax schema org format type URI. - The target format. Only one flag should be set. - The AX attribute type URI in the target format. - !String.IsNullOrEmpty(axSchemaOrgFormatTypeUri) - String.IsNullOrEmpty(axSchemaOrgFormatTypeUri) - - - - Splits the AX attribute format flags into individual values for processing. - - The formats to split up into individual flags. - A sequence of individual flags. - - - - Adds an attribute fetch request if it is not already present in the AX request. - - The AX request to add the attribute request to. - The format of the attribute's Type URI to use. - The attribute in axschema.org format. - The demand level. - ax != null - ax == null - !String.IsNullOrEmpty(axSchemaOrgFormatAttribute) - String.IsNullOrEmpty(axSchemaOrgFormatAttribute) - - - - The COM type used to provide details of an authentication result to a relying party COM client. - - - - - The response read in by the Relying Party. - - - - - Initializes a new instance of the class. - - The response. - response != null - response == null - - - - Gets an Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the provider endpoint that sent the assertion. - - - - - Gets a value indicating whether the authentication attempt succeeded. - - - - - Gets the Simple Registration response. - - - - - Gets details regarding a failed authentication attempt, if available. - - - - - A struct storing Simple Registration field values describing an - authenticating user. - - - - - The Simple Registration claims response message that this shim wraps. - - - - - Initializes a new instance of the class. - - The Simple Registration response to wrap. - response != null - response == null - - - - Gets the nickname the user goes by. - - - - - Gets the user's email address. - - - - - Gets the full name of a user as a single string. - - - - - Gets the raw birth date string given by the extension. - - A string in the format yyyy-MM-dd. - - - - Gets the gender of the user. - - - - - Gets the zip code / postal code of the user. - - - - - Gets the country of the user. - - - - - Gets the primary/preferred language of the user. - - - - - Gets the user's timezone. - - - - - The COM interface describing the DotNetOpenAuth functionality available to - COM client OpenID relying parties. - - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - - - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - - - An authentication request object that describes the HTTP response to - send to the user agent to initiate the authentication. - - Thrown if no OpenID endpoint could be found. - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - A comma-delimited list of simple registration fields to request as optional. - A comma-delimited list of simple registration fields to request as required. - - An authentication request object that describes the HTTP response to - send to the user agent to initiate the authentication. - - Thrown if no OpenID endpoint could be found. - - - - Gets the result of a user agent's visit to his OpenId provider in an - authentication attempt. Null if no response is available. - - The incoming request URL . - The form data that may have been included in the case of a POST request. - The Provider's response to a previous authentication request, or null if no response is present. - - - - Implementation of , providing a subset of the - functionality available to .NET clients. - - - - - The OpenIdRelyingParty instance to use for requests. - - - - - Initializes static members of the class. - - - - - Initializes a new instance of the class. - - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - - - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - - - An authentication request object that describes the HTTP response to - send to the user agent to initiate the authentication. - - Thrown if no OpenID endpoint could be found. - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - A comma-delimited list of simple registration fields to request as optional. - A comma-delimited list of simple registration fields to request as required. - - An authentication request object that describes the HTTP response to - send to the user agent to initiate the authentication. - - Thrown if no OpenID endpoint could be found. - - - - Gets the result of a user agent's visit to his OpenId provider in an - authentication attempt. Null if no response is available. - - The incoming request URL. - The form data that may have been included in the case of a POST request. - The Provider's response to a previous authentication request, or null if no response is present. - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Performs discovery on the specified identifier. - - The identifier to perform discovery on. - The means to place outgoing HTTP requests. - if set to true, no further discovery services will be called for this identifier. - - A sequence of service endpoints yielded by discovery. Must not be null, but may be empty. - - - - - A message a Relying Party sends to a Provider to confirm the validity - of a positive assertion that was signed by a Provider-only secret. - - - The significant payload of this message depends entirely upon the - assertion message, and therefore is all in the - property bag. - - - - - A common base class for OpenID request messages and indirect responses (since they are ultimately requests). - - - - - The openid.ns parameter in the message. - - "http://specs.openid.net/auth/2.0" - - This particular value MUST be present for the request to be a valid OpenID Authentication 2.0 request. Future versions of the specification may define different values in order to allow message recipients to properly interpret the request. - - - - - Backing store for the property. - - - - - Backing store for the property. - - - - - Initializes a new instance of the class. - - The OpenID version this message must comply with. - The OpenID Provider endpoint. - The value for the openid.mode parameter. - A value indicating whether the message will be transmitted directly or indirectly. - providerEndpoint != null - providerEndpoint == null - !String.IsNullOrEmpty(mode) - String.IsNullOrEmpty(mode) - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Sets a flag indicating that this message is received (as opposed to sent). - - - - - Gets some string from a given version of the OpenID protocol. - - The protocol version to use for lookup. - A function that can retrieve the desired protocol constant. - The value of the constant. - - This method can be used by a constructor to throw an - instead of a . - - protocolVersion != null - protocolVersion == null - - - - Gets the value of the openid.mode parameter. - - - - - Gets the preferred method of transport for the message. - - - For direct messages this is the OpenID mandated POST. - For indirect messages both GET and POST are allowed. - - - - - Gets the recipient of the message. - - The OP endpoint, or the RP return_to. - - - - Gets the version of the protocol this message is prepared to implement. - - Version 2.0 - - Contract.Result<Version>() != null - - - - - Gets the level of protection this message requires. - - - - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - - - - Gets the extra parameters included in the message. - - An empty dictionary. - - Contract.Result<IDictionary<string, string>>() != null - - - - - Gets a value indicating whether this message was deserialized as an incoming message. - - - - - Gets the protocol used by this message. - - - - - Initializes a new instance of the class. - - The OpenID version this message must comply with. - The OpenID Provider endpoint. - - - - Initializes a new instance of the class - based on the contents of some signed message whose signature must be verified. - - The message whose signature should be verified. - The channel. This is used only within the constructor and is not stored in a field. - channel != null - channel == null - - - - Gets or sets a value indicating whether the signature being verified by this request - is in fact valid. - - - true if the signature is valid; otherwise, false. - - This property is automatically set as the message is received by the channel's - signing binding element. - - - - - Gets or sets the ReturnTo that existed in the original signed message. - - - This exists strictly for convenience in recreating the - message. - - - - - The message sent from the Provider to the Relying Party to confirm/deny - the validity of an assertion that was signed by a private Provider secret. - - - - - A common base class for OpenID direct message responses. - - - - - The openid.ns parameter in the message. - - "http://specs.openid.net/auth/2.0" - - OpenID 2.0 Section 5.1.2: - This particular value MUST be present for the response to be a valid OpenID 2.0 response. - Future versions of the specification may define different values in order to allow message - recipients to properly interpret the request. - - - - - Backing store for the properties. - - - - - Backing store for the properties. - - - - - The dictionary of parameters that are not part of the OpenID specification. - - - - - Initializes a new instance of the class. - - The OpenID version of the response message. - The originating request. May be null in case the request is unrecognizable and this is an error response. - responseVersion != null - responseVersion == null - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Sets a flag indicating that this message is received (as opposed to sent). - - - - - Gets the version of the protocol this message is prepared to implement. - - Version 2.0 - - Contract.Result<Version>() != null - - - - - Gets the level of protection this message requires. - - - - - - - - Gets a value indicating whether this is a direct or indirect message. - - - - - - - - Gets the extra, non-OAuth parameters included in the message. - - - Contract.Result<IDictionary<string, string>>() != null - - - - - Gets the originating request message that caused this response to be formed. - - - This property may be null if the request message was undecipherable. - - - - - Gets a value indicating whether this message was deserialized as an incoming message. - - - - - Gets the protocol used by this message. - - - - - Gets the originating request message that caused this response to be formed. - - - - - Initializes a new instance of the class - for use by the Relying Party. - - The OpenID version of the response message. - The request that this message is responding to. - - - - Initializes a new instance of the class - for use by the Provider. - - The request that this message is responding to. - The OpenID Provider that is preparing to send this response. - provider != null - provider == null - - - - Gets or sets a value indicating whether the signature of the verification request is valid. - - - - - Gets or sets the handle the relying party should invalidate if is true. - - The "invalidate_handle" value sent in the verification request, if the OP confirms it is invalid. - - If present in a verification response with "is_valid" set to "true", - the Relying Party SHOULD remove the corresponding association from - its store and SHOULD NOT send further authentication requests with - this handle. - This two-step process for invalidating associations is necessary - to prevent an attacker from invalidating an association at will by - adding "invalidate_handle" parameters to an authentication response. - For OpenID 1.1, we allow this to be present but empty to put up with poor implementations such as Blogger. - - - - - An authentication request from a Relying Party to a Provider. - - - This message type satisfies OpenID 2.0 section 9.1. - - - - - An indirect request from a Relying Party to a Provider where the response - is expected to be signed. - - - - - Backing store for the property. - - - - - Initializes a new instance of the class. - - The OpenID version to use. - The Provider endpoint that receives this message. - - for asynchronous javascript clients; - to allow the Provider to interact with the user in order to complete authentication. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Adds parameters to the return_to querystring. - - The keys=value pairs to add to the return_to query string. - - This method is useful if the Relying Party wants to recall some value - when and if a positive assertion comes back from the Provider. - - keysValues != null - keysValues == null - - - - Adds a parameter to the return_to querystring. - - The name of the parameter. - The value of the argument. - - This method is useful if the Relying Party wants to recall some value - when and if a positive assertion comes back from the Provider. - - - - - Gets the value of the openid.mode parameter based on the protocol version and immediate flag. - - The OpenID version to use. - - for asynchronous javascript clients; - to allow the Provider to interact with the user in order to complete authentication. - - checkid_immediate or checkid_setup - version != null - version == null - - - - Gets the list of extensions that are included with this message. - - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IList<IExtensionMessage>>() != null - - - - - Gets a value indicating whether the Provider is allowed to interact with the user - as part of authentication. - - - true if using OpenID immediate mode; otherwise, false. - - - - Gets or sets the handle of the association the RP would like the Provider - to use for signing a positive assertion in the response message. - - A handle for an association between the Relying Party and the OP - that SHOULD be used to sign the response. - - If no association handle is sent, the transaction will take place in Stateless Mode - (Verifying Directly with the OpenID Provider). - - - - - Gets or sets the URL the Provider should redirect the user agent to following - the authentication attempt. - - URL to which the OP SHOULD return the User-Agent with the response - indicating the status of the request. - - If this value is not sent in the request it signifies that the Relying Party - does not wish for the end user to be returned. - The return_to URL MAY be used as a mechanism for the Relying Party to attach - context about the authentication request to the authentication response. - This document does not define a mechanism by which the RP can ensure that query - parameters are not modified by outside parties; such a mechanism can be defined - by the RP itself. - - - - - Gets or sets the Relying Party discovery URL the Provider may use to verify the - source of the authentication request. - - - URL pattern the OP SHOULD ask the end user to trust. See Section 9.2 (Realms). - This value MUST be sent if openid.return_to is omitted. - Default: The URL. - - - - - Gets or sets a value indicating whether the return_to value should be signed. - - - - - Initializes a new instance of the class. - - The OpenID version to use. - The Provider endpoint that receives this message. - - for asynchronous javascript clients; - to allow the Provider to interact with the user in order to complete authentication. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets or sets the Claimed Identifier. - - - "openid.claimed_id" and "openid.identity" SHALL be either both present or both absent. - If neither value is present, the assertion is not about an identifier, - and will contain other information in its payload, using extensions (Extensions). - It is RECOMMENDED that OPs accept XRI identifiers with or without the "xri://" prefix, as specified in the Normalization (Normalization) section. - - - - - Gets or sets the OP Local Identifier. - - The OP-Local Identifier. - - If a different OP-Local Identifier is not specified, the claimed - identifier MUST be used as the value for openid.identity. - Note: If this is set to the special value - "http://specs.openid.net/auth/2.0/identifier_select" then the OP SHOULD - choose an Identifier that belongs to the end user. This parameter MAY - be omitted if the request is not about an identifier (for instance if - an extension is in use that makes the request meaningful without it; - see openid.claimed_id above). - - - - - The base class that all successful association response messages derive from. - - - Association response messages are described in OpenID 2.0 section 8.2. This type covers section 8.2.1. - - - - - A flag indicating whether an association has already been created. - - - - - Initializes a new instance of the class. - - The OpenID version of the response message. - The originating request. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Called to create the Association based on a request previously given by the Relying Party. - - The prior request for an association. - The security settings for the Provider. Should be null for Relying Parties. - The created association. - - The response message is updated to include the details of the created association by this method, - but the resulting association is not added to the association store and must be done by the caller. - This method is called by both the Provider and the Relying Party, but actually performs - quite different operations in either scenario. - - request != null - request == null - - - - Called to create the Association based on a request previously given by the Relying Party. - - The prior request for an association. - The security settings of the Provider. - The created association. - - The caller will update this message's and - properties based on the returned by this method, but any other - association type specific properties must be set by this method. - The response message is updated to include the details of the created association by this method, - but the resulting association is not added to the association store and must be done by the caller. - - request != null - request == null - securitySettings != null - securitySettings == null - - - - Called to create the Association based on a request previously given by the Relying Party. - - The prior request for an association. - The created association. - request != null - request == null - - - - Gets or sets the association handle is used as a key to refer to this association in subsequent messages. - - A string 255 characters or less in length. It MUST consist only of ASCII characters in the range 33-126 inclusive (printable non-whitespace characters). - - - - Gets or sets the preferred association type. The association type defines the algorithm to be used to sign subsequent messages. - - Value: A valid association type from Section 8.3. - - - - Gets or sets the value of the "openid.session_type" parameter from the request. - If the OP is unwilling or unable to support this association type, it MUST return an - unsuccessful response (Unsuccessful Response Parameters). - - Value: A valid association session type from Section 8.4 (Association Session Types). - Note: Unless using transport layer encryption, "no-encryption" MUST NOT be used. - - - - Gets or sets the lifetime, in seconds, of this association. The Relying Party MUST NOT use the association after this time has passed. - - An integer, represented in base 10 ASCII. - - - - Members found on error response messages sent from a Provider - to a Relying Party in response to direct and indirect message - requests that result in an error. - - - - - Gets or sets a human-readable message indicating why the request failed. - - - - - Gets or sets the contact address for the administrator of the server. - - The contact address may take any form, as it is intended to be displayed to a person. - - - - Gets or sets a reference token, such as a support ticket number or a URL to a news blog, etc. - - - - - A common base class from which indirect response messages should derive. - - - - - Initializes a new instance of the class. - - The request that caused this response message to be constructed. - The value of the openid.mode parameter. - request != null - request == null - - - - Initializes a new instance of the class - for unsolicited assertion scenarios. - - The OpenID version supported at the Relying Party. - - The URI at which the Relying Party receives OpenID indirect messages. - - The value to use for the openid.mode parameter. - - - - Gets the property of a message. - - The message to fetch the protocol version from. - The value of the property. - - This method can be used by a constructor to throw an - instead of a . - - message != null - message == null - - - - Gets the property of a message. - - The message to fetch the ReturnTo from. - The value of the property. - - This method can be used by a constructor to throw an - instead of a . - - message != null - message == null - - - - Gets the originating request message, if applicable. - - - - - An indirect message from a Provider to a Relying Party where at least part of the - payload is signed so the Relying Party can verify it has not been tampered with. - - - - - The allowed date/time formats for the response_nonce parameter. - - - This array of formats is not yet a complete list. - - - - - Backing store for the property. - - - - - Backing field for the property. - - - The field initializer being DateTime.UtcNow allows for OpenID 1.x messages - to pass through the StandardExpirationBindingElement. - - - - - Backing store for the property. - - - - - Initializes a new instance of the class. - - - The authentication request that caused this assertion to be generated. - - request != null - request == null - - - - Initializes a new instance of the class - in order to perform signature verification at the Provider. - - The previously signed message. - The channel. This is used only within the constructor and is not stored in a field. - channel != null - channel == null - - - - Initializes a new instance of the class - for unsolicited assertions. - - The OpenID version to use. - The return_to URL of the Relying Party. - This value will commonly be from , - but for unsolicited assertions may come from the Provider performing RP discovery - to find the appropriate return_to URL to use. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the value of a named parameter in the return_to URL without signature protection. - - The full name of the parameter whose value is being sought. - The value of the parameter if it is present and unaltered from when - the Relying Party signed it; null otherwise. - - This method will always return null on the Provider-side, since Providers - cannot verify the private signature made by the relying party. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - - - - Gets the names of the callback parameters added to the original authentication request - without signature protection. - - A sequence of the callback parameter names. - - - - Gets a dictionary of all the message part names and values - that are included in the message signature. - - The channel. - - A dictionary of the signed message parts. - - channel != null - channel == null - - - - Determines whether one querystring contains every key=value pair that - another querystring contains. - - The querystring that should contain at least all the key=value pairs of the other. - The querystring containing the set of key=value pairs to test for in the other. - - true if contains all the query parameters that does; false otherwise. - - - - - Verifies that the openid.return_to field matches the URL of the actual HTTP request. - - - From OpenId Authentication 2.0 section 11.1: - To verify that the "openid.return_to" URL matches the URL that is processing this assertion: - * The URL scheme, authority, and path MUST be the same between the two URLs. - * Any query parameters that are present in the "openid.return_to" URL MUST - also be present with the same values in the URL of the HTTP request the RP received. - - - - - Gets the list of extensions that are included with this message. - - - - Implementations of this interface should ensure that this property never returns null. - - - Contract.Result<IList<IExtensionMessage>>() != null - - - - - Gets the level of protection this message requires. - - - for OpenID 2.0 messages. - for OpenID 1.x messages. - - - Although the required protection is reduced for OpenID 1.x, - this library will provide Relying Party hosts with all protections - by adding its own specially-crafted nonce to the authentication request - messages except for stateless RPs in OpenID 1.x messages. - - - - - Gets or sets the message signature. - - Base 64 encoded signature calculated as specified in Section 6 (Generating Signatures). - - - - Gets or sets the signed parameter order. - - Comma-separated list of signed fields. - "op_endpoint,identity,claimed_id,return_to,assoc_handle,response_nonce" - - This entry consists of the fields without the "openid." prefix that the signature covers. - This list MUST contain at least "op_endpoint", "return_to" "response_nonce" and "assoc_handle", - and if present in the response, "claimed_id" and "identity". - Additional keys MAY be signed as part of the message. See Generating Signatures. - - - - - Gets or sets the association handle used to sign the message. - - The handle for the association that was used to sign this assertion. - - - - Gets or sets the nonce that will protect the message from replay attacks. - - - - - Gets the context within which the nonce must be unique. - - - - - Gets or sets the UTC date/time the message was originally sent onto the network. - - - The property setter should ensure a UTC date/time, - and throw an exception if this is not possible. - - - Thrown when a DateTime that cannot be converted to UTC is set. - - - - - Gets or sets the association handle that the Provider wants the Relying Party to not use any more. - - If the Relying Party sent an invalid association handle with the request, it SHOULD be included here. - - For OpenID 1.1, we allow this to be present but empty to put up with poor implementations such as Blogger. - - - - - Gets or sets the Provider Endpoint URI. - - - - - Gets or sets the return_to parameter as the relying party provided - it in . - - Verbatim copy of the return_to URL parameter sent in the - request, before the Provider modified it. - - - - Gets or sets a value indicating whether the - URI's query string is unaltered between when the Relying Party - sent the original request and when the response was received. - - - This property is not persisted in the transmitted message, and - has no effect on the Provider-side of the communication. - - - - - Gets the signed extensions on this message. - - - - - Gets the unsigned extensions on this message. - - - - - Gets or sets the nonce that will protect the message from replay attacks. - - - A string 255 characters or less in length, that MUST be unique to - this particular successful authentication response. The nonce MUST start - with the current time on the server, and MAY contain additional ASCII - characters in the range 33-126 inclusive (printable non-whitespace characters), - as necessary to make each response unique. The date and time MUST be - formatted as specified in section 5.6 of [RFC3339] - (Klyne, G. and C. Newman, “Date and Time on the Internet: Timestamps,” .), - with the following restrictions: - - All times must be in the UTC timezone, indicated with a "Z". - No fractional seconds are allowed - - - 2005-05-15T17:11:51ZUNIQUE - - - - Gets or sets the nonce that will protect the message from replay attacks. - - - A string 255 characters or less in length, that MUST be unique to - this particular successful authentication response. The nonce MUST start - with the current time on the server, and MAY contain additional ASCII - characters in the range 33-126 inclusive (printable non-whitespace characters), - as necessary to make each response unique. The date and time MUST be - formatted as specified in section 5.6 of [RFC3339] - (Klyne, G. and C. Newman, “Date and Time on the Internet: Timestamps,” .), - with the following restrictions: - - All times must be in the UTC timezone, indicated with a "Z". - No fractional seconds are allowed - - - 2005-05-15T17:11:51ZUNIQUE - - - - Gets the querystring key=value pairs in the return_to URL. - - - - - Code contract class for the IOpenIdMessageExtension interface. - - - - - Prevents a default instance of the class from being created. - - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Gets the TypeURI the extension uses in the OpenID protocol and in XRDS advertisements. - - - - - Gets the additional TypeURIs that are supported by this extension, in preferred order. - May be empty if none other than is supported, but - should not be null. - - - Useful for reading in messages with an older version of an extension. - The value in the property is always checked before - trying this list. - If you do support multiple versions of an extension using this method, - consider adding a CreateResponse method to your request extension class - so that the response can have the context it needs to remain compatible - given the version of the extension in the request message. - The for an example. - - - - - Gets or sets a value indicating whether this extension was - signed by the sender. - - - true if this instance is signed by the sender; otherwise, false. - - - - - Gets the version of the protocol or extension this message is prepared to implement. - - - Implementations of this interface should ensure that this property never returns null. - - - - - Gets the extra, non-standard Protocol parameters included in the message. - - - Implementations of this interface should ensure that this property never returns null. - - - - - The message OpenID Providers send back to Relying Parties to refuse - to assert the identity of a user. - - - - - Initializes a new instance of the class. - - The request that the relying party sent. - - - - Initializes a new instance of the class. - - The request that the relying party sent. - The channel to use to simulate construction of the user_setup_url, if applicable. May be null, but the user_setup_url will not be constructed. - - - - Initializes a new instance of the class. - - The version. - The relying party return to. - The value of the openid.mode parameter. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Constructs the value for the user_setup_url parameter to be sent back - in negative assertions in response to OpenID 1.x RP's checkid_immediate requests. - - The immediate request. - The channel to use to simulate construction of the message. - The value to use for the user_setup_url parameter. - immediateRequest != null - immediateRequest == null - channel != null - channel == null - - - - Gets the value for the openid.mode that is appropriate for this response. - - The request that we're responding to. - The value of the openid.mode parameter to use. - request != null - request == null - - - - Gets or sets the URL the relying party can use to upgrade their authentication - request from an immediate to a setup message. - - URL to redirect User-Agent to so the End User can do whatever's necessary to fulfill the assertion. - - This part is only included in OpenID 1.x responses. - - - - - Gets a value indicating whether this - is in response to an authentication request made in immediate mode. - - - true if the request was in immediate mode; otherwise, false. - - - - An identity assertion from a Provider to a Relying Party, stating that the - user operating the user agent is in fact some specific user known to the Provider. - - - - - Initializes a new instance of the class. - - - The authentication request that caused this assertion to be generated. - - - - - Initializes a new instance of the class - for unsolicited assertions. - - The OpenID version to use. - The return_to URL of the Relying Party. - This value will commonly be from , - but for unsolicited assertions may come from the Provider performing RP discovery - to find the appropriate return_to URL to use. - - - - Initializes a new instance of the class. - - The relying party return_to endpoint that will receive this positive assertion. - - - - Gets or sets the Claimed Identifier. - - - "openid.claimed_id" and "openid.identity" SHALL be either both present or both absent. - If neither value is present, the assertion is not about an identifier, - and will contain other information in its payload, using extensions (Extensions). - - - - - Gets or sets the OP Local Identifier. - - The OP-Local Identifier. - - OpenID Providers MAY assist the end user in selecting the Claimed - and OP-Local Identifiers about which the assertion is made. - The openid.identity field MAY be omitted if an extension is in use that - makes the response meaningful without it (see openid.claimed_id above). - - - - - Wraps an existing Identifier and prevents it from performing discovery. - - - - - The wrapped identifier. - - - - - Initializes a new instance of the class. - - The ordinary Identifier whose discovery is being masked. - Whether this Identifier should claim to be SSL-secure, although no discovery will never generate service endpoints anyway. - wrappedIdentifier != null - wrappedIdentifier == null - - - - Returns a that represents the current . - - - A that represents the current . - - Contract.Result<string>() != null - - - - Tests equality between two s. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Gets the hash code for an for storage in a hashtable. - - - A hash code for the current . - - - - - Returns an that has no URI fragment. - Quietly returns the original if it is not - a or no fragment exists. - - - A new instance if there was a - fragment to remove, otherwise this same instance.. - - Contract.Result<Identifier>() != null - - - - Converts a given identifier to its secure equivalent. - UriIdentifiers originally created with an implied HTTP scheme change to HTTPS. - Discovery is made to require SSL for the entire resolution process. - - The newly created secure identifier. - If the conversion fails, retains - this identifiers identity, but will never discover any endpoints. - - True if the secure conversion was successful. - False if the Identifier was originally created with an explicit HTTP scheme. - - Contract.ValueAtReturn(out secureIdentifier) != null - - - - A set of utilities especially useful to OpenID. - - - - - The prefix to designate this library's proprietary parameters added to the protocol. - - - - - Gets the OpenID protocol instance for the version in a message. - - The message. - The OpenID protocol instance. - message != null - message == null - - - - Changes the position of some element in a list. - - The type of elements stored in the list. - The list to be modified. - The new position for the given element. - The element to move within the list. - Thrown if the element does not already exist in the list. - - - - Corrects any URI decoding the Provider may have inappropriately done - to our return_to URL, resulting in an otherwise corrupted base64 encoded value. - - The base64 encoded value. May be null. - - The value; corrected if corruption had occurred. - - - AOL may have incorrectly URI-decoded the token for us in the return_to, - resulting in a token URI-decoded twice by the time we see it, and no - longer being a valid base64 string. - It turns out that the only symbols from base64 that is also encoded - in URI encoding rules are the + and / characters. - AOL decodes the %2b sequence to the + character - and the %2f sequence to the / character (it shouldn't decode at all). - When we do our own URI decoding, the + character becomes a space (corrupting base64) - but the / character remains a /, so no further corruption happens to this character. - So to correct this we just need to change any spaces we find in the token - back to + characters. - - - - - Rounds the given downward to the whole second. - - The DateTime object to adjust. - The new value. - - - - Gets the fully qualified Realm URL, given a Realm that may be relative to a particular page. - - The hosting page that has the realm value to resolve. - The realm, which may begin with "*." or "~/". - The request context. - The fully-qualified realm. - page != null - page == null - requestContext != null - requestContext == null - - - - Gets the extension factories from the extension aggregator on an OpenID channel. - - The channel. - The list of factories that will be used to generate extension instances. - - This is an extension method on rather than an instance - method on because the - and classes don't strong-type to - to allow flexibility in the specific type of channel the user (or tests) - can plug in. - - channel != null - channel == null - - - - Provides standard PPID Identifiers to users to protect their identity from individual relying parties - and from colluding groups of relying parties. - - this.Hasher != null - this.Encoder != null - this.BaseIdentifier != null - this.NewSaltLength > 0 - - - - An interface to provide custom identifiers for users logging into specific relying parties. - - - This interface would allow, for example, the Provider to offer PPIDs to their users, - allowing the users to log into RPs without leaving any clue as to their true identity, - and preventing multiple RPs from colluding to track user activity across realms. - - - - - Gets the Identifier to use for the Claimed Identifier and Local Identifier of - an outgoing positive assertion. - - The OP local identifier for the authenticating user. - The realm of the relying party receiving the assertion. - - A valid, discoverable OpenID Identifier that should be used as the value for the - openid.claimed_id and openid.local_id parameters. Must not be null. - - localIdentifier != null - localIdentifier == null - relyingPartyRealm != null - relyingPartyRealm == null - ((IDirectedIdentityIdentifierProvider)this).IsUserLocalIdentifier(localIdentifier) - !(((IDirectedIdentityIdentifierProvider)this).IsUserLocalIdentifier(localIdentifier)) - - - - Determines whether a given identifier is the primary (non-PPID) local identifier for some user. - - The identifier in question. - - true if the given identifier is the valid, unique identifier for some uesr (and NOT a PPID); otherwise, false. - - - identifier != null - identifier == null - - - - The type of hash function to use for the property. - - - - - The length of the salt to generate for first time PPID-users. - - - - - Initializes a new instance of the class. - - The base URI on which to append the anonymous part. - baseIdentifier != null - baseIdentifier == null - - - - Gets the Identifier to use for the Claimed Identifier and Local Identifier of - an outgoing positive assertion. - - The OP local identifier for the authenticating user. - The realm of the relying party receiving the assertion. - - A valid, discoverable OpenID Identifier that should be used as the value for the - openid.claimed_id and openid.local_id parameters. Must not be null. - - localIdentifier != null - localIdentifier == null - relyingPartyRealm != null - relyingPartyRealm == null - ((IDirectedIdentityIdentifierProvider)this).IsUserLocalIdentifier(localIdentifier) - !(((IDirectedIdentityIdentifierProvider)this).IsUserLocalIdentifier(localIdentifier)) - - - - Determines whether a given identifier is the primary (non-PPID) local identifier for some user. - - The identifier in question. - - true if the given identifier is the valid, unique identifier for some uesr (and NOT a PPID); otherwise, false. - - identifier != null - identifier == null - - - - Creates a new salt to assign to a user. - - A non-null buffer of length filled with a random salt. - - - - Creates a new PPID Identifier by appending a pseudonymous identifier suffix to - the . - - The unique part of the Identifier to append to the common first part. - The full PPID Identifier. - !String.IsNullOrEmpty(uriHash) - String.IsNullOrEmpty(uriHash) - - - - Gets the salt to use for generating an anonymous identifier for a given OP local identifier. - - The OP local identifier. - The salt to use in the hash. - - It is important that this method always return the same value for a given - . - New salts can be generated for local identifiers without previously assigned salt - values by calling or by a custom method. - - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the base URI on which to append the anonymous part. - - - - - Gets or sets a value indicating whether each Realm will get its own private identifier - for the authenticating uesr. - - The default value is . - - - - Gets the hash function to use to perform the one-way transform of a personal identifier - to an "anonymous" looking one. - - - - - Gets the encoder to use for transforming the personal identifier into bytes for hashing. - - - - - Gets or sets the new length of the salt. - - The new length of the salt. - - value > 0 - - value <= 0 - - - - A granularity description for who wide of an audience sees the same generated PPID. - - - - - A unique Identifier is generated for every realm. This is the highest security setting. - - - - - Only the host name in the realm is used in calculating the PPID, - allowing for some level of sharing of the PPID Identifiers between RPs - that are able to share the same realm host value. - - - - - Although the user's Identifier is still opaque to the RP so they cannot determine - who the user is at the OP, the same Identifier is used at all RPs so collusion - between the RPs is possible. - - - - - Provides access to a host Provider to read an incoming extension-only checkid request message, - and supply extension responses or a cancellation message to the RP. - - - - - A base class from which identity and non-identity RP requests can derive. - - - - - Implements the interface for all incoming - request messages to an OpenID Provider. - - - - - Represents an incoming OpenId authentication request. - - - Requests may be infrastructural to OpenID and allow auto-responses, or they may - be authentication requests where the Provider site has to make decisions based - on its own user database and policies. - - - - - Adds an extension to the response to send to the relying party. - - The extension to add to the response message. - extension != null - extension == null - - - - Removes any response extensions previously added using . - - - This should be called before sending a negative response back to the relying party - if extensions were already added, since negative responses cannot carry extensions. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - An instance of the extension initialized with values passed in with the request. - - - - Gets an extension sent from the relying party. - - The type of the extension. - An instance of the extension initialized with values passed in with the request. - extensionType != null - extensionType == null - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - Gets or sets the security settings that apply to this request. - - Defaults to the on the . - - - - The incoming request message. - - - - - The incoming request message cast to its extensible form. - Or null if the message does not support extensions. - - - - - The version of the OpenID protocol to use. - - - - - Backing store for the property. - - - - - The list of extensions to add to the response message. - - - - - Initializes a new instance of the class. - - The incoming request message. - The security settings from the channel. - request != null - request == null - securitySettings != null - securitySettings == null - - - - Initializes a new instance of the class. - - The version. - The security settings. - version != null - version == null - securitySettings != null - securitySettings == null - - - - Adds an extension to the response to send to the relying party. - - The extension to add to the response message. - extension != null - extension == null - - - - Removes any response extensions previously added using . - - - This should be called before sending a negative response back to the relying party - if extensions were already added, since negative responses cannot carry extensions. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - extensionType != null - extensionType == null - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - Gets or sets the security settings that apply to this request. - - Defaults to the on the . - - - - Gets the response to send to the user agent. - - Thrown if is false. - - this.IsResponseReady - Contract.Result<IProtocolMessage>() != null - - !(this.IsResponseReady) - - - - Gets the original request message. - - This may be null in the case of an unrecognizable message. - - - - Gets the response message, once is true. - - - this.IsResponseReady - Contract.Result<IProtocolMessage>() != null - - !(this.IsResponseReady) - - - - Gets the protocol version used in the request. - - - - - Interface exposing incoming messages to the OpenID Provider that - require interaction with the host site. - - - - - Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - - The OpenIdProvider that is performing the RP discovery. - - The details of how successful the relying party discovery was. - - - Return URL verification is only attempted if this method is called. - See OpenID Authentication 2.0 spec section 9.2.1. - - provider != null - provider == null - - - - Gets the version of OpenID being used by the relying party that sent the request. - - - - - Gets the URL the consumer site claims to use as its 'base' address. - - - - - Gets a value indicating whether the consumer demands an immediate response. - If false, the consumer is willing to wait for the identity provider - to authenticate the user. - - - - - Gets or sets the provider endpoint claimed in the positive assertion. - - - The default value is the URL that the request came in on from the relying party. - This value MUST match the value for the OP Endpoint in the discovery results for the - claimed identifier being asserted in a positive response. - - - Contract.Result<Uri>() != null - - - value != null - - - - - The negative assertion to send, if the host site chooses to send it. - - - - - A cache of the result from discovery of the Realm URL. - - - - - Initializes a new instance of the class. - - The provider that received the request. - The incoming request message. - provider != null - provider == null - - - - Gets a value indicating whether verification of the return URL claimed by the Relying Party - succeeded. - - The OpenIdProvider that is performing the RP discovery. - Result of realm discovery. - - Return URL verification is only attempted if this property is queried. - The result of the verification is cached per request so calling this - property getter multiple times in one request is not a performance hit. - See OpenID Authentication 2.0 spec section 9.2.1. - - provider != null - provider == null - - - - Gets a value indicating whether verification of the return URL claimed by the Relying Party - succeeded. - - The OpenIdProvider that is performing the RP discovery. - Result of realm discovery. - provider != null - provider == null - - - - Gets the version of OpenID being used by the relying party that sent the request. - - - - - Gets a value indicating whether the consumer demands an immediate response. - If false, the consumer is willing to wait for the identity provider - to authenticate the user. - - - - - Gets the URL the consumer site claims to use as its 'base' address. - - - - - Gets or sets the provider endpoint. - - - The default value is the URL that the request came in on from the relying party. - - - Contract.Result<Uri>() != null - - - value != null - - - - - Gets a value indicating whether realm discovery been performed. - - - - - Gets the negative response. - - - - - Gets the original request message. - - This may be null in the case of an unrecognizable message. - - - - Instances of this interface represent incoming extension-only requests. - This interface provides the details of the request and allows setting - the response. - - - - - Gets or sets a value indicating whether the user approved sending any data to the relying party. - - - true if approved; otherwise, false. - - - - The extension-response message to send, if the host site chooses to send it. - - - - - Initializes a new instance of the class. - - The provider that received the request. - The incoming authentication request message. - provider != null - provider == null - !(request is CheckIdRequest) - (request is CheckIdRequest) - - - - Gets or sets the provider endpoint. - - - The default value is the URL that the request came in on from the relying party. - - - Contract.Result<Uri>() != null - - - value != null - - - - - Gets or sets a value indicating whether the user approved sending any data to the relying party. - - - true if approved; otherwise, false. - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - Gets the response message, once is true. - - - this.IsResponseReady - Contract.Result<IProtocolMessage>() != null - - !(this.IsResponseReady) - - - - The event arguments that include details of the incoming request. - - - - - Initializes a new instance of the class. - - The incoming OpenID request. - request != null - request == null - - - - Gets the incoming OpenID request. - - - - - The event arguments that include details of the incoming request. - - - - - Initializes a new instance of the class. - - The incoming authentication request. - - - - Gets the incoming authentication request. - - - - - Implements the interface - so that OpenID Provider sites can easily respond to authentication - requests. - - - - - Instances of this interface represent incoming authentication requests. - This interface provides the details of the request and allows setting - the response. - - - - - Adds an optional fragment (#fragment) portion to the ClaimedIdentifier. - Useful for identifier recycling. - - - Should not include the # prefix character as that will be added internally. - May be null or the empty string to clear a previously set fragment. - - - Unlike the property, which can only be set if - using directed identity, this method can be called on any URI claimed identifier. - Because XRI claimed identifiers (the canonical IDs) are never recycled, - this method shouldnot be called for XRIs. - - - Thrown when this method is called on an XRI, or on a directed identity - request before the property is set. - - !(((IAuthenticationRequest)this).IsDirectedIdentity && ((IAuthenticationRequest)this).ClaimedIdentifier == null) - !(!(((IAuthenticationRequest)this).IsDirectedIdentity && ((IAuthenticationRequest)this).ClaimedIdentifier == null)) - !(((IAuthenticationRequest)this).ClaimedIdentifier is XriIdentifier) - !(!(((IAuthenticationRequest)this).ClaimedIdentifier is XriIdentifier)) - - - - Gets a value indicating whether the Provider should help the user - select a Claimed Identifier to send back to the relying party. - - - - - Gets a value indicating whether the requesting Relying Party is using a delegated URL. - - - When delegated identifiers are used, the should not - be changed at the Provider during authentication. - Delegation is only detectable on requests originating from OpenID 2.0 relying parties. - A relying party implementing only OpenID 1.x may use delegation and this property will - return false anyway. - - - - - Gets or sets the Local Identifier to this OpenID Provider of the user attempting - to authenticate. Check to see if - this value is valid. - - - This may or may not be the same as the Claimed Identifier that the user agent - originally supplied to the relying party. The Claimed Identifier - endpoint may be delegating authentication to this provider using - this provider's local id, which is what this property contains. - Use this identifier when looking up this user in the provider's user account - list. - - - - - Gets or sets the identifier that the user agent is claiming at the relying party site. - Check to see if this value is valid. - - - This property can only be set if is - false, to prevent breaking URL delegation. - This will not be the same as this provider's local identifier for the user - if the user has set up his/her own identity page that points to this - provider for authentication. - The provider may use this identifier for displaying to the user when - asking for the user's permission to authenticate to the relying party. - - Thrown from the setter - if is true. - - !req.IsDelegatedIdentifier - !req.IsDirectedIdentity || !(req.LocalIdentifier != null && req.LocalIdentifier != value) - - req.IsDelegatedIdentifier - req.IsDirectedIdentity && !(!(req.LocalIdentifier != null && req.LocalIdentifier != value)) - - - - Gets or sets a value indicating whether the provider has determined that the - belongs to the currently logged in user - and wishes to share this information with the consumer. - - - - - The positive assertion to send, if the host site chooses to send it. - - - - - Initializes a new instance of the class. - - The provider that received the request. - The incoming authentication request message. - provider != null - provider == null - - - - Adds an optional fragment (#fragment) portion to the ClaimedIdentifier. - Useful for identifier recycling. - - Should not include the # prefix character as that will be added internally. - May be null or the empty string to clear a previously set fragment. - - Unlike the property, which can only be set if - using directed identity, this method can be called on any URI claimed identifier. - Because XRI claimed identifiers (the canonical IDs) are never recycled, - this method shouldnot be called for XRIs. - - - Thrown when this method is called on an XRI, or on a directed identity - request before the property is set. - - !(((IAuthenticationRequest)this).IsDirectedIdentity && ((IAuthenticationRequest)this).ClaimedIdentifier == null) - !(!(((IAuthenticationRequest)this).IsDirectedIdentity && ((IAuthenticationRequest)this).ClaimedIdentifier == null)) - !(((IAuthenticationRequest)this).ClaimedIdentifier is XriIdentifier) - !(!(((IAuthenticationRequest)this).ClaimedIdentifier is XriIdentifier)) - - - - Sets the Claimed and Local identifiers even after they have been initially set. - - The value to set to the and properties. - identifier != null - identifier == null - - - - Gets or sets the provider endpoint. - - - The default value is the URL that the request came in on from the relying party. - - - Contract.Result<Uri>() != null - - - value != null - - - - - Gets a value indicating whether the response is ready to be created and sent. - - - - - Gets a value indicating whether the Provider should help the user - select a Claimed Identifier to send back to the relying party. - - - - - Gets a value indicating whether the requesting Relying Party is using a delegated URL. - - - When delegated identifiers are used, the should not - be changed at the Provider during authentication. - Delegation is only detectable on requests originating from OpenID 2.0 relying parties. - A relying party implementing only OpenID 1.x may use delegation and this property will - return false anyway. - - - - - Gets or sets the Local Identifier to this OpenID Provider of the user attempting - to authenticate. Check to see if - this value is valid. - - - This may or may not be the same as the Claimed Identifier that the user agent - originally supplied to the relying party. The Claimed Identifier - endpoint may be delegating authentication to this provider using - this provider's local id, which is what this property contains. - Use this identifier when looking up this user in the provider's user account - list. - - - - - Gets or sets the identifier that the user agent is claiming at the relying party site. - Check to see if this value is valid. - - - This property can only be set if is - false, to prevent breaking URL delegation. - This will not be the same as this provider's local identifier for the user - if the user has set up his/her own identity page that points to this - provider for authentication. - The provider may use this identifier for displaying to the user when - asking for the user's permission to authenticate to the relying party. - - Thrown from the setter - if is true. - - !req.IsDelegatedIdentifier - !req.IsDirectedIdentity || !(req.LocalIdentifier != null && req.LocalIdentifier != value) - - req.IsDelegatedIdentifier - req.IsDirectedIdentity && !(!(req.LocalIdentifier != null && req.LocalIdentifier != value)) - - - - Gets or sets a value indicating whether the provider has determined that the - belongs to the currently logged in user - and wishes to share this information with the consumer. - - - - - Gets the original request message. - - - - - Gets the response message, once is true. - - - this.IsResponseReady - Contract.Result<IProtocolMessage>() != null - - !(this.IsResponseReady) - - - - Handles messages coming into an OpenID Provider for which the entire - response message can be automatically determined without help from - the hosting web site. - - - - - The response message to send. - - - - - Initializes a new instance of the class. - - The request message. - The response that is ready for transmittal. - The security settings. - response != null - response == null - - - - Initializes a new instance of the class - for a response to an unrecognizable request. - - The response that is ready for transmittal. - The security settings. - response != null - response == null - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - Gets the response message, once is true. - - - - - Gets the response message, once is true. - - - this.IsResponseReady - Contract.Result<IProtocolMessage>() != null - - !(this.IsResponseReady) - - - - Code contract class for the type. - - - - - Initializes a new instance of the class. - - - - - Adds an optional fragment (#fragment) portion to the ClaimedIdentifier. - Useful for identifier recycling. - - Should not include the # prefix character as that will be added internally. - May be null or the empty string to clear a previously set fragment. - - Unlike the property, which can only be set if - using directed identity, this method can be called on any URI claimed identifier. - Because XRI claimed identifiers (the canonical IDs) are never recycled, - this method shouldnot be called for XRIs. - - - Thrown when this method is called on an XRI, or on a directed identity - request before the property is set. - - - - - Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - - The OpenIdProvider that is performing the RP discovery. - - The details of how successful the relying party discovery was. - - - Return URL verification is only attempted if this method is called. - See OpenID Authentication 2.0 spec section 9.2.1. - - - - - Adds an extension to the response to send to the relying party. - - The extension to add to the response message. - - - - Removes any response extensions previously added using . - - - This should be called before sending a negative response back to the relying party - if extensions were already added, since negative responses cannot carry extensions. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Gets a value indicating whether the Provider should help the user - select a Claimed Identifier to send back to the relying party. - - - - - Gets a value indicating whether the requesting Relying Party is using a delegated URL. - - - When delegated identifiers are used, the should not - be changed at the Provider during authentication. - Delegation is only detectable on requests originating from OpenID 2.0 relying parties. - A relying party implementing only OpenID 1.x may use delegation and this property will - return false anyway. - - - - - Gets or sets the Local Identifier to this OpenID Provider of the user attempting - to authenticate. Check to see if - this value is valid. - - - This may or may not be the same as the Claimed Identifier that the user agent - originally supplied to the relying party. The Claimed Identifier - endpoint may be delegating authentication to this provider using - this provider's local id, which is what this property contains. - Use this identifier when looking up this user in the provider's user account - list. - - - - - Gets or sets the identifier that the user agent is claiming at the relying party site. - Check to see if this value is valid. - - - This property can only be set if is - false, to prevent breaking URL delegation. - This will not be the same as this provider's local identifier for the user - if the user has set up his/her own identity page that points to this - provider for authentication. - The provider may use this identifier for displaying to the user when - asking for the user's permission to authenticate to the relying party. - - Thrown from the setter - if is true. - - - - Gets or sets a value indicating whether the provider has determined that the - belongs to the currently logged in user - and wishes to share this information with the consumer. - - - - - Gets the version of OpenID being used by the relying party that sent the request. - - - - - Gets the URL the consumer site claims to use as its 'base' address. - - - - - Gets a value indicating whether the consumer demands an immediate response. - If false, the consumer is willing to wait for the identity provider - to authenticate the user. - - - - - Gets or sets the provider endpoint claimed in the positive assertion. - - - The default value is the URL that the request came in on from the relying party. - This value MUST match the value for the OP Endpoint in the discovery results for the - claimed identifier being asserted in a positive response. - - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - Gets or sets the security settings that apply to this request. - - - Defaults to the on the . - - - - - Contract class for the type. - - - - - Gets the Identifier to use for the Claimed Identifier and Local Identifier of - an outgoing positive assertion. - - The OP local identifier for the authenticating user. - The realm of the relying party receiving the assertion. - - A valid, discoverable OpenID Identifier that should be used as the value for the - openid.claimed_id and openid.local_id parameters. Must not be null. - - - - - Determines whether a given identifier is the primary (non-PPID) local identifier for some user. - - The identifier in question. - - true if the given identifier is the valid, unique identifier for some uesr (and NOT a PPID); otherwise, false. - - - - - Code contract for the type. - - - - - Initializes a new instance of the class. - - - - - Adds an extension to the response to send to the relying party. - - The extension to add to the response message. - - - - Removes any response extensions previously added using . - - - This should be called before sending a negative response back to the relying party - if extensions were already added, since negative responses cannot carry extensions. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Attempts to perform relying party discovery of the return URL claimed by the Relying Party. - - The OpenIdProvider that is performing the RP discovery. - - The details of how successful the relying party discovery was. - - - Return URL verification is only attempted if this method is called. - See OpenID Authentication 2.0 spec section 9.2.1. - - - - - Gets the version of OpenID being used by the relying party that sent the request. - - - - - Gets the URL the consumer site claims to use as its 'base' address. - - - - - Gets a value indicating whether the consumer demands an immediate response. - If false, the consumer is willing to wait for the identity provider - to authenticate the user. - - - - - Gets or sets the provider endpoint. - - - The default value is the URL that the request came in on from the relying party. - - - - - Gets or sets the security settings that apply to this request. - - - Defaults to the on the . - - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - An interface that a Provider site may implement in order to better - control error reporting. - - - - - Logs the details of an exception for later reference in diagnosing the problem. - - The exception that was generated from the error. - - A unique identifier for this particular error that the remote party can - reference when contacting for help with this error. - May be null. - - - The implementation of this method should never throw an unhandled exception - as that would preclude the ability to send the error response to the remote - party. When this method is not implemented, it should return null rather - than throwing . - - - - - Gets the message that can be sent in an error response - with information on who the remote party can contact - for help resolving the error. - - - The contact address may take any form, as it is intended to be displayed to a person. - - - - - A hybrid of all the store interfaces that a Provider requires in order - to operate in "smart" mode. - - - - - Code contract for the type. - - - - - Initializes a new instance of the class. - - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - - - - Called when a request is received by the Provider. - - The incoming request. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - - Implementations may set a new value to but - should not change the properties on the instance of - itself as that instance may be shared across many requests. - - - - - Called when the Provider is preparing to send a response to an authentication request. - - The request that is configured to generate the outgoing response. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - - - - Code contract for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Adds an extension to the response to send to the relying party. - - The extension to add to the response message. - - - - Removes any response extensions previously added using . - - - This should be called before sending a negative response back to the relying party - if extensions were already added, since negative responses cannot carry extensions. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Gets an extension sent from the relying party. - - The type of the extension. - - An instance of the extension initialized with values passed in with the request. - - - - - Gets or sets the security settings that apply to this request. - - - Defaults to the on the . - - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - An OpenID Provider control that automatically responds to certain - automated OpenID messages, and routes authentication requests to - custom code via an event handler. - - - - - The key used to store the pending authentication request in the ASP.NET session. - - - - - The default value for the property. - - - - - The view state key in which to store the value of the property. - - - - - Backing field for the property. - - - - - The lock that must be obtained when initializing the provider field. - - - - - Sends the response for the and clears the property. - - - - - Checks for incoming OpenID requests, responds to ones it can - respond to without policy checks, and fires events for custom - handling of the ones it cannot decide on automatically. - - The object that contains the event data. - e != null - - - - Fires the event. - - The request to include in the event args. - - - - Fires the event. - - The request to include in the event args. - - true if there were any anonymous request handlers. - - - - Creates the default OpenIdProvider to use. - - The new instance of OpenIdProvider. - Contract.Result<OpenIdProvider>() != null - - - - Fired when an incoming OpenID request is an authentication challenge - that must be responded to by the Provider web site according to its - own user database and policies. - - - - - Fired when an incoming OpenID message carries extension requests - but is not regarding any OpenID identifier. - - - - - Gets or sets the instance to use for all instances of this control. - - The default value is an instance initialized according to the web.config file. - - Contract.Result<OpenIdProvider>() != null - - - value != null - - value == null - - - - Gets or sets an incoming OpenID authentication request that has not yet been responded to. - - - This request is stored in the ASP.NET Session state, so it will survive across - redirects, postbacks, and transfers. This allows you to authenticate the user - yourself, and confirm his/her desire to authenticate to the relying party site - before responding to the relying party's authentication request. - - - HttpContext.Current != null - HttpContext.Current.Session != null - Contract.Result<IAuthenticationRequest>() == null || PendingRequest != null - - HttpContext.Current == null - HttpContext.Current.Session == null - - HttpContext.Current != null - HttpContext.Current.Session != null - - HttpContext.Current == null - HttpContext.Current.Session == null - - - - Gets or sets an incoming OpenID anonymous request that has not yet been responded to. - - - This request is stored in the ASP.NET Session state, so it will survive across - redirects, postbacks, and transfers. This allows you to authenticate the user - yourself, and confirm his/her desire to provide data to the relying party site - before responding to the relying party's request. - - - HttpContext.Current != null - HttpContext.Current.Session != null - Contract.Result<IAnonymousRequest>() == null || PendingRequest != null - - HttpContext.Current == null - HttpContext.Current.Session == null - - HttpContext.Current != null - HttpContext.Current.Session != null - - HttpContext.Current == null - HttpContext.Current.Session == null - - - - Gets or sets an incoming OpenID request that has not yet been responded to. - - - This request is stored in the ASP.NET Session state, so it will survive across - redirects, postbacks, and transfers. This allows you to authenticate the user - yourself, and confirm his/her desire to provide data to the relying party site - before responding to the relying party's request. - - - HttpContext.Current != null - HttpContext.Current.Session != null - - HttpContext.Current == null - HttpContext.Current.Session == null - - HttpContext.Current != null - HttpContext.Current.Session != null - - HttpContext.Current == null - HttpContext.Current.Session == null - - - - Gets or sets a value indicating whether or not this control should - be listening for and responding to incoming OpenID requests. - - - - - The result codes that may be returned from an attempt at relying party discovery. - - - - - Relying Party discovery failed to find an XRDS document or the document was invalid. - - - This can happen either when a relying party does not offer a service document at all, - or when a man-in-the-middle attack is in progress that prevents the Provider from being - able to discover that document. - - - - - Relying Party discovery yielded a valid XRDS document, but no matching return_to URI was found. - - - This is perhaps the most dangerous rating for a relying party, since it suggests that - they are implementing OpenID 2.0 securely, but that a hijack operation may be in progress. - - - - - Relying Party discovery succeeded, and a matching return_to URI was found. - - - - - Code contract for the class. - - - - - Prevents a default instance of the class from being created. - - - - - Gets a value indicating whether the response is ready to be sent to the user agent. - - - This property returns false if there are properties that must be set on this - request instance before the response can be sent. - - - - - Gets the response message, once is true. - - - - - An in-memory store for Providers, suitable for single server, single process - ASP.NET web sites. - - - This class provides only a basic implementation that is likely to work - out of the box on most single-server web sites. It is highly recommended - that high traffic web sites consider using a database to store the information - used by an OpenID Provider and write a custom implementation of the - interface to use instead of this - class. - - - - - The nonce store to use. - - - - - The association store to use. - - - - - Initializes a new instance of the class. - - - - - Saves an for later recall. - - The Uri (for relying parties) or Smart/Dumb (for providers). - The association to store. - - - - Gets the best association (the one with the longest remaining life) for a given key. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The security requirements that the returned association must meet. - - The requested association, or null if no unexpired s exist for the given key. - - - In the event that multiple associations exist for the given - , it is important for the - implementation for this method to use the - to pick the best (highest grade or longest living as the host's policy may dictate) - association that fits the security requirements. - Associations that are returned that do not meet the security requirements will be - ignored and a new association created. - - - - - Gets the association for a given key and handle. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be recalled. - - The requested association, or null if no unexpired s exist for the given key and handle. - - - - - Removes a specified handle that may exist in the store. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be deleted. - - True if the association existed in this store previous to this call. - - - No exception should be thrown if the association does not exist in the store - before this call. - - - - - Stores a given nonce and timestamp. - - The context, or namespace, within which the must be unique. - A series of random characters. - The timestamp that together with the nonce string make it unique. - The timestamp may also be used by the data store to clear out old nonces. - - True if the nonce+timestamp (combination) was not previously in the database. - False if the nonce was stored previously with the same timestamp. - - - The nonce must be stored for no less than the maximum time window a message may - be processed within before being discarded as an expired message. - If the binding element is applicable to your channel, this expiration window - is retrieved or set using the - property. - - - - - A trust root to validate requests and match return URLs against. - - - This fills the OpenID Authentication 2.0 specification for realms. - See http://openid.net/specs/openid-authentication-2_0.html#realms - - this.uri != null - this.uri.AbsoluteUri != null - - - - A regex used to detect a wildcard that is being used in the realm. - - - - - A (more or less) comprehensive list of top-level (i.e. ".com") domains, - for use by in order to disallow overly-broad realms - that allow all web sites ending with '.com', for example. - - - - - The Uri of the realm, with the wildcard (if any) removed. - - - - - Initializes a new instance of the class. - - The realm URL to use in the new instance. - realmUrl != null - realmUrl == null - - - - Initializes a new instance of the class. - - The realm URL of the Relying Party. - realmUrl != null - realmUrl == null - - - - Initializes a new instance of the class. - - The realm URI builder. - - This is useful because UriBuilder can construct a host with a wildcard - in the Host property, but once there it can't be converted to a Uri. - - - - - Implicitly converts the string-form of a URI to a object. - - The URI that the new Realm instance will represent. - The result of the conversion. - (Contract.Result<Realm>() != null) == (uri != null) - - - - Implicitly converts a to a object. - - The URI to convert to a realm. - The result of the conversion. - (Contract.Result<Realm>() != null) == (uri != null) - - - - Implicitly converts a object to its form. - - The realm to convert to a string value. - The result of the conversion. - (Contract.Result<string>() != null) == (realm != null) - - - - Checks whether one is equal to another. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Returns the hash code used for storing this object in a hash table. - - - A hash code for the current . - - - - - Returns the string form of this . - - - A that represents the current . - - Contract.Result<string>() != null - - - - Validates a URL against this trust root. - - A string specifying URL to check. - Whether the given URL is within this trust root. - - - - Validates a URL against this trust root. - - The URL to check. - Whether the given URL is within this trust root. - - - - Searches for an XRDS document at the realm URL, and if found, searches - for a description of a relying party endpoints (OpenId login pages). - - The mechanism to use for sending HTTP requests. - Whether redirects may be followed when discovering the Realm. - This may be true when creating an unsolicited assertion, but must be - false when performing return URL verification per 2.0 spec section 9.2.1. - - The details of the endpoints if found; or null if no service document was discovered. - - - - - Searches for an XRDS document at the realm URL. - - The mechanism to use for sending HTTP requests. - Whether redirects may be followed when discovering the Realm. - This may be true when creating an unsolicited assertion, but must be - false when performing return URL verification per 2.0 spec section 9.2.1. - - The XRDS document if found; or null if no service document was discovered. - - - - - Calls if the argument is non-null. - Otherwise throws . - - The realm URI builder. - The result of UriBuilder.ToString() - - This simple method is worthwhile because it checks for null - before dereferencing the UriBuilder. Since this is called from - within a constructor's base(...) call, this avoids a - when we should be throwing an . - - realmUriBuilder != null - realmUriBuilder == null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the suggested realm to use for the calling web application. - - A realm that matches this applications root URL. - - For most circumstances the Realm generated by this property is sufficient. - However a wildcard Realm, such as "http://*.microsoft.com/" may at times be more - desirable than "http://www.microsoft.com/" in order to allow identifier - correlation across related web sites for directed identity Providers. - Requires an HttpContext.Current context. - - - HttpContext.Current != null && HttpContext.Current.Request != null - Contract.Result<Realm>() != null - - HttpContext.Current == null || HttpContext.Current.Request == null - - - - Gets a value indicating whether a '*.' prefix to the hostname is - used in the realm to allow subdomains or hosts to be added to the URL. - - - - - Gets the host component of this instance. - - - - - Gets the scheme name for this URI. - - - - - Gets the port number of this URI. - - - - - Gets the absolute path of the URI. - - - - - Gets the System.Uri.AbsolutePath and System.Uri.Query properties separated - by a question mark (?). - - - - - Gets the original string. - - The original string. - - - - Gets the realm URL. If the realm includes a wildcard, it is not included here. - - - - - Gets the Realm discovery URL, where the wildcard (if present) is replaced with "www.". - - - See OpenID 2.0 spec section 9.2.1 for the explanation on the addition of - the "www" prefix. - - - - - Gets a value indicating whether this realm represents a reasonable (sane) set of URLs. - - - 'http://*.com/', for example is not a reasonable pattern, as it cannot meaningfully - specify the site claiming it. This function attempts to find many related examples, - but it can only work via heuristics. Negative responses from this method should be - treated as advisory, used only to alert the user to examine the trust root carefully. - - - - - A description of some OpenID Relying Party endpoint. - - - This is an immutable type. - - - - - Initializes a new instance of the class. - - The return to. - - The Type URIs of supported services advertised on a relying party's XRDS document. - - returnTo != null - returnTo == null - supportedServiceTypeUris != null - supportedServiceTypeUris == null - - - - Derives the highest OpenID protocol that this library and the OpenID Provider have - in common. - - The supported service type URIs. - The best OpenID protocol version to use when communicating with this Provider. - - - - Gets the URL to the login page on the discovered relying party web site. - - - - - Gets the OpenId protocol that the discovered relying party supports. - - - - - Diffie-Hellman encryption methods used by both the relying party and provider. - - - - - An array of known Diffie Hellman sessions, sorted by decreasing hash size. - - - - - Finds the hashing algorithm to use given an openid.session_type value. - - The protocol version of the message that named the session_type to be used. - The value of the openid.session_type parameter. - The hashing algorithm to use. - Thrown if no match could be found for the given . - protocol != null - protocol == null - sessionType != null - sessionType == null - - - - Looks up the value to be used for the openid.session_type parameter. - - The protocol version that is to be used. - The hash size (in bits) that the DH session must have. - The value to be used for the openid.session_type parameter, or null if no match was found. - protocol != null - protocol == null - - - - Encrypts/decrypts a shared secret. - - The hashing algorithm that is agreed by both parties to use as part of the secret exchange. - - If the secret is being encrypted, this is the new Diffie Hellman object to use. - If the secret is being decrypted, this must be the same Diffie Hellman object used to send the original request message. - - The public key of the remote party. - The secret to encode, or the encoded secret. Whichever one is given will generate the opposite in the return value. - - The encrypted version of the secret if the secret itself was given in . - The secret itself if the encrypted version of the secret was given in . - - hasher != null - hasher == null - dh != null - dh == null - remotePublicKey != null - remotePublicKey == null - plainOrEncryptedSecret != null - plainOrEncryptedSecret == null - - - - Ensures that the big integer represented by a given series of bytes - is a positive integer. - - The bytes that make up the big integer. - - A byte array (possibly new if a change was required) whose - integer is guaranteed to be positive. - - - This is to be consistent with OpenID spec section 4.2. - - inputBytes != null - inputBytes == null - - - - Provides access to a Diffie-Hellman session algorithm and its name. - - - - - Initializes a new instance of the class. - - The hashing algorithm used in this particular Diffie-Hellman session type. - A function that will return the value of the openid.session_type parameter for a given version of OpenID. - algorithm != null - algorithm == null - getName != null - getName == null - - - - Gets the function that will return the value of the openid.session_type parameter for a given version of OpenID. - - - - - Gets the hashing algorithm used in this particular Diffie-Hellman session type - - - - - Defines the different Diffie-Hellman key generation methods. - - - - - Returns dynamically generated values for P and G. Unlike the Sophie Germain or DSA key generation methods, - this method does not ensure that the selected prime offers an adequate security level. - - - - - Returns values for P and G that are hard coded in this library. Contrary to what your intuition may tell you, - using these hard coded values is perfectly safe. - The values of the P and G parameters are taken from 'The OAKLEY Key Determination Protocol' [RFC2412]. - This is the prefered key generation method, because it is very fast and very safe. - Because this method uses fixed values for the P and G parameters, not all bit sizes are supported. - The current implementation supports bit sizes of 768, 1024 and 1536. - - - - - Represents the parameters of the Diffie-Hellman algorithm. - - - - - Represents the public P parameter of the Diffie-Hellman algorithm. - - - - - Represents the public G parameter of the Diffie-Hellman algorithm. - - - - - Represents the private X parameter of the Diffie-Hellman algorithm. - - - - - Defines a base class from which all Diffie-Hellman implementations inherit. - - - - - Creates an instance of the default implementation of the algorithm. - - A new instance of the default implementation of DiffieHellman. - - - - Creates an instance of the specified implementation of . - - The name of the implementation of DiffieHellman to use. - A new instance of the specified implementation of DiffieHellman. - - - - Initializes a new instance. - - - - - When overridden in a derived class, creates the key exchange data. - - The key exchange data to be sent to the intended recipient. - - - - When overridden in a derived class, extracts secret information from the key exchange data. - - The key exchange data within which the secret information is hidden. - The secret information derived from the key exchange data. - - - - When overridden in a derived class, exports the . - - - true to include private parameters; otherwise, false. - The parameters for Diffie-Hellman. - - - - When overridden in a derived class, imports the specified . - - The parameters for Diffie-Hellman. - - - - Reconstructs a object from an XML string. - - The XML string to use to reconstruct the DiffieHellman object. - One of the values in the XML string is invalid. - - - - Creates and returns an XML string representation of the current object. - - - true to include private parameters; otherwise, false. - An XML string encoding of the current DiffieHellman object. - - - - Implements the Diffie-Hellman algorithm. - - - - - Initializes a new instance. - - The default length of the shared secret is 1024 bits. - - - - Initializes a new instance. - - The length, in bits, of the public P parameter. - The length, in bits, of the secret value X. This parameter can be set to 0 to use the default size. - One of the values. - The larger the bit length, the more secure the algorithm is. The default is 1024 bits. The minimum bit length is 128 bits.
The size of the private value will be one fourth of the bit length specified. - The specified bit length is invalid. - - - - Initializes a new instance. - - The P parameter of the Diffie-Hellman algorithm. This is a public parameter. - The G parameter of the Diffie-Hellman algorithm. This is a public parameter. - The X parameter of the Diffie-Hellman algorithm. This is a private parameter. If this parameters is a null reference (Nothing in Visual Basic), a secret value of the default size will be generated. - - or is a null reference (Nothing in Visual Basic). - - or is invalid. - - - - Initializes a new instance. - - The P parameter of the Diffie-Hellman algorithm. - The G parameter of the Diffie-Hellman algorithm. - The length, in bits, of the private value. If 0 is specified, the default value will be used. - - or is a null reference (Nothing in Visual Basic). - - is invalid. - - or is invalid. - - - - Creates the key exchange data. - - The key exchange data to be sent to the intended recipient. - - - - Extracts secret information from the key exchange data. - - The key exchange data within which the shared key is hidden. - The shared key derived from the key exchange data. - - - - Releases the unmanaged resources used by the SymmetricAlgorithm and optionally releases the managed resources. - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Exports the . - - - true to include private parameters; otherwise, false. - The parameters for . - - - - Imports the specified . - - The parameters for . - - parameters.P or parameters.G is a null reference (Nothing in Visual Basic) -or- parameters.P is not a prime number. - - - - Releases the unmanaged resources used by the SymmetricAlgorithm. - - - - - Gets the name of the key exchange algorithm. - - The name of the key exchange algorithm. - - - - Gets the name of the signature algorithm. - - The name of the signature algorithm. - - - - Default length of a BigInteger in bytes - - - - - The Length of this BigInteger - - - - - The data for this BigInteger - - - - - Table of primes below 2000. - - - - This table was generated using Mathematica 4.1 using the following function: - - - - PrimeTable [x_] := Prime [Range [1, PrimePi [x]]] - PrimeTable [6000] - - - - - - - Generates a new, random BigInteger of the specified length. - - The number of bits for the new number. - A random number generator to use to obtain the bits. - A random number of the specified length. - - - - Generates a new, random BigInteger of the specified length using the default RNG crypto service provider. - - The number of bits for the new number. - A random number of the specified length. - - - - Randomizes the bits in "this" from the specified RNG. - - A RNG. - - - - Randomizes the bits in "this" from the default RNG. - - - - - Tests if the specified bit is 1. - - The bit to test. The least significant bit is 0. - True if bitNum is set to 1, else false. - - - - Normalizes this by setting the length to the actual number of - uints used in data and by setting the sign to Sign.Zero if the - value of this is 0. - - - - - Generates the smallest prime >= bi - - A BigInteger - The smallest prime >= bi. More mathematically, if bi is prime: bi, else Prime [PrimePi [bi] + 1]. - - - - Increments this by two - - - - - Low level functions for the BigInteger - - - - - Adds two numbers with the same sign. - - A BigInteger - A BigInteger - bi1 + bi2 - - - - Compares two BigInteger - - A BigInteger - A BigInteger - The sign of bi1 - bi2 - - - - Performs n / d and n % d in one operation. - - A BigInteger, upon exit this will hold n / d - The divisor - n % d - - - - Multiplies the data in x [xOffset:xOffset+xLen] by - y [yOffset:yOffset+yLen] and puts it into - d [dOffset:dOffset+xLen+yLen]. - - - - - Multiplies the data in x [xOffset:xOffset+xLen] by - y [yOffset:yOffset+yLen] and puts the low mod words into - d [dOffset:dOffset+mod]. - - - - - A factor of confidence. - - - - - Only suitable for development use, probability of failure may be greater than 1/2^20. - - - - - Suitable only for transactions which do not require forward secrecy. Probability of failure about 1/2^40 - - - - - Designed for production use. Probability of failure about 1/2^80. - - - - - Suitable for sensitive data. Probability of failure about 1/2^160. - - - - - Use only if you have lots of time! Probability of failure about 1/2^320. - - - - - Only use methods which generate provable primes. Not yet implemented. - - - - - Finds the next prime after a given number. - - - - - Performs primality tests on bi, assumes trial division has been done. - - A BigInteger that has been subjected to and passed trial division - False if bi is composite, true if it may be prime. - The speed of this method is dependent on Confidence - - - - Probabilistic prime test based on Rabin-Miller's test - - - - The number to test. - - - - - The number of chosen bases. The test has at least a - 1/4^confidence chance of falsely returning True. - - - - - True if "this" is a strong pseudoprime to randomly chosen bases. - - - False if "this" is definitely NOT prime. - - - - - - An association that uses the HMAC-SHA family of algorithms for message signing. - - - - - The default lifetime of a shared association when no lifetime is given - for a specific association type. - - - - - A list of HMAC-SHA algorithms in order of decreasing bit lengths. - - - - - The specific variety of HMAC-SHA this association is based on (whether it be HMAC-SHA1, HMAC-SHA256, etc.) - - - - - Initializes a new instance of the class. - - The specific variety of HMAC-SHA this association is based on (whether it be HMAC-SHA1, HMAC-SHA256, etc.) - The association handle. - The association secret. - The time duration the association will be good for. - typeIdentity != null - typeIdentity == null - !String.IsNullOrEmpty(handle) - String.IsNullOrEmpty(handle) - secret != null - secret == null - totalLifeLength > TimeSpan.Zero - totalLifeLength <= TimeSpan.Zero - this.TotalLifeLength == totalLifeLength - - - - Creates an HMAC-SHA association. - - The OpenID protocol version that the request for an association came in on. - The value of the openid.assoc_type parameter. - The association handle. - The association secret. - How long the association will be good for. - The newly created association. - protocol != null - protocol == null - !String.IsNullOrEmpty(associationType) - String.IsNullOrEmpty(associationType) - secret != null - secret == null - Contract.Result<HmacShaAssociation>() != null - - - - Creates an association with the specified handle, secret, and lifetime. - - The handle. - The secret. - Total lifetime. - The newly created association. - !String.IsNullOrEmpty(handle) - String.IsNullOrEmpty(handle) - secret != null - secret == null - Contract.Result<HmacShaAssociation>() != null - - - - Returns the length of the shared secret (in bytes). - - The protocol version being used that will be used to lookup the text in - The value of the protocol argument specifying the type of association. For example: "HMAC-SHA1". - The length (in bytes) of the association secret. - Thrown if no association can be found by the given name. - - - - Creates a new association of a given type. - - The protocol. - Type of the association (i.e. HMAC-SHA1 or HMAC-SHA256) - A value indicating whether the new association will be used privately by the Provider for "dumb mode" authentication - or shared with the Relying Party for "smart mode" authentication. - The security settings of the Provider. - The newly created association. - - The new association is NOT automatically put into an association store. This must be done by the caller. - - protocol != null - protocol == null - !String.IsNullOrEmpty(associationType) - String.IsNullOrEmpty(associationType) - securitySettings != null - securitySettings == null - Contract.Result<HmacShaAssociation>() != null - - - - Looks for the first association type in a preferred-order list that is - likely to be supported given a specific OpenID version and the security settings, - and perhaps a matching Diffie-Hellman session type. - - The OpenID version that dictates which associations are available. - A value indicating whether to consider higher strength security to be better. Use true for initial association requests from the Relying Party; use false from Providers when the Relying Party asks for an unrecognized association in order to pick a suggested alternative that is likely to be supported on both sides. - The set of requirements the selected association type must comply to. - Use true for HTTP associations, false for HTTPS associations. - The resulting association type's well known protocol name. (i.e. HMAC-SHA256) - The resulting session type's well known protocol name, if a matching one is available. (i.e. DH-SHA256) - - True if a qualifying association could be found; false otherwise. - - protocol != null - protocol == null - securityRequirements != null - securityRequirements == null - - - - Determines whether a named Diffie-Hellman session type and association type can be used together. - - The protocol carrying the names of the session and association types. - The value of the openid.assoc_type parameter. - The value of the openid.session_type parameter. - - true if the named association and session types are compatible; otherwise, false. - - protocol != null - protocol == null - !String.IsNullOrEmpty(associationType) - String.IsNullOrEmpty(associationType) - sessionType != null - sessionType == null - - - - Gets the string to pass as the assoc_type value in the OpenID protocol. - - The protocol version of the message that the assoc_type value will be included in. - - The value that should be used for the openid.assoc_type parameter. - - - protocol != null - protocol == null - - - - Returns the specific hash algorithm used for message signing. - - - The hash algorithm used for message signing. - - - Contract.Result<HashAlgorithm>() != null - - - - Gets the length (in bits) of the hash this association creates when signing. - - - Contract.Result<int>() > 0 - - - - - Provides information about some HMAC-SHA hashing algorithm that OpenID supports. - - - - - Gets or sets the function that takes a particular OpenID version and returns the value of the openid.assoc_type parameter in that protocol. - - - - - Gets or sets a function that will create the using a given shared secret for the mac. - - - - - Gets or sets the base hash algorithm. - - - - - Gets the size of the hash (in bytes). - - - - - An enumeration that can specify how a given is used. - - - - - The manages a shared secret between - Provider and Relying Party sites that allows the RP to verify - the signature on a message from an OP. - - - - - The manages a secret known alone by - a Provider that allows the Provider to verify its own signatures - for "dumb" (stateless) relying parties. - - - - - Represents an association request that is sent using HTTPS and otherwise communicates the shared secret in plain text. - - - - - An OpenID direct request from Relying Party to Provider to initiate an association. - - - - - Initializes a new instance of the class. - - The OpenID version this message must comply with. - The OpenID Provider endpoint. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Creates an association request message that is appropriate for a given Provider. - - The set of requirements the selected association type must comply to. - The provider to create an association with. - - The message to send to the Provider to request an association. - Null if no association could be created that meet the security requirements - and the provider OpenID version. - - securityRequirements != null - securityRequirements == null - provider != null - provider == null - - - - Creates an association request message that is appropriate for a given Provider. - - The set of requirements the selected association type must comply to. - The provider to create an association with. - Type of the association. - Type of the session. - - The message to send to the Provider to request an association. - Null if no association could be created that meet the security requirements - and the provider OpenID version. - - securityRequirements != null - securityRequirements == null - provider != null - provider == null - !String.IsNullOrEmpty(associationType) - String.IsNullOrEmpty(associationType) - sessionType != null - sessionType == null - - - - Creates a Provider's response to an incoming association request. - - The association store where a new association (if created) will be stored. Must not be null. - The security settings on the Provider. - - The appropriate association response that is ready to be sent back to the Relying Party. - - - If an association is created, it will be automatically be added to the provided - association store. - Successful association response messages will derive from . - Failed association response messages will derive from . - - associationStore != null - associationStore == null - securitySettings != null - securitySettings == null - - - - Creates a Provider's response to an incoming association request. - - - The appropriate association response message. - - - If an association can be successfully created, the - method must not be - called by this method. - Successful association response messages will derive from . - Failed association response messages will derive from . - - - - - Creates a response that notifies the Relying Party that the requested - association type is not supported by this Provider, and offers - an alternative association type, if possible. - - The security settings that apply to this Provider. - The response to send to the Relying Party. - securitySettings != null - securitySettings == null - - - - Gets or sets the preferred association type. The association type defines the algorithm to be used to sign subsequent messages. - - Value: A valid association type from Section 8.3. - - - - Gets or sets the preferred association session type. This defines the method used to encrypt the association's MAC key in transit. - - Value: A valid association session type from Section 8.4 (Association Session Types). - Note: Unless using transport layer encryption, "no-encryption" MUST NOT be used. - - - - Initializes a new instance of the class. - - The OpenID version this message must comply with. - The OpenID Provider endpoint. - - - - Checks the message state for conformity to the protocol specification - and throws an exception if the message is invalid. - - - Some messages have required fields, or combinations of fields that must relate to each other - in specialized ways. After deserializing a message, this method checks the state of the - message to see if it conforms to the protocol. - Note that this property should not check signatures or perform any state checks - outside this scope of this particular message. - - Thrown if the message is invalid. - - - - Creates a Provider's response to an incoming association request. - - - The appropriate association response message. - - - If an association can be successfully created, the - method must not be - called by this method. - Successful association response messages will derive from . - Failed association response messages will derive from . - - - - - Offers services for a web page that is acting as an OpenID identity server. - - - - - The name of the key to use in the HttpApplication cache to store the - instance of to use. - - - - - Backing store for the property. - - - - - Backing field for the property. - - - - - The relying party used to perform discovery on identifiers being sent in - unsolicited positive assertions. - - - - - Initializes a new instance of the class. - - this.AssociationStore != null - this.SecuritySettings != null - this.Channel != null - - - - Initializes a new instance of the class. - - The application store to use. Cannot be null. - applicationStore != null - applicationStore == null - this.AssociationStore == applicationStore - this.SecuritySettings != null - this.Channel != null - - - - Initializes a new instance of the class. - - The association store to use. Cannot be null. - The nonce store to use. Cannot be null. - associationStore != null - associationStore == null - nonceStore != null - nonceStore == null - this.AssociationStore == associationStore - this.SecuritySettings != null - this.Channel != null - - - - Gets the incoming OpenID request if there is one, or null if none was detected. - - The request that the hosting Provider should possibly process and then transmit the response for. - - Requests may be infrastructural to OpenID and allow auto-responses, or they may - be authentication requests where the Provider site has to make decisions based - on its own user database and policies. - Requires an HttpContext.Current context. - - Thrown if HttpContext.Current == null. - Thrown if the incoming message is recognized but deviates from the protocol specification irrecoverably. - - - - Gets the incoming OpenID request if there is one, or null if none was detected. - - The incoming HTTP request to extract the message from. - - The request that the hosting Provider should process and then transmit the response for. - Null if no valid OpenID request was detected in the given HTTP request. - - - Requests may be infrastructural to OpenID and allow auto-responses, or they may - be authentication requests where the Provider site has to make decisions based - on its own user database and policies. - - Thrown if the incoming message is recognized - but deviates from the protocol specification irrecoverably. - httpRequestInfo != null - httpRequestInfo == null - - - - Sends the response to a received request. - - The incoming OpenID request whose response is to be sent. - Thrown by ASP.NET in order to prevent additional data from the page being sent to the client and corrupting the response. - - Requires an HttpContext.Current context. If one is not available, the caller should use - instead and manually send the - to the client. - - Thrown if is false. - HttpContext.Current != null - HttpContext.Current == null - request != null - request == null - request.IsResponseReady - !(request.IsResponseReady) - - - - Gets the response to a received request. - - The request. - The response that should be sent to the client. - Thrown if is false. - request != null - request == null - request.IsResponseReady - !(request.IsResponseReady) - - - - Sends an identity assertion on behalf of one of this Provider's - members in order to redirect the user agent to a relying party - web site and log him/her in immediately in one uninterrupted step. - - The absolute URL on the Provider site that receives OpenID messages. - The URL of the Relying Party web site. - This will typically be the home page, but may be a longer URL if - that Relying Party considers the scope of its realm to be more specific. - The URL provided here must allow discovery of the Relying Party's - XRDS document that advertises its OpenID RP endpoint. - The Identifier you are asserting your member controls. - The Identifier you know your user by internally. This will typically - be the same as . - The extensions. - HttpContext.Current != null - HttpContext.Current == null - providerEndpoint != null - providerEndpoint == null - providerEndpoint.IsAbsoluteUri - !(providerEndpoint.IsAbsoluteUri) - relyingPartyRealm != null - relyingPartyRealm == null - claimedIdentifier != null - claimedIdentifier == null - localIdentifier != null - localIdentifier == null - - - - Prepares an identity assertion on behalf of one of this Provider's - members in order to redirect the user agent to a relying party - web site and log him/her in immediately in one uninterrupted step. - - The absolute URL on the Provider site that receives OpenID messages. - The URL of the Relying Party web site. - This will typically be the home page, but may be a longer URL if - that Relying Party considers the scope of its realm to be more specific. - The URL provided here must allow discovery of the Relying Party's - XRDS document that advertises its OpenID RP endpoint. - The Identifier you are asserting your member controls. - The Identifier you know your user by internally. This will typically - be the same as . - The extensions. - - A object describing the HTTP response to send - the user agent to allow the redirect with assertion to happen. - - providerEndpoint != null - providerEndpoint == null - providerEndpoint.IsAbsoluteUri - !(providerEndpoint.IsAbsoluteUri) - relyingPartyRealm != null - relyingPartyRealm == null - claimedIdentifier != null - claimedIdentifier == null - localIdentifier != null - localIdentifier == null - this.Channel.WebRequestHandler != null - this.Channel.WebRequestHandler == null - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Applies all behaviors to the response message. - - The request. - - - - Prepares the return value for the GetRequest method in the event of an exception. - - The exception that forms the basis of the error response. Must not be null. - The incoming HTTP request. Must not be null. - The incoming message. May be null in the case that it was malformed. - - Either the to return to the host site or null to indicate no response could be reasonably created and that the caller should rethrow the exception. - - ex != null - ex == null - httpRequestInfo != null - httpRequestInfo == null - - - - Called by derived classes when behaviors are added or removed. - - The collection being modified. - The instance containing the event data. - - - - Gets the standard state storage mechanism that uses ASP.NET's - HttpApplication state dictionary to store associations and nonces. - - - HttpContext.Current != null && HttpContext.Current.Request != null - Contract.Result<IProviderApplicationStore>() != null - - HttpContext.Current == null || HttpContext.Current.Request == null - - - - Gets the channel to use for sending/receiving messages. - - - - - Gets the security settings used by this Provider. - - - Contract.Result<ProviderSecuritySettings>() != null - - - value != null - - value == null - - - - Gets the extension factories. - - - - - Gets or sets the mechanism a host site can use to receive - notifications of errors when communicating with remote parties. - - - - - Gets a list of custom behaviors to apply to OpenID actions. - - - Adding behaviors can impact the security settings of the - in ways that subsequently removing the behaviors will not reverse. - - - - - Gets the list of services that can perform discovery on identifiers given to this relying party. - - - - - Gets the association store. - - - - - Gets the web request handler to use for discovery and the part of - authentication where direct messages are sent to an untrusted remote party. - - - - - Gets the relying party used for discovery of identifiers sent in unsolicited assertions. - - - - - An OpenID direct request from Relying Party to Provider to initiate an association that uses Diffie-Hellman encryption. - - - - - The (only) value we use for the X variable in the Diffie-Hellman algorithm. - - - - - The default gen value for the Diffie-Hellman algorithm. - - - - - The default modulus value for the Diffie-Hellman algorithm. - - - - - Initializes a new instance of the class. - - The OpenID version this message must comply with. - The OpenID Provider endpoint. - - - - Called by the Relying Party to initialize the Diffie-Hellman algorithm and consumer public key properties. - - - - - Creates a Provider's response to an incoming association request. - - - The appropriate association response message. - - - If an association can be successfully created, the - method must not be - called by this method. - Successful association response messages will derive from . - Failed association response messages will derive from . - - - - - Gets or sets the openid.dh_modulus value. - - May be null if the default value given in the OpenID spec is to be used. - - - - Gets or sets the openid.dh_gen value. - - May be null if the default value given in the OpenID spec is to be used. - - - - Gets or sets the openid.dh_consumer_public value. - - - This property is initialized with a call to . - - - - - Gets the Diffie-Hellman algorithm. - - - This property is initialized with a call to . - - - - - The successful Diffie-Hellman association response message. - - - Association response messages are described in OpenID 2.0 section 8.2. This type covers section 8.2.3. - - - - - Initializes a new instance of the class. - - The OpenID version of the response message. - The originating request. - - - - Creates the association at relying party side after the association response has been received. - - The original association request that was already sent and responded to. - The newly created association. - - The resulting association is not added to the association store and must be done by the caller. - - request != null - request == null - - - - Creates the association at the provider side after the association request has been received. - - The association request. - The security settings of the Provider. - The newly created association. - - The response message is updated to include the details of the created association by this method, - but the resulting association is not added to the association store and must be done by the caller. - - request != null - request == null - securitySettings != null - securitySettings == null - - - - Gets or sets the Provider's Diffie-Hellman public key. - - btwoc(g ^ xb mod p) - - - - Gets or sets the MAC key (shared secret), encrypted with the secret Diffie-Hellman value. - - H(btwoc(g ^ (xa * xb) mod p)) XOR MAC key. H is either "SHA1" or "SHA256" depending on the session type. - - - - The successful unencrypted association response message. - - - Association response messages are described in OpenID 2.0 section 8.2. This type covers section 8.2.2. - - - - - Initializes a new instance of the class. - - The OpenID version of the response message. - The originating request. - - - - Called to create the Association based on a request previously given by the Relying Party. - - The prior request for an association. - The security settings of the Provider. - The created association. - - The caller will update this message's - and - - properties based on the returned by this method, but any other - association type specific properties must be set by this method. - The response message is updated to include the details of the created association by this method, - but the resulting association is not added to the association store and must be done by the caller. - - request != null - request == null - securitySettings != null - securitySettings == null - - - - Called to create the Association based on a request previously given by the Relying Party. - - The prior request for an association. - The created association. - request != null - request == null - - - - Gets or sets the MAC key (shared secret) for this association, Base 64 (Josefsson, S., “The Base16, Base32, and Base64 Data Encodings,” .) [RFC3548] encoded. - - - - - The Provider's response to a Relying Party that requested an association that the Provider does not support. - - - This message type described in OpenID 2.0 section 8.2.4. - - - - - A message sent from a Provider to a Relying Party in response to a direct message request that resulted in an error. - - - This message must be sent with an HTTP status code of 400. - This class satisfies OpenID 2.0 section 5.1.2.2. - - - - - Initializes a new instance of the class. - - The OpenID version of the response message. - The originating request. - - - - Gets the HTTP status code that the direct respones should be sent with. - - - - - - - - Gets the HTTP headers to add to the response. - - May be an empty collection, but must not be null. - - Contract.Result<WebHeaderCollection>() != null - - - - - Gets or sets a human-readable message indicating why the request failed. - - - - - Gets or sets the contact address for the administrator of the server. - - The contact address may take any form, as it is intended to be displayed to a person. - - - - Gets or sets a reference token, such as a support ticket number or a URL to a news blog, etc. - - - - - A hard-coded string indicating an error occurred. - - "unsupported-type" - - - - Initializes a new instance of the class. - - The OpenID version of the response message. - The originating request. - - - - Gets or sets an association type supported by the OP from Section 8.3 (Association Types). - - - - - Gets or sets a valid association session type from Section 8.4 (Association Session Types) that the OP supports. - - - - - A message sent from a Provider to a Relying Party in response to an indirect message request that resulted in an error. - - - This class satisfies OpenID 2.0 section 5.2.3. - - - - - Initializes a new instance of the class. - - The request that resulted in this error on the Provider. - - - - Initializes a new instance of the class. - - The OpenID version this message should comply with. - The recipient of this message. - - - - Gets or sets a human-readable message indicating why the request failed. - - - - - Gets or sets the contact address for the administrator of the server. - - The contact address may take any form, as it is intended to be displayed to a person. - - - - Gets or sets a reference token, such as a support ticket number or a URL to a news blog, etc. - - - - - Manages the establishment, storage and retrieval of associations at the relying party. - - - - - The storage to use for saving and retrieving associations. May be null. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - The channel the relying party is using. - The association store. May be null for dumb mode relying parties. - The security settings. - channel != null - channel == null - securitySettings != null - securitySettings == null - - - - Gets an association between this Relying Party and a given Provider - if it already exists in the association store. - - The provider to create an association with. - The association if one exists and has useful life remaining. Otherwise null. - provider != null - provider == null - - - - Gets an existing association with the specified Provider, or attempts to create - a new association of one does not already exist. - - The provider to get an association for. - The existing or new association; null if none existed and one could not be created. - - - - Creates a new association with a given Provider. - - The provider to create an association with. - - The newly created association, or null if no association can be created with - the given Provider given the current security settings. - - - A new association is created and returned even if one already exists in the - association store. - Any new association is automatically added to the . - - provider != null - provider == null - - - - Creates a new association with a given Provider. - - The provider to create an association with. - The associate request. May be null, which will always result in a null return value.. - The number of times to try the associate request again if the Provider suggests it. - - The newly created association, or null if no association can be created with - the given Provider given the current security settings. - - provider != null - provider == null - - - - Gets or sets the channel to use for establishing associations. - - The channel. - - value != null - - value == null - - - - Gets or sets the security settings to apply in choosing association types to support. - - - value != null - - value == null - - - - Gets a value indicating whether this instance has an association store. - - - true if the relying party can act in 'smart' mode; - false if the relying party must always act in 'dumb' mode. - - - - - Gets the storage to use for saving and retrieving associations. May be null. - - - - - Preferences regarding creation and use of an association between a relying party - and provider for authentication. - - - - - Indicates that an association should be created for use in authentication - if one has not already been established between the relying party and the - selected provider. - - - Even with this value, if an association attempt fails or the relying party - has no application store to recall associations, the authentication may - proceed without an association. - - - - - Indicates that an association should be used for authentication only if - it happens to already exist. - - - - - Indicates that an authentication attempt should NOT use an OpenID association - between the relying party and the provider, even if an association was previously - created. - - - - - Facilitates customization and creation and an authentication request - that a Relying Party is preparing to send. - - - - - Instances of this interface represent relying party authentication - requests that may be queried/modified in specific ways before being - routed to the OpenID Provider. - - - - - Makes a dictionary of key/value pairs available when the authentication is completed. - - The arguments to add to the request's return_to URI. Values must not be null. - - Note that these values are NOT protected against eavesdropping in transit. No - privacy-sensitive data should be stored using this method. - The values stored here can be retrieved using - , which will only return the value - if it can be verified as untampered with in transit. - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - arguments != null - arguments == null - arguments.Keys.All(k => !String.IsNullOrEmpty(k)) - !(arguments.Keys.All(k => !String.IsNullOrEmpty(k))) - arguments.Values.All(v => v != null) - !(arguments.Values.All(v => v != null)) - - - - Makes a key/value pair available when the authentication is completed. - - The parameter name. - The value of the argument. Must not be null. - - Note that these values are NOT protected against eavesdropping in transit. No - privacy-sensitive data should be stored using this method. - The value stored here can be retrieved using - , which will only return the value - if it can be verified as untampered with in transit. - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - value != null - value == null - - - - Makes a key/value pair available when the authentication is completed. - - The parameter name. - The value of the argument. Must not be null. - - Note that these values are NOT protected against eavesdropping in transit. No - security-sensitive data should be stored using this method. - The value stored here can be retrieved using - . - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - value != null - value == null - - - - Makes a key/value pair available when the authentication is completed without - requiring a return_to signature to protect against tampering of the callback argument. - - The parameter name. - The value of the argument. Must not be null. - - Note that these values are NOT protected against eavesdropping or tampering in transit. No - security-sensitive data should be stored using this method. - The value stored here can be retrieved using - . - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - value != null - value == null - - - - Adds an OpenID extension to the request directed at the OpenID provider. - - The initialized extension to add to the request. - extension != null - extension == null - - - - Redirects the user agent to the provider for authentication. - Execution of the current page terminates after this call. - - - This method requires an ASP.NET HttpContext. - - - - - Gets or sets the mode the Provider should use during authentication. - - - - - Gets the HTTP response the relying party should send to the user agent - to redirect it to the OpenID Provider to start the OpenID authentication process. - - - - - Gets the URL that the user agent will return to after authentication - completes or fails at the Provider. - - - - - Gets the URL that identifies this consumer web application that - the Provider will display to the end user. - - - Contract.Result<Realm>() != null - - - - - Gets the Claimed Identifier that the User Supplied Identifier - resolved to. Null if the user provided an OP Identifier - (directed identity). - - - Null is returned if the user is using the directed identity feature - of OpenID 2.0 to make it nearly impossible for a relying party site - to improperly store the reserved OpenID URL used for directed identity - as a user's own Identifier. - However, to test for the Directed Identity feature, please test the - property rather than testing this - property for a null value. - - - - - Gets a value indicating whether the authenticating user has chosen to let the Provider - determine and send the ClaimedIdentifier after authentication. - - - - - Gets or sets a value indicating whether this request only carries extensions - and is not a request to verify that the user controls some identifier. - - - true if this request is merely a carrier of extensions and is not - about an OpenID identifier; otherwise, false. - - - Although OpenID is first and primarily an authentication protocol, its extensions - can be interesting all by themselves. For instance, a relying party might want - to know that its user is over 21 years old, or perhaps a member of some organization. - OpenID extensions can provide this, without any need for asserting the identity of the user. - Constructing an OpenID request for only extensions can be done by calling - with any valid OpenID identifier - (claimed identifier or OP identifier). But once this property is set to true, - the claimed identifier value in the request is not included in the transmitted message. - It is anticipated that an RP would only issue these types of requests to OPs that - trusts to make assertions regarding the individual holding an account at that OP, so it - is not likely that the RP would allow the user to type in an arbitrary claimed identifier - without checking that it resolved to an OP endpoint the RP has on a trust whitelist. - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location. - - - Contract.Result<IProviderEndpoint>() != null - - - - - Gets the discovery result leading to the formulation of this request. - - The discovery result. - - Contract.Result<IdentifierDiscoveryResult>() != null - - - - - The name of the internal callback parameter to use to store the user-supplied identifier. - - - - - The relying party that created this request object. - - - - - How an association may or should be created or used in the formulation of the - authentication request. - - - - - The extensions that have been added to this authentication request. - - - - - Arguments to add to the return_to part of the query string, so that - these values come back to the consumer when the user agent returns. - - - - - A value indicating whether the return_to callback arguments must be signed. - - - This field defaults to false, but is set to true as soon as the first callback argument - is added that indicates it must be signed. At which point, all arguments are signed - even if individual ones did not need to be. - - - - - Initializes a new instance of the class. - - The endpoint that describes the OpenID Identifier and Provider that will complete the authentication. - The realm, or root URL, of the host web site. - The base return_to URL that the Provider should return the user to to complete authentication. This should not include callback parameters as these should be added using the method. - The relying party that created this instance. - discoveryResult != null - discoveryResult == null - realm != null - realm == null - returnToUrl != null - returnToUrl == null - relyingParty != null - relyingParty == null - - - - Makes a dictionary of key/value pairs available when the authentication is completed. - - The arguments to add to the request's return_to URI. - - Note that these values are NOT protected against eavesdropping in transit. No - privacy-sensitive data should be stored using this method. - The values stored here can be retrieved using - , which will only return the value - if it hasn't been tampered with in transit. - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - arguments != null - arguments == null - arguments.Keys.All(k => !String.IsNullOrEmpty(k)) - !(arguments.Keys.All(k => !String.IsNullOrEmpty(k))) - arguments.Values.All(v => v != null) - !(arguments.Values.All(v => v != null)) - - - - Makes a key/value pair available when the authentication is completed. - - The parameter name. - The value of the argument. - - Note that these values are NOT protected against eavesdropping in transit. No - privacy-sensitive data should be stored using this method. - The value stored here can be retrieved using - , which will only return the value - if it hasn't been tampered with in transit. - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - value != null - value == null - - - - Makes a key/value pair available when the authentication is completed. - - The parameter name. - The value of the argument. Must not be null. - - Note that these values are NOT protected against tampering in transit. No - security-sensitive data should be stored using this method. - The value stored here can be retrieved using - . - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - value != null - value == null - - - - Makes a key/value pair available when the authentication is completed without - requiring a return_to signature to protect against tampering of the callback argument. - - The parameter name. - The value of the argument. Must not be null. - - Note that these values are NOT protected against eavesdropping or tampering in transit. No - security-sensitive data should be stored using this method. - The value stored here can be retrieved using - . - Since the data set here is sent in the querystring of the request and some - servers place limits on the size of a request URL, this data should be kept relatively - small to ensure successful authentication. About 1.5KB is about all that should be stored. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - value != null - value == null - - - - Adds an OpenID extension to the request directed at the OpenID provider. - - The initialized extension to add to the request. - extension != null - extension == null - - - - Redirects the user agent to the provider for authentication. - Execution of the current page terminates after this call. - - - This method requires an ASP.NET HttpContext. - - Typically thrown by ASP.NET in order to prevent additional data from the page being sent to the client and corrupting the response. - - - - Performs identifier discovery, creates associations and generates authentication requests - on-demand for as long as new ones can be generated based on the results of Identifier discovery. - - The user supplied identifier. - The relying party. - The realm. - The return_to base URL. - if set to true, associations that do not exist between this Relying Party and the asserting Providers are created before the authentication request is created. - - A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier. - Never null, but may be empty. - - userSuppliedIdentifier != null - userSuppliedIdentifier == null - relyingParty != null - relyingParty == null - realm != null - realm == null - Contract.Result<IEnumerable<AuthenticationRequest>>() != null - - - - Creates an instance of FOR TESTING PURPOSES ONLY. - - The discovery result. - The realm. - The return to. - The relying party. - The instantiated . - - - - Creates the request message to send to the Provider, - based on the properties in this instance. - - The message to send to the Provider. - - - - Performs deferred request generation for the method. - - The user supplied identifier. - The relying party. - The realm. - The return_to base URL. - The discovered service endpoints on the Claimed Identifier. - if set to true, associations that do not exist between this Relying Party and the asserting Providers are created before the authentication request is created. - - A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier. - Never null, but may be empty. - - - All data validation and cleansing steps must have ALREADY taken place - before calling this method. - - - - - Returns a filtered and sorted list of the available OP endpoints for a discovered Identifier. - - The endpoints. - The relying party. - A filtered and sorted list of endpoints; may be empty if the input was empty or the filter removed all endpoints. - endpoints != null - endpoints == null - relyingParty != null - relyingParty == null - - - - Creates the request message to send to the Provider, - based on the properties in this instance. - - The message to send to the Provider. - - - - Gets the association to use for this authentication request. - - The association to use; null to use 'dumb mode'. - - - - Gets or sets the mode the Provider should use during authentication. - - - - - - Gets the HTTP response the relying party should send to the user agent - to redirect it to the OpenID Provider to start the OpenID authentication process. - - - - - - Gets the URL that the user agent will return to after authentication - completes or fails at the Provider. - - - - - - Gets the URL that identifies this consumer web application that - the Provider will display to the end user. - - - Contract.Result<Realm>() != null - - - - - Gets the Claimed Identifier that the User Supplied Identifier - resolved to. Null if the user provided an OP Identifier - (directed identity). - - - - Null is returned if the user is using the directed identity feature - of OpenID 2.0 to make it nearly impossible for a relying party site - to improperly store the reserved OpenID URL used for directed identity - as a user's own Identifier. - However, to test for the Directed Identity feature, please test the - property rather than testing this - property for a null value. - - - - - Gets a value indicating whether the authenticating user has chosen to let the Provider - determine and send the ClaimedIdentifier after authentication. - - - - - Gets or sets a value indicating whether this request only carries extensions - and is not a request to verify that the user controls some identifier. - - - true if this request is merely a carrier of extensions and is not - about an OpenID identifier; otherwise, false. - - - - - Gets information about the OpenId Provider, as advertised by the - OpenId discovery documents found at the - location. - - - Contract.Result<IProviderEndpoint>() != null - - - - - Gets the discovery result leading to the formulation of this request. - - The discovery result. - - Contract.Result<IdentifierDiscoveryResult>() != null - - - - - Gets or sets how an association may or should be created or used - in the formulation of the authentication request. - - - - - Gets the extensions that have been added to the request. - - - - - Gets the list of extensions for this request. - - - - - Indicates the mode the Provider should use while authenticating the end user. - - - - - The Provider should use whatever credentials are immediately available - to determine whether the end user owns the Identifier. If sufficient - credentials (i.e. cookies) are not immediately available, the Provider - should fail rather than prompt the user. - - - - - The Provider should determine whether the end user owns the Identifier, - displaying a web page to the user to login etc., if necessary. - - - - - An authentication request comparer that judges equality solely on the OP endpoint hostname. - - - - - The singleton instance of this comparer. - - - - - Prevents a default instance of the class from being created. - - - - - Determines whether the specified objects are equal. - - The first object to compare. - The second object to compare. - - true if the specified objects are equal; otherwise, false. - - - - - Returns a hash code for the specified object. - - The for which a hash code is to be returned. - A hash code for the specified object. - - The type of is a reference type and is null. - - - - - Gets the singleton instance of this comparer. - - - - - Information published about an OpenId Provider by the - OpenId discovery documents found at a user's Claimed Identifier. - - - Because information provided by this interface is suppplied by a - user's individually published documents, it may be incomplete or inaccurate. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - True if support for the extension is advertised. False otherwise. - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - True if support for the extension is advertised. False otherwise. - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets the detected version of OpenID implemented by the Provider. - - - Contract.Result<Version>() != null - - - - - Gets the URL that the OpenID Provider receives authentication requests at. - - - This value MUST be an absolute HTTP or HTTPS URL. - - - Contract.Result<Uri>() != null - - - - - Code contract for the type. - - - - - Prevents a default instance of the class from being created. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - - - - Gets the detected version of OpenID implemented by the Provider. - - - - - Gets the URL that the OpenID Provider receives authentication requests at. - - - - - Contract class for the interface. - - - - - Prevents a default instance of the class from being created. - - - - - Applies a well known set of security requirements to a default set of security settings. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - - - - Called when an authentication request is about to be sent. - - The request. - - Implementations should be prepared to be called multiple times on the same outgoing message - without malfunctioning. - - - - - Called when an incoming positive assertion is received. - - The positive assertion. - - - - Wraps a negative assertion response in an instance - for public consumption by the host web site. - - - - - An instance of this interface represents an identity assertion - from an OpenID Provider. It may be in response to an authentication - request previously put to it by a Relying Party site or it may be an - unsolicited assertion. - - - Relying party web sites should handle both solicited and unsolicited - assertions. This interface does not offer a way to discern between - solicited and unsolicited assertions as they should be treated equally. - - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available if they are complete and untampered with - since the original request message (as proven by a signature). - If the relying party is operating in stateless mode null is always - returned since the callback arguments could not be signed to protect against - tampering. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available if they are complete and untampered with - since the original request message (as proven by a signature). - If the relying party is operating in stateless mode an empty dictionary is always - returned since the callback arguments could not be signed to protect against - tampering. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - Contract.Result<IDictionary<string, string>>() != null - - - - Tries to get an OpenID extension that may be present in the response. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location, if available. - - - The Provider endpoint that issued the positive assertion; - or null if information about the Provider is unavailable. - - - - - Gets the details regarding a failed authentication attempt, if available. - This will be set if and only if is . - - - - - An interface to expose useful properties and functionality for handling - authentication responses that are returned from Immediate authentication - requests that require a subsequent request to be made in non-immediate mode. - - - - - Gets the to pass to - in a subsequent authentication attempt. - - - ((IAuthenticationResponse)this).Status == AuthenticationStatus.SetupRequired - - !(((IAuthenticationResponse)this).Status == AuthenticationStatus.SetupRequired) - - - - The negative assertion message that was received by the RP that was used - to create this instance. - - - - - Initializes a new instance of the class. - - The negative assertion response received by the Relying Party. - response != null - response == null - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - This may return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - This MAY return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - Contract.Result<IDictionary<string, string>>() != null - - - - Tries to get an OpenID extension that may be present in the response. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location. - - - The Provider endpoint that issued the positive assertion; - or null if information about the Provider is unavailable. - - - - - Gets the details regarding a failed authentication attempt, if available. - This will be set if and only if is . - - - - - - Gets the to pass to - in a subsequent authentication attempt. - - - - ((IAuthenticationResponse)this).Status == AuthenticationStatus.SetupRequired - - !(((IAuthenticationResponse)this).Status == AuthenticationStatus.SetupRequired) - - - - The event details passed to event handlers. - - - - - Initializes a new instance of the class - with minimal information of an incomplete or failed authentication attempt. - - The outgoing authentication request. - request != null - request == null - - - - Initializes a new instance of the class - with information on a completed authentication attempt - (whether that attempt was successful or not). - - The incoming authentication response. - response != null - response == null - - - - Gets or sets a value indicating whether to cancel - the OpenID authentication and/or login process. - - - - - Gets the Identifier the user is claiming to own. Or null if the user - is using Directed Identity. - - - - - Gets a value indicating whether the user has selected to let his Provider determine - the ClaimedIdentifier to use as part of successful authentication. - - - - - Gets the details of the OpenID authentication request, - and allows for adding extensions. - - - - - Gets the details of the OpenID authentication response. - - - - - Several ways that the relying party can direct the user to the Provider - to complete authentication. - - - - - A full browser window redirect will be used to send the - user to the Provider. - - - - - A popup window will be used to send the user to the Provider. - - - - - A popup window will be used to send the user to the Provider - if the Provider advertises support for the popup UI extension; - otherwise a standard redirect is used. - - - - - Wraps an extension-only response from the OP in an instance - for public consumption by the host web site. - - - - - Backin field for the property. - - - - - Information about the OP endpoint that issued this assertion. - - - - - Initializes a new instance of the class. - - The response message. - response != null - response == null - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available if they are complete and untampered with - since the original request message (as proven by a signature). - If the relying party is operating in stateless mode null is always - returned since the callback arguments could not be signed to protect against - tampering. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available if they are complete and untampered with - since the original request message (as proven by a signature). - If the relying party is operating in stateless mode an empty dictionary is always - returned since the callback arguments could not be signed to protect against - tampering. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available if they are complete and untampered with - since the original request message (as proven by a signature). - If the relying party is operating in stateless mode an empty dictionary is always - returned since the callback arguments could not be signed to protect against - tampering. - - Contract.Result<IDictionary<string, string>>() != null - - - - Tries to get an OpenID extension that may be present in the response. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location. - - - The Provider endpoint that issued the positive assertion; - or null if information about the Provider is unavailable. - - - - - Gets the details regarding a failed authentication attempt, if available. - This will be set if and only if is . - - - - - - Gets a value indicating whether trusted callback arguments are available. - - - We use this internally to avoid logging a warning during a standard snapshot creation. - - - - - Gets the positive extension-only message the Relying Party received that this instance wraps. - - - - - Wraps a positive assertion response in an instance - for public consumption by the host web site. - - - - - Initializes a new instance of the class. - - The positive assertion response that was just received by the Relying Party. - The relying party. - relyingParty != null - relyingParty == null - - - - Verifies that the positive assertion data matches the results of - discovery on the Claimed Identifier. - - The relying party. - - Thrown when the Provider is asserting that a user controls an Identifier - when discovery on that Identifier contradicts what the Provider says. - This would be an indication of either a misconfigured Provider or - an attempt by someone to spoof another user's identity with a rogue Provider. - - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - Gets the OpenID service endpoint reconstructed from the assertion message. - - - This information is straight from the Provider, and therefore must not - be trusted until verified as matching the discovery information for - the claimed identifier to avoid a Provider asserting an Identifier - for which it has no authority. - - - - - Gets the positive assertion response message. - - - - - An enumeration of the possible results of an authentication attempt. - - - - - The authentication was canceled by the user agent while at the provider. - - - - - The authentication failed because an error was detected in the OpenId communication. - - - - - The Provider responded to a request for immediate authentication approval - with a message stating that additional user agent interaction is required - before authentication can be completed. - Casting the to a - in this case can help - you retry the authentication using setup (non-immediate) mode. - - - - - Authentication is completed successfully. - - - - - The Provider sent a message that did not contain an identity assertion, - but may carry OpenID extensions. - - - - - Wraps a failed authentication response in an instance - for public consumption by the host web site. - - - - - Initializes a new instance of the class. - - The exception that resulted in the failed authentication. - exception != null - exception == null - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - This MAY return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - Contract.Result<IDictionary<string, string>>() != null - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - This may return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - - - - Tries to get an OpenID extension that may be present in the response. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location. - - - The Provider endpoint that issued the positive assertion; - or null if information about the Provider is unavailable. - - - - - Gets the details regarding a failed authentication attempt, if available. - This will be set if and only if is . - - - - - Code contract for the type. - - - - - Initializes a new instance of the class. - - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - This may return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - This MAY return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - - - - Tries to get an OpenID extension that may be present in the response. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location, if available. - - - The Provider endpoint that issued the positive assertion; - or null if information about the Provider is unavailable. - - - - - Gets the details regarding a failed authentication attempt, if available. - This will be set if and only if is . - - - - - - Code contract class for the type. - - - - - Initializes a new instance of the class. - - - - - Gets the to pass to - in a subsequent authentication attempt. - - - - - A delegate that decides whether a given OpenID Provider endpoint may be - considered for authenticating a user. - - The endpoint for consideration. - - True if the endpoint should be considered. - False to remove it from the pool of acceptable providers. - - - - - Provides the programmatic facilities to act as an OpenID relying party. - - this.SecuritySettings != null - this.Channel != null - this.EndpointOrder != null - - - - The name of the key to use in the HttpApplication cache to store the - instance of to use. - - - - - Backing store for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - The lock to obtain when initializing the member. - - - - - A dictionary of extension response types and the javascript member - name to map them to on the user agent. - - - - - Backing field for the property. - - - - - Backing store for the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The application store. If null, the relying party will always operate in "dumb mode". - - - - Initializes a new instance of the class. - - The association store. If null, the relying party will always operate in "dumb mode". - The nonce store to use. If null, the relying party will always operate in "dumb mode". - associationStore == null || nonceStore != null - associationStore != null && nonceStore == null - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - - - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - - - An authentication request object to customize the request and generate - an object to send to the user agent to initiate the authentication. - - Thrown if no OpenID endpoint could be found. - userSuppliedIdentifier != null - userSuppliedIdentifier == null - realm != null - realm == null - returnToUrl != null - returnToUrl == null - Contract.Result<IAuthenticationRequest>() != null - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - - - An authentication request object that describes the HTTP response to - send to the user agent to initiate the authentication. - - - Requires an HttpContext.Current context. - - Thrown if no OpenID endpoint could be found. - Thrown if HttpContext.Current == null. - userSuppliedIdentifier != null - userSuppliedIdentifier == null - realm != null - realm == null - Contract.Result<IAuthenticationRequest>() != null - - - - Creates an authentication request to verify that a user controls - some given Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - An authentication request object that describes the HTTP response to - send to the user agent to initiate the authentication. - - - Requires an HttpContext.Current context. - - Thrown if no OpenID endpoint could be found. - Thrown if HttpContext.Current == null. - userSuppliedIdentifier != null - userSuppliedIdentifier == null - Contract.Result<IAuthenticationRequest>() != null - - - - Generates the authentication requests that can satisfy the requirements of some OpenID Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - - - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - - - A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier. - Never null, but may be empty. - - - Any individual generated request can satisfy the authentication. - The generated requests are sorted in preferred order. - Each request is generated as it is enumerated to. Associations are created only as - is called. - No exception is thrown if no OpenID endpoints were discovered. - An empty enumerable is returned instead. - - userSuppliedIdentifier != null - userSuppliedIdentifier == null - realm != null - realm == null - returnToUrl != null - returnToUrl == null - Contract.Result<IEnumerable<IAuthenticationRequest>>() != null - - - - Generates the authentication requests that can satisfy the requirements of some OpenID Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - - - A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier. - Never null, but may be empty. - - - Any individual generated request can satisfy the authentication. - The generated requests are sorted in preferred order. - Each request is generated as it is enumerated to. Associations are created only as - is called. - No exception is thrown if no OpenID endpoints were discovered. - An empty enumerable is returned instead. - Requires an HttpContext.Current context. - - Thrown if HttpContext.Current == null. - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - userSuppliedIdentifier != null - userSuppliedIdentifier == null - realm != null - realm == null - Contract.Result<IEnumerable<IAuthenticationRequest>>() != null - - - - Generates the authentication requests that can satisfy the requirements of some OpenID Identifier. - - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - - - A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier. - Never null, but may be empty. - - - Any individual generated request can satisfy the authentication. - The generated requests are sorted in preferred order. - Each request is generated as it is enumerated to. Associations are created only as - is called. - No exception is thrown if no OpenID endpoints were discovered. - An empty enumerable is returned instead. - Requires an HttpContext.Current context. - - Thrown if HttpContext.Current == null. - userSuppliedIdentifier != null - userSuppliedIdentifier == null - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - Contract.Result<IEnumerable<IAuthenticationRequest>>() != null - - - - Gets an authentication response from a Provider. - - The processed authentication response if there is any; null otherwise. - - Requires an HttpContext.Current context. - - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - - - - Gets an authentication response from a Provider. - - The HTTP request that may be carrying an authentication response from the Provider. - The processed authentication response if there is any; null otherwise. - httpRequestInfo != null - httpRequestInfo == null - - - - Processes the response received in a popup window or iframe to an AJAX-directed OpenID authentication. - - The HTTP response to send to this HTTP request. - - Requires an HttpContext.Current context. - - HttpContext.Current != null && HttpContext.Current.Request != null - HttpContext.Current == null || HttpContext.Current.Request == null - Contract.Result<OutgoingWebResponse>() != null - - - - Processes the response received in a popup window or iframe to an AJAX-directed OpenID authentication. - - The incoming HTTP request that is expected to carry an OpenID authentication response. - The HTTP response to send to this HTTP request. - request != null - request == null - Contract.Result<OutgoingWebResponse>() != null - - - - Allows an OpenID extension to read data out of an unverified positive authentication assertion - and send it down to the client browser so that Javascript running on the page can perform - some preprocessing on the extension data. - - The extension response type that will read data from the assertion. - The property name on the openid_identifier input box object that will be used to store the extension data. For example: sreg - - This method should be called before . - - !string.IsNullOrEmpty(propertyName) - string.IsNullOrEmpty(propertyName) - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Determines whether some parameter name belongs to OpenID or this library - as a protocol or internal parameter name. - - Name of the parameter. - - true if the named parameter is a library- or protocol-specific parameter; otherwise, false. - - - - - Creates a relying party that does not verify incoming messages against - nonce or association stores. - - The instantiated . - - Useful for previewing messages while - allowing them to be fully processed and verified later. - - - - - Processes the response received in a popup window or iframe to an AJAX-directed OpenID authentication. - - The incoming HTTP request that is expected to carry an OpenID authentication response. - The callback fired after the response status has been determined but before the Javascript response is formulated. - - The HTTP response to send to this HTTP request. - - request != null - request == null - Contract.Result<OutgoingWebResponse>() != null - - - - Performs discovery on the specified identifier. - - The identifier to discover services for. - A non-null sequence of services discovered for the identifier. - identifier != null - identifier == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Invokes a method on a parent frame or window and closes the calling popup window if applicable. - - The method to call on the parent window, including - parameters. (i.e. "callback('arg1', 2)"). No escaping is done by this method. - The entire HTTP response to send to the popup window or iframe to perform the invocation. - !string.IsNullOrEmpty(methodCall) - string.IsNullOrEmpty(methodCall) - - - - Called by derived classes when behaviors are added or removed. - - The collection being modified. - The instance containing the event data. - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets an XRDS sorting routine that uses the XRDS Service/@Priority - attribute to determine order. - - - Endpoints lacking any priority value are sorted to the end of the list. - - - - - Gets the standard state storage mechanism that uses ASP.NET's - HttpApplication state dictionary to store associations and nonces. - - - Contract.Result<IRelyingPartyApplicationStore>() != null - - - - - Gets or sets the channel to use for sending/receiving messages. - - - value != null - - value == null - - - - Gets the security settings used by this Relying Party. - - - Contract.Result<RelyingPartySecuritySettings>() != null - - - value != null - - value == null - - - - Gets or sets the optional Provider Endpoint filter to use. - - - Provides a way to optionally filter the providers that may be used in authenticating a user. - If provided, the delegate should return true to accept an endpoint, and false to reject it. - If null, all identity providers will be accepted. This is the default. - - - - - Gets or sets the ordering routine that will determine which XRDS - Service element to try first - - Default is . - - This may never be null. To reset to default behavior this property - can be set to the value of . - - - value != null - - value == null - - - - Gets the extension factories. - - - - - Gets a list of custom behaviors to apply to OpenID actions. - - - Adding behaviors can impact the security settings of this - instance in ways that subsequently removing the behaviors will not reverse. - - - - - Gets the list of services that can perform discovery on identifiers given to this relying party. - - - - - Gets a value indicating whether this Relying Party can sign its return_to - parameter in outgoing authentication requests. - - - - - Gets the web request handler to use for discovery and the part of - authentication where direct messages are sent to an untrusted remote party. - - - - - Gets the association manager. - - - - - Gets the instance used to process authentication responses - without verifying the assertion or consuming nonces. - - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to An absolute URI is required for this value.. - - - - - Looks up a localized string similar to This is already a PPID Identifier.. - - - - - Looks up a localized string similar to The requested association type '{0}' with session type '{1}' is unrecognized or not supported by this Provider due to security requirements.. - - - - - Looks up a localized string similar to The length of the shared secret ({0}) does not match the length required by the association type ('{1}').. - - - - - Looks up a localized string similar to The length of the encrypted shared secret ({0}) does not match the length of the hashing algorithm ({1}).. - - - - - Looks up a localized string similar to No association store has been given but is required for the current configuration.. - - - - - Looks up a localized string similar to If an association store is given, a nonce store must also be provided.. - - - - - Looks up a localized string similar to An attribute with type URI '{0}' has already been added.. - - - - - Looks up a localized string similar to Only {0} values for attribute '{1}' were requested, but {2} were supplied.. - - - - - Looks up a localized string similar to The private data supplied does not meet the requirements of any known Association type. Its length may be too short, or it may have been corrupted.. - - - - - Looks up a localized string similar to The {0} extension failed to deserialize and will be skipped. {1}. - - - - - Looks up a localized string similar to Callback arguments are only supported when a {0} is provided to the {1}.. - - - - - Looks up a localized string similar to A Simple Registration request can only generate a response on the receiving end.. - - - - - Looks up a localized string similar to The openid.claimed_id and openid.identity parameters must both be present or both be absent.. - - - - - Looks up a localized string similar to The ClaimedIdentifier property cannot be set when IsDelegatedIdentifier is true to avoid breaking OpenID URL delegation.. - - - - - Looks up a localized string similar to This OpenID exploits features that this relying party cannot reliably verify. Please try logging in with a human-readable OpenID or from a different OpenID Provider.. - - - - - Looks up a localized string similar to The ClaimedIdentifier property must be set first.. - - - - - Looks up a localized string similar to An extension with this property name ('{0}') has already been registered.. - - - - - Looks up a localized string similar to The extension '{0}' has already been registered.. - - - - - Looks up a localized string similar to An authentication request has already been created using CreateRequest().. - - - - - Looks up a localized string similar to Only OpenIDs issued directly by their OpenID Provider are allowed here.. - - - - - Looks up a localized string similar to The following properties must be set before the Diffie-Hellman algorithm can generate a public key: {0}. - - - - - Looks up a localized string similar to URI is not SSL yet requireSslDiscovery is set to true.. - - - - - Looks up a localized string similar to An extension sharing namespace '{0}' has already been added. Only one extension per namespace is allowed in a given request.. - - - - - Looks up a localized string similar to Cannot lookup extension support on a rehydrated ServiceEndpoint.. - - - - - Looks up a localized string similar to Fragment segments do not apply to XRI identifiers.. - - - - - Looks up a localized string similar to The HTML head tag must include runat="server".. - - - - - Looks up a localized string similar to ClaimedIdentifier and LocalIdentifier must be the same when IsIdentifierSelect is true.. - - - - - Looks up a localized string similar to The openid.identity and openid.claimed_id parameters must either be both present or both absent from the message.. - - - - - Looks up a localized string similar to The Provider requested association type '{0}' and session type '{1}', which are not compatible with each other.. - - - - - Looks up a localized string similar to {0} (Contact: {1}, Reference: {2}). - - - - - Looks up a localized string similar to Cannot encode '{0}' because it contains an illegal character for Key-Value Form encoding. (line {1}: '{2}'). - - - - - Looks up a localized string similar to Cannot decode Key-Value Form because a line was found without a '{0}' character. (line {1}: '{2}'). - - - - - Looks up a localized string similar to The scheme must be http or https but was '{0}'.. - - - - - Looks up a localized string similar to The value '{0}' is not a valid URI.. - - - - - Looks up a localized string similar to Not a recognized XRI format.. - - - - - Looks up a localized string similar to The OpenID Provider issued an assertion for an Identifier whose discovery information did not match. - Assertion endpoint info: - {0} - Discovered endpoint info: - {1}. - - - - - Looks up a localized string similar to The list of keys do not match the provided dictionary.. - - - - - Looks up a localized string similar to The '{0}' and '{1}' parameters must both be or not be '{2}'.. - - - - - Looks up a localized string similar to The maximum time allowed to complete authentication has been exceeded. Please try again.. - - - - - Looks up a localized string similar to Missing {0} element.. - - - - - Looks up a localized string similar to No recognized association type matches the requested length of {0}.. - - - - - Looks up a localized string similar to No recognized association type matches the requested name of '{0}'.. - - - - - Looks up a localized string similar to Unless using transport layer encryption, "no-encryption" MUST NOT be used.. - - - - - Looks up a localized string similar to No identifier has been set.. - - - - - Looks up a localized string similar to No XRDS document containing OpenID relying party endpoint information could be found at {0}.. - - - - - Looks up a localized string similar to Diffie-Hellman session type '{0}' not found for OpenID {1}.. - - - - - Looks up a localized string similar to This operation is not supported by serialized authentication responses. Try this operation from the LoggedIn event handler.. - - - - - Looks up a localized string similar to No OpenID endpoint found.. - - - - - Looks up a localized string similar to No OpenID url is provided.. - - - - - Looks up a localized string similar to This operation is only allowed when IAuthenticationResponse.State == AuthenticationStatus.SetupRequired.. - - - - - Looks up a localized string similar to An positive OpenID assertion was received from OP endpoint {0} that is not on this relying party's whitelist.. - - - - - Looks up a localized string similar to Unable to find the signing secret by the handle '{0}'.. - - - - - Looks up a localized string similar to The {0} property must be set first.. - - - - - Looks up a localized string similar to This property value is not supported by this control.. - - - - - Looks up a localized string similar to Unable to determine the version of the OpenID protocol implemented by the Provider at endpoint '{0}'.. - - - - - Looks up a localized string similar to An HTTP request to the realm URL ({0}) resulted in a redirect, which is not allowed during relying party discovery.. - - - - - Looks up a localized string similar to Sorry. This site only accepts OpenIDs that are HTTPS-secured, but {0} is not a secure Identifier.. - - - - - Looks up a localized string similar to The response is not ready. Use IsResponseReady to check whether a response is ready first.. - - - - - Looks up a localized string similar to return_to '{0}' not under realm '{1}'.. - - - - - Looks up a localized string similar to The {0} parameter ({1}) does not match the actual URL ({2}) the request was made with.. - - - - - Looks up a localized string similar to The ReturnTo property must not be null to support this operation.. - - - - - Looks up a localized string similar to The openid.return_to parameter is required in the request message in order to construct a response, but that parameter was missing.. - - - - - Looks up a localized string similar to The following parameter(s) are not included in the signature but must be: {0}. - - - - - Looks up a localized string similar to Invalid birthdate value. Must be in the form yyyy-MM-dd.. - - - - - Looks up a localized string similar to The type must implement {0}.. - - - - - Looks up a localized string similar to The property {0} had unexpected value {1}.. - - - - - Looks up a localized string similar to Unexpected HTTP status code {0} {1} received in direct response.. - - - - - Looks up a localized string similar to An unsolicited assertion cannot be sent for the claimed identifier {0} because this is not an authorized Provider for that identifier.. - - - - - Looks up a localized string similar to Rejecting unsolicited assertions requires a nonce store and an association store.. - - - - - Looks up a localized string similar to Unsolicited assertions are not allowed at this relying party.. - - - - - Looks up a localized string similar to Unsolicited assertions are not allowed from 1.0 OpenID Providers.. - - - - - Looks up a localized string similar to Providing a DateTime whose Kind is Unspecified is not allowed.. - - - - - Looks up a localized string similar to This feature is unavailable due to an unrecognized channel configuration.. - - - - - Looks up a localized string similar to The openid.user_setup_url parameter is required when sending negative assertion messages in response to immediate mode requests.. - - - - - Looks up a localized string similar to The X.509 certificate used to sign this document is not trusted.. - - - - - Looks up a localized string similar to XRI support has been disabled at this site.. - - - - - Looks up a localized string similar to XRI resolution failed.. - - - - - An enumeration of the OpenID protocol versions supported by this library. - - - - - OpenID Authentication 1.0 - - - - - OpenID Authentication 1.1 - - - - - OpenID Authentication 2.0 - - - - - Tracks the several versions of OpenID this library supports and the unique - constants to each version used in the protocol. - - - - - The value of the openid.ns parameter in the OpenID 2.0 specification. - - - - - Scans a list for matches with some element of the OpenID protocol, - searching from newest to oldest protocol for the first and best match. - - The type of element retrieved from the instance. - Takes a instance and returns an element of it. - The list to scan for matches. - The protocol with the element that matches some item in the list. - - - - A list of all supported OpenID versions, in order starting from newest version. - - - - - A list of all supported OpenID versions, in order starting from newest version. - V1.1 and V1.0 are considered the same and only V1.1 is in the list. - - - - - The default (or most recent) supported version of the OpenID protocol. - - - - - Attempts to detect the right OpenID protocol version based on the contents - of an incoming OpenID indirect message or direct request. - - query != null - query == null - - - - Attempts to detect the right OpenID protocol version based on the contents - of an incoming OpenID direct response message. - - query != null - query == null - - - - Attemps to detect the highest OpenID protocol version supported given a set - of XRDS Service Type URIs included for some service. - - serviceTypeURIs != null - serviceTypeURIs == null - - - - The OpenID version that this instance describes. - - - - - The namespace of OpenId 1.x elements in XRDS documents. - - - - - The value of the openid.ns parameter that appears on the query string - whenever data is passed between relying party and provider for OpenID 2.0 - and later. - - - - - The XRD/Service/Type value discovered in an XRDS document when - "discovering" on a Claimed Identifier (http://andrewarnott.yahoo.com) - - - - - The XRD/Service/Type value discovered in an XRDS document when - "discovering" on an OP Identifier rather than a Claimed Identifier. - (http://yahoo.com) - - - - - The XRD/Service/Type value discovered in an XRDS document when - "discovering" on a Realm URL and looking for the endpoint URL - that can receive authentication assertions. - - - - - Used as the Claimed Identifier and the OP Local Identifier when - the User Supplied Identifier is an OP Identifier. - - - - - The value of the 'rel' attribute in an HTML document's LINK tag - when the same LINK tag's HREF attribute value contains the URL to an - OP Endpoint URL. - - - - - The value of the 'rel' attribute in an HTML document's LINK tag - when the same LINK tag's HREF attribute value contains the URL to use - as the OP Local Identifier. - - - - - Parts of the protocol that define parameter names that appear in the - query string. Each parameter name is prefixed with 'openid.'. - - - - - Parts of the protocol that define parameter names that appear in the - query string. Each parameter name is NOT prefixed with 'openid.'. - - - - - The various 'constants' that appear as parameter arguments (values). - - - - - The maximum time a user can be allowed to take to complete authentication. - - - This is used to calculate the length of time that nonces are stored. - This is internal until we can decide whether to leave this static, or make - it an instance member, or put it inside the IConsumerApplicationStore interface. - - - - - The maximum permissible difference in clocks between relying party and - provider web servers, discounting time zone differences. - - - This is used when storing/validating nonces from the provider. - If it is conceivable that a server's clock could be up to five minutes - off from true UTC time, then the maximum time skew should be set to - ten minutes to allow one server to be five minutes ahead and the remote - server to be five minutes behind and still be able to communicate. - - - - - Checks whether a given Protocol version practically equals this one - for purposes of verifying a match for assertion verification. - - The other version to check against this one. - - true if this and the given Protocol versions are essentially the same. - - OpenID v1.0 never had a spec, and 1.0 and 1.1 are indistinguishable because of that. - Therefore for assertion verification, 1.0 and 1.1 are considered equivalent. - - - - - Returns the enum value for the instance. - - - - - The value "openid." - - - - - Verifies conditions that should be true for any valid state of this object. - - - - - A preference order list of all supported session types. - - - - - A preference order list of signature algorithms we support. - - - - - Describes some OpenID Provider endpoint and its capabilities. - - - This is an immutable type. - - this.Capabilities != null - - - - Initializes a new instance of the class. - - The OpenID Provider endpoint URL. - The OpenID version supported by this particular endpoint. - providerEndpoint != null - providerEndpoint == null - openIdVersion != null - openIdVersion == null - - - - Initializes a new instance of the class. - - The URI the provider listens on for OpenID requests. - The set of services offered by this endpoint. - providerEndpoint != null - providerEndpoint == null - serviceTypeURIs != null - serviceTypeURIs == null - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the URL that the OpenID Provider listens for incoming OpenID messages on. - - - Contract.Result<Uri>() != null - - - - - Gets the OpenID protocol version this endpoint supports. - - - If an endpoint supports multiple versions, each version must be represented - by its own object. - - - Contract.Result<Version>() != null - - - - - Gets the collection of service type URIs found in the XRDS document describing this Provider. - - - - - Security settings that are applicable to providers. - - - - - Security settings that may be applicable to both relying parties and providers. - - - - - Gets the default minimum hash bit length. - - - - - Gets the maximum hash bit length default for relying parties. - - - - - Gets the maximum hash bit length default for providers. - - - - - Initializes a new instance of the class. - - A value indicating whether this class is being instantiated for a Provider. - - - - Determines whether a named association fits the security requirements. - - The protocol carrying the association. - The value of the openid.assoc_type parameter. - - true if the association is permitted given the security requirements; otherwise, false. - - - - - Determines whether a given association fits the security requirements. - - The association to check. - - true if the association is permitted given the security requirements; otherwise, false. - - association != null - association == null - - - - Gets or sets the minimum hash length (in bits) allowed to be used in an - with the remote party. The default is 160. - - - SHA-1 (160 bits) has been broken. The minimum secure hash length is now 256 bits. - The default is still a 160 bit minimum to allow interop with common remote parties, - such as Yahoo! that only supports 160 bits. - For sites that require high security such as to store bank account information and - health records, 256 is the recommended value. - - - - - Gets or sets the maximum hash length (in bits) allowed to be used in an - with the remote party. The default is 256 for relying parties and 512 for providers. - - - The longer the bit length, the more secure the identities of your visitors are. - Setting a value higher than 256 on a relying party site may reduce performance - as many association requests will be denied, causing secondary requests or even - authentication failures. - Setting a value higher than 256 on a provider increases security where possible - without these side-effects. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The subset of association types and their customized lifetimes. - - - - - Initializes a new instance of the class. - - - - - Creates a deep clone of this instance. - - A new instance that is a deep clone of this instance. - - - - Gets a subset of the available association types and their - customized maximum lifetimes. - - - - - Gets or sets a value indicating whether Relying Party discovery will only - succeed if done over a secure HTTPS channel. - - Default is false. - - - - Gets or sets the level of verification a Provider performs on an identifier before - sending an unsolicited assertion for it. - - The default value is . - - - - Gets or sets a value indicating whether OpenID 1.x relying parties that may not be - protecting their users from replay attacks are protected from - replay attacks by this provider. - - The default value is true. - - Nonces for protection against replay attacks were not mandated - by OpenID 1.x, which leaves users open to replay attacks. - This feature works by preventing associations from being used - with OpenID 1.x relying parties, thereby forcing them into - "dumb" mode and verifying every claim with this provider. - This gives the provider an opportunity to verify its own nonce - to protect against replay attacks. - - - - - Gets or sets a value indicating whether outgoing extensions are always signed. - - - true if outgoing extensions should be signed; otherwise, false. - The default is true. - - - This property is internal because Providers should never turn it off, but it is - needed for testing the RP's rejection of unsigned extensions. - - - - - The behavior a Provider takes when verifying that it is authoritative for an - identifier it is about to send an unsolicited assertion for. - - - - - Always verify that the Provider is authoritative for an identifier before - sending an unsolicited assertion for it and fail if it is not. - - - - - Always check that the Provider is authoritative for an identifier before - sending an unsolicited assertion for it, but only log failures, and proceed - to send the unsolicited assertion. - - - - - Never verify that the Provider is authoritative for an identifier before - sending an unsolicited assertion for it. - - - This setting is useful for web servers that refuse to allow a Provider to - introspectively perform an HTTP GET on itself, when sending unsolicited assertions - for identifiers that the OP controls. - - - - - A hybrid of all the store interfaces that a Relying Party requires in order - to operate in "smart" mode. - - - - - A serializable snapshot of a verified authentication message. - - - - - The callback arguments that came with the authentication response. - - - - - The untrusted callback arguments that came with the authentication response. - - - - - Initializes a new instance of the class. - - The authentication response to copy from. - copyFrom != null - copyFrom == null - - - - Tries to get an OpenID extension that may be present in the response. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned only if the Provider signed them. - Relying parties that do not care if the values were modified in - transit should use the method - in order to allow the Provider to not sign the extension. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Tries to get an OpenID extension that may be present in the response, without - requiring it to be signed by the Provider. - - The type of extension to look for in the response message. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - - - - Tries to get an OpenID extension that may be present in the response. - - Type of the extension to look for in the response. - - The extension, if it is found. Null otherwise. - - - Extensions are returned whether they are signed or not. - Use the method to retrieve - extension responses only if they are signed by the Provider to - protect against tampering. - Unsigned extensions are completely unreliable and should be - used only to prefill user forms since the user or any other third - party may have tampered with the data carried by the extension. - Signed extensions are only reliable if the relying party - trusts the OpenID Provider that signed them. Signing does not mean - the relying party can trust the values -- it only means that the values - have not been tampered with since the Provider sent the message. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - This MAY return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - - - - Gets all the callback arguments that were previously added using - or as a natural part - of the return_to URL. - - A name-value dictionary. Never null. - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - Contract.Result<IDictionary<string, string>>() != null - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - This may return any argument on the querystring that came with the authentication response, - which may include parameters not explicitly added using - . - Note that these values are NOT protected against tampering in transit. - - !String.IsNullOrEmpty(key) - String.IsNullOrEmpty(key) - - - - Gets a callback argument's value that was previously added using - . - - The name of the parameter whose value is sought. - - The value of the argument, or null if the named parameter could not be found. - - - Callback parameters are only available even if the RP is in stateless mode, - or the callback parameters are otherwise unverifiable as untampered with. - Therefore, use this method only when the callback argument is not to be - used to make a security-sensitive decision. - - !string.IsNullOrEmpty(key) - string.IsNullOrEmpty(key) - - - - Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - May be null for some failed authentications (i.e. failed directed identity authentications). - - - - - This is the secure identifier that should be used for database storage and lookup. - It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - user identities against spoofing and other attacks. - - - For user-friendly identifiers to display, use the - property. - - - - - - Gets a user-friendly OpenID Identifier for display purposes ONLY. - - - - - This should be put through before - sending to a browser to secure against javascript injection attacks. - - - This property retains some aspects of the user-supplied identifier that get lost - in the . For example, XRIs used as user-supplied - identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - For display purposes, such as text on a web page that says "You're logged in as ...", - this property serves to provide the =Arnott string, or whatever else is the most friendly - string close to what the user originally typed in. - - - If the user-supplied identifier is a URI, this property will be the URI after all - redirects, and with the protocol and fragment trimmed off. - If the user-supplied identifier is an XRI, this property will be the original XRI. - If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - - - It is very important that this property never be used for database storage - or lookup to avoid identity spoofing and other security risks. For database storage - and lookup please use the property. - - - - - - Gets the detailed success or failure status of the authentication attempt. - - - - - - Gets information about the OpenId Provider, as advertised by the - OpenID discovery documents found at the - location. - - - The Provider endpoint that issued the positive assertion; - or null if information about the Provider is unavailable. - - - - - Gets the details regarding a failed authentication attempt, if available. - This will be set if and only if is . - - - - - - Manages signing at the RP using private secrets. - - - - - The optimal length for a private secret used for signing using the HMACSHA256 class. - - - The 64-byte length is optimized for highest security when used with HMACSHA256. - See HMACSHA256.HMACSHA256(byte[]) documentation for more information. - - - - - The URI to use for private associations at this RP. - - - - - The security settings that apply to this Relying Party. - - - - - The association store - - - - - Initializes a new instance of the class. - - The security settings. - The association store. - securitySettings != null - securitySettings == null - store != null - store == null - - - - Used to verify a signature previously written. - - The data whose signature is to be verified. - The handle to the private association used to sign the data. - - The signature for the given buffer using the provided handle. - - Thrown when an association with the given handle could not be found. - This most likely happens if the association was near the end of its life and the user took too long to log in. - buffer != null - buffer == null - !String.IsNullOrEmpty(handle) - String.IsNullOrEmpty(handle) - - - - Creates the new association handle. - - The ASCII-encoded handle name. - - - - Gets an association to use for signing new data. - - - The association, which may have previously existed or - may have been created as a result of this call. - - - - - Gets the handle of the association to use for private signatures. - - - An string made up of plain ASCII characters. - - - - - Security settings that are applicable to relying parties. - - - - - The default value for the property. - - - - - Initializes a new instance of the class. - - - - - Filters out any disallowed endpoints. - - The endpoints discovered on an Identifier. - A sequence of endpoints that satisfy all security requirements. - - - - Gets or sets a value indicating whether the entire pipeline from Identifier discovery to - Provider redirect is guaranteed to be encrypted using HTTPS for authentication to succeed. - - - Setting this property to true is appropriate for RPs with highly sensitive - personal information behind the authentication (money management, health records, etc.) - When set to true, some behavioral changes and additional restrictions are placed: - - User-supplied identifiers lacking a scheme are prepended with - HTTPS:// rather than the standard HTTP:// automatically. - User-supplied identifiers are not allowed to use HTTP for the scheme. - All redirects during discovery on the user-supplied identifier must be HTTPS. - Any XRDS file found by discovery on the User-supplied identifier must be protected using HTTPS. - Only Provider endpoints found at HTTPS URLs will be considered. - If the discovered identifier is an OP Identifier (directed identity), the - Claimed Identifier eventually asserted by the Provider must be an HTTPS identifier. - In the case of an unsolicited assertion, the asserted Identifier, discovery on it and - the asserting provider endpoint must all be secured by HTTPS. - - Although the first redirect from this relying party to the Provider is required - to use HTTPS, any additional redirects within the Provider cannot be protected and MAY - revert the user's connection to HTTP, based on individual Provider implementation. - There is nothing that the RP can do to detect or prevent this. - - A is thrown during discovery or authentication when a secure pipeline cannot be established. - - - - - - Gets or sets a value indicating whether only OP Identifiers will be discoverable - when creating authentication requests. - - - - - Gets or sets the oldest version of OpenID the remote party is allowed to implement. - - Defaults to - - - - Gets or sets the maximum allowable age of the secret a Relying Party - uses to its return_to URLs and nonces with 1.0 Providers. - - The default value is 7 days. - - - - Gets or sets a value indicating whether all unsolicited assertions should be ignored. - - The default value is false. - - - - Gets or sets a value indicating whether delegating identifiers are refused for authentication. - - The default value is false. - - When set to true, login attempts that start at the RP or arrive via unsolicited - assertions will be rejected if discovery on the identifier shows that OpenID delegation - is used for the identifier. This is useful for an RP that should only accept identifiers - directly issued by the Provider that is sending the assertion. - - - - - Gets or sets a value indicating whether unsigned extensions in authentication responses should be ignored. - - The default value is false. - - When set to true, the methods - will not return any extension that was not signed by the Provider. - - - - - Gets or sets a value indicating whether authentication requests will only be - sent to Providers with whom we can create a shared association. - - - true to immediately fail authentication if an association with the Provider cannot be established; otherwise, false. - The default value is false. - - - - - Gets or sets a value indicating whether identifiers that are both OP Identifiers and Claimed Identifiers - should ever be recognized as claimed identifiers. - - - The default value is false, per the OpenID 2.0 spec. - - - OpenID 2.0 sections 7.3.2.2 and 11.2 specify that OP Identifiers never be recognized as Claimed Identifiers. - However, for some scenarios it may be desirable for an RP to override this behavior and allow this. - The security ramifications of setting this property to true have not been fully explored and - therefore this setting should only be changed with caution. - - - - - Gets or sets a value indicating whether certain Claimed Identifiers that exploit - features that .NET does not have the ability to send exact HTTP requests for will - still be allowed by using an approximate HTTP request. - - - The default value is true. - - - - - Gets or sets a value indicating whether special measures are taken to - protect users from replay attacks when those users' identities are hosted - by OpenID 1.x Providers. - - The default value is true. - - Nonces for protection against replay attacks were not mandated - by OpenID 1.x, which leaves users open to replay attacks. - This feature works by adding a signed nonce to the authentication request. - This might increase the request size beyond what some OpenID 1.1 Providers - (such as Blogger) are capable of handling. - - - - - Represents a single OP endpoint from discovery on some OpenID Identifier. - - this.ProviderEndpoint != null - this.ClaimedIdentifier != null - this.ProviderLocalIdentifier != null - this.Capabilities != null - this.Version != null - this.Protocol != null - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - The provider endpoint. - The Claimed Identifier. - The User-supplied Identifier. - The Provider Local Identifier. - The service priority. - The URI priority. - providerEndpoint != null - providerEndpoint == null - claimedIdentifier != null - claimedIdentifier == null - - - - Implements the operator ==. - - The first service endpoint. - The second service endpoint. - The result of the operator. - - - - Implements the operator !=. - - The first service endpoint. - The second service endpoint. - The result of the operator. - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Returns a that represents the current . - - - A that represents the current . - - Contract.Result<string>() != null - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Determines whether a given extension is supported by this endpoint. - - An instance of the extension to check support for. - - true if the extension is supported by this endpoint; otherwise, false. - - extension != null - extension == null - - - - Creates a instance to represent some OP Identifier. - - The provider identifier (actually the user-supplied identifier). - The provider endpoint. - The service priority. - The URI priority. - The created instance - providerEndpoint != null - providerEndpoint == null - - - - Creates a instance to represent some Claimed Identifier. - - The claimed identifier. - The provider local identifier. - The provider endpoint. - The service priority. - The URI priority. - The created instance - - - - Creates a instance to represent some Claimed Identifier. - - The claimed identifier. - The user supplied identifier. - The provider local identifier. - The provider endpoint. - The service priority. - The URI priority. - The created instance - - - - Determines whether a given type URI is present on the specified provider endpoint. - - The type URI. - - true if the type URI is present on the specified provider endpoint; otherwise, false. - - !String.IsNullOrEmpty(typeUri) - String.IsNullOrEmpty(typeUri) - - - - Sets the Capabilities property (this method is a test hook.) - - The value. - The publicize.exe tool should work for the unit tests, but for some reason it fails on the build server. - - - - Gets the priority rating for a given type of endpoint, allowing a - priority sorting of endpoints. - - The endpoint to prioritize. - An arbitary integer, which may be used for sorting against other returned values from this method. - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the detected version of OpenID implemented by the Provider. - - - Contract.Result<Version>() != null - - - - - Gets the Identifier that was presented by the end user to the Relying Party, - or selected by the user at the OpenID Provider. - During the initiation phase of the protocol, an end user may enter - either their own Identifier or an OP Identifier. If an OP Identifier - is used, the OP may then assist the end user in selecting an Identifier - to share with the Relying Party. - - - - - Gets the Identifier that the end user claims to control. - - - - - Gets an alternate Identifier for an end user that is local to a - particular OP and thus not necessarily under the end user's - control. - - - - - Gets a more user-friendly (but NON-secure!) string to display to the user as his identifier. - - A human-readable, abbreviated (but not secure) identifier the user MAY recognize as his own. - - - - Gets the provider endpoint. - - - - - Gets the @priority given in the XRDS document for this specific OP endpoint. - - - - - Gets the @priority given in the XRDS document for this service - (which may consist of several endpoints). - - - - - Gets the collection of service type URIs found in the XRDS document describing this Provider. - - Should never be null, but may be empty. - - - - Gets the URL that the OpenID Provider receives authentication requests at. - - This value MUST be an absolute HTTP or HTTPS URL. - - Contract.Result<Uri>() != null - - - - - Gets an XRDS sorting routine that uses the XRDS Service/@Priority - attribute to determine order. - - - Endpoints lacking any priority value are sorted to the end of the list. - - - - - Gets the protocol used by the OpenID Provider. - - - - - Adds OpenID-specific extension methods to the XrdsDocument class. - - - - - Finds the Relying Party return_to receiving endpoints. - - The XrdsDocument instance to use in this process. - A sequence of Relying Party descriptors for the return_to endpoints. - - This is useful for Providers to send unsolicited assertions to Relying Parties, - or for Provider's to perform RP discovery/verification as part of authentication. - - xrds != null - xrds == null - Contract.Result<IEnumerable<RelyingPartyEndpointDescription>>() != null - - - - Finds the icons the relying party wants an OP to display as part of authentication, - per the UI extension spec. - - The XrdsDocument to search. - A sequence of the icon URLs in preferred order. - xrds != null - xrds == null - Contract.Result<IEnumerable<Uri>>() != null - - - - Creates the service endpoints described in this document, useful for requesting - authentication of one of the OpenID Providers that result from it. - - The XrdsDocument instance to use in this process. - The claimed identifier that was used to discover this XRDS document. - The user supplied identifier. - - A sequence of OpenID Providers that can assert ownership of the . - - xrds != null - xrds == null - claimedIdentifier != null - claimedIdentifier == null - userSuppliedIdentifier != null - userSuppliedIdentifier == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Creates the service endpoints described in this document, useful for requesting - authentication of one of the OpenID Providers that result from it. - - The XrdsDocument instance to use in this process. - The user-supplied i-name that was used to discover this XRDS document. - A sequence of OpenID Providers that can assert ownership of the canonical ID given in this document. - xrds != null - xrds == null - userSuppliedIdentifier != null - userSuppliedIdentifier == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Generates OpenID Providers that can authenticate using directed identity. - - The XrdsDocument instance to use in this process. - The OP Identifier entered (and resolved) by the user. Essentially the user-supplied identifier. - A sequence of the providers that can offer directed identity services. - xrds != null - xrds == null - opIdentifier != null - opIdentifier == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Generates the OpenID Providers that are capable of asserting ownership - of a particular URI claimed identifier. - - The XrdsDocument instance to use in this process. - The claimed identifier. - The user supplied identifier. - - A sequence of the providers that can assert ownership of the given identifier. - - xrds != null - xrds == null - claimedIdentifier != null - claimedIdentifier == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Generates the OpenID Providers that are capable of asserting ownership - of a particular XRI claimed identifier. - - The XrdsDocument instance to use in this process. - The i-name supplied by the user. - A sequence of the providers that can assert ownership of the given identifier. - - - - Enumerates the XRDS service elements that describe OpenID Providers offering directed identity assertions. - - The XrdsDocument instance to use in this process. - A sequence of service elements. - xrds != null - xrds == null - Contract.Result<IEnumerable<ServiceElement>>() != null - - - - Returns the OpenID-compatible services described by a given XRDS document, - in priority order. - - The XrdsDocument instance to use in this process. - A sequence of the services offered. - xrds != null - xrds == null - Contract.Result<IEnumerable<ServiceElement>>() != null - - - - Enumerates the XRDS service elements that describe OpenID Relying Party return_to URLs - that can receive authentication assertions. - - The XrdsDocument instance to use in this process. - A sequence of service elements. - xrds != null - xrds == null - Contract.Result<IEnumerable<ServiceElement>>() != null - - - - A very simple IXrdsProviderEndpoint implementation for verifying that all positive - assertions (particularly unsolicited ones) are received from OP endpoints that - are deemed permissible by the host RP. - - - - - Initializes a new instance of the class. - - The positive assertion. - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - - - - Checks whether the OpenId Identifier claims support for a given extension. - - The extension whose support is being queried. - - True if support for the extension is advertised. False otherwise. - - - Note that a true or false return value is no guarantee of a Provider's - support for or lack of support for an extension. The return value is - determined by how the authenticating user filled out his/her XRDS document only. - The only way to be sure of support for a given extension is to include - the extension in the request and see if a response comes back for that extension. - - extensionType != null - extensionType == null - typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType) - !(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)) - - - - Gets the detected version of OpenID implemented by the Provider. - - - Contract.Result<Version>() != null - - - - - Gets the URL that the OpenID Provider receives authentication requests at. - - - Contract.Result<Uri>() != null - - - - - An in-memory store for Relying Parties, suitable for single server, single process - ASP.NET web sites. - - - - - The nonce store to use. - - - - - The association store to use. - - - - - Initializes a new instance of the class. - - - - - Saves an for later recall. - - The Uri (for relying parties) or Smart/Dumb (for providers). - The association to store. - - - - Gets the best association (the one with the longest remaining life) for a given key. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The security settings. - - The requested association, or null if no unexpired s exist for the given key. - - - - - Gets the association for a given key and handle. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be recalled. - - The requested association, or null if no unexpired s exist for the given key and handle. - - - - - Removes a specified handle that may exist in the store. - - The Uri (for relying parties) or Smart/Dumb (for Providers). - The handle of the specific association that must be deleted. - - True if the association existed in this store previous to this call. - - - No exception should be thrown if the association does not exist in the store - before this call. - - - - - Stores a given nonce and timestamp. - - The context, or namespace, within which the must be unique. - A series of random characters. - The timestamp that together with the nonce string make it unique. - The timestamp may also be used by the data store to clear out old nonces. - - True if the nonce+timestamp (combination) was not previously in the database. - False if the nonce was stored previously with the same timestamp. - - - The nonce must be stored for no less than the maximum time window a message may - be processed within before being discarded as an expired message. - If the binding element is applicable to your channel, this expiration window - is retrieved or set using the - property. - - - - - Implements the Identity, Credential, & Access Management (ICAM) OpenID 2.0 Profile - for the General Services Administration (GSA). - - - Relying parties that include this profile are always held to the terms required by the profile, - but Providers are only affected by the special behaviors of the profile when the RP specifically - indicates that they want to use this profile. - - - - - The maximum time a shared association can live. - - - - - Initializes static members of the class. - - - - - Initializes a new instance of the class. - - - - - Applies a well known set of security requirements. - - The security settings to enhance with the requirements of this profile. - - Care should be taken to never decrease security when applying a profile. - Profiles should only enhance security requirements to avoid being - incompatible with each other. - - securitySettings != null - securitySettings == null - - - - Called when an authentication request is about to be sent. - - The request. - request != null - request == null - - - - Called when an incoming positive assertion is received. - - The positive assertion. - assertion != null - assertion == null - - - - Adapts the default security settings to the requirements of this behavior. - - The original security settings. - securitySettings != null - securitySettings == null - - - - Called when a request is received by the Provider. - - The incoming request. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - - Implementations may set a new value to but - should not change the properties on the instance of - itself as that instance may be shared across many requests. - - request != null - request == null - - - - Called when the Provider is preparing to send a response to an authentication request. - - The request that is configured to generate the outgoing response. - - true if this behavior owns this request and wants to stop other behaviors - from handling it; false to allow other behaviors to process this request. - - request != null - request == null - - - - Ensures the maximum association lifetime does not exceed a given limit. - - Type of the association. - The maximum lifetime. - The security settings to adjust. - !String.IsNullOrEmpty(associationType) - maximumLifetime.TotalSeconds > 0 - - - - Gets or sets the provider for generating PPID identifiers. - - - - - Gets or sets a value indicating whether PII is allowed to be requested or received via OpenID. - - The default value is false. - - - - Gets or sets a value indicating whether to ignore the SSL requirement (for testing purposes only). - - - - - Common OpenID Provider Identifiers. - - - - - The Yahoo OP Identifier. - - - - - The Google OP Identifier. - - - - - The MyOpenID OP Identifier. - - - - - The Verisign OP Identifier. - - - - - The MyVidoop OP Identifier. - - - - - Prevents a default instance of the class from being created. - - - - - A paranoid HTTP get/post request engine. It helps to protect against attacks from remote - server leaving dangling connections, sending too much data, causing requests against - internal servers, etc. - - - Protections include: - * Conservative maximum time to receive the complete response. - * Only HTTP and HTTPS schemes are permitted. - * Internal IP address ranges are not permitted: 127.*.*.*, 1::* - * Internal host names are not permitted (periods must be found in the host name) - If a particular host would be permitted but is in the blacklist, it is not allowed. - If a particular host would not be permitted but is in the whitelist, it is allowed. - - - - - The set of URI schemes allowed in untrusted web requests. - - - - - The collection of blacklisted hosts. - - - - - The collection of regular expressions used to identify additional blacklisted hosts. - - - - - The collection of whitelisted hosts. - - - - - The collection of regular expressions used to identify additional whitelisted hosts. - - - - - The maximum redirections to follow in the course of a single request. - - - - - The maximum number of bytes to read from the response of an untrusted server. - - - - - The handler that will actually send the HTTP request and collect - the response once the untrusted server gates have been satisfied. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The chained web request handler. - chainedWebRequestHandler != null - chainedWebRequestHandler == null - - - - Determines whether this instance can support the specified options. - - The set of options that might be given in a subsequent web request. - - true if this instance can support the specified options; otherwise, false. - - - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - The options to apply to this web request. - - The writer the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - request != null - request == null - ((IDirectWebRequestHandler)this).CanSupport(options) - !(((IDirectWebRequestHandler)this).CanSupport(options)) - - - - Processes an and converts the - to a instance. - - The to handle. - The options to apply to this web request. - - An instance of describing the response. - - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - request != null - request == null - ((IDirectWebRequestHandler)this).CanSupport(options) - !(((IDirectWebRequestHandler)this).CanSupport(options)) - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - - The writer the caller should write out the entity data to. - - request != null - request == null - - - - Processes an and converts the - to a instance. - - The to handle. - - An instance of describing the response. - - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - request != null - request == null - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Determines whether an IP address is the IPv6 equivalent of "localhost/127.0.0.1". - - The ip address to check. - - true if this is a loopback IP address; false otherwise. - - ip != null - ip == null - - - - Determines whether the given host name is in a host list or host name regex list. - - The host name. - The list of host names. - The list of regex patterns of host names. - - true if the specified host falls within at least one of the given lists; otherwise, false. - - !String.IsNullOrEmpty(host) - String.IsNullOrEmpty(host) - stringList != null - stringList == null - regexList != null - regexList == null - - - - Determines whether a given host is whitelisted. - - The host name to test. - - true if the host is whitelisted; otherwise, false. - - - - - Determines whether a given host is blacklisted. - - The host name to test. - - true if the host is blacklisted; otherwise, false. - - - - - Verify that the request qualifies under our security policies - - The request URI. - If set to true, only web requests that can be made entirely over SSL will succeed. - Thrown when the URI is disallowed for security reasons. - - - - Determines whether a URI is allowed based on scheme and host name. - No requireSSL check is done here - - The URI to test for whether it should be allowed. - - true if [is URI allowable] [the specified URI]; otherwise, false. - - uri != null - uri == null - - - - Prepares the request by setting timeout and redirect policies. - - The request to prepare. - - true if this is a POST request whose headers have not yet been sent out; false otherwise. - request != null - request == null - - - - Gets or sets the default maximum bytes to read in any given HTTP request. - - Default is 1MB. Cannot be less than 2KB. - - value >= 2048 - - value < 2048 - - - - Gets or sets the total number of redirections to allow on any one request. - Default is 10. - - - value >= 0 - - value < 0 - - - - Gets or sets the time allowed to wait for single read or write operation to complete. - Default is 500 milliseconds. - - - - - Gets or sets the time allowed for an entire HTTP request. - Default is 5 seconds. - - - - - Gets a collection of host name literals that should be allowed even if they don't - pass standard security checks. - - - - - Gets a collection of host name regular expressions that indicate hosts that should - be allowed even though they don't pass standard security checks. - - - - - Gets a collection of host name literals that should be rejected even if they - pass standard security checks. - - - - - Gets a collection of host name regular expressions that indicate hosts that should - be rejected even if they pass standard security checks. - - - - - Gets the configuration for this class that is specified in the host's .config file. - - - - - The discovery service for URI identifiers. - - - - - Initializes a new instance of the class. - - - - - Performs discovery on the specified identifier. - - The identifier to perform discovery on. - The means to place outgoing HTTP requests. - if set to true, no further discovery services will be called for this identifier. - - A sequence of service endpoints yielded by discovery. Must not be null, but may be empty. - - identifier != null - identifier == null - requestHandler != null - requestHandler == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Searches HTML for the HEAD META tags that describe OpenID provider services. - - The final URL that provided this HTML document. - This may not be the same as (this) userSuppliedIdentifier if the - userSuppliedIdentifier pointed to a 301 Redirect. - The user supplied identifier. - The HTML that was downloaded and should be searched. - - A sequence of any discovered ServiceEndpoints. - - - - - A URI style of OpenID Identifier. - - this.Uri != null - this.Uri.AbsoluteUri != null - - - - The allowed protocol schemes in a URI Identifier. - - - - - The special scheme to use for HTTP URLs that should not have their paths compressed. - - - - - The special scheme to use for HTTPS URLs that should not have their paths compressed. - - - - - The special scheme to use for HTTP URLs that should not have their paths compressed. - - - - - The special scheme to use for HTTPS URLs that should not have their paths compressed. - - - - - A value indicating whether scheme substitution is being used to workaround - .NET path compression that invalidates some OpenIDs that have trailing periods - in one of their path segments. - - - - - Initializes static members of the class. - - - This method attempts to workaround the .NET Uri class parsing bug described here: - https://connect.microsoft.com/VisualStudio/feedback/details/386695/system-uri-incorrectly-strips-trailing-dots?wa=wsignin1.0#tabs - since some identifiers (like some of the pseudonymous identifiers from Yahoo) include path segments - that end with periods, which the Uri class will typically trim off. - - - - - Initializes a new instance of the class. - - The value this identifier will represent. - !String.IsNullOrEmpty(uri) - String.IsNullOrEmpty(uri) - - - - Initializes a new instance of the class. - - The value this identifier will represent. - if set to true [require SSL discovery]. - !String.IsNullOrEmpty(uri) - String.IsNullOrEmpty(uri) - - - - Initializes a new instance of the class. - - The value this identifier will represent. - - - - Initializes a new instance of the class. - - The value this identifier will represent. - if set to true [require SSL discovery]. - uri != null - uri == null - - - - Converts a instance to a instance. - - The identifier to convert to an ordinary instance. - The result of the conversion. - - - - Converts a instance to a instance. - - The instance to turn into a . - The result of the conversion. - - - - Tests equality between this URI and another URI. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Returns the hash code of this XRI. - - - A hash code for the current . - - - - - Returns the string form of the URI. - - - A that represents the current . - - Contract.Result<string>() != null - - - - Determines whether a URI is a valid OpenID Identifier (of any kind). - - The URI to test for OpenID validity. - - true if the identifier is valid; otherwise, false. - - - A valid URI is absolute (not relative) and uses an http(s) scheme. - - - - - Determines whether a URI is a valid OpenID Identifier (of any kind). - - The URI to test for OpenID validity. - - true if the identifier is valid; otherwise, false. - - - A valid URI is absolute (not relative) and uses an http(s) scheme. - - - - - Returns an that has no URI fragment. - Quietly returns the original if it is not - a or no fragment exists. - - - A new instance if there was a - fragment to remove, otherwise this same instance.. - - Contract.Result<Identifier>() != null - - - - Converts a given identifier to its secure equivalent. - UriIdentifiers originally created with an implied HTTP scheme change to HTTPS. - Discovery is made to require SSL for the entire resolution process. - - The newly created secure identifier. - If the conversion fails, retains - this identifiers identity, but will never discover any endpoints. - - True if the secure conversion was successful. - False if the Identifier was originally created with an explicit HTTP scheme. - - Contract.ValueAtReturn(out secureIdentifier) != null - - - - Determines whether the given URI is using a scheme in the list of allowed schemes. - - The URI whose scheme is to be checked. - - true if the scheme is allowed; otherwise, false. - false is also returned if is null. - - - - - Determines whether the given URI is using a scheme in the list of allowed schemes. - - The URI whose scheme is to be checked. - - true if the scheme is allowed; otherwise, false. - false is also returned if is null. - - - - - Tries to canonicalize a user-supplied identifier. - This does NOT convert a user-supplied identifier to a Claimed Identifier! - - The user-supplied identifier. - The resulting canonical URI. - If set to true and the user-supplied identifier lacks a scheme, the "https://" scheme will be prepended instead of the standard "http://" one. - if set to true [scheme prepended]. - - true if the identifier was valid and could be canonicalized. - false if the identifier is outside the scope of allowed inputs and should be rejected. - - - Canonicalization is done by adding a scheme in front of an - identifier if it isn't already present. Other trivial changes that do not - require network access are also done, such as lower-casing the hostname in the URI. - - !string.IsNullOrEmpty(uri) - string.IsNullOrEmpty(uri) - - - - Fixes up the scheme if appropriate. - - The URI, already in legal form (with http(s):// prepended if necessary). - The resulting canonical URI. - - true if the canonicalization was successful; false otherwise. - - This does NOT standardize an OpenID URL for storage in a database, as - it does nothing to convert the URL to a Claimed Identifier, besides the fact - that it only deals with URLs whereas OpenID 2.0 supports XRIs. - For this, you should lookup the value stored in IAuthenticationResponse.ClaimedIdentifier. - - uri != null - uri == null - - - - Gets the special non-compressing scheme or URL for a standard scheme or URL. - - The ordinary URL or scheme name. - The non-compressing equivalent scheme or URL for the given value. - !string.IsNullOrEmpty(normal) - string.IsNullOrEmpty(normal) - schemeSubstitution - !(schemeSubstitution) - !string.IsNullOrEmpty(Contract.Result<string>()) - - - - Performs the minimal URL normalization to allow a string to be passed to the constructor. - - The user-supplied identifier URI to normalize. - if set to true, a missing scheme should result in HTTPS being prepended instead of HTTP. - if set to true, the scheme was prepended during normalization. - The somewhat normalized URL. - !String.IsNullOrEmpty(uri) - String.IsNullOrEmpty(uri) - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets or sets a value indicating whether scheme substitution is being used to workaround - .NET path compression that invalidates some OpenIDs that have trailing periods - in one of their path segments. - - - - - Gets the URI this instance represents. - - - - - Gets a value indicating whether the scheme was missing when this - Identifier was created and added automatically as part of the - normalization process. - - - - - Gets a value indicating whether this Identifier has characters or patterns that - the class normalizes away and invalidating the Identifier. - - - - - A simple URI class that doesn't suffer from the parsing problems of the class. - - - - - URI characters that separate the URI Path from subsequent elements. - - - - - Initializes a new instance of the class. - - The value. - !string.IsNullOrEmpty(value) - string.IsNullOrEmpty(value) - - - - Returns a that represents this instance. - - - A that represents this instance. - - Contract.Result<string>() != null - - - - Determines whether the specified is equal to this instance. - - The to compare with this instance. - - true if the specified is equal to this instance; otherwise, false. - - - The parameter is null. - - - - - Returns a hash code for this instance. - - - A hash code for this instance, suitable for use in hashing algorithms and data structures like a hash table. - - - - - Normalizes the characters that are escaped in the given URI path. - - The path to normalize. - The given path, with exactly those characters escaped which should be. - path != null - path == null - - - - Gets the scheme. - - The scheme. - - - - Gets the authority. - - The authority. - - - - Gets the path of the URI. - - The path from the URI. - - - - Gets the query. - - The query. - - - - Gets the fragment. - - The fragment. - - - - A URI parser that does not compress paths, such as trimming trailing periods from path segments. - - - - - The field that stores the scheme that this parser is registered under. - - - - - The standard "http" or "https" scheme that this parser is subverting. - - - - - Initializes a new instance of the class. - - The standard scheme that this parser will be subverting. - !string.IsNullOrEmpty(standardScheme) - string.IsNullOrEmpty(standardScheme) - - - - Initializes this parser with the actual scheme it should appear to be. - - if set to true Uris using this scheme will look like they're using the original standard scheme. - - - - Gets the scheme this parser is registered under. - - The registered scheme. - - - - The discovery service for XRI identifiers that uses an XRI proxy resolver for discovery. - - - - - The magic URL that will provide us an XRDS document for a given XRI identifier. - - - We use application/xrd+xml instead of application/xrds+xml because it gets - xri.net to automatically give us exactly the right XRD element for community i-names - automatically, saving us having to choose which one to use out of the result. - The ssl=true parameter tells the proxy resolver to accept only SSL connections - when resolving community i-names. - - - - - Initializes a new instance of the class. - - - - - Performs discovery on the specified identifier. - - The identifier to perform discovery on. - The means to place outgoing HTTP requests. - if set to true, no further discovery services will be called for this identifier. - - A sequence of service endpoints yielded by discovery. Must not be null, but may be empty. - - identifier != null - identifier == null - requestHandler != null - requestHandler == null - Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null - - - - Downloads the XRDS document for this XRI. - - The identifier. - The request handler. - The XRDS document. - identifier != null - identifier == null - requestHandler != null - requestHandler == null - Contract.Result<XrdsDocument>() != null - - - - Gets the URL from which this XRI's XRDS document may be downloaded. - - The identifier. - The URI to HTTP GET from to get the services. - - - - An XRI style of OpenID Identifier. - - this.canonicalXri != null - - - - The scheme and separator "xri://" - - - - - An XRI always starts with one of these symbols. - - - - - Backing store for the property. - - - - - Initializes a new instance of the class. - - The string value of the XRI. - !String.IsNullOrEmpty(xri) - String.IsNullOrEmpty(xri) - IsValidXri(xri) - !(IsValidXri(xri)) - - - - Initializes a new instance of the class. - - The XRI that this Identifier will represent. - - If set to true, discovery and the initial authentication redirect will - only succeed if it can be done entirely using SSL. - - !String.IsNullOrEmpty(xri) - String.IsNullOrEmpty(xri) - IsValidXri(xri) - !(IsValidXri(xri)) - - - - Tests equality between this XRI and another XRI. - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Returns the hash code of this XRI. - - - A hash code for the current . - - - - - Returns the canonical string form of the XRI. - - - A that represents the current . - - Contract.Result<string>() != null - - - - Tests whether a given string represents a valid XRI format. - - The value to test for XRI validity. - - true if the given string constitutes a valid XRI; otherwise, false. - - !String.IsNullOrEmpty(xri) - String.IsNullOrEmpty(xri) - - - - Returns an that has no URI fragment. - Quietly returns the original if it is not - a or no fragment exists. - - - A new instance if there was a - fragment to remove, otherwise this same instance.. - - - XRI Identifiers never have a fragment part, and thus this method - always returns this same instance. - - Contract.Result<Identifier>() != null - - - - Converts a given identifier to its secure equivalent. - UriIdentifiers originally created with an implied HTTP scheme change to HTTPS. - Discovery is made to require SSL for the entire resolution process. - - The newly created secure identifier. - If the conversion fails, retains - this identifiers identity, but will never discover any endpoints. - - True if the secure conversion was successful. - False if the Identifier was originally created with an explicit HTTP scheme. - - Contract.ValueAtReturn(out secureIdentifier) != null - - - - Takes any valid form of XRI string and returns the canonical form of the same XRI. - - The xri to canonicalize. - The canonicalized form of the XRI. - The canonical form, per the OpenID spec, is no scheme and no whitespace on either end. - xri != null - xri == null - Contract.Result<string>() != null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the original XRI supplied to the constructor. - - - - - Gets the canonical form of the XRI string. - - - Contract.Result<string>() != null - - - - - A direct message sent from Consumer to Service Provider to request a Request Token. - - - - - Initializes a new instance of the class. - - The URI of the Service Provider endpoint to send this message to. - The OAuth version. - - - - Gets or sets the absolute URL to which the Service Provider will redirect the - User back when the Obtaining User Authorization step is completed. - - - The callback URL; or null if the Consumer is unable to receive - callbacks or a callback URL has been established via other means. - - - - - Gets the extra, non-OAuth parameters that will be included in the message. - - - - - A binding element that signs outgoing messages and verifies the signature on incoming messages. - - - - - The name of the hash algorithm to use. - - - - - The token manager for the service provider. - - - - - Initializes a new instance of the class - for use by Consumers. - - The certificate used to sign outgoing messages. - signingCertificate != null - signingCertificate == null - - - - Initializes a new instance of the class - for use by Service Providers. - - The token manager. - tokenManager != null - tokenManager == null - - - - Calculates a signature for a given message. - - The message to sign. - The signature for the message. - - This method signs the message per OAuth 1.0 section 9.3. - - message != null - message == null - this.Channel != null - this.Channel == null - - - - Determines whether the signature on some message is valid. - - The message to check the signature on. - - true if the signature on the message is valid; otherwise, false. - - message != null - message == null - - - - Clones this instance. - - A new instance of the binding element. - - - - Gets or sets the certificate used to sign outgoing messages. Used only by Consumers. - - - - - The default handler for transmitting instances - and returning the responses. - - - - - The set of options this web request handler supports. - - - - - The value to use for the User-Agent HTTP header. - - - - - Determines whether this instance can support the specified options. - - The set of options that might be given in a subsequent web request. - - true if this instance can support the specified options; otherwise, false. - - - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - - The writer the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - request != null - request == null - - - - Prepares an that contains an POST entity for sending the entity. - - The that should contain the entity. - The options to apply to this web request. - - The writer the caller should write out the entity data to. - - Thrown for any network error. - - The caller should have set the - and any other appropriate properties before calling this method. - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. - - request != null - request == null - ((IDirectWebRequestHandler)this).CanSupport(options) - !(((IDirectWebRequestHandler)this).CanSupport(options)) - - - - Processes an and converts the - to a instance. - - The to handle. - - An instance of describing the response. - - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - request != null - request == null - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Processes an and converts the - to a instance. - - The to handle. - The options to apply to this web request. - - An instance of describing the response. - - Thrown for any network error. - - Implementations should catch and wrap it in a - to abstract away the transport and provide - a single exception type for hosts to catch. The - value, if set, should be Closed before throwing. - - request != null - request == null - ((IDirectWebRequestHandler)this).CanSupport(options) - !(((IDirectWebRequestHandler)this).CanSupport(options)) - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Determines whether an exception was thrown because of the remote HTTP server returning HTTP 417 Expectation Failed. - - The caught exception. - - true if the failure was originally caused by a 417 Exceptation Failed error; otherwise, false. - - - - - Initiates a POST request and prepares for sending data. - - The HTTP request with information about the remote party to contact. - - The stream where the POST entity can be written. - - - - - Prepares an HTTP request. - - The request. - - true if this is a POST request whose headers have not yet been sent out; false otherwise. - request != null - request == null - - - - An immutable description of a URL that receives messages. - - - - - Initializes a new instance of the class. - - The URL of this endpoint. - The HTTP method(s) allowed. - locationUri != null - locationUri == null - method != HttpDeliveryMethods.None - method == HttpDeliveryMethods.None - (method & HttpDeliveryMethods.HttpVerbMask) != 0 - !((method & HttpDeliveryMethods.HttpVerbMask) != 0) - - - - Initializes a new instance of the class. - - The URL of this endpoint. - The HTTP method(s) allowed. - location != null - location == null - method != HttpDeliveryMethods.None - method == HttpDeliveryMethods.None - (method & HttpDeliveryMethods.HttpVerbMask) != 0 - !((method & HttpDeliveryMethods.HttpVerbMask) != 0) - - - - Gets the URL of this endpoint. - - - - - Gets the HTTP method(s) allowed. - - - - - The statistical reporting mechanism used so this library's project authors - know what versions and features are in use. - - - - - A UTF8 encoder that doesn't emit the preamble. Used for mid-stream writers. - - - - - A value indicating whether reporting is desirable or not. Must be logical-AND'd with !. - - - - - A value indicating whether reporting experienced an error and cannot be enabled. - - - - - A value indicating whether the reporting class has been initialized or not. - - - - - The object to lock during initialization. - - - - - The isolated storage to use for collecting data in between published reports. - - - - - The GUID that shows up at the top of all reports from this user/machine/domain. - - - - - The recipient of collected reports. - - - - - The outgoing HTTP request handler to use for publishing reports. - - - - - A few HTTP request hosts and paths we've seen. - - - - - Cultures that have come in via HTTP requests. - - - - - Features that have been used. - - - - - A collection of all the observations to include in the report. - - - - - The named events that we have counters for. - - - - - The lock acquired while considering whether to publish a report. - - - - - The time that we last published reports. - - - - - Initializes static members of the class. - - - - - Records an event occurrence. - - Name of the event. - The category within the event. Null and empty strings are allowed, but considered the same. - !String.IsNullOrEmpty(eventName) - - - - Records an event occurence. - - The object whose type name is the event name to record. - The category within the event. Null and empty strings are allowed, but considered the same. - eventNameByObjectType != null - - - - Records the use of a feature by name. - - The feature. - !String.IsNullOrEmpty(feature) - - - - Records the use of a feature by object type. - - The object whose type is the feature to set as used. - value != null - - - - Records the use of a feature by object type. - - The object whose type is the feature to set as used. - Some dependency used by . - Some dependency used by . - value != null - - - - Records the feature and dependency use. - - The consumer or service provider. - The service. - The token manager. - The nonce store. - value != null - service != null - tokenManager != null - - - - Records statistics collected from incoming requests. - - The request. - request != null - - - - Initializes Reporting if it has not been initialized yet. - - - - - Assembles a report for submission. - - A stream that contains the report. - - - - Sends the usage reports to the library authors. - - A value indicating whether submitting the report was successful. - - - - Interprets the reporting response as a log message if possible. - - The line from the HTTP response to interpret as a log message. - - - - Called by every internal/public method on this class to give - periodic operations a chance to run. - - - - - Sends the stats report asynchronously, and careful to not throw any unhandled exceptions. - - - - - Gets the isolated storage to use for reporting. - - An isolated storage location appropriate for our host. - Contract.Result<IsolatedStorageFile>() != null - - - - Gets a unique, pseudonymous identifier for this particular web site or application. - - A GUID that will serve as the identifier. - - The identifier is made persistent by storing the identifier in isolated storage. - If an existing identifier is not found, a new one is created, persisted, and returned. - - file != null - file == null - Contract.Result<Guid>() != Guid.Empty - - - - Sanitizes the name of the file so it only includes valid filename characters. - - The filename to sanitize. - The filename, with any and all invalid filename characters replaced with the hyphen (-) character. - !String.IsNullOrEmpty(fileName) - String.IsNullOrEmpty(fileName) - - - - Gets or sets a value indicating whether this reporting is enabled. - - - true if enabled; otherwise, false. - - Setting this property to truemay have no effect - if reporting has already experienced a failure of some kind. - - - - - Gets the configuration to use for reporting. - - - - - A set of values that persist the set to disk. - - - - - The isolated persistent storage. - - - - - The persistent reader. - - - - - The persistent writer. - - - - - The total set of elements. - - - - - The maximum number of elements to track before not storing new elements. - - - - - The set of new elements added to the since the last flush. - - - - - The time the last flush occurred. - - - - - A flag indicating whether the set has changed since it was last flushed. - - - - - Initializes a new instance of the class. - - The storage location. - Name of the file. - The maximum number of elements to track. - storage != null - storage == null - !String.IsNullOrEmpty(fileName) - String.IsNullOrEmpty(fileName) - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Adds a value to the set. - - The value. - - - - Flushes any newly added values to disk. - - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets a value indicating whether the hashset has reached capacity and is not storing more elements. - - - true if this instance is full; otherwise, false. - - - - Gets the name of the file. - - The name of the file. - - - - A feature usage counter. - - - - - The separator to use between category names and their individual counters. - - - - - The isolated persistent storage. - - - - - The persistent reader. - - - - - The persistent writer. - - - - - The time the last flush occurred. - - - - - The in-memory copy of the counter. - - - - - A flag indicating whether the set has changed since it was last flushed. - - - - - Initializes a new instance of the class. - - The storage location. - Name of the file. - storage != null - storage == null - !String.IsNullOrEmpty(fileName) - String.IsNullOrEmpty(fileName) - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Increments the counter. - - The category within the event. Null and empty strings are allowed, but considered the same. - - - - Flushes any newly added values to disk. - - - - - Resets all counters. - - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets the name of the file. - - The name of the file. - - - - The channel for the OAuth protocol. - - - - - Initializes a new instance of the class. - - The authorization server. - authorizationServer != null - authorizationServer == null - - - - Gets the protocol message that may be in the given HTTP response. - - The response that is anticipated to contain an protocol message. - - The deserialized message parts, if found. Null otherwise. - - Thrown when the response is not valid. - response != null - response == null - - - - Queues a message for sending in the response stream. - - The message to send as a response. - - The pending user agent redirect based message to be sent as an HttpResponse. - - - This method implements spec OAuth V1.0 section 5.3. - - response != null - response == null - Contract.Result<OutgoingWebResponse>() != null - - - - Gets the protocol message that may be embedded in the given HTTP request. - - The request to search for an embedded message. - - The deserialized message, if one is found. Null otherwise. - - request != null - request == null - - - - Initializes the binding elements for the OAuth channel. - - The authorization server. - - An array of binding elements used to initialize the channel. - - authorizationServer != null - authorizationServer == null - - - - Gets the authorization server. - - The authorization server. - - - - A message sent by a web application Client to the AuthorizationServer - via the user agent to obtain authorization from the user and prepare - to issue an access token to the Consumer if permission is granted. - - - - - Initializes a new instance of the class. - - The Authorization Server's user authorization URL to direct the user to. - The protocol version. - authorizationEndpoint != null - authorizationEndpoint == null - version != null - version == null - - - - Initializes a new instance of the class. - - The authorization server. - authorizationServer != null - authorizationServer == null - authorizationServer.Version != null - authorizationServer.Version == null - authorizationServer.AuthorizationEndpoint != null - authorizationServer.AuthorizationEndpoint == null - - - - Gets the type of the authorization that the client expects of the authorization server. - - Always . Other response types are not supported. - - - - Gets or sets the identifier by which this client is known to the Authorization Server. - - - - - Gets or sets the callback URL. - - - An absolute URL to which the Authorization Server will redirect the User back after - the user has approved the authorization request. - - - REQUIRED unless a redirection URI has been established between the client and authorization server via other means. An absolute URI to which the authorization server will redirect the user-agent to when the end-user authorization step is completed. The authorization server MAY require the client to pre-register their redirection URI. The redirection URI MUST NOT include a query component as defined by [RFC3986] (Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005.) section 3 if the state parameter is present. - - - - - Gets or sets state of the client that should be sent back with the authorization response. - - - An opaque value that Clients can use to maintain state associated with this request. - - - REQUIRED. The client identifier as described in Section 3.4 (Client Credentials). - - - - - Gets the scope of access being requested. - - The scope of the access request expressed as a list of space-delimited strings. The value of the scope parameter is defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope. - - - - An enumeration of the OAuth protocol versions supported by this library. - - - - - The OAuth 2.0 specification. - - - - - Protocol constants for OAuth 2.0. - - - - - The HTTP authorization scheme "OAuth"; - - - - - The format of the HTTP Authorization header value that authorizes OAuth 2.0 requests. - - - - - The "type" string. - - - - - The "state" string. - - - - - The "redirect_uri_mismatch" string. - - - - - The "bad_verification_code" string. - - - - - The "incorrect_client_credentials" string. - - - - - The "authorization_expired" string. - - - - - The "redirect_uri" string. - - - - - The "client_id" string. - - - - - The "scope" string. - - - - - The "immediate" string. - - - - - The "client_secret" string. - - - - - The "code" string. - - - - - The "user_code" string. - - - - - The "verification_uri" string. - - - - - The "interval" string. - - - - - The "error" string. - - - - - The "access_token" string. - - - - - The "access_token_secret" string. - - - - - The "refresh_token" string. - - - - - The "expires_in" string. - - - - - The "expired_delegation_code" string. - - - - - The "username" string. - - - - - The "password" string. - - - - - The "format" string. - - - - - The "assertion" string. - - - - - The "assertion_type" string. - - - - - The "user_denied" string. - - - - - The "error_uri" string. - - - - - The "error_description" string. - - - - - The "response_type" string. - - - - - The "grant_type" string. - - - - - Gets the instance with values initialized for V1.0 of the protocol. - - - - - A list of all supported OAuth versions, in order starting from newest version. - - - - - The default (or most recent) supported version of the OpenID protocol. - - - - - Gets the OAuth Protocol instance to use for the given version. - - The OAuth version to get. - A matching instance. - - - - Gets or sets the OAuth 2.0 version represented by this instance. - - The version. - - - - Gets or sets the OAuth 2.0 version represented by this instance. - - The protocol version. - - - - Error codes that an authorization server can return to a client in response to a malformed or unsupported access token request. - - - - - The request is missing a required parameter, includes an unknown parameter or parameter value, repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed. - - - - - The client identifier provided is invalid, the client failed to authenticate, or the client provided multiple client credentials. - - - - - The client is not authorized to use the access grant type provided. - - - - - The provided access grant is invalid, expired, or revoked (e.g. invalid assertion, expired authorization token, bad end-user basic credentials, or mismatching authorization code and redirection URI). - - - - - The access grant included - its type or another attribute - is not supported by the authorization server. - - - - - The requested scope is invalid, unknown, malformed, or exceeds the previously granted scope. - - - - - Error codes that an authorization server can return to a client in response to a malformed or unsupported end user authorization request. - - - - - The request is missing a required parameter, includes an unknown parameter or parameter value, or is otherwise malformed. - - - - - The client identifier provided is invalid. - - - - - The client is not authorized to use the requested response type. - - - - - The redirection URI provided does not match a pre-registered value. - - - - - The end-user or authorization server denied the request. - - - - - The requested response type is not supported by the authorization server. - - - - - The requested scope is invalid, unknown, or malformed. - - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to The requested access scope ("{0}") exceeds the grant scope ("{1}").. - - - - - Looks up a localized string similar to None of the client's pre-registered callback URLs ({0}) match the one found in the authorization request ({1}).. - - - - - Looks up a localized string similar to Failed to obtain access token. Authorization Server reports reason: {0}. - - - - - Looks up a localized string similar to This message can only be sent over HTTPS.. - - - - - Looks up a localized string similar to Failed to obtain access token due to invalid Client Identifier or Client Secret.. - - - - - Looks up a localized string similar to No callback URI was available for this request.. - - - - - Looks up a localized string similar to Refresh tokens should not be granted without the request including an access grant.. - - - - - Looks up a localized string similar to Individual scopes may not contain spaces.. - - - - - A description of an OAuth Authorization Server as seen by an OAuth Client. - - - - - Initializes a new instance of the class. - - - - - Gets or sets the Authorization Server URL from which an Access Token is requested by the Client. - - An HTTPS URL. - - After obtaining authorization from the resource owner, clients request an access token from the authorization server's token endpoint. - The URI of the token endpoint can be found in the service documentation, or can be obtained by the client by making an unauthorized protected resource request (from the WWW-Authenticate response header token-uri (The 'authorization-uri' Attribute) attribute). - The token endpoint advertised by the resource server MAY include a query component as defined by [RFC3986] (Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005.) section 3. - Since requests to the token endpoint result in the transmission of plain text credentials in the HTTP request and response, the authorization server MUST require the use of a transport-layer mechanism such as TLS/SSL (or a secure channel with equivalent protections) when sending requests to the token endpoints. - - - - - Gets or sets the Authorization Server URL where the Client (re)directs the User - to make an authorization request. - - An HTTP or HTTPS URL. - - Clients direct the resource owner to the authorization endpoint to approve their access request. Before granting access, the resource owner first authenticates with the authorization server. The way in which the authorization server authenticates the end-user (e.g. username and password login, OpenID, session cookies) and in which the authorization server obtains the end-user's authorization, including whether it uses a secure channel such as TLS/SSL, is beyond the scope of this specification. However, the authorization server MUST first verify the identity of the end-user. - The URI of the authorization endpoint can be found in the service documentation, or can be obtained by the client by making an unauthorized protected resource request (from the WWW-Authenticate response header auth-uri (The 'authorization-uri' Attribute) attribute). - The authorization endpoint advertised by the resource server MAY include a query component as defined by [RFC3986] (Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005.) section 3. - Since requests to the authorization endpoint result in user authentication and the transmission of sensitive values, the authorization server SHOULD require the use of a transport-layer mechanism such as TLS/SSL (or a secure channel with equivalent protections) when sending requests to the authorization endpoints. - - - - - Gets or sets the OAuth version supported by the Authorization Server. - - - - - Gets the version of the OAuth protocol to use with this Authorization Server. - - The version. - - - - An OAuth 2.0 consumer designed for web applications. - - - - - Initializes a new instance of the class. - - The authorization server. - The client identifier. - The client secret. - - - - Prepares a request for user authorization from an authorization server. - - The scope of authorized access requested. - The state of the client that should be sent back with the authorization response. - The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used. - - - - Prepares a request for user authorization from an authorization server. - - The scope of authorized access requested. - The state of the client that should be sent back with the authorization response. - The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed. If null, the current request's URL will be used. - The authorization request. - - - - Prepares a request for user authorization from an authorization server. - - The authorization state to associate with this particular request. - The state of the client that should be sent back with the authorization response. - The authorization request. - authorization != null - authorization == null - authorization.Callback != null || (HttpContext.Current != null && HttpContext.Current.Request != null) - authorization.Callback == null && (HttpContext.Current == null || HttpContext.Current.Request == null) - !string.IsNullOrEmpty(this.ClientIdentifier) - string.IsNullOrEmpty(this.ClientIdentifier) - Contract.Result<OutgoingWebResponse>() != null - - - - Processes the authorization response from an authorization server, if available. - - The incoming HTTP request that may carry an authorization response. - The authorization state that contains the details of the authorization. - !string.IsNullOrEmpty(this.ClientIdentifier) - string.IsNullOrEmpty(this.ClientIdentifier) - !string.IsNullOrEmpty(this.ClientSecret) - string.IsNullOrEmpty(this.ClientSecret) - - - - Gets or sets an optional component that gives you greater control to record and influence the authorization process. - - The authorization tracker. - - - - A grab-bag utility class. - - - - - The base namespace for this library from which all other namespaces derive. - - - - - The web.config file-specified provider of web resource URLs. - - - - - Tests for equality between two objects. Safely handles the case where one or both are null. - - The type of objects been checked for equality. - The first object. - The second object. - - true if the two objects are equal; false otherwise. - - - - Prepares a dictionary for printing as a string. - - The type of the key. - The type of the value. - The dictionary or sequence of name-value pairs. - An object whose ToString method will perform the actual work of generating the string. - - The work isn't done until (and if) the - method is actually called, which makes it great - for logging complex objects without being in a conditional block. - - - - - Offers deferred ToString processing for a list of elements, that are assumed - to generate just a single-line string. - - The type of elements contained in the list. - The list of elements. - An object whose ToString method will perform the actual work of generating the string. - - - - Offers deferred ToString processing for a list of elements. - - The type of elements contained in the list. - The list of elements. - if set to true, special formatting will be applied to the output to make it clear where one element ends and the next begins. - An object whose ToString method will perform the actual work of generating the string. - - - - Gets the web resource URL from a Page or object. - - Some type in resource assembly. - Name of the manifest resource. - An absolute URL - - - - Gets a human-readable description of the library name and version, including - whether the build is an official or private one. - - - - - Manages an individual deferred ToString call. - - The type of object to be serialized as a string. - - - - The object that will be serialized if called upon. - - - - - The method used to serialize to string form. - - - - - Initializes a new instance of the DelayedToString class. - - The object that may be serialized to string form. - The method that will serialize the object if called upon. - toString != null - toString == null - - - - Returns a that represents the current . - - - A that represents the current . - - Contract.Result<string>() != null - - - - An enumeration of the OAuth protocol versions supported by this library. - - - - - OAuth 1.0 specification - - - - - OAuth 1.0a specification - - - - - Constants used in the OAuth protocol. - - - OAuth Protocol Parameter names and values are case sensitive. Each OAuth Protocol Parameters MUST NOT appear more than once per request, and are REQUIRED unless otherwise noted, - per OAuth 1.0 section 5. - - - - - The namespace to use for V1.0 of the protocol. - - - - - The prefix used for all key names in the protocol. - - - - - The string representation of a instance to be used to represent OAuth 1.0a. - - - - - The scheme to use in Authorization header message requests. - - - - - Gets the instance with values initialized for V1.0 of the protocol. - - - - - Gets the instance with values initialized for V1.0a of the protocol. - - - - - A list of all supported OAuth versions, in order starting from newest version. - - - - - The default (or most recent) supported version of the OpenID protocol. - - - - - The namespace to use for this version of the protocol. - - - - - Initializes a new instance of the class. - - - - - Gets the OAuth Protocol instance to use for the given version. - - The OAuth version to get. - A matching instance. - - - - Gets the OAuth Protocol instance to use for the given version. - - The OAuth version to get. - A matching instance. - version != null - version == null - AllVersions.Any(p => p.Version == version) - !(AllVersions.Any(p => p.Version == version)) - - - - Gets the OAuth version this instance represents. - - - - - Gets the version to declare on the wire. - - - - - Gets the enum value for the instance. - - - - - Gets the namespace to use for this version of the protocol. - - - - - A web application that allows access via OAuth. - - - The Service Provider’s documentation should include: - - The URLs (Request URLs) the Consumer will use when making OAuth requests, and the HTTP methods (i.e. GET, POST, etc.) used in the Request Token URL and Access Token URL. - Signature methods supported by the Service Provider. - Any additional request parameters that the Service Provider requires in order to obtain a Token. Service Provider specific parameters MUST NOT begin with oauth_. - - - - - - The name of the key to use in the HttpApplication cache to store the - instance of to use. - - - - - The length of the verifier code (in raw bytes before base64 encoding) to generate. - - - - - The field behind the property. - - - - - Initializes a new instance of the class. - - The endpoints and behavior on the Service Provider. - The host's method of storing and recalling tokens and secrets. - - - - Initializes a new instance of the class. - - The endpoints and behavior on the Service Provider. - The host's method of storing and recalling tokens and secrets. - An object that can figure out what type of message is being received for deserialization. - serviceDescription != null - serviceDescription == null - tokenManager != null - tokenManager == null - messageTypeProvider != null - messageTypeProvider == null - - - - Initializes a new instance of the class. - - The endpoints and behavior on the Service Provider. - The host's method of storing and recalling tokens and secrets. - The nonce store. - - - - Initializes a new instance of the class. - - The endpoints and behavior on the Service Provider. - The host's method of storing and recalling tokens and secrets. - The nonce store. - An object that can figure out what type of message is being received for deserialization. - serviceDescription != null - serviceDescription == null - tokenManager != null - tokenManager == null - nonceStore != null - nonceStore == null - messageTypeProvider != null - messageTypeProvider == null - - - - Creates a cryptographically strong random verification code. - - The desired format of the verification code. - The length of the code. - When is , - this is the length of the original byte array before base64 encoding rather than the actual - length of the final string. - The verification code. - length >= 0 - length < 0 - - - - Reads any incoming OAuth message. - - The deserialized message. - - Requires HttpContext.Current. - - - - - Reads any incoming OAuth message. - - The HTTP request to read the message from. - The deserialized message. - - - - Gets the incoming request for an unauthorized token, if any. - - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - Requires HttpContext.Current. - - - - - Reads a request for an unauthorized token from the incoming HTTP request. - - The HTTP request to read from. - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - - - Prepares a message containing an unauthorized token for the Consumer to use in a - user agent redirect for subsequent authorization. - - The token request message the Consumer sent that the Service Provider is now responding to. - The response message to send using the , after optionally adding extra data to it. - request != null - request == null - - - - Gets the incoming request for the Service Provider to authorize a Consumer's - access to some protected resources. - - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - Requires HttpContext.Current. - - - - - Reads in a Consumer's request for the Service Provider to obtain permission from - the user to authorize the Consumer's access of some protected resource(s). - - The HTTP request to read from. - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - - - Gets the OAuth authorization request included with an OpenID authentication - request, if there is one. - - The OpenID authentication request. - - The scope of access the relying party is requesting, or null if no OAuth request - is present. - - - Call this method rather than simply extracting the OAuth extension - out from the authentication request directly to ensure that the additional - security measures that are required are taken. - - openIdRequest != null - openIdRequest == null - this.TokenManager is ICombinedOpenIdProviderTokenManager - !(this.TokenManager is ICombinedOpenIdProviderTokenManager) - - - - Attaches the authorization response to an OpenID authentication response. - - The OpenID authentication request. - The consumer key. Must be null if and only if is null. - The approved access scope. Use null to indicate no access was granted. The empty string will be interpreted as some default level of access is granted. - openIdAuthenticationRequest != null - openIdAuthenticationRequest == null - (consumerKey == null) == (scope == null) - !((consumerKey == null) == (scope == null)) - this.TokenManager is ICombinedOpenIdProviderTokenManager - !(this.TokenManager is ICombinedOpenIdProviderTokenManager) - - - - Attaches the authorization response to an OpenID authentication response. - - The OpenID authentication request. - The approved access scope. Use null to indicate no access was granted. The empty string will be interpreted as some default level of access is granted. - openIdAuthenticationRequest != null - openIdAuthenticationRequest == null - this.TokenManager is ICombinedOpenIdProviderTokenManager - !(this.TokenManager is ICombinedOpenIdProviderTokenManager) - - - - Prepares the message to send back to the consumer following proper authorization of - a token by an interactive user at the Service Provider's web site. - - The Consumer's original authorization request. - - The message to send to the Consumer using if one is necessary. - Null if the Consumer did not request a callback as part of the authorization request. - - request != null - request == null - - - - Prepares the message to send back to the consumer following proper authorization of - a token by an interactive user at the Service Provider's web site. - - The Consumer's original authorization request. - The callback URI the consumer has previously registered - with this service provider or that came in the . - - The message to send to the Consumer using . - - request != null - request == null - callback != null - callback == null - - - - Gets the incoming request to exchange an authorized token for an access token. - - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - Requires HttpContext.Current. - - - - - Reads in a Consumer's request to exchange an authorized request token for an access token. - - The HTTP request to read from. - The incoming request, or null if no OAuth message was attached. - Thrown if an unexpected OAuth message is attached to the incoming request. - - - - Prepares and sends an access token to a Consumer, and invalidates the request token. - - The Consumer's message requesting an access token. - The HTTP response to actually send to the Consumer. - request != null - request == null - - - - Gets the authorization (access token) for accessing some protected resource. - - The authorization message sent by the Consumer, or null if no authorization message is attached. - - This method verifies that the access token and token secret are valid. - It falls on the caller to verify that the access token is actually authorized - to access the resources being requested. - - Thrown if an unexpected message is attached to the request. - - - - Gets the authorization (access token) for accessing some protected resource. - - HTTP details from an incoming WCF message. - The URI of the WCF service endpoint. - The authorization message sent by the Consumer, or null if no authorization message is attached. - - This method verifies that the access token and token secret are valid. - It falls on the caller to verify that the access token is actually authorized - to access the resources being requested. - - Thrown if an unexpected message is attached to the request. - - - - Gets the authorization (access token) for accessing some protected resource. - - The incoming HTTP request. - The authorization message sent by the Consumer, or null if no authorization message is attached. - - This method verifies that the access token and token secret are valid. - It falls on the caller to verify that the access token is actually authorized - to access the resources being requested. - - Thrown if an unexpected message is attached to the request. - request != null - request == null - - - - Creates a security principal that may be used. - - The request. - The instance that can be used for access control of resources. - request != null - request == null - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets the standard state storage mechanism that uses ASP.NET's - HttpApplication state dictionary to store associations and nonces. - - - Contract.Result<INonceStore>() != null - - - - - Gets the description of this Service Provider. - - - - - Gets or sets the generator responsible for generating new tokens and secrets. - - - - - Gets the persistence store for tokens and secrets. - - - - - Gets the channel to use for sending/receiving messages. - - - - - Gets the security settings for this service provider. - - - - - Gets or sets the channel to use for sending/receiving messages. - - - value != null - - value == null - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to The configuration-specified type {0} must be public, and is not.. - - - - - Looks up a localized string similar to The configuration XAML reference to {0} requires a current HttpContext to resolve.. - - - - - Looks up a localized string similar to The current IHttpHandler is not one of types: {0}. An embedded resource URL provider must be set in your .config file.. - - - - - Looks up a localized string similar to No current HttpContext was detected, so an {0} instance must be explicitly provided or specified in the .config file. Call the constructor overload that takes an {0}.. - - - - - Utility methods for working with URIs. - - - - - Tests a URI for the presence of an OAuth payload. - - The URI to test. - The prefix. - - True if the URI contains an OAuth message. - - !string.IsNullOrEmpty(prefix) - string.IsNullOrEmpty(prefix) - - - - Determines whether some is using HTTPS. - - The Uri being tested for security. - - true if the URI represents an encrypted request; otherwise, false. - - uri != null - uri == null - - - - Equivalent to UriBuilder.ToString() but omits port # if it may be implied. - Equivalent to UriBuilder.Uri.ToString(), but doesn't throw an exception if the Host has a wildcard. - - The UriBuilder to render as a string. - The string version of the Uri. - builder != null - builder == null - Contract.Result<string>() != null - - - - Validates that a URL will be resolvable at runtime. - - The page hosting the control that receives this URL as a property. - If set to true the page is in design-time mode rather than runtime mode. - The URI to check. - Thrown if the given URL is not a valid, resolvable URI. - - - - A strongly-typed resource class, for looking up localized strings, etc. - - - - - Returns the cached ResourceManager instance used by this class. - - - - - Overrides the current thread's CurrentUICulture property for all - resource lookups using this strongly typed resource class. - - - - - Looks up a localized string similar to XRI CanonicalID verification failed.. - - - - - Looks up a localized string similar to Failure parsing XRDS document.. - - - - - Looks up a localized string similar to The XRDS document for XRI {0} is missing the required CanonicalID element.. - - - - - Looks up a localized string similar to Could not find XRI resolution Status tag or code attribute was invalid.. - - - - - String constants for various content-type header values used in YADIS discovery. - - - - - The text/html content-type - - - - - The application/xhtml+xml content-type - - - - - The application/xrds+xml content-type - - - - - The text/xml content type - - - - - Contains the result of YADIS discovery. - - - - - The original web response, backed up here if the final web response is the preferred response to use - in case it turns out to not work out. - - - - - Initializes a new instance of the class. - - The user-supplied identifier. - The initial response. - The final response. - - - - Reverts to the HTML response after the XRDS response didn't work out. - - - - - Applies the HTML response to the object. - - The initial response. - - - - Gets the URI of the original YADIS discovery request. - This is the user supplied Identifier as given in the original - YADIS discovery request. - - - - - Gets the fully resolved (after redirects) URL of the user supplied Identifier. - This becomes the ClaimedIdentifier. - - - - - Gets the location the XRDS document was downloaded from, if different - from the user supplied Identifier. - - - - - Gets the Content-Type associated with the . - - - - - Gets the text in the final response. - This may be an XRDS document or it may be an HTML document, - as determined by the property. - - - - - Gets a value indicating whether the - represents an XRDS document. False if the response is an HTML document. - - - - - An HTML HEAD tag parser. - - - - - Common flags to use on regex tests. - - - - - A regular expression designed to select tags (?) - - - - - A regular expression designed to select start tags (?) - - - - - A regular expression designed to select attributes within a tag. - - - - - A regular expression designed to select the HEAD tag. - - - - - A regular expression designed to select the HTML tag. - - - - - A regular expression designed to remove all comments and scripts from a string. - - - - - Finds all the HTML HEAD tag child elements that match the tag name of a given type. - - The HTML tag of interest. - The HTML to scan. - A sequence of the matching elements. - - - - Filters a list of controls based on presence of an attribute. - - The type of HTML controls being filtered. - The sequence. - The attribute. - A filtered sequence of attributes. - sequence != null - sequence == null - !String.IsNullOrEmpty(attribute) - String.IsNullOrEmpty(attribute) - - - - Generates a regular expression that will find a given HTML tag. - - Name of the tag. - The close tags (?). - The created regular expression. - - - - Generates a regular expression designed to find a given tag. - - The tag to find. - The created regular expression. - - - - The Service element in an XRDS document. - - - - - A node in an XRDS document. - - - - - The XRD namespace xri://$xrd*($v*2.0) - - - - - The XRDS namespace xri://$xrds - - - - - Initializes a new instance of the class. - - The node represented by this instance. - The parent node. - node != null - node == null - parentNode != null - parentNode == null - - - - Initializes a new instance of the class. - - The document's root node, which this instance represents. - document != null - document == null - document.NameTable != null - document.NameTable == null - - - - Gets the node. - - - - - Gets the parent node, or null if this is the root node. - - - - - Gets the XML namespace resolver to use in XPath expressions. - - - - - Initializes a new instance of the class. - - The service element. - The parent. - - - - Compares the current object with another object of the same type. - - An object to compare with this object. - - A 32-bit signed integer that indicates the relative order of the objects being compared. The return value has the following meanings: - Value - Meaning - Less than zero - This object is less than the parameter. - Zero - This object is equal to . - Greater than zero - This object is greater than . - - - - - Gets the XRD parent element. - - - - - Gets the priority. - - - - - Gets the URI child elements. - - - - - Gets the type child elements. - - The type elements. - - - - Gets the type child element's URIs. - - - - - Gets the OP Local Identifier. - - - - - The Type element in an XRDS document. - - - - - Initializes a new instance of the class. - - The type element. - The parent. - typeElement != null - typeElement == null - parent != null - parent == null - - - - Gets the URI. - - - - - The Uri element in an XRDS document. - - - - - Initializes a new instance of the class. - - The URI element. - The service. - - - - Compares the current object with another object of the same type. - - An object to compare with this object. - - A 32-bit signed integer that indicates the relative order of the objects being compared. The return value has the following meanings: - Value - Meaning - Less than zero - This object is less than the parameter. - Zero - This object is equal to . - Greater than zero - This object is greater than . - - - - - Gets the priority. - - - - - Gets the URI. - - - - - Gets the parent service. - - - - - The Xrd element in an XRDS document. - - - - - Initializes a new instance of the class. - - The XRD element. - The parent. - - - - Searches for service sub-elements that have Type URI sub-elements that match - one that we have for a known OpenID protocol version. - - A function that selects what element of the OpenID Protocol we're interested in finding. - A sequence of service elements that match the search criteria, sorted in XRDS @priority attribute order. - - - - Gets the child service elements. - - The services. - - - - Gets a value indicating whether this XRD element's resolution at the XRI resolver was successful. - - - true if this XRD's resolution was successful; otherwise, false. - - - - - Gets the canonical ID (i-number) for this element. - - - - - Gets a value indicating whether the was verified. - - - - - Gets the services for OP Identifiers. - - - - - Gets the services for Claimed Identifiers. - - - - - Gets the services that would be discoverable at an RP for return_to verification. - - - - - Gets the services that would be discoverable at an RP for the UI extension icon. - - - - - Gets an enumeration of all Service/URI elements, sorted in priority order. - - - - - Gets the XRI resolution status code. - - - - - An XRDS document. - - - - - The namespace used by XML digital signatures. - - - - - The namespace used by Google Apps for Domains for OpenID URI templates. - - - - - Initializes a new instance of the class. - - The root node of the XRDS document. - - - - Initializes a new instance of the class. - - The Xml reader positioned at the root node of the XRDS document. - - - - Initializes a new instance of the class. - - The text that is the XRDS document. - - - - Gets the XRD child elements of the document. - - - - - Gets a value indicating whether all child XRD elements were resolved successfully. - - - - - YADIS discovery manager. - - - - - The HTTP header to look for in responses to declare where the XRDS document should be found. - - - - - The maximum number of bytes to read from an HTTP response - in searching for a link to a YADIS document. - - - - - Gets or sets the cache that can be used for HTTP requests made during identifier discovery. - - - - - Performs YADIS discovery on some identifier. - - The mechanism to use for sending HTTP requests. - The URI to perform discovery on. - Whether discovery should fail if any step of it is not encrypted. - - The result of discovery on the given URL. - Null may be returned if an error occurs, - or if is true but part of discovery - is not protected by SSL. - - - - - Searches an HTML document for a - <meta http-equiv="X-XRDS-Location" content="{YadisURL}"> - tag and returns the content of YadisURL. - - The HTML to search. - The URI of the XRDS document if found; otherwise null. - - - - Sends a YADIS HTTP request as part of identifier discovery. - - The request handler to use to actually submit the request. - The URI to GET. - Whether only HTTPS URLs should ever be retrieved. - The value of the Accept HTTP header to include in the request. - The HTTP response retrieved from the request. - requestHandler != null - requestHandler == null - uri != null - uri == null - Contract.Result<IncomingWebResponse>() != null - Contract.Result<IncomingWebResponse>().ResponseStream != null - - - - Determines whether a given HTTP response constitutes an XRDS document. - - The response to test. - - true if the response constains an XRDS document; otherwise, false. - - - - - An ASP.NET control that provides a minimal text box that is OpenID-aware. - - - This control offers greater UI flexibility than the - control, but requires more work to be done by the hosting web site to - assemble a complete login experience. - - - - - A common base class for OpenID Relying Party controls. - - - - - The manifest resource name of the javascript file to include on the hosting page. - - - - - The cookie used to persist the Identifier the user logged in with. - - - - - The callback parameter name to use to store which control initiated the auth request. - - - - - The callback parameter to use for recognizing when the callback is in a popup window or hidden iframe. - - - - - The parameter name to include in the formulated auth request so that javascript can know whether - the OP advertises support for the UI extension. - - - - - The "Appearance" category for properties. - - - - - The "Behavior" category for properties. - - - - - The "OpenID" category for properties and events. - - - - - The callback parameter for use with persisting the property. - - - - - The callback parameter to use for recognizing when the callback is in the parent window. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - Default value of . - - - - - Default value of . - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The key under which the value for the property will be stored. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The lifetime of the cookie used to persist the Identifier the user logged in with. - - - - - Backing field for the property. - - - - - A value indicating whether the field contains - an instance that we own and should Dispose. - - - - - Initializes a new instance of the class. - - - - - Clears any cookie set by this control to help the user on a returning visit next time. - - - - - Immediately redirects to the OpenID Provider to verify the Identifier - provided in the text box. - - - - - Immediately redirects to the OpenID Provider to verify the Identifier - provided in the text box. - - The request. - request != null - request == null - - - - When implemented by a class, enables a server control to process an event raised when a form is posted to the server. - - A that represents an optional event argument to be passed to the event handler. - - - - Enables a server control to perform final clean up before it is released from memory. - - - - - Creates the authentication requests for a given user-supplied Identifier. - - The identifier to create a request for. - - A sequence of authentication requests, any one of which may be - used to determine the user's control of the . - - identifier != null - identifier == null - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - When implemented by a class, enables a server control to process an event raised when a form is posted to the server. - - A that represents an optional event argument to be passed to the event handler. - - - - Creates the authentication requests for the value set in the property. - - - A sequence of authentication requests, any one of which may be - used to determine the user's control of the . - - this.Identifier != null - this.Identifier == null - - - - Raises the event. - - The instance containing the event data. - e != null - - - - Notifies the user agent via an AJAX response of a completed authentication attempt. - - - - - Called when the property is changed. - - - - - Processes the response. - - The response. - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Fires the event. - - The response. - response != null - response == null - response.Status == AuthenticationStatus.Authenticated - response.Status != AuthenticationStatus.Authenticated - - - - Fires the event. - - The request. - - Returns whether the login should proceed. False if some event handler canceled the request. - - request != null - request == null - - - - Fires the event. - - The response. - response != null - response == null - response.Status == AuthenticationStatus.Canceled - response.Status != AuthenticationStatus.Canceled - - - - Fires the event. - - The response. - response != null - response == null - response.Status == AuthenticationStatus.Failed - response.Status != AuthenticationStatus.Failed - - - - Creates the relying party instance used to generate authentication requests. - - The instantiated relying party. - - - - Creates the relying party instance used to generate authentication requests. - - The store to pass to the relying party constructor. - The instantiated relying party. - - - - Configures the relying party. - - The relying party. - relyingParty != null - relyingParty == null - - - - Detects whether a popup window should be used to show the Provider's UI. - - The request. - - true if a popup should be used; false otherwise. - - request != null - request == null - - - - Adds attributes to an HTML <A> tag that will be written by the caller using - after this method. - - The HTML writer. - The outgoing authentication request. - The text to try to display in the status bar on mouse hover. - writer != null - writer == null - request != null - request == null - - - - Creates the identifier-persisting cookie, either for saving or deleting. - - The positive authentication response; or null to clear the cookie. - An persistent cookie. - - - - Creates the authentication requests for a given user-supplied Identifier. - - The identifier to create a request for. - - A sequence of authentication requests, any one of which may be - used to determine the user's control of the . - - - - - Gets the javascript to executee to redirect or POST an OpenID message to a remote party. - - The authentication request to send. - The javascript that should execute. - request != null - request == null - - - - Wires the return page to immediately display a popup window with the Provider in it. - - The request. - request != null - request == null - this.RelyingParty != null - this.RelyingParty == null - - - - Tries to preset the property based on a persistent - cookie on the browser. - - - A value indicating whether the property was - successfully preset to some non-empty value. - - - - - Fired when the user has typed in their identifier, discovery was successful - and a login attempt is about to begin. - - - - - Fired upon completion of a successful login. - - - - - Fired when a login attempt fails. - - - - - Fired when an authentication attempt is canceled at the OpenID Provider. - - - - - Occurs when the property is changed. - - - - - Gets or sets the instance to use. - - The default value is an instance initialized according to the web.config file. - - A performance optimization would be to store off the - instance as a static member in your web site and set it - to this property in your Page.Load - event since instantiating these instances can be expensive on - heavily trafficked web pages. - - - - - Gets the collection of extension requests this selector should include in generated requests. - - - - - Gets or sets a value indicating whether stateless mode is used. - - - - - Gets or sets the OpenID of the relying party web site. - - - !string.IsNullOrEmpty(value) - - string.IsNullOrEmpty(value) - - - - Gets or sets the OpenID ReturnTo of the relying party web site. - - - - - Gets or sets a value indicating whether to send a persistent cookie upon successful - login so the user does not have to log in upon returning to this site. - - - - - Gets or sets the way a completed login is communicated to the rest of the web site. - - - - - Gets or sets a value indicating when to use a popup window to complete the login experience. - - The default value is . - - - - Gets or sets a value indicating whether to enforce on high security mode, - which requires the full authentication pipeline to be protected by SSL. - - - - - Gets or sets the Identifier that will be used to initiate login. - - - - - Gets or sets the default association preference to set on authentication requests. - - - - - Gets ancestor controls, starting with the immediate parent, and progressing to more distant ancestors. - - - - - Gets a value indicating whether this control is a child control of a composite OpenID control. - - - true if this instance is embedded in parent OpenID control; otherwise, false. - - - - - The name of the manifest stream containing the - OpenID logo that is placed inside the text box. - - - - - Default value for property. - - - - - The "Simple Registration" category for properties. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - An empty sreg request, used to compare with others to see if they too are empty. - - - - - Initializes a new instance of the class. - - - - - When implemented by a class, processes postback data for an ASP.NET server control. - - The key identifier for the control. - The collection of all incoming name values. - - true if the server control's state changes as a result of the postback; otherwise, false. - - - - - When implemented by a class, signals the server control to notify the ASP.NET application that the state of the control has changed. - - - - - Creates the authentication requests for a given user-supplied Identifier. - - The identifier to create a request for. - - A sequence of authentication requests, any one of which may be - used to determine the user's control of the . - - identifier != null - identifier == null - - - - Checks for incoming OpenID authentication responses and fires appropriate events. - - The object that contains the event data. - e != null - - - - Called when the property is changed. - - - - - Sends server control content to a provided object, which writes the content to be rendered on the client. - - The object that receives the server control content. - writer != null - - - - When implemented by a class, processes postback data for an ASP.NET server control. - - The key identifier for the control. - The collection of all incoming name values. - - true if the server control's state changes as a result of the postback; otherwise, false. - - - - - When implemented by a class, signals the server control to notify the ASP.NET application that the state of the control has changed. - - - - - Called on a postback when the Text property has changed. - - - - - Creates the authentication requests for a given user-supplied Identifier. - - The authentication requests to prepare. - - A sequence of authentication requests, any one of which may be - used to determine the user's control of the . - - - - - Adds extensions to a given authentication request to ask the Provider - for user profile data. - - The authentication request to add the extensions to. - request != null - request == null - - - - Occurs when the content of the text changes between posts to the server. - - - - - Gets or sets the content of the text box. - - - - - Gets or sets the form name to use for this input field. - - - - - Gets or sets the CSS class assigned to the text box. - - - - - Gets or sets a value indicating whether to show the OpenID logo in the text box. - - - - - Gets or sets a value indicating whether to use inline styling to force a solid gray border. - - - - - Gets or sets the width of the text box in characters. - - - - - Gets or sets the maximum number of characters the browser should allow - - - - - Gets or sets the tab index of the Web server control. - - - - The tab index of the Web server control. The default is 0, which indicates that this property is not set. - - - The specified tab index is not between -32768 and 32767. - - - - - Gets or sets a value indicating whether this is enabled - in the browser for editing and will respond to incoming OpenID messages. - - - true if enabled; otherwise, false. - - - - Gets or sets your level of interest in receiving the user's nickname from the Provider. - - - - - Gets or sets your level of interest in receiving the user's email address from the Provider. - - - - - Gets or sets your level of interest in receiving the user's full name from the Provider. - - - - - Gets or sets your level of interest in receiving the user's birthdate from the Provider. - - - - - Gets or sets your level of interest in receiving the user's gender from the Provider. - - - - - Gets or sets your level of interest in receiving the user's postal code from the Provider. - - - - - Gets or sets your level of interest in receiving the user's country from the Provider. - - - - - Gets or sets your level of interest in receiving the user's preferred language from the Provider. - - - - - Gets or sets your level of interest in receiving the user's time zone from the Provider. - - - - - Gets or sets the URL to your privacy policy page that describes how - claims will be used and/or shared. - - - - - Gets or sets a value indicating whether to use OpenID extensions - to retrieve profile data of the authenticating user. - - - - - An ASP.NET control providing a complete OpenID login experience. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The HTML to append to the property value when rendering. - - - - - The number to add to to get the tab index of the textbox control. - - - - - The number to add to to get the tab index of the login button control. - - - - - The number to add to to get the tab index of the remember me checkbox control. - - - - - The number to add to to get the tab index of the register link control. - - - - - The control into which all other controls are added. - - - - - The Login button. - - - - - The label that presents the text box. - - - - - The validator that flags an empty text box. - - - - - The validator that flags invalid formats of OpenID identifiers. - - - - - The label that precedes an example OpenID identifier. - - - - - The label that contains the example OpenID identifier. - - - - - A link to allow the user to create an account with a popular OpenID Provider. - - - - - The Remember Me checkbox. - - - - - The javascript snippet that activates the ID Selector javascript control. - - - - - The label that will display login failure messages. - - - - - Initializes a new instance of the class. - - - - - Outputs server control content to a provided object and stores tracing information about the control if tracing is enabled. - - The object that receives the control content. - writer != null - - - - Creates the child controls. - - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Initializes the child controls. - - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Renders the child controls. - - The object that receives the rendered content. - writer != null - - - - Adds failure handling to display an error message to the user. - - The response. - response != null - response == null - response.Status == AuthenticationStatus.Failed - response.Status != AuthenticationStatus.Failed - - - - Adds authentication cancellation behavior to display a message to the user. - - The response. - response != null - response == null - response.Status == AuthenticationStatus.Canceled - response.Status != AuthenticationStatus.Canceled - - - - Fires the event. - - - - - Handles the ServerValidate event of the identifierFormatValidator control. - - The source of the event. - The instance containing the event data. - - - - Handles the CheckedChanged event of the rememberMeCheckBox control. - - The source of the event. - The instance containing the event data. - - - - Handles the Click event of the loginButton control. - - The source of the event. - The instance containing the event data. - - - - Renders the control inner. - - The writer. - - - - Sets child control properties that depend on this control's ID. - - - - - Fired when the Remember Me checkbox is changed by the user. - - - - - Gets a object that represents the child controls for a specified server control in the UI hierarchy. - - - The collection of child controls for the specified server control. - - - Contract.Result<ControlCollection>() != null - - - - - Gets or sets the caption that appears before the text box. - - - - - Gets or sets the text that introduces the example OpenID url. - - - - - Gets or sets the example OpenID Identifier to display to the user. - - - - - Gets or sets the text to display if the user attempts to login - without providing an Identifier. - - - - - Gets or sets the text to display if the user provides an invalid form for an Identifier. - - - - - Gets or sets a value indicating whether to perform Identifier - format validation prior to an authentication attempt. - - - - - Gets or sets the text of the link users can click on to obtain an OpenID. - - - - - Gets or sets the URL to link users to who click the link to obtain a new OpenID. - - - - - Gets or sets the text of the tooltip to display when the user hovers - over the link to obtain a new OpenID. - - - - - Gets or sets a value indicating whether to display a link to - allow users to easily obtain a new OpenID. - - - - - Gets or sets the text that appears on the button that initiates login. - - - - - Gets or sets the text of the "Remember Me" checkbox. - - - - - Gets or sets the message display in the event of a failed - authentication. {0} may be used to insert the actual error. - - - - - Gets or sets the text to display in the event of an authentication canceled at the Provider. - - - - - Gets or sets a value indicating whether the "Remember Me" checkbox should be displayed. - - - - - Gets or sets a value indicating whether a successful authentication should result in a persistent - cookie being saved to the browser. - - - - - Gets or sets the starting tab index to distribute across the controls. - - - - - Gets or sets the tooltip to display when the user hovers over the login button. - - - - - Gets or sets the validation group that the login button and text box validator belong to. - - - - - Gets or sets the unique hash string that ends your idselector.com account. - - - - - Gets or sets a value indicating whether a FormsAuthentication - cookie should persist across user sessions. - - - - - A control that acts as a placeholder to indicate where - the OpenIdLogin control should render its OpenIdTextBox parent. - - - - - The owning control to render. - - - - - Initializes a new instance of the class. - - The render control. - - - - Sends server control content to a provided object, which writes the content to be rendered on the client. - - The object that receives the server control content. - writer != null - - - - Provides the programmatic facilities to act as an AJAX-enabled OpenID relying party. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The application store. If null, the relying party will always operate in "dumb mode". - - - - Generates AJAX-ready authentication requests that can satisfy the requirements of some OpenID Identifier. - - The Identifier supplied by the user. This may be a URL, an XRI or i-name. - The shorest URL that describes this relying party web site's address. - For example, if your login page is found at https://www.example.com/login.aspx, - your realm would typically be https://www.example.com/. - The URL of the login page, or the page prepared to receive authentication - responses from the OpenID Provider. - - A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier. - Never null, but may be empty. - - - Any individual generated request can satisfy the authentication. - The generated requests are sorted in preferred order. - Each request is generated as it is enumerated to. Associations are created only as - is called. - No exception is thrown if no OpenID endpoints were discovered. - An empty enumerable is returned instead. - - userSuppliedIdentifier != null - userSuppliedIdentifier == null - realm != null - realm == null - returnToUrl != null - returnToUrl == null - Contract.Result<IEnumerable<IAuthenticationRequest>>() != null - - - - Serializes discovery results on some single identifier on behalf of Javascript running on the browser. - - The discovery results from just one identifier to serialize as a JSON response. - - The JSON result to return to the user agent. - - - We prepare a JSON object with this interface: - - class jsonResponse { - string claimedIdentifier; - Array requests; // never null - string error; // null if no error - } - - Each element in the requests array looks like this: - - class jsonAuthRequest { - string endpoint; // URL to the OP endpoint - string immediate; // URL to initiate an immediate request - string setup; // URL to initiate a setup request. - } - - requests != null - requests == null - - - - Serializes discovery on a set of identifiers for preloading into an HTML page that carries - an AJAX-aware OpenID control. - - The discovery results to serialize as a JSON response. - - The JSON result to return to the user agent. - - requests != null - requests == null - - - - Converts a sequence of authentication requests to a JSON object for seeding an AJAX-enabled login page. - - The discovery results from just one identifier to serialize as a JSON response. - A JSON object, not yet serialized. - requests != null - requests == null - - - - Serializes discovery on a set of identifiers for preloading into an HTML page that carries - an AJAX-aware OpenID control. - - The discovery results to serialize as a JSON response. - - A JSON object, not yet serialized to a string. - - requests != null - requests == null - - - - Gets the full URL that carries an OpenID message, even if it exceeds the normal maximum size of a URL, - for purposes of sending to an AJAX component running in the browser. - - The authentication request. - - trueto create a checkid_immediate request; - false to create a checkid_setup request. - The absolute URL that carries the entire OpenID message. - request != null - request == null - - - - The contract class for the class. - - - - - A button that would appear in the control via its collection. - - - - - Initializes a new instance of the class. - - - - - Ensures that this button has been initialized to a valid state. - - - This is "internal" -- NOT "protected internal" deliberately. It makes it impossible - to derive from this class outside the assembly, which suits our purposes since the - control is not designed for an extensible set of button types. - - - - - Renders the leading attributes for the LI tag. - - The writer. - writer != null - writer == null - - - - Renders the content of the button. - - The writer. - The containing selector control. - writer != null - writer == null - selector != null - selector == null - - - - Ensures that this button has been initialized to a valid state. - - - This is "internal" -- NOT "protected internal" deliberately. It makes it impossible - to derive from this class outside the assembly, which suits our purposes since the - control is not designed for an extensible set of button types. - - - - - Renders the leading attributes for the LI tag. - - The writer. - - - - Renders the content of the button. - - The writer. - The containing selector control. - - - - A button that appears in the control that - provides one-click access to a popular OpenID Provider. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The OP Identifier. - The image to display on the button. - providerIdentifier != null - providerIdentifier == null - !string.IsNullOrEmpty(imageUrl) - string.IsNullOrEmpty(imageUrl) - - - - Ensures that this button has been initialized to a valid state. - - !string.IsNullOrEmpty(this.Image) - this.OPIdentifier != null - - - - Renders the leading attributes for the LI tag. - - The writer. - writer != null - writer == null - - - - Renders the content of the button. - - The writer. - The containing selector control. - writer != null - writer == null - selector != null - selector == null - - - - Gets or sets the path to the image to display on the button's surface. - - The virtual path to the image. - - - - Gets or sets the OP Identifier represented by the button. - - - The OP identifier, which may be provided in the easiest "user-supplied identifier" form, - but for security should be provided with a leading https:// if possible. - For example: "yahoo.com" or "https://me.yahoo.com/". - - - - - Gets or sets a value indicating whether this Provider doesn't handle - checkid_immediate messages correctly and background authentication - should not be attempted. - - - - - A button that appears in the control that - allows the user to type in a user-supplied identifier. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - The image to display on the button. - !string.IsNullOrEmpty(imageUrl) - string.IsNullOrEmpty(imageUrl) - - - - Ensures that this button has been initialized to a valid state. - - !string.IsNullOrEmpty(this.Image) - - - - Renders the leading attributes for the LI tag. - - The writer. - writer != null - writer == null - - - - Renders the content of the button. - - The writer. - The containing selector control. - writer != null - writer == null - selector != null - selector == null - - - - Gets or sets the path to the image to display on the button's surface. - - The virtual path to the image. - - - - The locations the YADIS protocol describes can contain a reference - to an XRDS document. - - - - - The XRDS document should not be advertised anywhere. - - - When the XRDS document is not referenced from anywhere, - the XRDS content is only available when - is true - and the discovering client includes an - "Accept: application/xrds+xml" HTTP header. - - - - - Indicates XRDS document referencing from an HTTP protocol header (outside the HTML). - - - - - Indicates XRDS document referencing from within an HTML page's <HEAD> tag. - - - - - Indicates XRDS document referencing in both HTTP headers and HTML HEAD tags. - - - - - An ASP.NET control that advertises an XRDS document and even responds to specially - crafted requests to retrieve it. - - - - - The view state key to ues for storing the value of the property. - - - - - The default value for the property. - - - - - The view state key to ues for storing the value of the property. - - - - - The default value for the property. - - - - - The view state key to ues for storing the value of the property. - - - - - The default value for the property. - - - - - The view state key to ues for storing the value of the property. - - - - - Initializes a new instance of the class. - - - - - Detects YADIS requests for the XRDS document and responds immediately - if is true. - - The object that contains the event data. - e != null - - - - Renders the HTTP Header and/or HTML HEAD tags. - - The object that receives the server control content. - writer != null - - - - Gets or sets the location of the XRDS document. - - - - - Gets or sets where the XRDS document URL is advertised in the web response. - - - - - Gets or sets a value indicating whether a specially crafted YADIS - search for an XRDS document is immediately answered by this control. - - - - - Gets or sets a value indicating whether the XRDS document is advertised. - - - - - Arguments for the event. - - this.TokenXml != null - this.DecryptingTokens != null - - - - Initializes a new instance of the class. - - The raw token XML, prior to any decryption. - tokenXml != null - tokenXml == null - - - - Adds a security token that may be used to decrypt the incoming token. - - The security token. - securityToken != null - securityToken == null - - - - Adds an X.509 certificate with a private key that may be used to decrypt the incoming token. - - The certificate. - certificate != null - certificate == null - certificate.HasPrivateKey - !(certificate.HasPrivateKey) - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets a value indicating whether the token is encrypted. - - - true if the token is encrypted; otherwise, false. - - - - - Gets the raw token XML, prior to any decryption. - - - - - Gets or sets a value indicating whether processing - this token should be canceled. - - - true if cancel; otherwise, false. - - If set the true, the - event will never be fired. - - - - - Gets a list where security tokens such as X.509 certificates may be - added to be used for token decryption. - - - - - Arguments for the event. - - this.TokenXml != null - this.Exception != null - - - - Initializes a new instance of the class. - - The token XML. - The exception. - tokenXml != null - tokenXml == null - exception != null - exception == null - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the raw token XML. - - - - - Gets the exception that was generated while processing the token. - - - - - The style to use for NOT displaying a hidden region. - - - - - A hidden region should be invisible while still occupying space in the page layout. - - - - - A hidden region should collapse so that it does not occupy space in the page layout. - - - - - An Information Card selector ASP.NET control. - - - - - The resource name for getting at the SupportingScript.js embedded manifest stream. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - Default value for the property. - - - - - The default value for the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The viewstate key for storing the property. - - - - - The "Behavior" property category. - - - - - The "Appearance" property category. - - - - - The "InfoCard" property category. - - - - - The panel containing the controls to display if InfoCard is supported in the user agent. - - - - - The panel containing the controls to display if InfoCard is NOT supported in the user agent. - - - - - Recalls whether the property has been set yet, - so its default can be set as soon as possible without overwriting - an intentional value. - - - - - Initializes a new instance of the class. - - - - - When implemented by a class, enables a server control to process an event raised when a form is posted to the server. - - A that represents an optional event argument to be passed to the event handler. - - - - When implemented by a class, enables a server control to process an event raised when a form is posted to the server. - - A that represents an optional event argument to be passed to the event handler. - - - - Fires the event. - - The token XML, prior to any processing. - The event arguments sent to the event handlers. - tokenXml != null - tokenXml == null - - - - Fires the event. - - The token, if it was decrypted. - token != null - token == null - - - - Fires the event. - - The unprocessed token. - The exception generated while processing the token. - unprocessedToken != null - unprocessedToken == null - ex != null - ex == null - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Called by the ASP.NET page framework to notify server controls that use composition-based implementation to create any child controls they contain in preparation for posting back or rendering. - - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Creates a control that renders to <Param Name="{0}" Value="{1}" /> - - The parameter name. - The parameter value. - The control that renders to the Param tag. - Contract.Result<string>() != null - - - - Creates the panel whose contents are displayed to the user - on a user agent that has an Information Card selector. - - The Panel control - - Contract.Result<Panel>() != null - - - - Gets the InfoCard selector activation script. - - Whether a postback should always immediately follow the selector, even if is false. - The javascript to inject into the surrounding context. - - - - Creates the panel whose contents are displayed to the user - on a user agent that does not have an Information Card selector. - - The Panel control. - - Contract.Result<Panel>() != null - - - - Adds the javascript that adds the info card selector <object> HTML tag to the page. - - - - - - Creates the info card clickable image. - - An Image object. - - - - - Compiles lists of requested/required claims that should accompany - any submitted Information Card. - - A space-delimited list of claim type URIs for claims that must be included in a submitted Information Card. - A space-delimited list of claim type URIs for claims that may optionally be included in a submitted Information Card. - - this.ClaimsRequested != null - this.ClaimsRequested == null - Contract.ValueAtReturn<string>(out required) != null - Contract.ValueAtReturn<string>(out optional) != null - - - - Adds Javascript snippets to the page to help the Information Card selector do its work, - or to downgrade gracefully if the user agent lacks an Information Card selector. - - this.infoCardSupportedPanel != null - this.infoCardSupportedPanel == null - - - - Occurs when an InfoCard has been submitted but not decoded yet. - - - - - Occurs when an InfoCard has been submitted and decoded. - - - - - Occurs when an InfoCard token is submitted but an error occurs in processing. - - - - - Gets the set of claims that are requested from the Information Card. - - - Contract.Result<Collection<ClaimType>>() != null - - - - - Gets or sets the issuer URI. - - - - - Gets or sets the issuer policy URI. - - - - - Gets or sets the URL to this site's privacy policy. - - - - - Gets or sets the version of the privacy policy file. - - - - - Gets or sets the URI that must be found for the SAML token's intended audience - in order for the token to be processed. - - Typically the URI of the page hosting the control, or null to disable audience verification. - - Disabling audience verification introduces a security risk - because tokens can be redirected to allow access to unintended resources. - - - - - Gets or sets a value indicating whether a postback will automatically - be invoked when the user selects an Information Card. - - - - - Gets or sets the size of the standard InfoCard image to display. - - The default size is 114x80. - - - - Gets or sets the template to display when the user agent lacks - an Information Card selector. - - - - - Gets or sets a value indicating whether a hidden region (either - the unsupported or supported InfoCard HTML) - collapses or merely becomes invisible when it is not to be displayed. - - - - - Gets or sets a value indicating whether the identity selector will be triggered at page load. - - - - - Gets the name of the hidden field that is used to transport the token back to the server. - - - - - Gets the id of the OBJECT tag that creates the InfoCard Selector. - - - - - Gets the XML token, which will be encrypted if it was received over SSL. - - - - - Gets or sets the type of token the page is prepared to receive. - - - - - Arguments for the event. - - this.Token != null - - - - Initializes a new instance of the class. - - The token. - - - - Verifies conditions that should be true for any valid state of this object. - - - - - Gets the processed token. - - - - - Methods that generate HTML or Javascript for hosting AJAX OpenID "controls" on - ASP.NET MVC web sites. - - - - - Emits a series of stylesheet import tags to support the AJAX OpenID Selector. - - The on the view. - HTML that should be sent directly to the browser. - html != null - html == null - Contract.Result<string>() != null - - - - Emits a series of script import tags and some inline script to support the AJAX OpenID Selector. - - The on the view. - HTML that should be sent directly to the browser. - - - - Emits a series of script import tags and some inline script to support the AJAX OpenID Selector. - - The on the view. - An optional instance of an control, whose properties have been customized to express how this MVC control should be rendered. - An optional set of additional script customizations. - - HTML that should be sent directly to the browser. - - html != null - html == null - Contract.Result<string>() != null - - - - Emits the HTML to render an OpenID Provider button as a part of the overall OpenID Selector UI. - - The on the view. - The OP Identifier. - The URL of the image to display on the button. - - HTML that should be sent directly to the browser. - - html != null - html == null - providerIdentifier != null - providerIdentifier == null - !string.IsNullOrEmpty(imageUrl) - string.IsNullOrEmpty(imageUrl) - Contract.Result<string>() != null - - - - Emits the HTML to render a generic OpenID button as a part of the overall OpenID Selector UI, - allowing the user to enter their own OpenID. - - The on the view. - The URL of the image to display on the button. - - HTML that should be sent directly to the browser. - - html != null - html == null - !string.IsNullOrEmpty(imageUrl) - string.IsNullOrEmpty(imageUrl) - Contract.Result<string>() != null - - - - Emits the HTML to render the entire OpenID Selector UI. - - The on the view. - The buttons to include on the selector. - - HTML that should be sent directly to the browser. - - html != null - html == null - buttons != null - buttons == null - Contract.Result<string>() != null - - - - Emits the HTML to render the control as a part of the overall - OpenID Selector UI. - - The on the view. - - HTML that should be sent directly to the browser. - - - - - Emits the HTML to render a button as a part of the overall OpenID Selector UI. - - The on the view. - The value to assign to the HTML id attribute. - The value to assign to the HTML class attribute. - The URL of the image to draw on the button. - - HTML that should be sent directly to the browser. - - html != null - html == null - id != null - id == null - !string.IsNullOrEmpty(imageUrl) - string.IsNullOrEmpty(imageUrl) - Contract.Result<string>() != null - - - - Emits <script> tags that import a given set of scripts given their URLs. - - The writer to emit the tags to. - The locations of the scripts to import. - writer != null - writer == null - scriptUrls != null - scriptUrls == null - - - - Writes out script tags that import a script from resources embedded in this assembly. - - The writer to emit the tags to. - Name of the resource. - writer != null - writer == null - !string.IsNullOrEmpty(resourceName) - string.IsNullOrEmpty(resourceName) - - - - Writes out script tags that import scripts from resources embedded in this assembly. - - The writer to emit the tags to. - The resource names. - writer != null - writer == null - resourceNames != null - resourceNames == null - - - - Writes a given script block, surrounding it with <script> and CDATA tags. - - The writer to emit the tags to. - The script to inline on the page. - writer != null - writer == null - !string.IsNullOrEmpty(script) - string.IsNullOrEmpty(script) - - - - Writes a given CSS link. - - The writer to emit the tags to. - Name of the resource containing the CSS content. - writer != null - writer == null - !string.IsNullOrEmpty(resourceName) - string.IsNullOrEmpty(resourceName) - - - - Writes a given CSS link. - - The writer to emit the tags to. - The stylesheet to link in. - writer != null - writer == null - !string.IsNullOrEmpty(stylesheet) - string.IsNullOrEmpty(stylesheet) - - - - An ASP.NET control that manages the OpenID identity advertising tags - of a user's Identity Page that allow a relying party web site to discover - how to authenticate a user. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The default value for the property. - - - - - Initializes a new instance of the class. - - - - - Checks the incoming request and invokes a browser redirect if the URL has not been normalized. - - - - - - Checks the incoming request and invokes a browser redirect if the URL has not been normalized. - - The object that contains the event data. - e != null - - - - Renders OpenID identity tags. - - The object that receives the server control content. - writer != null - - - - Normalizes the URL by making the path and query lowercase, and trimming trailing slashes. - - The URI to normalize. - The normalized URI. - - - - Fired at each page request so the host web site can return the normalized - version of the request URI. - - - - - Gets or sets the OpenID version supported by the provider. - If multiple versions are supported, this should be set to the latest - version that this library and the Provider both support. - - - - - Gets or sets the Provider URL that processes OpenID requests. - - - - - Gets or sets the Identifier that is controlled by the Provider. - - - - - Gets or sets a value indicating whether every incoming request - will be checked for normalized form and redirected if it is not. - - - If set to true (and it should be), you should also handle the - event and apply your own policy for normalizing the URI. - If multiple controls are on a single page (to support - multiple versions of OpenID for example) then only one of them should have this - property set to true. - - - - - Gets the protocol to use for advertising OpenID on the identity page. - - - - - The event arguments passed to the event handler. - - - - - Initializes a new instance of the class. - - The user supplied identifier. - - - - Gets or sets the portion of the incoming page request URI that is relevant to normalization. - - - This identifier should be used to look up the user whose identity page is being queried. - It MAY be set in case some clever web server URL rewriting is taking place that ASP.NET - does not know about but your site does. If this is the case this property should be set - to whatever the original request URL was. - - - - - Gets or sets the normalized form of the user's identifier, according to the host site's policy. - - - This should be set to some constant value for an individual user. - For example, if indicates that identity page - for "BOB" is being called up, then the following things should be considered: - - Normalize the capitalization of the URL: for example, change http://provider/BOB to - http://provider/bob. - Switch to HTTPS is it is offered: change http://provider/bob to https://provider/bob. - Strip off the query string if it is not part of the canonical identity: - https://provider/bob?timeofday=now becomes https://provider/bob - Ensure that any trailing slash is either present or absent consistently. For example, - change https://provider/bob/ to https://provider/bob. - - When this property is set, the control compares it to - the request that actually came in, and redirects the browser to use the normalized identifier - if necessary. - Using the normalized identifier in the request is very important as it - helps the user maintain a consistent identity across sites and across site visits to an individual site. - For example, without normalizing the URL, Bob might sign into a relying party site as - http://provider/bob one day and https://provider/bob the next day, and the relying party - site should interpret Bob as two different people because the URLs are different. - By normalizing the URL at the Provider's identity page for Bob, whichever URL Bob types in - from day-to-day gets redirected to a normalized form, so Bob is seen as the same person - all the time, which is of course what Bob wants. - - - - - - A button that appears in the control that - activates the Information Card selector on the browser, if one is available. - - - - - The backing field for the property. - - - - - Initializes a new instance of the class. - - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Ensures that this button has been initialized to a valid state. - - - - - Renders the leading attributes for the LI tag. - - The writer. - writer != null - writer == null - - - - Renders the content of the button. - - The writer. - The containing selector control. - writer != null - writer == null - selector != null - selector == null - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Gets or sets the InfoCard selector which may be displayed alongside the OP buttons. - - - value != null - - value == null - - - - An ASP.NET control for mobile devices that provides a minimal text box that is OpenID-aware. - - - - - The name of the manifest stream containing the - OpenID logo that is placed inside the text box. - - - - - Default value of . - - - - - The "Appearance" category for properties. - - - - - The "Simple Registration" category for properties. - - - - - The "Behavior" category for properties. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The callback parameter for use with persisting the property. - - - - - Backing field for the property. - - - - - Initializes a new instance of the class. - - - - - Immediately redirects to the OpenID Provider to verify the Identifier - provided in the text box. - - - - - Constructs the authentication request and returns it. - - The instantiated authentication request. - - This method need not be called before calling the method, - but is offered in the event that adding extensions to the request is desired. - The Simple Registration extension arguments are added to the request - before returning if is set to true. - - this.Request == null - this.Request != null - !string.IsNullOrEmpty(this.Text) - string.IsNullOrEmpty(this.Text) - - - - Checks for incoming OpenID authentication responses and fires appropriate events. - - The object that contains the event data. - e != null - - - - Fires the event. - - The response. - response != null - response == null - - - - Fires the event. - - The response. - response != null - response == null - - - - Fires the event. - - The response. - response != null - response == null - - - - Fires the event. - - The response. - response != null - response == null - - - - Adds extensions to a given authentication request to ask the Provider - for user profile data. - - The authentication request to add the extensions to. - request != null - request == null - - - - Creates the relying party instance used to generate authentication requests. - - The instantiated relying party. - - - - Fired upon completion of a successful login. - - - - - Fired when a login attempt fails. - - - - - Fired when an authentication attempt is canceled at the OpenID Provider. - - - - - Fired when an Immediate authentication attempt fails, and the Provider suggests using non-Immediate mode. - - - - - Gets or sets the OpenID of the relying party web site. - - - - - Gets or sets the OpenID ReturnTo of the relying party web site. - - - - - Gets or sets a value indicating whether to use immediate mode in the - OpenID protocol. - - - True if a Provider should reply immediately to the authentication request - without interacting with the user. False if the Provider can take time - to authenticate the user in order to complete an authentication attempt. - - - Setting this to true is sometimes useful in AJAX scenarios. Setting this to - true can cause failed authentications when the user truly controls an - Identifier, but must complete an authentication step with the Provider before - the Provider will approve the login from this relying party. - - - - - Gets or sets a value indicating whether stateless mode is used. - - - - - Gets or sets a value indicating whether to send a persistent cookie upon successful - login so the user does not have to log in upon returning to this site. - - - - - Gets or sets your level of interest in receiving the user's nickname from the Provider. - - - - - Gets or sets your level of interest in receiving the user's email address from the Provider. - - - - - Gets or sets your level of interest in receiving the user's full name from the Provider. - - - - - Gets or sets your level of interest in receiving the user's birthdate from the Provider. - - - - - Gets or sets your level of interest in receiving the user's gender from the Provider. - - - - - Gets or sets your level of interest in receiving the user's postal code from the Provider. - - - - - Gets or sets your level of interest in receiving the user's country from the Provider. - - - - - Gets or sets your level of interest in receiving the user's preferred language from the Provider. - - - - - Gets or sets your level of interest in receiving the user's time zone from the Provider. - - - - - Gets or sets the URL to your privacy policy page that describes how - claims will be used and/or shared. - - - - - Gets or sets a value indicating whether to use OpenID extensions - to retrieve profile data of the authenticating user. - - - - - Gets or sets a value indicating whether to enforce on high security mode, - which requires the full authentication pipeline to be protected by SSL. - - - - - Gets or sets the type of the custom application store to use, or null to use the default. - - - If set, this property must be set in each Page Load event - as it is not persisted across postbacks. - - - - - Gets or sets the instance to use. - - The default value is an instance initialized according to the web.config file. - - A performance optimization would be to store off the - instance as a static member in your web site and set it - to this property in your Page.Load - event since instantiating these instances can be expensive on - heavily trafficked web pages. - - - - - Gets or sets the OpenID authentication request that is about to be sent. - - - - - An ASP.NET control that provides a minimal text box that is OpenID-aware and uses AJAX for - a premium login experience. - - - - - A common base class for OpenID Relying Party controls. - - - - - The manifest resource name of the javascript file to include on the hosting page. - - - - - The "dnoa.op_endpoint" string. - - - - - The "dnoa.claimed_id" string. - - - - - The name of the javascript field that stores the maximum time a positive assertion is - good for before it must be refreshed. - - - - - The name of the javascript function that will initiate an asynchronous callback. - - - - - The name of the javascript function that will initiate a synchronous callback. - - - - - The viewstate key to use for storing the value of a successful authentication. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - Default value of the property. - - - - - Default value of property.. - - - - - The authentication response that just came in. - - - - - Stores the result of an AJAX discovery request while it is waiting - to be picked up by ASP.NET on the way down to the user agent. - - - - - Initializes a new instance of the class. - - - - - Allows an OpenID extension to read data out of an unverified positive authentication assertion - and send it down to the client browser so that Javascript running on the page can perform - some preprocessing on the extension data. - - The extension response type that will read data from the assertion. - The property name on the openid_identifier input box object that will be used to store the extension data. For example: sreg - - This method should be called from the event handler. - - !string.IsNullOrEmpty(propertyName) - string.IsNullOrEmpty(propertyName) - - - - Returns the result of discovery on some Identifier passed to . - - The result of the callback. - A whitespace delimited list of URLs that can be used to initiate authentication. - - - - Performs discovery on some OpenID Identifier. Called directly from the user agent via - AJAX callback mechanisms. - - The identifier to perform discovery on. - - - - Returns the results of a callback event that targets a control. - - The result of the callback. - - - - Processes a callback event that targets a control. - - A string that represents an event argument to pass to the event handler. - - - - Creates the relying party instance used to generate authentication requests. - - The store to pass to the relying party constructor. - The instantiated relying party. - - - - Pre-discovers an identifier and makes the results available to the - user agent for javascript as soon as the page loads. - - The identifier. - - - - Pre-discovers a given set of identifiers and makes the results available to the - user agent for javascript as soon as the page loads. - - The identifiers to perform discovery on. - - - - Fires the event. - - - - - Raises the event. - - The instance containing the event data. - e != null - - - - Called when the property is changed. - - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Sends server control content to a provided object, which writes the content to be rendered on the client. - - The object that receives the server control content. - writer != null - - - - Notifies the user agent via an AJAX response of a completed authentication attempt. - - - - - Constructs a function that will initiate an AJAX callback. - - if set to true causes the AJAX callback to be a little more asynchronous. Note that false does not mean the call is absolutely synchronous. - The string defining a javascript anonymous function that initiates a callback. - - - - Sets the window.aspnetapppath variable on the user agent so that cookies can be set with the proper path. - - - - - Fired when a Provider sends back a positive assertion to this control, - but the authentication has not yet been verified. - - - No security critical decisions should be made within event handlers - for this event as the authenticity of the assertion has not been - verified yet. All security related code should go in the event handler - for the event. - - - - - Gets or sets a value indicating when to use a popup window to complete the login experience. - - The default value is . - - - - Gets or sets the way a completed login is communicated to the rest of the web site. - - - - - Gets or sets the instance to use. - - - The default value is an instance initialized according to the web.config file. - - - A performance optimization would be to store off the - instance as a static member in your web site and set it - to this property in your Page.Load - event since instantiating these instances can be expensive on - heavily trafficked web pages. - - - - - Gets the completed authentication response. - - - - - Gets the relying party as its AJAX type. - - - - - Gets the name of the open id auth data form key (for the value as stored at the user agent as a FORM field). - - Usually a concatenation of the control's name and "_openidAuthData". - - - - Gets or sets a value indicating whether an authentication in the page's view state - has already been processed and appropriate events fired. - - - - - The name of the manifest stream containing the OpenIdAjaxTextBox.js file. - - - - - The name of the manifest stream containing the OpenIdAjaxTextBox.css file. - - - - - The name of the manifest stream containing the spinner.gif file. - - - - - The name of the manifest stream containing the login_success.png file. - - - - - The name of the manifest stream containing the login_failure.png file. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - Default value for property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The path where the YUI control library should be downloaded from for HTTP pages. - - - - - The path where the YUI control library should be downloaded from for HTTPS pages. - - - - - Initializes a new instance of the class. - - - - - When implemented by a class, processes postback data for an ASP.NET server control. - - The key identifier for the control. - The collection of all incoming name values. - - true if the server control's state changes as a result of the postback; otherwise, false. - - - - - When implemented by a class, signals the server control to notify the ASP.NET application that the state of the control has changed. - - - - - Raises the event. - - The instance containing the event data. - e != null - - - - Called when the property is changed. - - - - - Prepares to render the control. - - An object that contains the event data. - e != null - - - - Renders the control. - - The object that receives the control content. - writer != null - - - - When implemented by a class, processes postback data for an ASP.NET server control. - - The key identifier for the control. - The collection of all incoming name values. - - true if the server control's state changes as a result of the postback; otherwise, false. - - - - - When implemented by a class, signals the server control to notify the ASP.NET application that the state of the control has changed. - - - - - Called on a postback when the Text property has changed. - - - - - Assembles the javascript to send to the client and registers it with ASP.NET for transmission. - - - - - Fired when the content of the text changes between posts to the server. - - - - - Gets or sets the client-side script that executes when an authentication - assertion is received (but before it is verified). - - - In the context of the executing javascript set in this property, the - local variable sender is set to the openid_identifier input box - that is executing this code. - This variable has a getClaimedIdentifier() method that may be used to - identify the user who is being authenticated. - It is very important to note that when this code executes, - the authentication has not been verified and may have been spoofed. - No security-sensitive operations should take place in this javascript code. - The authentication is verified on the server by the time the - server-side event fires. - - - - - Gets or sets the value in the text field, completely unprocessed or normalized. - - - - - Gets or sets a value indicating whether a postback is made to fire the - event as soon as authentication has completed - successfully. - - - true if a postback should be made automatically upon authentication; - otherwise, false to delay the - event from firing at the server until a postback is made by some other control. - - - - - Gets or sets the width of the text box in characters. - - - value >= 0 - - value < 0 - - - - Gets or sets the CSS class assigned to the text box. - - - - - Gets or sets the tab index of the text box control. Use 0 to omit an explicit tabindex. - - - - - Gets or sets a value indicating whether this is enabled - in the browser for editing and will respond to incoming OpenID messages. - - - true if enabled; otherwise, false. - - - - Gets or sets the HTML name to assign to the text field. - - - !String.IsNullOrEmpty(value) - - String.IsNullOrEmpty(value) - - - - Gets or sets the time duration for the AJAX control to wait for an OP to respond before reporting failure to the user. - - - value.TotalMilliseconds > 0 - - value.TotalMilliseconds <= 0 - - - - Gets or sets the maximum number of OpenID Providers to simultaneously try to authenticate with. - - - value > 0 - - value <= 0 - - - - Gets or sets the text that appears on the LOG IN button in cases where immediate (invisible) authentication fails. - - - !String.IsNullOrEmpty(value) - - String.IsNullOrEmpty(value) - - - - Gets or sets the rool tip text that appears on the LOG IN button in cases where immediate (invisible) authentication fails. - - - - - Gets or sets the rool tip text that appears on the LOG IN button when clicking the button will result in an immediate postback. - - - - - Gets or sets the text that appears on the RETRY button in cases where authentication times out. - - - !String.IsNullOrEmpty(value) - - String.IsNullOrEmpty(value) - - - - Gets or sets the tool tip text that appears on the RETRY button in cases where authentication times out. - - - - - Gets or sets the tool tip text that appears when authentication succeeds. - - - - - Gets or sets the tool tip text that appears on the green checkmark when authentication succeeds. - - - - - Gets or sets the tool tip text that appears when authentication fails. - - - - - Gets or sets the tool tip text that appears over the text box when it is discovering and authenticating. - - - - - Gets or sets the message that is displayed if a postback is about to occur before the identifier has been supplied. - - - - - Gets or sets the message that is displayed if a postback is attempted while login is in process. - - - - - Gets or sets a value indicating whether the Yahoo! User Interface Library (YUI) - will be downloaded in order to provide a login split button. - - - true to use a split button; otherwise, false to use a standard HTML button - or a split button by downloading the YUI library yourself on the hosting web page. - - - The split button brings in about 180KB of YUI javascript dependencies. - - - - - Gets or sets a value indicating whether the "Log in" button will be shown - to initiate a postback containing the positive assertion. - - - - - Gets or sets a value indicating whether the ajax text box should hook the form's submit event for special behavior. - - - - - Gets the name of the open id auth data form key. - - - A concatenation of and "_openidAuthData". - - - - - Gets the default value for the property. - - 8 seconds; or eternity if the debugger is attached. - - - - An ASP.NET control that provides a user-friendly way of logging into a web site using OpenID. - - - - - The name of the manifest stream containing the OpenIdButtonPanel.js file. - - - - - The name of the manifest stream containing the OpenIdButtonPanel.css file. - - - - - The substring to append to the end of the id or name of this control to form the - unique name of the hidden field that will carry the positive assertion on postback. - - - - - The viewstate key to use for storing the value of the property. - - - - - The viewstate key to use for storing the value of the property. - - - - - The default value for the property. - - - - - The OpenIdAjaxTextBox that remains hidden until the user clicks the OpenID button. - - - - - The hidden field that will transmit the positive assertion to the RP. - - - - - Initializes a new instance of the class. - - - - - Releases unmanaged and - optionally - managed resources - - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Called by the ASP.NET page framework to notify server controls that use composition-based implementation to create any child controls they contain in preparation for posting back or rendering. - - - - - Ensures that the child controls have been built, but doesn't set control - properties that require executing in order to avoid - certain initialization order problems. - - - We don't just call EnsureChildControls() and then set the property on - this.textBox itself because (apparently) setting this property in the ASPX - page and thus calling this EnsureID() via EnsureChildControls() this early - results in no ID. - - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Sends server control content to a provided object, which writes the content to be rendered on the client. - - The object that receives the server control content. - writer != null - - - - Fires the event. - - The token, if it was decrypted. - e != null - - - - Raises the event. - - The instance containing the event data. - e != null - - - - Handles the ReceivedToken event of the infoCardSelector control. - - The source of the event. - The instance containing the event data. - - - - Handles the TokenProcessingError event of the infoCardSelector control. - - The source of the event. - The instance containing the event data. - - - - Ensures the collection has a valid set of buttons. - - - - - Occurs when an InfoCard has been submitted and decoded. - - - - - Occurs when [token processing error]. - - - - - Gets the text box where applicable. - - - - - Gets or sets the maximum number of OpenID Providers to simultaneously try to authenticate with. - - - - - Gets or sets the time duration for the AJAX control to wait for an OP to respond before reporting failure to the user. - - - - - Gets or sets the tool tip text that appears on the green checkmark when authentication succeeds. - - - - - Gets or sets a value indicating whether the Yahoo! User Interface Library (YUI) - will be downloaded in order to provide a login split button. - - - true to use a split button; otherwise, false to use a standard HTML button - or a split button by downloading the YUI library yourself on the hosting web page. - - - The split button brings in about 180KB of YUI javascript dependencies. - - - - - Gets the collection of buttons this selector should render to the browser. - - - - - Gets a object that represents the child controls for a specified server control in the UI hierarchy. - - - The collection of child controls for the specified server control. - - - Contract.Result<ControlCollection>() != null - - - - - Gets the name of the open id auth data form key (for the value as stored at the user agent as a FORM field). - - - Usually a concatenation of the control's name and "_openidAuthData". - - - - - Gets a value indicating whether some button in the selector will want - to display the control. - - - - - An ASP.NET control that renders a button that initiates an - authentication when clicked. - - - - - The default value for the property. - - - - - The default value for the property. - - - - - The key under which the value for the property will be stored. - - - - - The key under which the value for the property will be stored. - - - - - The key under which the value for the property will be stored. - - - - - Initializes a new instance of the class. - - - - - When implemented by a class, enables a server control to process an event raised when a form is posted to the server. - - A that represents an optional event argument to be passed to the event handler. - - - - Raises the event. - - An object that contains the event data. - e != null - - - - Sends server control content to a provided object, which writes the content to be rendered on the client. - - The object that receives the server control content. - writer != null - - - - Gets or sets the text to display for the link. - - - - - Gets or sets the image to display. - - - - - Gets or sets a value indicating whether to pre-discover the identifier so - the user agent has an immediate redirect. - - - - - Gets or sets a value indicating when to use a popup window to complete the login experience. - - The default value is . - - - - Methods of indicating to the rest of the web site that the user has logged in. - - - - - The rest of the web site is unaware that the user just completed an OpenID login. - - - - - After the event is fired - the control automatically calls - with the as the username - unless the event handler sets - property to true. - - - - - How an OpenID user session should be persisted across visits. - - - - - The user should only be logged in as long as the browser window remains open. - Nothing is persisted to help the user on a return visit. Public kiosk mode. - - - - - The user should only be logged in as long as the browser window remains open. - The OpenID Identifier is persisted to help expedite re-authentication when - the user visits the next time. - - - - - The user is issued a persistent authentication ticket so that no login is - necessary on their return visit. - - - - Contract.Result<string>() != null - - - Contract.Result<WebHeaderCollection>() != null - - - Contract.Result<IDictionary<string, string>>() != null - - - !String.IsNullOrEmpty(Contract.Result<string>()) - - - Contract.Result<IEnumerable<string>>() != null - - - !string.IsNullOrEmpty(this.Prefix) - - - Contract.Result<string>() != null - - - Contract.Result<Uri>() != null - - - Contract.Result<object>() == this.Model[this.CurrentIndex] - - - Contract.Result<Version>() != null - - - Contract.Result<IDictionary<string, string>>() != null - - - Contract.Result<WebHeaderCollection>() != null - - - Contract.Result<WebHeaderCollection>() != null - - - Contract.Result<WebHeaderCollection>() != null - - - Contract.Result<Version>() != null - - - \ No newline at end of file diff --git a/src/SimpleSocialAuth.Mvc4/bin/Debug/HtmlTags.dll b/src/SimpleSocialAuth.Mvc4/bin/Debug/HtmlTags.dll deleted file mode 100644 index c86c39f49deab1b4bfc9672226fbbd1203f7ba20..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 41984 zcmeIbd3==B^*?@|J2TI0$z&490wiR@=8%xcu4qJ%00!9!xJAQ|3=m1?i8B)rF_=`P z+PW0A)_&C1t&6R7t97eeD_U*QT5H>n{iwxCwYIcs)vlKQ-sjvq&rE>!>+kpb{`Gx* zN9Wvo&OP_sbI(2Z+~s*PEIZ?KHbQ#G#*kL`9%&24D4|W&a6}5upd}Cjk6p7b9xQCeOgWztvl zr|=UaTHln;q&q5mGtr|xl|K9P6G>BSP@n`xO)?e z%B=VlWQG-wRy$ZfkJAX4E3%y?V6TV#Q|v(eXk=f_)tL&U-oi9cmXWna81SPW174(XR~`?aDrChL$}$*9*2K%q8Abe~y~CqZtIX;{-sDgVsaq z2bfY1Jx0KvF?>9oOEV{e7_vPB%xG5#kFpQi^MGdN1H>_HL$*kB#V=Po7Jyn}i4%(S zyi02NOCjIK@>{^j^0|W6719xSLzzVYaoD+GCjx->-d3iI_cBT71>QRXc8o!;&0`Zs zun1kj!)C;aZ`c*iDWKc+=|a0qDb8U~D>SJ-=R3=Q)h|lJ+f!Jt>>7`@&Y{0QafZXM4*y&Wh~N$@v2;lGWF3Y8-=A;)|;{lR*?%3?4e2M zd~QG!&Ub^Z=#$rZfK`_EVSnjQ?ZKR;u97>%!p9ZbTd_;AS>j#}v#_ApSko#z&Uzk$ zxoQVHg2(G5*gROFH12HRQWxvgSQ?(w=ZV7^YzP-Deg-3pR2oCtm)-;rM{u<3$9Yr+ z(cac$;geVsgzY?4SIor97WP-v9(|L)vUcuG{`f3y_MJ7*M4WLODrUOS<{*=V9>>IO zfG{2hwnK==!4pTQvqN569Llt%Xd=qPJnop34I%q-=rN|S^P1v7Sxm~|cJT;R)z=%@ zlT>|^@_6HjqBioYhZ#{b*KhPVZ~$8!w9jL`H$!Y3ZrAW{*dgPfz5NhQiGK)}dd=r) z?U5-R@-_yP9X}K7^=b#tMcbR%3C!t6Gpb(f!G4J#P%7cT)HBS^Ibds4Dp%Rr0^Avd zfUmGs!d}1ABZAnjSlte5f4H2Hhs$9X;=lkG>eVWVPTZF;kC85PQm!7t>^Q(h1s*-E z0v1eN#=IOJ^PKe~>nCB>OVr^R!OcyQpI;y0b;sG`?cz0P5E zqzL-$oif)eV;!>lCu3+Ei#_5Z4uXBCFn5)#M1`uGd zI><;^^(u}*w&xsxrrN_wy^STMzJqoL>ScDIg%RFTuX6!1Y6tq_bq0{Fm^NNxX>jz# zXLH;r^@$$o3qi3RObt{hv38f22t<5&e6;s|FA>CfgADat8w6(|9bYbZ*BvvV;-s9fV~AXGon0(g?Acgq3eq<~328A`jfI$eP}h(Zc1oFES95Ia zjP-Zv3D#&~wpXFgQ;IRzJms8ELrQ%Pxs(xjrnfSVMc$Tdh0bEHiuu=y(d7>WcxAph zm!Zm(0AlNzT)`7Rl{<>nUpz5>Hn2$zRoWpCPk1``G8o5Pw41GDn8!Gu;iiGHtzAq; z)L;^Wuz2uk7cqzfr$=I6$e!ZYj$g0C0eC!!eal!;e2h+rKH_y4-cZAAPy94i6hv{9 z%b8f`iJxwW;$T-Wu_)KnmB4gd;+ZNt70%S-jN>J&ro4ugdg55x5d$1_BUIFILcsYP zGGTxGHIN(Y(l?=Zl~-U=S;fH$&#l4uO!!GUXd&S22IKi!N56A5kVyf(?f>rUp#V-i zdfSinLGSw`)OxDkn`7o(1NMr87RN}hj1h(wG4fUJO=;#@Q9(JMN9qqXG^unA8jN2D zbZ0HPAPY36pPl&vNP|ogdOReHEpOT4nDW>G+UpUJs2KY zXJbgwh0=Hi)R6Mn6A${~yCLzAc$i})%cQBVQlCg(0u)9B5>oaHhT~ zjfJ33A9GMz8HahXSIg~@;}`^6dE*x`6)ph{^kG3VAk^guk~v4k2f^v?00fipQvZz7 zgTn_Al}@73w8I0@27HodN~uZ@F>SX?W8z2m@M3wm_XIY$C-rfEW+{r}mz_*apZ%{h~ z-NBeAa~Gg<_Yn&2;eva)ATQ@Wppf%zrb5~4)Xw{n6=lDJj8>LOLifa32KSijd7K9f z#??K}gN)@xKLiw_A7-i+{Rpxm`n$+z(M;OOz!PV^Sv1$ni{|Pc=TR;joq3ECj@MpF zll~|n4m^$$m3abi;7QKz{2rjR^?hVAPXP=vN$8n9$PGLVVEkzZ=XcIv58T0$oM*Uf zhe$eT{{TqlStdURz~jz5(1Z7Om{G02y$@~IfkV!(1 z7hw(t58AJA(Jukw#UOu;ab5@_de~TQSz28APzySH* zasKz5ht=Z;kij|FLpx!U0Ay=PIEQ;cQ1~8?FCq;!Byipq(L1~_ zv}b@j&BtqTKj%HJa<1n7(2U1#30PRkMSR5 z&&R3a#So5!@efe!+{A&E_i&4$Cx6ULkx3H&5G)AUA93Q{`DY~JD}O;I^H+dDCJ8+r z#c0G!0S5jK8k7+Up7=i)%N<*IUVIFKTyr~L;_(Q)%X(C@Tth2bd>t0mFk8 ztgC~0f(2&>D`J0zDJp&t`H7A8B;AhlFQ7QuaN~i4HjcNUj0F%cgG&B@wCX4jcv^cn z<=bw_+~;-0M3pa}hpt{Q`Wzo1cBwYkIztnsQ7LfzOvV5)Z=URN0!+u4Fx?}pN8-XJ z?})WS|AroB`shp%Cy%S0#YkmHBFJP)00x;P^h^}F0dC%`D%Y8Xrqm_zQJaw+O!7J- z0NFlF^*#29dig(tz*qa_xyu8p3G26#JXojQQn6&4YE zll7N&nPH^HakFns%AAS%blOsQ)MR?#)`*WoY5nM(E!y6LlD@9e$ADQb5^yX^AJ52m zFgA`+=@Z?OB9&f{D?w)~>-C!11f8K*X?igV(`PZ*4j?Us;=jbuHAeM$L@vK3umZWd zU8p;T`zt|xik;q#n)OPKOo;IH=^wk|5IV3P+j16;PlS*trC;OHe{y478dm=F7!MF# zs%7$RnU=a*r5m_(0yM%P&tl)=!-Pv@WJZpo{x}tX11z|en#3CamrBp!vSXR%EaJ+r zO^)I<6qp3-yy7vGeR%%jKjhKZn#z_fx!A6NkCo7S_9O6ld2Qk6v!%H40i!pA!9k?d zqOgabtKwL8xL3bp#p-vebStYSU5)o@W!EqTOEJpls`OdF^r;C4EZ|!T@vVn%qqlSI zHmMC=c+d6?r2J7CoWMc@3wcUr@GK=XfLY~LcxH)J!Ol!($`V6C=(jWVOgV)q`oU!S z(~vElk7IqrzI`{hg~i;)y&BeFJAE$*d?2<5PUdQA2Pbmy)6`a>YToa9 zOybN^AhIY(2C-mSjvyHjSTqL-uEt9*%XZKs8y+Eu8U6ZCsU6%=e)`*hprk8knllAm zWFgC02(Lks!9y)J1Y9Zu_i!4SN&5@tfXpG~{2eXvG5W7a)eg229(^+7N%5nRq@QNn zKw3ziBi5l_jm#e`qqfRS1q6{%lg)!CfGBP3Pp=5?Q*;BW1kgGN-}L(U=Uy6x`Zyk#meFjQE22 zcpTap%kAu7H+7ChQMjQLPoL)?#|AqNY19JYcw`#idOcER9jrJVm9_o&aGZPQI<}r7 z5GUt_TBIENB-Yq+W2{{^-pqnAj@VYnb{7#LRKFanYY!AqJ1{4`&I#br=K{1ukX4%L z3nm}tyoMu2*=U(6;=egj{;O-&h%mXmf;wru@ifj%jS(u(hJa#^_)HtNZ_h2wOL^-GI>-T`JkqJAt+TN(Ogj-=naxd|%g zbC1J8#TGRVQ5Cx&yZ%e2S4XOq{wG9vMF7UfgR=xCt9(o)pVycoU4mSC45Qp!dNOjl zWqnC7!!23JjLUK;E?6p@ENaLtRJzlxR)0nbr5#2OR!m|yVX#Rq+(F06e$MAH6 zXUdEc+^QE+&j8ghAm-SUhL@gcNXxLZH(WMgZ zz-m;Dmm_XL%&p)}f;auGL&TI|Lm^#*FLHZZJ&jf1Jr(XHPX{|oQBCz7(iUo!J>E|F~ z=L$HLY=E&9vNMZOGRP#M$4_R_x#kg2a?cg9*Oa*#Ujhc@oC1g^LRd)~T<)b@mCv9Y zhsHyv$}4b^u<(|`iƏG-5qu@grvew9b&Jodtb($Wlu1QOFDeC$gS(U*fFvugzl z9;-4jc46!!c=lrzSP7-;N2eQ6gI5PZd4GF0+mL;S&q>E2oe23OLn{3(aOO5F;v7m` z*Q-}zpWRrDn?vlV^rDLHRdM&y1)Ca3*A**xlA{&u@Z*S&wsR>*q}jNt!gk4QO0Y$` z0mG|X)UPVY7D=u*c{9O%!Gg}aqLn$@!H-M~_r|gA*&*K)zt3!Tbf5Cic=7BNtC%cs z(;&`$#tW;9jDm8B`OJ_TpAc-KJX%3%2hkPloQ?fm`d-*cb`VN>TR2g3$AhyyLUnk$ zsU3Y733+~@{f%Sn@dz4^>U7h*V|)Tl^W$67 z7cVWz*+cGkcdmvc@m;L2TFM}kgr1XEWNR@p**%ii1ewpU0k2_GAonP?fwLN_gc~A$ zXALsEvBaW~dr|0jg;(z8y(mA8uG4Ei-{QBS61>k@%jx6%jsY?|*W}d1vZ>dUK_&^E z-B&*#;}-$qr)mK^)}ox<7)naIj#Iri#QG#3mHvtA!RgnK)vpl@a8;Fl$0cZA8(;}4 z{gF!^5YdptKEVAKAK+yXi)3R}+Ol)IW<6FFwsRVkb2sRi+e-G%h4uJ}5l;Z~#AuP? zSIcaXC71g3U)92PBGT!RL+~;q$0VW4$no}&d*Y1YS$7;vgNb50r$YsKU4ymHmmxmp z%CL3hu2$*`c`U+=38$(2|FysH$5PltCUE_dbS3iI;yMb{PcI;$yyo!oJgFdVod)$V z(h|n%v5UpI99u65d1s)rlh~aYlY5?ij8mNbbO%?9xCeAgbE@u1si&9Tj7P8;;Zz{+mBJvhA^jBSuse;wm*>i{ z_;On;m+NDh<>&eGJ`JoUXH=e1T!slie^Ku#n?`vK0v_i%$`hhho<*JrecsdWvFTo+ z|G>jM$9s75%)|IiGrja8@+I0HJ#eiD{UM27w0-qN6y1;)3oLOF1ej%M)&iZdF zKegPZF94R&cO?I8Im>*#oTYtK&ic%%V4jOAn0|x6JMfgxrpE>D1uUcSm6ez`iOQ9L z*H<#I(X@z`F!KC-BFBHvKvF zyO>RP*ZmGP^k_50$i||Gf3+BU#%@7boX;5)#A(Qacg&EoAfN{rmRxYga3jxUt)NC} z99<&y))IF1z;;R5MZkQ(J|o!Y1e-`#3+Gpa^C_7X*9CU^fW%lEH2gDQ^Sw zVTJp$V1E~^o^BT`VsTj`-9bY*hE)qTgC3N!$%4(qyZzk1V}Y^nKQ3j9r0iIFLdw=i z*>Uu&l$|YQ$I){%gnn)oteKvdvW#GJ>8H}(pv4xPN57P^>wraRA^l3Qn+*1baNcG; zWcg6GU&?-N%H9_2b%Xt0u-^h>&I3~KBP*nQw1SE)?%z?0%T`c1uJEFSB@EA`R?-+L zTPkHMsaDEPMVSv}F^fm+9F#?A6^$1xZLo<_Z$Rp;qNAkjYEu>$?0SPuwg%Dqt-`s6 zW=Pq$rK}Bh@->=*t5cU8l588i&Az5t+YIlazD1rK01R|3${*ybQdCQ8p1xWWG%H8t>=?_Dvdh6(?p$@M_zXF9hKV4i$2SXQ2t$!h35xxOD-w)mfo*7~8(TRX{ z^!YGL_)_?1-gSe&MtIBHYR|fUHkhNgeGe;gRx3S?0RBFO)F-VbHbAOQS6LbAU|$0_ZiR zf3|tt|59Sp4=SHSEB&Qgv0gE>=+{*&|NK!~aD8$KpiNJYVofyMUyAK0-B9*1ZY+LX zwb64Z=cZzto+)#{f7@7rWk2&GFK})tQ|63dsPjuDe{AV8#Qy%W10^fr%S5}X-teTz zqO)8q4Qz{x?ZhL~ue;dQc=LWl9jei;z}ucQ=0df>KJt7Cawiy!ymtU=G+5aC9lVje zz+mOxhk>OHR_lEn*aZfg?0pW{Ukx_h`y!s;jvvSEyHbDqIo^p3z0(Nr8(ne$ceWNQSq8|+Q*(ZIGF?04Q2-gDUzW6s^ADi-)h(!~Z_S+NAz zanirt^gk7s_{-^eX<;`Vth~gJEt!0t@s06qv?^(r$h?kL`>p|Yy}?cs>~@1?eb=Mx zPK^b2`EIhR=t;qbWNfQwF^>Iur1zriOc(o!HHx;l*sInU+NH6;M*D56hORW2V;=za z1&z^p_Mfb=^eq>A8!OIt4CgNUZ@?Zi*fo$+OV{H7%;WbZdn0oSwu>IYB|JD?%m%jC zVBbf*7`b|cC>1w z4K6lYHPLwn`-eSW9ZmPR*vV=d{nf?Rsu?tWvTlL=^VLjhaj}!tY}(;sYt^yzMS}(X zwwgn?xtLPN(Kihi@t*~>RjnSYC#OUE{_%stli{(fNIM#hHdR$wR6 zRKa%9z3A;cI^JLp06U3JHk^C>J5&qZB-n0x!GDojOy4xvYrsyXhYfZBSSvj%7|R@? zme7X=`vjmdJTFzHX(4{}HMV(4F80_M}H-J52u&dSE)@k%3gIyb7>}LkM1@%s& zeFpowUTNfnDfgTU0we zCXtBaU|F!8PL_GJo4zM)yh_ryH5Ql_{HfYR-!<6r z!DoT(G1$W37PXo78f;DQ7r=fdn4TTo^qww53%^j^Y$AM~DZVYZU!9{7dd7EG@DByp zd-gxo7Pss@+wbY2anqTwEAV`9x~G@w4ff06iNK}{_LjxbV-)dU>dDYvgLy+&d$O*cp-{x)I~V>u zv<9VLpa&%P6=O3^Q4UJ@@vl}bh?XO z>iINXSRmz6y240M; zj`ChXUAVj9Sa(Bcw)aZ9RIpuiTPQ_W(dPxzBYhQp%fD{zX zuw8UlsKt9V-QenZZTK2mE3NOQZ8cRz*HWLsK3y}v==1bPskd9^%5_w9jPwC^+2p;B zIs|*mVhdhRm%7+jJYS^0X)MTNdjnZ~1w?NJd2DZ>ziXMW^-%GRT!7CrzRN<}yf;xu zb6SkuOvjjd?7O$oa#O}Vx{WppwhI@~yS=wl)|BxK_zGR_Vt&t8>2|}(eg7Igr7`p& zMPH{!1>+I>sQBwz72~aU&<8H(-QI7|D7j_Z6{rnA<-L>Y494^CPMRl}w#1$ERa3S! z{I>Niy31hgf<2%ydLVEBWqS>_C49iT%WZvY_^0Y_+An1ni=KDW0nG{Q74O{?=Ib~3 z($~UD-Af}3_U-UK@4Zy5F?u5W8(@xL&j5SZdmr6tuxG;Gp>NaQ4aRHux2cjZUFf<% zUC|}JZ_`+Vomg}kut^%Dvx+WK_tScV^#c12-Dt3#MOXSBprU5c40`Uh9;7-KOW{_e zX&83Ai+#cO5G~Od{jBH~-@}v@>^ge0=d*7$O zxLAswqRJCQ7y3)llfI|uD1#jYwug?KAms!A?inEA)MXor|(x(gA~Ag0fd>{z)w5I`Wi!>l8tj_j$G+F;41*PycluWk|&^9UCO_#^QC4Zm^Qua(BRdS5|M_QyYx~^m% zu$2b8wPd;dKJ^Qx*YFQ$K(OoRyCt3W2Xu*Bw%7WQuGLuJr4pq+q8kL$@&S2^25A70bmBB8G zzGRnLqXgSc19eyWMp$PEwkvRb^lfXTwZUMw3U-dc?i4JmF^MlDt!Fhx4@6(J@p9_P zTI&a*N|jr)1RJ97qh7hyVai^LzG;_RJudbRFn%M9d;2StRalq0*gL?!V6fjs-?1yL zhYa=?v{z+~7Yuu7SYnj*o-Py3MqB?hoTa6<8f`^ebql4XZ(C!m8iQ4#Y>YM4#oo56 ztrIi`DF^Lpt4}a}{;RRxHyGbY)L4HLO#4}lwOO#;^kUunB{i0{MA{Qw##*&57VwX? zR*%n@#jG5XVC>~}{&Cg=`qV0Y7;inP zF}iR}C^X*U2k$&$SK)**(ORbWe8M@&I!j}8YK^yOl69WJHq}ImjRSCm(J(K^qTg3=yBc07JiA<|=raZRYbCEWxxuAdr1^(y z!ZLL$w+ZK0U8v}8$v@^&EaK7}{VAb8FYr*AIeqf_54VHXR+qjc60`+=A^H6R-zmsz z%KMYN6CH%zKWa(?vp_Vo|41dIk0iTkcL}GKbGS6!uIAA#YFH>u^W0VzjVe3=;1;z$I)8XyG=2RD z<}9?^3!=%-3v@fY7n=VD(-wOL^Kgs0^*lw}O_vtxP}sV*50@%>qo7?q`WiC7GClge z@VqZjk7J=P>Aaq6dKP>nb^k8>EG;*84$t#U@sRdXpI9a+Q0EJMrZ7KJco-_Gaq|{w zdc9C|FQ!YrkfP~Y+8iles@RhAkyo@-C}#@P6rI;l*VVny5_DdVX}&ZUm+}-vNs*Z; zfR{+V5METvn&>!u1xh`1weYazmC4^E6b;#W_~kR<)Hc+9qGOAOT0@=Jqw@{$>zL!A z`$SrvV$q@b;S}BLC#05c>p798W8KS=e@#k%EBW^%|98o&k$KP85mM_@2#XHm(VRLu z=@!}AxtOW-(JRRLqgXyiGiBnW<}ZYrM^m)53vFdMYZRWFDJsTuwjz8>@%$@95&Ty| zWq3{=0<6H(r4YWOksFJ57mDyLrD=F)VjAjAqbu>P!}l?oiJi|(&}Pykq;*Ii!(Uuw zvG2Hp_`c*`fe!=jwZ13tIe|YB_=>OwlNTbpj^??zLLL zlfs)tZ+Na2xD$|{fX@-0`2t(5TPxc9tAsyj`1!f{Qh7?g6sMI1{&vte`IpKw^riCL zd@1oWv@S#EC+t1M&lj^aE%-3%@>BJt@?`A-;pw)TDj)ZETeB+n`!A-J%7}HY)m?cI z5}eBC=wh6cU!-%bt(CsO#l%k^FD8EKSOhDTg0iD>G~lkv34v>cawF|7-iP}sr}AiP zKJlJyyLEeI3a#H+xexb9PUVYqzdYx?U!L$j3QEMfUwU`H>~?QAn)7qWJ;Jj`O7{@& zclR2dr&j$SuvFd+SSrs2mr5UBrrA{oq0gImPT4~zRHdlZT2NIKd{rdu7kEJ6ha%@= zz%+S{wO8Y9fmZ9>Dy51n)_)|Pp_T@!E$-2LIvu;p`RLtG)sXOCX002Y3SMSy9{nBK zEtFU3>d_YkCs=Hs2^QOGg2ncng3?W}@XtqoJ$Q%pyU{;|KJVE_TSY?uSnT<+JX`%( zEZi)udqs}d;%Ba2k#?`NG6bDJ2tI5bGiI+9l;=_3vsR3`$r_?F$55!%`uUhD1)eeW zp%#m6-eU2%vmNG!mYNpt^D1kc56A7M_bm{$&)XsZ!lm zX^kCz1Cnb1>uSb_FSF`v?p2pt{BFkO7QdTut<<_v;N=#-r*XN(cmB6aD|Z5J^V}~w zJSy-`i{Ik7)8e-^_JHzh@bfc?y~zJS^8ZwOrF5^wZ+Gk!nR_k1OTQgs_Z+<}aF3C| z?|bYKo;||zs*LaD($;>9-vBva^86miesF#%ydRv`hCc*-lmBDDH0`(e{g98vEB0G_ zbM94KdcflM42qC{#d|>f<|zjLzR;#=`*k=$)PUi0aqk%~`j6AWcm<>N){OTR372U_j5_FMdp%6^M)&!-5_ zNX2KmnUZe?yxZHNcpfcPJdfHGzs1p}_>GP>l-Bv%)YGFj6}KsVL!(Xc+Zt_(&w;I$ zr}iTCvGk}-@!K5-#G@{^_;&nqOW*U4ul-zcyW)HHcExYVv@3oqrd{z}dza{d$X0tN zDE#J3yYhy<;^|TR21pM|Q`D~b#(pNAOKby$Pk>pe)l7WL->&#gn+p`bV{@_M8NDAj z^(?qib>1j-ixj`ZQ>6GEo*-RPJ3qqnj^XEP7e{u}O|?sL zGst(~LE_tPUOP^Yv|8V+tx~U8_t*Y4^osRp?cC7qiX+>d(#rh;9~Jp~1oCX!9l2la zsom#&6r3;89^wC+^+N4UmIWT3^}nyhy_oe;?UlZudeM843aYWOTO*^??ARTsTM{|i zx?fF>AlhTx?}_Y{aeorjlFumayb>^{?1sz;N9%P|EAps#n32 zqE{71{k0^bm5SxlMdVYpu4pui!47kOCP&62-G;P(W+A<*)2 zEsvLZ>LfoT@J&s@Q$#B%a&RK>jaJ$IA7obft>;`5_p@y?+JWL;2Q$p z6zK7@v^s&~1uhUc6kz&Lkl`%?zbEhwf%}7FK%XDt(uBY_1nv(py)Ml3mN4g^jBtLR zKq}#UOyE3$>je%9q^Oh%oF{O-rj#*#{YZvX&Tz1T;mrb{6u7=p=mKvRIH8JL-&e)- zd1Dx^7dTkGgX;=>Qs-;9^htsH1kzZc2;3)d|5%oGa~;=xQsACCkuP}~$8_&Fro<#a zPvCligPJm)We!eYxNidU&zr>g^^-V1DDY;1PYT>8r8mcge=@@->)%wUD=^l;`FR2d z1>UUlQ<#3Uz4KJdGM9n1#L5B?zdLhy~?AA1!a-13}@a}dM{u_>i3;eAFMSb{NAFA+mFeUf^&alA7P#Y0^b+7DZunUOa7q1J4?>6iQXw;`oE&g?<-{(7Wm^)oR5xX z&F>k@T5;ZjH9fE^Ta`~|3R!?_!)R zdK6I6lW0NVsbM4FkLYN?=P{0oUZ5F(FVif*pW)Y`72Y+UgIfP1@Q-vnD1Q+6E}a1S zdw@8>(ush7!g)Z^2Z+-aeF&)NBfM9x=+F4I7rc86sPOK1D`1^<3gEHUGQc_33c%y6 zRe+~kYXIA=wSb$fQvuJxn?(HU1Ri+l8Th5#Y4m`~0N$lMfcL0#0q?`p>uGd9o<&ci zJMlbx8a<>QghxKBp2I2jhv1xvmG)e~7u1hHc@dm5=_SaSNiTyl1o?Ha`_VKTy_xDi z&cDikw!hcE)qlJHF8@dVrognoiGgK--oV9yD+6~09t!+9P#25`n}V~0bAyY5%Ytpe zGlQQA-V}U2_*QUsXklns=#0=eLidDT2>nm!Aby!_M)<_=s_^OI_2Dhyt>J<2#o;T$ z-wfXuek%Oq@c)DlgwH8T7u{F1ugF_Gs<@?iMX^(SeesuzzhC^r;$IiPQ(P1o7padV zBk9OMX+1u8Or*5=`vGZt8{Ge=_aIW=;waC&*#62UJtCLoxvZ`_kz#UE5VIwXK)Q|3i+)ILs!v- zp%akaYu#4#p!JiYd##U(uA*r1RrIyu53H{hZ&dt^7N3ebm?70%+a{DZAUNK5xv?G!`czQ+7ZRt5y9FqW7-kF+7Z3l5x?58X0#)MwPVcM z5xv?m((Q;=?N~9|5vkfSzoLjzQQSU7G5S%8;fw7f{3gmn-Mq}{>hDR;rIWM0J#C3i znWnCu9$Jv-+?-rL-6c{hiq<&&>CR-1Ch7bv{={uVe>O=AHYYo`Y;ev4pD>@)-`&%N zzkXYIUSB$y$#grZ_0w`yGffMe)YfDw3u=ahGnrnK%z|SN#*G^;urRhb znM$S;Sto69bfSA>cQS{rPM+JJ%w*?xX1ljC7cEWnZsVhGs00c7z1+$4% zHp9rFjV|rpkWQqxYtB5v`mO9qaDRv8j8aTo)4$=IWT*5ulUdM{$Yho$dXwuCJ>6ZR zZcF!8a8b)rhWMJ!FFY@sOtC35c}ohdE7{eQXUotcC*8|cPwwvON~R=-(QR=$`+H$^ zaz`!mA0_75Xi3INt<84#(2~T~M5Z&{-Ira|pMrUvlniA$n@rO=ZrKsoXlZw93v05p z8@vg2wSsJc9?KmrT9fR7fh4y%kxq6MFtjB$^dz}NGOL|!I=^XYcP2}1$@8+t3)@af zZl^XFwLeL{nNBC&)4hS#Y|mtqy|hB?Z!mac54XmKZIVIm?xfa*DHtowZDAmFwL->1 zhFtNf$qm%X^GN^UC$$w6G!^u~NCSJ*8nI>5nq;~gqkn#al@ROcg1m7%@K2v?fstEV zxmnVf}K{^9m%$`!+aFlyGAlbMHOIX;xY&?rL((4lTb zp|a=k1^yBi(7;Vcl8jA9&$e8Cqbbs5>2)vL?H|Cz+?TB(e#pv9bF+TG-o{-A)Jq zoypBkPZvzr(VNUBy1=ofem?&Abv<`Y$}c}nxnY4495gZ1a8#*Gt*J~hoz(*=CSWV+Olubh zL%2~_7tQZO$GS)i!B&@yXe~>@b}Hyto0FT%PT|CMFxc7bc2ia`pVzkP(2UNWn&wDH z9k2i_yD07SwmE(9#zJgcqGwB+!}L?(@Fyj8DGa)eD|3rFmp3dAC#_9sdv^)8ftOmz zb!Q5ll>~J?6=ba)#Am**x zo$V2ymF8MAt*O5L?82U;EJv%8eLP!S2UzYD_!*?IyGaYK^PQSb^qtzB-AwDcGu;R< zSnpOlJy67q#F}JhKMc6NX(j#uzq7k9(L=5I>_!BKJho6gw~GpGqqj8TsIFGVCD}Xm zn!>)Ub4+W^kSw!6HM2WjZ<=E+S%BRVdD-B zrwqs1w)g4yjJ;Npv}Q&vEJa<(jfwsq#N-Z)GIlN<_%&u0t6OTxmGX`W!${IEM!4Aw zQzURRMfNp0rQC`pLmgP&c{@fO2`m+|?aNT}Fij6LbqB8+*lu=18#I;M`Tc>z>Fo?NuQ&u>kmogS&eeFzZ$UsW4-s?gAr#>d<^|Yz z8F%REakd%OT!7)&o6)ZEZ%bPdFet}lSp-Ev4G@Rni1ZQ+}2@(_is5l zUZL0BEE~J2HGOa*qYg3uT#-t#N zlX^S7roXSx!Fj2R9Vb(;*Uy~+Fl;SJ44xbak~j&ux#2Z8ngbYh6wL|cWlJW(T>~E=FXP3{B&7_a@-O~ zyRv6X@{S)KYG~|&TrY_o!8S&?s>yO)P0umwCbalA5v}Xef+S7~9a-N0=g(3&WpH6QQO+xiSb<_lgM0>@X7?gz>SDLuwX{Xi2&_T zr<2;)y$LgucVE0|<{dOI7TsNhavs}^%cReVn3>p0pwQgRAeW&m@3XrLH|Lvq8_9sB zCEObuOiuRjVcY-C9&;B#l0%Ew_9S{`pm^)1H%2=CZNnz44?~rfotKuD-=}uFJ0R>r z`ECfCTD{@O=rtZSd(F-!7>O{92YYZ z?(`xcS+_zT2i_Eh&6v2QJA)n2cGiHeHk|y#PA9fWh{*Cr%ANUX8aA)Ha@EE4&C2EI zd4O?Ey4Mxx9-Cdq7kF7MQ{>QIkfhx+hZ?rd8k zjqtLFr6LM$$$La@5+pa8ixirl$s~I>^lV2c6SF`Z0smN?7+JN;ayFFjJFn14_ zC*_>!P_1O|y$mCfOy`-0T_H8g4bj{U9UW6?!I}xpbLVt)$n|g6{FIa0-s|-9F%G*W zgze-exYcxAnCR}93(a&w_l>*O@enia4m;Wn$UDf&|7z zxSuLuY0cl-V5oQ#g4HS0 zl)vc7nKD1b?&WOZ-D19~kump>+s5X((>roUwof7xgLMR%>`S>_qZ#8u#R@Jln^t4< zmc{;;pGAYX0)^(;BB5Ir_$ z`qmXV2J$aBniCgqH%*ogWXqG=5Fap^Q(L>!PD-w_cvNz9&dYwt)H!S_PMb>2axi1h zWkog|f@7`@EARYdM%c)w*K{@`H)Jql!SFbG%e`7IAx}!;>Vo%#8eN#`VuZU^sJ3Wt zPDrxh7J{*iEKuogKJ3g-Z<41=`H^hK#-iXFk$X682L7eIPZWcv&7{`M^8TKl73otq zRw|pKI0I4 z)*(0o;4uD~pUgzZnDq$r3U}7V{5Wr{*tj~8+LSC92#hITrE#!L!4u|tiE8v?-y>MG|SCYTZlLG}jw>5>+ z53cCoyO^JPO1Ea@t`^m>&BvrznM`iMISr=`Ru!9n-tNi)2H`82=#>d;Ziysffvu%G zjY9|?vK~k`g58HA=S)6wIF*9>dYh`i@4OgICBo_mGghn912qn|vV*GI0 zT^c2XNjT%(8T(mo8wabH=Q#z}FXlmUv%beLHym2G<|Ey6=>B}72nRD9dKaPvx23y# zsrit54PB%aG_#QF^U|S-MyW$d)6C;88F;+!G3ONg8(iD*7RXU}Uw0}EAdMj=J9vkt zhq{nYA)iIM0emsqC?zSBSiubS;SHx0Ucl=@n#H$~EMGUusHBU!iOYLH-HxA@Whp60 zAYTkp$b+9d@gNO%3I{HZf#b(Z!Z=rhzlS;TLxu}z4gO<&SPpZsJ_$?_oQsj?Hu4&7 zMM)26UDO2XO2XkDTC=QP;Ds`_iL}B#TO;!2%S{UuJQMZK;zld7L=SfWCpwkv4f0siXz@ji|%p z3!P_aJ8hKONxTUbGk!1yxi!OT>#}L^5yIQpc!8y~y=JJ8p@J*-x_=afi8z6XGS^z%XZuH$xiNPBIqU48C5L zTicAcv0CsuzY8$3r^AaEVjOa%_#qi^vS&eFkUgkNW>=HppxT@V9*r?iKwGw9CwkEh z|6`4YVg3wCIw6T?O$u-DQO z<1mgL=y?Y9hnJ6oXOF{srR)iZmd(XmaogaNlfi*;9`)~J(1oX?t$vJ0FCh0dCMn0o zCBRvawW3iEe5?&P&tUe^jp$d7BaU_oXETqDj$7=*T*98gajg%%b|h}3VO>N~PXeRD z6t~x$tHcYO!(Cs8QT$MJ^%Hw$F%4#7imeuWi-#&vJ| za&^niD{gfD{P^|}KVCNr>&&~_=uQ7Ui0T@ zx?IyjG0F*Xt3e>d1iUfSmvYT&$DsTO@2 zjXsT{voB^LMVTrun})Iw3)NX)41aZQfdNuNajh0>V6vck;?OFdqZzGWJ84$hFN-QW z63U0iP=3yZ^2@N72=5`2WkvA*Ys3#T&a%p)HqtrxLm#nkBoaUxP?55cOhBeu*~$y$ zA|V(cQeHNht8lg~>aigX=7_TLOa&;5ib+mD7RHRAq%0Z%KVSr61gJ<@2wIqLs)g51 zb>$-1r7X%8l}1phx@fA!m6>-eK|(bY5gt}V#49wUkc*Vf7e(g#V;-)lykx0JfMDk! z8kQDnA{YbRLd37fjti_BHVl<5^x)4cU~2S&&Ck8yzE}Iu;c9NDno<1AC{&HFlCDm` zFqFj52xqjfDeVO8-a5w~E)tn148xuPelE`CnW0GQqYGR_N?4hosZx|fxP%7@u0%X) zm=mO;&{UI#slvZ)>^eHSC&mz`hNZ;Ac&Joat5~o-H?c6DB2PqXfn`x{ljZ5AOc4`G zQ4oNGuSdST>@>h4piW%jeG9QnXjujCx9@DsSju4!} zOJ#}S!jU`sRIU6b^A<{;boGv&KZx5xP=yB zG7b}FLa#>&{6bapB&Fv6KYNwYxy{G$jSz2+s&hq0+Lu%e=g)1NFwc1wSPUW&IJfak z%$**dls&K!VS4e5;Q16HPubwLaETh3x!DN&C!457MZ|2&z{I9+1kQnDvK7G}&p@{L zO%eW`T^8ooGOGhoOO3_kj`*V%X75Wpg>K;v>J&Xy8IzvpbO~V;O&qK7=dK&F3$pB_<077 z7g1;nz92N^V#FjuFKenHw+5*Pe;EW%&V`b}JJDw<8@#88h1{v--(%b|s;51aM2KSZ zSon*0ERu*Z_;)&>PU+wfN0I=3B;MP~@5xfIyln7`vQ`9m7V%Pp{^b&6K!T|wk!p|M zihxHiffAXjG>R%vaPV7JdFkN2BB2-(@>moDR-@cPtW|El%+9!aY> zR9HVO1E@{r4WTLMVU{O2MRinsuNr@5JOYzLMiy%(CJpQhEqSdpIdsk{W;w1xz$WG~ z@w5?El|SG5uyVAk*IBkdudnQm+`qEHN3|(6IqXM&3<=|wm&Tk=3MVXBU?Wulr_deD zK{kX6hw{p4p}Mx;^o(~4H3%F&KN3sE4HLyG8!786W>eWnXv)j4Pp`hH_eGv#+&VA5 zW)TJxuffuP_$%um$wVZ^puF}6d|12&pGIqCgL~i~0gMK_x3U7V(ZbA;sXX{RuZ)=I zXwGD-qRNvSWlljK%X8K8g`h~(_QUyWJYGnS`l7s2Lo^J4)X!5y&lI0uMaIe&sci7I z2s2|ThDNVpi!h(nK$k)YK{C9NNHMAzBS&~)=J~6-5NXOr7KvF+ z8IXKs{L7h!94Ue~*6`fr8SDvJvamykGQSN`$QWT|gU@1kRHSt9H>~MMi~uGz;6y7@ z;`a&$F93$QFPcUaN@qc!M1qK+6~P<1rW6HW0jYzr*5e2dFN>DKeO&($&*3H)%5c5U zdnf)U>@5h4VPb@JFZIU2StBdu3 zS1w@#lz|Ii%1d8(Hdj|4)*7o)Adyick+Vvwa}J&5{myvpX}Mmr0=ni;q(O;roMW#ko2fU3Wiyo@(WkX^@NeKhS@YMR7(Xw;n<&g2 zcBfpAWig-0B3}k8YGARPi9e;svdLSkJbfjwoM*5W;$WP~I~ZeP2RM(g$YLA>mF538 zQgm%Hn&*Cp{jj_t^F*q~ew)f#u>xajTGooW19dnwpa2t&XChSVk+^rQnFerKrt?k( z32#&|d9hEyKiZoM<;*|C%WK(C5R)27G4`5NUOH6DN=VA1E`m52!Bd?xg+E!{5cPJ0| zJ!PvRHD%@YRNgYN;Ig4c3`nHL$BPM!0sCO7sMaIRIX{m%dWaHOWAJux!;HW%!cpaC zo0bjk7k`Kvf54idog2wSv=j1+yK~lrJdU0c`LPV(M?1Lh(3CC9ry?KRX7C=<;62>4 zX^@ZgA}61#gD6%<7~+s@6pCPB!6GDM_S?l4jc!`Lu+4p2Xo`8a<^=w?^DJtMjC704 z%MAQ1BFc4QZb@urv4zWmrfK-+_U7QXF^ll0-HZA+^e{X};oZ@H!9A7eFgo*{ zjPGer5?z2rJ@>i5GZWc$v<7#O>u_(o8o5^7xIke(-k?-{QGeK&#p_FgLGbra z6lia`viW&K;jMFCrxBzqYYp6czLiWP<@?j+fUFshjlN6Q zPewA(jBo65KaJ1V@ubAUFU{fYDXGOh>cibCTVxaNJaIcJy&O)9(R8r~KcV2!oV^+QU)yXd0-j}_ zr*)wvzID%A8(|l;4frmDe zpE@p`O1<1uKcrH}@_AqQ^U%PfZ|@6xvj!&ah8bt~W(ED3m;JyWj7J%knWpTjvKM;prPkH^4VL4KlG7b zjrYX5wr|Mi+W7N|3;BO_c}f4T?<#f2_|HodduM5OF1YZl@9qDiez(p|J$k_xdfffk z^z+ud^s9gEck5a4`+;|T{QdnF{ixp~$EQ*|d(C{L`il*fKdk-etbcfQ%F`>FzqH1N z45<}EKh*d)Uq5p02mj`uADVFKSBC7J+T8O>-Cgy+{HTjwo^sZ_vp;p=puwqwzxDY& zPZN8m#NAc@U-{{Vr~fJQ@$pr6&-r!RAJ_bT@6_g=SL*Jn{{g8ry+8EHpZ>A>(NiDY zHuqol-}5xFcS_t{^`Cw5kDp)lxjTA(EtUk@6QZhG!3H@&%cYIDykb$8W&^R55( zp%acCws}G6+b2!h*5kK(o+kEAiMy-*KRU8(*N`v$)3e|H{11*l`Qy{?**mql=ass< z>c7`BZ8v;+N#8-!C)NJ*>;G|AuRTu_d#A+RRsZMSdeLWo`l0=o9`ut7zVOpy{%!W& zsm(pF)ZJD8!@sxw_9+dY8TgOsrT@Bf$hy9Jo+kEAiMy-*`+Va&=ggh9_TEo?rTm&r zUvK>6-l@$!uhiXD{}|-{|H9XKwq$ z+?r2*_S+l(eem9?%{{Nw-Btg`|NHcHmo2!z*QdVw`Hn4Qd79WeCGM{Je{}Vu zKmX>kPY?L~FWWZ$@prdx*gLhk=ass<>i-kRRDJ%c&+j~K+0WkUeg1d1oVVv`V(*l= zyXybMvG+~*=1>0Z{VPto=+jLXU4P)-sm(pF)ZJD8)5`w!=Lgn(CBht+(ww{a+9M$=<2WJ+IW=RsZ|feWU)%1N+@qTk^C2 zcyr{)p?jVt_D+ertNwrXow6@1X#CEre|_^=XHWlJzma>VHut#Rr^MY={}V6yW8aHEb6elr?%4i`!+z6z|K6$1J+IW=RsUDs zu;k-kzk1D@uRr*`U#;$Y&ue?0CiYH=yQ}_xeCF4Bop%Jbs{iFH-?-`?4GBIy;I`us{gXV-?`wnvCq#L{ng56 zKKGjq`=0;VgUm^1J8;ZbN@s!Sxqlt=RSNVFpEmOL1_uD$)ae7Xx$huwFwpbg{lFpM zP|zP71`Y@B0|S6=1{?*B2IW8xhiifG7*GL*fn&jOU^o~7c-%a70?nF2*!Z1 zU>rCJ=#YvD;AC(L&{;O8g44k1U=lb3oC(eXm0&WM0;Ym#U^+M(oC9Wnnc!TYo0zkJ zHnW}&E&y}Dh2SDE7gT|H;9_tIxD;sdLj&LsfcfBZpaIbppc>SG1z;hl1sSjiTnQF~ zI&c-Z8q|X&paC?3CU6aC25MxjpbdNk`~}E@72u=bW8emGBltM@1h@&@3_b}y1y+Jv zz+Zw-gImF0fxiZ;!0q4;@ENcgtO0)mb-Qe?J9k>U45qt^U2fhrx z0`3P7fWHG@1?#~E@b}oT zK@YGWC;>e|DcB$M0=>Zj;6Ts^^aTfjgFzYS2Mz&;g8twza5#7$7yt%>Bf%gr7#szT z2IXJ~7z&O7!+_2K)VYAe!3c0XI01|VqrhlzA{Yb4f|I~_FaewlCW2GJY2b7)37i4W z1ZROtFd0k%Q^7QFHaG{&05ie4;5;x3%m(KJ9cFVOI0BU&2?l|S_&yg@fq7sszg-J1 z=JO@sQg9h~KllKc4=xASL9-Mr10Ur36`&e?i0>Z;%fa>FHt+>-FW3lbpjiMGf(QBj z51^LM8L$Xk2^NDoa22>3d>xucKs}$Afba9Ufw&PgfoniBXaPrn3eXDLz&LOUm=3N5 z*MSSb?uL~^Bc;c?n{FT7o~?mD{q|44m6@z7tFN7WWu~EZ{&kJbSI=KC z_LQ253o{c=tsQ^zNedU9GQXvH;rtn`OX{m?u56h*V=DQgc;8fkrrr-m1zz?C3EatZJgcMyrfvoEFx{Ox|vZ|TbpSpmh<9}x@g`EJf}4- zY+J(6ttdOx$hEe82A$Kojhc&QUTn#87CE`KwYhFVTWhAJyDYLMmtz+#^4yljhIy@Z z^+hS?DiXKl6L+pwX4N%ZU93gcleXAenN`=ys6o@HqRLz!lNZbV{KjG#H#8Q@b8e=d z-mzG|Eg^N$ycgFrXKK4>_AMckE?Rn3&4T(&u}WxF;$n3G(^+*z4w~RupHJJl7FLDE zx-eaDjmfRl^I4`iZ-3Sb`?CH9MjsT{`Rj>CAIKVW32Uj~Dn6GHUkSFB+X8+h~LKWUF))1e{A6MxqVpg+>bSM;%PluD+gbO=WoH^ z9n6|9IF>b(4EP3e?Et$Q#*_9MpfCsDGzuMC_IJ?;U-M@wtIhmK{-}R z5go!E=<;~mpI;%sPeP924G;riE$E5Ga#`;`8@8)G6dNN(W zME=Xd9?jM9Kqh%WebYfl05POhaJMA66|CbG- zmA#8r*OIidd#C-}>S1q)R_#Hwx|XDsPjK4fUbuFoXp{aTNvrnfw0*yQ`!7YScBy=I zElE3x-<)>Hx+f15tx7FgT}#r+e>m;SRqIX{t^A5;buCG&cJ8#9Bl@fst=hk6buCG& z_UyEyzH!e+(W-rmR@aiW@`X;jqP${^Xyq$Kt7}PG`97z;y=~VYL@Qq@T3t)h%4az3 z0Y7-*DbdQ8h*sBBeoeIUv7*(rB&~d_(>^@<)h~)xK3BB5mZVi5;It2( ze9vgns&5djt|e*ZSDp5bjrRrp%HN7s*OIjI=T6(dEwVTKt1u zqE$a6T3t)hsy}kt4-DDw1<|UX60NQ!Y1Q92?H#`x6=YC9CR$xf(#l^u?U6tJ*<$4@ zKQ3BbOVY~EJMBLoR<&KU^82FIwIr?jH>b_?{LL>y+4xPgx|XC>zv{Gyj{Nmx(W<`{ zt*#|$)sH&ut`GmdUbO0CMXPH`TJ@z)`;mVe@Um#t$BI_hlC4aj&v;8$aMuXjoz3cjkgC zt{A7Uqf;d%kDvAL-}~BSKc2a1SnnSH_?3;-`h7OLDny|B(lBdEm8wg=V+_{ zR?9>8#yxPazV!T|R{x_HvShBkH1ARG_$cK|a|`vVyh?h!{Wi^7b`&e)n{c3V?_9OX}kd;Vg8iwicW&pp{LLo<^-Wo1iraoOHjRbO@}^=8+T z>~#i+@}zTes(i{@f%I9rXAM8HhZ5r!v*pBe6XbO!znACob32w#Qc$GvlXz4EuLC~* zkA!6X*BVFU&jt39ls=9@P;VGYtpCo`1qnl4oM|@Z^(}pQV6RH)Pn^em5x@EPiODkXl&!4U}qKl9`%55%77rz2ZT>yKUwyDSc&+FHp-t? z*AhaKwwnC=v8&GQO?|6^@>&Vjf``C1uoGx+(7v$uX&~AD-S_lQsDb@rrI*to2lMDg z|L<)k=A91vM#VPSX7J5f`DW}p_*MDn-uUId?CO$lcH7oiP=V`VFPip|?F+l70oA|z z$;Fn$)EU0v7fR=N{ZDRc;@+0-V|2<-vi~sGAIopW{L<883`xI5w~t?(kgHqG$Ecr@y+(P`VJ<5nllDp< z74p!yzc&`0?3=V6rl4{DCTw*JcoFRSKVrAZ`qwy6;ma`!e}AI7cwhVaKRmTxKc(Af zw0`}7R7JmebCJAOc)wR|b>ZV^@pulJ&oNjImoz7tk*TTW z_s-a%bSGJz&*lPreh$qSlYFK$)@rYLSNM#PaT1bk>i@y#fh3=*y4Lzk*Z8b9KFRqa z&q<^8?xZz`M?qwx1tcpL~*+BFYywJl)O z)5?y#P_I?UvJ={c^oj~i?@3XwUPspd^nY4Os zISb3Fo%DC@{k4~Gimxb3F8S0?|87AwS1f)16%5g4B=5xc6dDm?A3F8$Uv+0d>w$ir~yqu48 z)(iU8K=e-IIxBwNLf_%^+RZ`5K}c)ER5*Z_QHg6ALL`I&d}4Ax$ZPt!d3UJ&Pc>D(Mq z=5nX;rRjwATFryiH&qZ1Cmu$88u1~-mBjst=Md9pXFos;ZT1@C_Yr@Bn0_{U7cs6l zdmk~T$Gkejy!w1l2_}G}n4_NnMsz@&e@kBYr{Wy0@I4ZIV|Ey`GpCL7u)?&o?{>6t zE|p&okWKmcpgho?7V?#kj`N}XeIZSoB%4Axv@#jRQ#nQ85>60sdE)#gt!p79c?^Yq zIHw4RRy^YTB%ShkOOnS3Xb*wr_`qv4y360!jB|)|ZVplco$h5RjE0_JhR$8c%EaK4 zr7m>-0x}-DKF4u%UU$k%JQb#qR^>XIn0vJ1nJpte zk65zKCRQKC@&mk2ql}~BF@X34;*)ZG#5InY)4BZ!Nxjb{z4*YFe1^447stTqa5e@c z_`AGKTnfGFi++f7vhRUGXR4Ptu1$wCHu&1^e#r-o-xb8tRdq-&xreml9mlQdoV_M_ z*OG>IsC_5!9-d1l-f^s%R(lPBX{c#FoLQ08FzzbjT_4g{zf^++Cw-Sc)b)wPH;3=z`6M4$fo+`t zx8uV1zIZ)v+i|Rv4&x?WOqTaA$wT$^Y2v=A$>{3XkPe%+F-$r){wd)%=|MpFXEjn(*~-nFDKCK z;CI=!_IoL81^uan;h+*+3Yx%8U@dqEYymFuYwXBE3L%6S}M8mIevL_AU)zPPz5zbyjqIU@mY5O6jtGHfEmPcx~o<9>?IS#{Np%1VryNKJTQx zkV+xUS99~F-JjFNIVWeegf(;@*AG$yC0G+;~F1bSU4)(qtJc>0GKTV~OBnHNHKW@9H~5M}%J+gL0q_ zpDRM_zAKg^ohx6`A9;HBN7}Qips~w*+HNaY2_EW1J60X~nuzLEfpL5;aDGi`(;=qs z(F?-{u+H3jF%jRf|4-#rUmo*L=XlCxMva8Md0Dw!mAiM?5u3jctUc2T^2=K&?~9!% zb4a-FPtbtW=<`U~sDj1?9yp(<^s4?=|M~sDs=7|Kr;RijwSBMmm}kB}PuBY|+KZ2) zhK5t#^7XFgArw^a`ZFke(3gFo7!4F^|3@V<`X=>uAQScAZ;ROf^=|FoZEl3ZXJjxw_FEqI;c zyry5%#^PX6<#8SwgDUu#UZ1}WkB@W%57*fy<1s~X<0nAu{P9? z#svdNqp`5kIGv9RSU>2Nae>#Zuk}`#p$&2&i62AGT`p&0ExH&RlHZyEVp~XSJw61r zAJ;#wD64S+eO8$FX+4a4jk*s{|1|->IuVrT=F}Bji*{ak&53@UeUHcF<|@%n3)51} z9Bmc(MmtM~GcEb5eeSun73u(a;<}ppdX@>pdVyliSJ7csYaS<3vKXIEd|8k~eMGdc zbgtZLPt`zSh~=$Vc@HI~`v|e}K8Ek3EY?^F9l&cOXMAd%Me(V`r}FI_;xW0hM>|Rf zn<828M+5YMa02^p`cXR7k#rjCJRRT{p)XmwAjjf&QqnwZX zbnOjOm>#3>cPM-YmKz`IgNrGP`}CDkC}Cub!rx=y@xgNAF}0>icM0|2zAmb+Uq&vi zb103|`Mo>*o%wXuX<|~=s5-aj#P#4Zjxm3(wJi@7$oR?fcbD;2rBR6;o-}9oTYcWjFU3jFU!qpQ>Zr1GIB1a?tG6)e>GUbh!};xoW)xD_vNOS4lG4b z3_q`jtns4{%LUGTE&W-!@#7w7Dq!+E@=2PgQ*J9VX= zyi89RucZIr+~3j@otK%rq>%5>`r~RKdZ+R6U;*F3IVGLH_wWA0#{jWEDm+%AE*L8f z&5ajgUs0I$&_G+BqmBN)FfC(@T)tJ5HTvvy&X>y+W&j1oS}Qa@VjP*(n3ekj*^`LN ziKh{xO2%k<4sjf)3}Yd`2U5-T=!4TaAFe79PlaKmRX=qsG5X~$PAbdzP(CB9Q&A7u zpra`ZSp=q^gD&`yPg^3I5Ffa*?(>MdfQ9NJ{4NE{plgi zak(;A@LTi&g?XGC=tt#vq^T&Cvk(v6KNOESA&u^XhEwOB15wXVEeHl6TV~(PG zsqxAfx#f4{Z2DLEm#g#gY`iBYF-9?F!%~k2`&Y# zU?sR0JPMuzJ3tvq8xAU^ynW%nRRijBee8)%gg}+%LNjydNf@`0h|#w}RgfH{ zzA9)_@flzF|5(=iJ$%)HuOSS9UcUU8kdF33+@J5m!uPXipGO1vtNb&=v0VB4+A6;L z+L5Hw+;|7SNgkd1qM+-S(!T1!4M2Oi)`QJpU)XyzkZk{VTCtOD^RH+(m*fAF?ceAA zmqIUEzn+}?YyQ{y`$Xw?%=3MG+soRt+L#C4=TO@0vP}vTW1C^gr@hA+735cvj`tW< z#yDTKb5M*I=zePRg??0(JoCh(o#(gxR zjk+pK%la;~6*>Q^^Q07pgKZRg2k1k=hl5H`1?mACOHy}&_27Rql)&6=a;*t6G9l1c zu$4;=wf3)Lz&Sfum)!@<=dXx2ENnTtB*Up#;JWrf=Q-;w`%&mSF6wf8NkoSpGy&dbMJ-u{zi z`6|2~ab86{gVT}6oo4e%9_!)pbT{zux-ZcLiIC*60Up0`9_Y+(6BeT{uN!~N!CLSTcmiw(I*e)n&|H2Ns0Ir1|8D!s!!O|(c>5IIJyp7$PEKV?b+G-; zjPJ}vykj3w&QApf?VpwEi%MT{-qse>?_?3B1p3p6{rYM491i1v+;V()4(HS>u9&J< z4b@I=Xlz)vq_M4Kc7`X(YNv6Y^p!Z-v7KLQ?7I^l0tC zCn#Mth_dJR63c$7fP(0yGpc;JJp)&3sWNAO4YU_YUH)W3%DBCjce*2e%@K5MPX>5^lB z_c{llxOqa4cbzBr++Xr|_zTK#f3ghzIv)zrnZ820NX`>hna!$xJY=Eyn)526Z|%rq zX8|57;PGfT@bG&|i>+~b8&z3&UtZ~x&SO%3VC566V)W*Hx%NgYRKzI!{U~Mnq4UeL zE2@5c9Ow5C)doC#3_ibeKAjxLb*!6J>P!i^s9d;#{QuMQFQWf;9^OaBHdXk318nGf zD{}o%wDH2Ubj#2V%k`(xM)Q5Is>JI<^B=hk_3fJ5_}omsF4|q;bean(-BBUkvAJ~0 zH`-F+Io(j`&q|CTq8+4j@~8>;+)T8GvTE=8iFKKO{w7I#T#zF^lc2Fste3*)K+3P; zOLKd7Vjp}7Wq3co=KJB_hi~+^#9Q&7J3t>C>u^vBsz5!^14XOBLtqPd8I;g74FF@n zH1K~Rlpuurf$b*Hl!RdHnJYbu1{B=Tq;Oh-&i|4dSRgX*1J?6d>6})-SMvRSa3+{y zdHDT!Y&WL?f8N)h8%@1;{89Zmc=-zO8x2K#WIvW)(` zj4^qcJ*A?&$ABnv;kNi|@=#k;9z&SnEBJW8*MKp})O>1TIamcY=4vF6@B6bCXh7}X z$Kc-nll|F`>Cd(@=?={%F$Pz7GoB0gO0gADA2EDHGgE@lf`bse6ctEhV~rz_)Yyz)NB4(Qq{lm zR?wVMV<7sC@cgmb0b{vTYzM>1OZ!psYxUwCb(oh)?XLnT971}{jWqVuv&6ptLFuAi z3a8WfQ|aRPb4W<%ZBOqIQ78vHX?J~KQUNA{Ibbo6@T9S)wrunq z4)9)B*Hlxlz2PJRjl)194zJ?>W{B_7Jj9U{li<{ZO7|#?+^1mdr02|KJ@qP5X znQ^_Svp!JcyN-R5ue)tGy{qkc7=+$$aJ_TiWnpHqo&Htacr-WuRRbj?*GK5XOF!+r z=Cx#Shc&!3v}SJGqD6H}i{s~eWH%c>jWs>sQ%dh}ewyn$!`urBi{t6~)U(zK#yWgH zi!uHeoo9!2%+B;JKEC%c(`w`O;lL&Sp)V`F*LfAO2GEhmF5`h8&4qG!97E#`rqc~P zs^tg>$v$!jJWlRL9(smd;fNT8zeC|My&HJ=+R{i(un0-}J_a6FI1kyIJ;Pi~y*r;( z#z$j74;AoP&*Vky=`F6kIFI>u<07fEW8v|!Zs6f< za&rM5$HC*1&O`Mwbun+Zc4eyhxIlR7#c*?;A-Bcxs+ zEjf$Pk@MMPd^9HYZ~}Z@>1I9^HZIhfhli2y`A_F_c3pEzYcQ~)%Hwu?tMN&;$5HUv zpLQC2@yrI!YHbbNBu6p2^LDwzcqM)EXn5)DkHE_guj>krOEoYdXuR#=M0lLg4LsZi z9xcFwIY8+|=fMM{ehyzTW%2d?avMM;%Q6-|)1A-E+M?>i^AD3Fl$5kF+EwXAUCiI> zd%MY>^d~2g{|7yP-k+U;e=$1px|n6cC;P1#jEx$d$0TlAX?1r(aeTZiy{rrD1!J)n-# z2Mfrqyxs;%ViSXcG^oj8uC0*iCZ#=9y z1|HmNFFl|ecz8dedq)cWV-)_*q#YjSJSN40s41euE|q7JO}&W#`Z}KJY0Zm4} zQwzvfj2^swZ81JJ#8t_4|G4yG=VLd3y24|;bwtTI&Qy3@(TzM-8;@i;rom&8^9Xy5 zmKEjiyiRa3AtZTBhexCHnB2yWw&uDIWr`c$I-kYHC#kQq;j^@x`IK=_L}6@RM;%;O$e3_OsrnEjKxn`j~;7 z>+^DIhF{dXBYn*2yoPhrLm{b?neh60p4Xh_Ol#{h<0if6;LjaEX`Jr8^-@!`UffO| zGg*%f630L1BCF0|3qGtv{f&hFRv>z(>8|$`bkyS*8{{P0%6Z6k5EGst+eN&=F4KH= zbK{aKo$z0be{nsmHeO~XK@qdy^*-lyT}}PfRgFdSaoZ@d1=D^Beb0u^XyLDESn+(uaeA0B=&$`ApoJ2tD>|&=Mu)|~MgI1K|d~o;2eDPVjj_vVLtKZ~!=K|{YN+xiU zBNgg5unawZF}CDmiV7RFBcFg+ zGC8j;1$b4#Ygap7VKuPJye8SEl4QB&!K*g|=TKL5dKMtu>MWX<+ul~=l^i!;46nnT zSFENmU#x_79T2Tw_c1-w=$sF$!CYy~UGA?d%VV|DXXL^q$aa#;c2Q;tC;N6;2kXjX z_PCf_xD-BGHx2rZJycQc&-L7ENX$ApCc6wCH+KUMZ+8{klvD_vTl}b9z@@i357sV2 zYv7uEdmm(a6^Pzx)Gx?4Q<+wu?cdv@>+-)Hu7`7y$MU<|L;gDXs|E5%uy|I&?`3cf zw0~=I`I>1mO;b&COU9&?FW-HC-hTbj@8_>J-OyZf;R417zjNJ83LJxabpJ@}S7T4= zn$OK16Imtw;0LIWx148tmO(#vBIhj9DUH*)PFYq!MKL6G`ZQ@~kcR#=)sqE~G_l49 zij!&D&ojo3Q%;@JZTr5`?e0Y@CqtiHm`^#+Hd#_`ci2ENKG^xpsfgJp`CJa4^ShbP zm|>Ama=qt+@VVIe)L1(*o328xT|o3s<2KC_h}Bv9cBHm&6KQq=jae_Zyp>Me^XX_m z)`{u&?x?TTR=%V!x`OiQJPp}Q>YPk#Xb4@buP|{UyJSCB4WCarAMT$8KF}0n7v4A5 z+k{T`@1X`hIvXUEC-xK0s!P1K8n0xT7QpLE&Wkc7mcokS<$cDa<6>#ZIu{ngYoqfj z;vJ2^=67@PC{HWUqCu0)SlInNF(MNmu`-8MEEKgM>suo!+fIluE8*=BLMsIH+lu_w3~y}16f#w)4+CU^~T zUen`@Uov!s&x^)qe`RFh8u%RFO?=!R%^DpuKhT*FUx?2g>wN4zAH|gAb@E~;W_!ZZ zxyo0+VavwYjQ01RoO^~d?sLw+10+dHKMQUC9EiA2Isc4n593E9zS&Y@hGnE_|NLp( zZ(R7jbPPp!AJ_bxJaM0J;b&DbbKX_h7HIE;SKQ~DPJLJc5Tw&v!>4ctP}nkr`_EEl zJ^jzKc;UR9>`Y>+AyzH zi~}ba^nSl1SX($M$T*2~ai4Jh-GKY?8@xi8NZ!)fX~fKN^p=%ud~PKFUO(j#_W|dh z*GT4Z2G32&W-CdH38f~7JaiVpU}TBsI;os-pKt!0x}N+t11L--jq;dIj1SekHY>-$ z^{mGA=Mwi$okgDI*wj$a{ye9+zc+6eNgHC#C+qKdRJr3G-TX7dNgEQa<;N5?zzpMbCuKq^O|fQXsAb?PY&lhV1qidb1;bKeyUx>J++19tRtX>V_FZ);)NrXW-PyxX|PvoI}oh79@hU*kT_!sna*1+*%2Hl$Hm^W}{DE(@Qb zdSjrE=d?<%aqnbdy?zo})yJoZ`xCDWY0Kf2Z{MoZxF<4ipUFDCHKa+UZVPe#IV9;g z?sLpPLz}dlI|BW2IUUFSiiK%E8)#3;(Z)T8g=yCY+WdPR;{L(Hy1FOO9-YfK?gcFD zSHB!+B~-%zU(`e z-Kp;4p0~U_$u{vQ^u3_@7P01(-wEmUKFbO)DCD8`ANQu^&u}Z@H|4GHBx&TI{)Jfn z>4(I}5N`>24Iv-doeyY+Hc<0l_J!1L3ESV0S;lom?--UF?=h8{$xbG{S+Ygr1zVH8 z1BdF@Tph;!T!r5$`W8pd={{u-^61Nx+Yi_erO2 zP~EYR){eLOgt%WS9mdjp)pLxwK7n^T1phLaSoXsi-@4_U8bVB;ni@*1vuv6wR{yinKBk@!iO>3k4NEr zKby!`Z949=Nc+-ZD(O$YK)&*Q>xgBO_XIu~TgjisckW16anD3yU44Z#s>l07TD=E4 z)}wgG{SW!G(~`V5Kri3<_r&t8UkmAn(|*;bkIv~O?rq5TD@h$b6w>7T+PF6%@As0l z&q3Rtli{TARxZRn1L@p;1Kor3^B(0_rH@BQqqd<~ea$}+t8ITPo%-bY#82{lKJgEU zHBR3`%vdP(BjQ_#pCSHR;vW;QCw`Xro5Vk(j($)43%=_t%U=>7LHq(S@3~0n%#O2& zUm`w-_&3CyaU0I?;C+;--}0SyntGMEh4?k%4->ymyps5L#H)#S5L2hAKM+4)F=a?` zmQ)t@==qpb1s=Bqt@mQa(i8t#%Gv*=oc-66@oH&mGB}OTLx=}~34!K-aJJZZ(hni! zFl9xoGviMIM{^eNsPMbqZ7H8z&dkNf|BP2t@t%L)KgoWofx<3ilU*oQANeQZuyD{L zzC%lOqxHHHz8_D_1O8e0zhS}eYd&xize=9`JFC^c;=TWTKaLu5^UwoA9{G1n#e4XL zX%7yxrvy7vS>iqT{Ck6wW#PSS!N(p>tT`|5L(7&EA3;2dSYbgu@sa$hvb>+~dH)#i#}^(`4hwnY=dkg9dSTk*JJ81a;e}~WOwh_F#QW9xejwS; zj}Nq|)PxY9jO_89Tz8T#-fK?l-RdDE=gFr*uezT^EWafE97cR5-_<@ViHF&b5V zjWgo?)V%E{$86U^tGZlDESXgX%^jBaNUe~qXM=20kVB&@+4ykkBIjx3)6lwL96x}?c_vpLyejBmcufCTP>$+OzU-SJ~ ze4WDKDfylXJZiMHq)y{~z`}O1nmn|Y;p2dKFRySLyerU-545t=ct5W2`0(?AHkJB9 zh)>Abw{#ottrg~RZ=lc5b>qFU!gJCG0&RZ0^Jt$qSL!Q;5YoWc`u;x9#{O6J5bsr` znR&*LtcR~dE89^l+j)ps_O4j{@598bg@t%J@i+J$$E;H+r^c?+EuKuAp9jbLR%v>v z7?Se+Q^@1|pj(Yy;(e$5JSI7I`98Fgmop7=ek#txhJ=h&m&zmFN6Nn=GMUF?q?Pac zZjaOr@@+o|{594t%k`DYBisx+G_m}|GsGqI+Yx1XJE1}}hm}n$Bz^Ty zEsviO`}mmkkk=_ z=B(z7X=2$^UwoF=alFrv&e?ggeoCPizh1{s3w==0}1#x?!I>k(LO7=uT@rYb zdiFn@^>Z)-RD4NDTnmXFdbeg5_WpxF0+Uwt|;|_H7RUW55hh4YYsxR&XzP6g&-H z26`db05As30JUH_SPj;L&0rhY1^Ux4#)Da)7Ayy=!FsS6Yy-H1)BrFM%mIsm22*Rn zL*NOZbBmdZrUrm9Ulo|@ zOafJ)9^3%df``Bs5cXHm5e@(of%ZYwgB!q|U?X?}YzNwhv^Rtj3hDO+@3aEb%yQul zrdnUaA*c0Ahx7j~GmpY5l|BLhSI-O_=OY&I*pItdV zjkR@)I`@2<^LQPZXMkA$`So_$)Fhz57$U1alp!L0sMa3heH^+z#@grdUF$wa<;Fg0 zcCk(i-+yIXo~=y9_YA7vk9Cs2cc9{W(-o~g(`CVHb~_$X&xOarheNNm1(i=cqOS6^ zNglZ4u)d4SB~2{H4$^2G%lIsW;r#7CjQ#~wg885o+yvHwhrkx_BKV&Usw>}9vDKKX zzC5t*RN5Ow26OGu#=_nY2v-56ak``*NS@VJ=)AY&`D(N38ma}Lqj(2jY6lR#)42ZeHF^DKf@!35P3Dxm7P4e7*->1RdXv|d$c5L%cQOp+y3~=p z9-f8EJgC zVJ&l42b=j2Ly2dXj+ghmB zvtl2T##&>Lh}HI)b(gT#qcITeQDdMLXA(2?%1$Guxn$o@jQH#+i|6FV{asfxRyhx7 z?~vZbbbPz9OYBqLW&TfI{!WN7PyEIEF>pOZa{q@e*R? ziT$#^oyroSAKh=N2f8oSNW2Kddo|KQ^b7g5%%l!ZCl9U1F<#B;o|WIPQo7jA^Y<~6 z=_;XDolXwvPHUGgw%x+%rdztRL%P#*>7>Wl9`kZ0?T-5z)awaBkD`rjDnBMo(#{Ea z$32sxjqRf_?YuyHT<+ZfOZOuIp-F#^MF(I!m;tK6aRb&2OkMO`r zr^ct!S#oYrE`bPbF$#a#S5*4X&M(Q1tD0BMN5+?d(m0)dU&U`P0u5rH9TMwBV?Jd{ z6AH0Dw;%J35924v)S0o0m&5zto2(p3y`4lkDu%TNohXa@fGbJYjBIQ&VGeYo@kpS(81tt2~whrE^-%Q~4@OHJ{Y} z{Laq$A_QpXQwIcr82pQgg;Hp~;IdB3a1L)>O+BY#>2hcMg!6L0x5;?X7IR^Lc-`l` z=H@xcM-PJjCLnsJaedI{az47YF1!<@rg>SM-|n7_VIH9h3HtChAN5}N9jzzP9N)*& zBu*Q3L54r$VbeU80qbjPmFA*6qh{?jxDY1Rr@;$REEG(#jucFViu(G3B{T zd=$iEJwD-S@G|JdK)xJI1pC7Ojt10ref+n{M9}R>4?m=dO=bZkG=aHIH4R+wb>CJ# zi`K6v*L{6`>wtv4x5VUOEHdT2)`b`YNH+C_iWMY7$1$DD&b^=zlCp0>_7Ax1)9S7j zfnj|L>(5+;}FY( z?EoPU)|<&=Gp#ldoA_6~Cvr+l|U8Gc|a_kl!P1!BFW^;~cWJ^4GsKC6Gy zSeCV@tP06AHLHA-$JxaE#@u}Y^`!Z`_8VN-ZVn&otMK}$`YZV(mm}&movV+e9KL?7 z{z~iD^w-(R#G12TN?cA%1b@xfYr#Y?Jm>4atj0(v2YpUpo((EN6{rVUptCCO2i+CK z(%Z~>%hZPJ;oBkD{52FHt#2LH|LXZkw0=D~{!6aw6?|mWR8_g~O3=gUe^i zlkP4>u1!F+e*M2gHt+BJ{q4#1j`tzkcU(5xuaT_Z9mrSB;8bax?!QAuACvjJ-|!{5 zfQ^+t>oU%+xjJJ47GvkG3x7A;m>d_@FW}P$M~2CyQgeBO$->qt%j|Sn)mIAVaVt<7 zr*mB#o3M4CtEf*=Ude0i`;>8=o^N@3m}2kbnk0uzNcym5%AvDBLpdhRu4%qHDr|B~ zEL0}E@aCjWtr0n2Kga4-<9lvoAO0Qz-x9E$4b&}0!r)jzNVk_8N9vnT9;T1 ziuE1p%T#C4Z|CnfV%oWT!|+{kAm26T(|u@P^VVD~`q$2^o9o%qd>-nzqi@XLmsUTd zycK9$@Cs&m;PT{5o7R54vsA#QWA-*BBkX z>)v(y=gDH*PHX%Sg6!7EMOw@2%U(twkHmJD&aKJG41HYWAU7@=&A?7!4tNYDZUwIbojWxMj0dwoEm#g#0i9*F z8EgZ)K>tzLJeUDm!Ah_m?Cqfh1$bYx*p$IqO)i{)59667^POjNsFv=B)^y5OVmIy9 zs$+in^N5mm^?7XJgj8j&?sZL}7uZaFZQoaCK_A`qNA>Ube;&0=Pf29{ed=xi4ms4r z%$9Ro8XLm-pZ;!0^Nx)_uGFDC6x8=??xa4yZ+QOwn$XwXz;Ch4>73qr^V?FOKwla9 zc*W{2)Yp?&h}Cxv;k)|2p~NQ>tN*4S3VX`be;v* z^+?f`a_lHj4%RhGKhq67)Na)lW8LP*c*(Yi{9z8zNZaVm-E5x&sIA8O%8!*Ls@j4= zOK3}R|D|Z7-t#p6hi#67^R&-|IW%8}(2)-;Y|pJK(Re!*~`2732ff(Ka6f zTfmEIrzavi7z3t(`Jf5x4I$b7@3aCZ+sza7OKF^OFvSk*f0sfpTECuL|Ld;4-F;IO zp#56klgQS$gKV8?Zz`MQ^feImuL|@Hx$rO09O*pR@6VEu-Y^!{`-VtERm4aK}Pcb`^mH}=DN z=02XA=vpMZbA-m$kHJmW)n3_s4jw;P0c)$?(#tx`nL0%h1 z#~qc{w)=9;19YX5KU^x}ejw@EjcwK$kAs~7G3!62+6UHE9`2*cR5(JYl=v}q3S$EG zYk^0Hd$gVLQC=SBwZ(XOzbfCj-)_9mZ3_Mu- zD!s>f@GRUF7c|VSYth;Jof{8&d3=4QmkgX>Q;+Z&J1BjCPoX^8pLtHERqq%srrw=T zlkrKG37(}JosY`Y4Scp5ANL_D5IjpaIUkj0YGWI(O)siEKHr|9#YjT3Jf~vEoB1v1 zZIT$BUDw>ws>QAGqV04&UfzP zhP?frQ9d2((r30@aRu*qy}F8fUkxV*o;Q(hC(xe0ahBHoOEN91A8i?EQ) z)>j0d?``Ey(+%qfxd2^h#&x5%V!GKqKJ9(k#dcq7xEXJP00)ghoI&|NQm$=QuH^W%KjqT?FX=VKJ9QKlV}GtYokyrJDn{WiYptc9 zaURo`*0pd1fox(s^2~u=w0_<1Nz-lTntuEH_nkjmfU>por!Sj~*6f3fXVO>y#ATf1 z_n;PZNf)=8qGu&^!FqA&FPx9qa80^+6`AHkFIvCuy6E|?x`<=g-K#HKM=@P^eT~7X zDwK!6@elLy(i3Q0!6xvtJaQLgT!nnQfN1@?Y+b477IXE*JH*?X8{#I8-5*~UmT#5G zH%Lq@Fzzos&*h8niz}+0a{k|Vm{|la%%@7PbROZX2Wg?Ww&CkB%2;RdIUmd*c~2s& z$H15Mn3Hnrpc=P`Ug^x7@NxNc+;>@_>-a~~otaCgHJCUj%%9;&adP+Y%Soqx{ut7! z_!S}j(eS9q<-u=ZEmORy-w551;t_ zPc^@tZRvatC0lF!?HQoa*NFMTMUz}^78l||)}4j!;{J}ye?U=;M@Qt=%r;<3?a3-J)G@=$y( z_nkhFcpp%lkK}D5$%AFC>`;16muGVa9!c7hpdCxuopy`SN_Pq!X%D3?oc2%Qdf`3u z+|Ob^#W{g?DRgnnokrU+sJv<)3THq|eTB1ZsW0ws#l5PNi79({4-fl9!d{JYjBYOR zOs@CSLOJ0uEOQ`b9?VXX!Pts|&I6aMvW+8g{o|M_f{{mv#N03AQ10G?I z$h^R3G(2Kzohjaz(WUDlj&}>|VLoa5T7Anl;&?Q_Cn%}knn0UBLq3it3)k`DKszMJ zFoS&Km@t0^b_u_!O)D&cR{CuuKA5D0LHCyd!N-h7?BD?rS%@E)++F^6MQ`8{Cw9}oqS9o>&! zpV&im8>Rlg{a5wx^Nm&$mFAQS^gE@kIEGOFwqD-ZJzL7Gq{rKD%SVw<&JL>h9`nw> z(tb3fMj3jvIdgvf4$|V@u~;j|5kb&gNkJP*P4jZslO1dUr*luP2R`7 zB(q@jyqR(Rud}{G59GqZ$UD{Ly{@^gHKUW9I%lUUv-edq$T^lT zKWNgqlhw)Qc@J)KgK;!*E!7r)rli!N+<;SWjV+By?PdfR@!-zF@ zOZu}(R#5Uz&A|TWgI2Jz3vEGVaeXf5vw}6X@OdZxdK&}6pz3)Ixi=jbbAE#|?AQ-@ z-?J@n3qIXGrBZLg``?{+T(auam_xG1HLke#aGKf6;W-Ye)E}YwgY&RG!MnF+7uTnq zhmWDw8;|)39{&lCzBH6@X*LG{*VWfGWM((kW;$n=9eE9s;Sg}oxv&dfbs81 zjZ+(!G}UKXGezmn%jIW(u?CY1Z^7$h&TCFhOUreQ&9$*uUE-x@>=cH_DEwvpqxA2b z7x!W^^P1`#Ya+K|>dS3@z9vD0!7&Pd--g$Zo!5-I+RVHL-ge%(vt+%lyv@fplz&f3 zvdwE;qdtyym(`rQAO6C}$P~q?dr9Z)D47R?m%y7c zh50>0LuAl=x1wDh(GK!!J;^*yBaObpEBJh^r78VkcvQ);gKMhSFKSXus08cq)tkW6 z;6KXOEB3;TR5fvyZ8U1_3Q7o zw@bdbGyT7GE6yGJfA>i`XG=lrOCBCX-uW)CwsnLv7}!uw=!~CGxh1dj(s^DANnZZ| z&B7!ve4ii0T?{X;hiPgg1hp>@Ux(Lq&dbh~&^T-*a%oSPX#M)(cHd`U;=WI7&6SL^ z<2~Kv@9pp3b^iHV*OPou6^OQwe;-5AmuSAGrV#yB5H7Sq#!Xp`e<&XFxyu;yT*8>C z9E{A3n{++aYvHwD{0Ps8=HICu>!mQQeA%I_Yq`u(Z|R)AlQR379R4QEJ&z&Q{205> zhOr?rUy=1hptV7b`SR!K{#2O}%E3h1?<`OY^Z?{)un{}~wt@eRkZk{VngEPFbKyqp zZU7Y)%)h|?Z_)bo28`6VOa| z9z~qz;yh$)vX`iBmB%U}4up4!#> zpi#Th`yhRdUg=_)3a1-j>F^Vzn;O#XAdUJm`5OgjQaiEPKBqEw0h2%#SPb@sJx2q{ z_V4|v=AXI1T=;i`to>It>iN&G-$3cM0@3>QWcz=wu|RTtz|Vc&oo7amP3#ZXy29MB z95vcc;H-&HW)!#9AXnXStl?{8Zuf^nPO$zuZ$jc{)dNNam7_Feu~@B z(}oT|Ym$FEbN+QFj2L>oKM|_EBNAaqZVb`>{8ryvlE2P9PCo{#iSk(9hFfg=NfTd!P1!$9`vb_O{11)=|DPH9$gA2PMe2qJw#(yFprUe{@mPr&(ACrKQ`f{R)h86Y49@W#l*23j0dwoHCPH(g8%6t-Mh^XSEUgs zPc9sZP5l)&UBacr-b$t04n*tMi}nBhoR8X!_@IAlGr{My+jBae>)U|raE;03drtG| zSa*oq(L+1y>{wJbq2}MQFYq-Z`B?>xhdj`CmVVRqRMp6vXqME-33aCZN!L-tg(2x?M*tIH6EQmJD43Q3O>G;KZ&+bcu$DN(5Ep*+xz&-tt`|bFA zke~4PQ0VhI>~QlwTSODZg+lc&y?eNXI$MWBl%Gkpe{bVS`l&O%-`}(5_O?wK5R&{Z zh2JBE`LRS_96#Bc{9!Cd;j<-PW*)Hk5{h4Z?kxu)roy4J;9?Fyew#z$ib z5B~@sz4Ja?x+ueu%L_Bbmd9;7)=}XxgvK(5Cgw6xpM_~@i_jh$+JVeB>Lb5isd2G< zw*qBiyb;D9VVzPwTXUx5c@s0Z9?P0P+g~>4O@rxbR(_ljRM;;)lvrylYLD?ezzXt< z@8#RU@1ng*i=>2dFo%qqz)j#@@F>^{UIl&55Y@i$Uui&f;b)k(8e!5_ufZR`;rnSO zwL1hhPBuu>nfBr5rn=q6yz{o9HsRyhiP*r&JQ?8i?&mZRY&UQrU^`0c+y3=$*#by{Mz)9Da;HH!2_88GAX>{I;L( z>uc0O9+Pr9GCu7x+H=q|r`5GIHMWFjpX0~Q?SFB;veSI|(mB7C^n)6s(nR!Lw=83W zFlLo#@>>dS>rqBM;8w7yn{EDW!V$eseC<^R{dZDn z^KkBxtA=@>;(^qn;@gg}-z^?%@qOds?^?JK-5bZn_;HIz(3ti6TR0WPPg%T#g6aEY ziyvnGsqeQ~{9UWhH5MTZyNnflWVZW7xs^I88+o8zr*O16hCbFTyAuAY(UZPx6}D49zw^Z_!-lWzr$zE zp!oasrq9WY6GivP$uS;lK6Zr3b4IycxA;nSCE-@iO{g{l3ENWrFGX71Qgp zW*5&xBf9&n-j*5NY>S6jJk#WV_Jl}(z18O%Chwb8pAQ@T?RNcf)7LFlFDtCx##+72 zw0fIt`SheykvunZ<2uMigAL!UK2Np!{Fc?{JzUiFG!8-WGTNWw$E`kJvicilzt>qk zK5Tl(7{6=EW4fn?SZww5B(oajcfHGN@fwr2ZB)Geiv7OA>gk2S@%P@Qj}^x6Zt_xo zk1#t^%=x_`o@x5pVEJ8WphKsKi8w_>v2oB?1;$cO)KxI z7SA;OykO-_kBxLo#>9BC#fMq^APbL@`(}&pv3h;Y?Bcr?Pqz3$<3GX5*ETGsKg{AY z%pUq#{DPI|VT*^EUA<}Le$wKx7C*p(pX8Zs@no~N=S>ecT6~$sgH2Bptlb^P`liyq zWcBcf#Um`fg=@NAV=-z9-!o=^7n(gjY4!b9MZ7-P{Obz4KHKbZgW2f@ljri@k^Tj4 zZi>&Fmj4+;;`iBBFK-+ezu#r~&op};VfC`+)OdYfS&Wxi`yOTOYlD^hwUgp?#*KmB z10!QR%=G_^%X3)#y`R~~V3Y4Pv+uEHU)Pu&j5U4SXLfd>`IC&5yT;^rtvu$Nwsv@r z`Mt;KidFu>rmyEsPs6NSPno?8wBN5W{XA^`b&0jtTde&&V0wGf^fleey}|fgZ+3pF zwX-h(VW#()rjMRh?zGiQUn}qPR-TO2!vt$b zOI&ZIv0QCt2NxQjo>osI%-%MbK6{%!4>P`JSh;So^flvSeiKZew;TTrJ{~c>-eY?F zmX+t{mhbhJ?l$}V4Ab*u)AMxG#}d$S(!xsPC^oW{*J>PEnoM-xe{Pg(yVWzKVOpi5Ip1!89QD%Rao8H9OhM7OSV}{h~ZIrjKu#K1ZDr zf4|4%oM3u6qa^-5+w^mz>1UwT*AmlHjp^wvllyu5{$2Y%-Rkk@roT1jKku`4{F3#1 z8xD#5`kB40vHBcn?fM042j8-Ew_BXC^43^6>P(*xT6teFePyg1D@@P+UYX0Som^=8 zeb)5eW_lfE@{ch8ajMacHG4|$7v;Xt_lD_rgYkdU>f=cpZ#-{)WrMYs2QA+l zE&jR5n=Xm@-)Hsqnvc7zoKNGOlYkEZa`koQvjJ2DwW=}7f-2HmT>u;GJt}%c3 zb8GK+nOzQae`)1D%=Es&^!B`!|8}dtx6D4%17rTT_lxl;>kkH6Jzj3V&$RlT>Go{? z=LKs|z0E%kwt8D(a=c)6wZiPMuf+rE$(aOdAv`Q z`z4e6S=0Ya)5r5B$BkCcx0{~dvif}3_{=mtJYxEuZt-0w#{8eM`g+jxf1m09Zu|X7 ztB04YJat|VR{jart{#40%x{AEml~6Mh3VDzRGez<;OC~Vm(1TjV(}TK?^EsiWhTd) zR=$B&UzZvG3$4BNG(F5VyIp2>InVNIvvSA%Hq5iE{101xvrTVN;Svg*@a!fY4-mw1Saf@q?jdHB9ay@KxPg(!=rpfuZ z#SdC}mRNaSv3}%R7C&g^yWZ$;Haj@X+Z||1R-PT?oFg@O8a^GTdKW_TI%jBGHzppX7dEW9HVdZ(v>T{U+sq}HZ zQU@H+pF`fcw}K6oRo{>*&t_AVholB(Q@8Dx?%Au?0Y{XiN-ks{33-%NX0z2<_JZ8X zVrP#zsWf^xpjVGl&{tG)JL=BJ*cA+3PL3*RI-b-q?+&gLh`b5KE|AT zmG#ntNW6fmvMf@URrg1Pp{f4qbh=j${Z^9t=*{J+ZyzGYS$5seN|j}Yk|dq(+v5Oa zE=l$1RbEnArt9k|N#%<2tWxz#4TOp$DGDgbLYO!O{`^+bJN3~NFS_N@7_kZ0dt_7n zDoavhvZ=}vEV7dHGt#N@gL;*f%*2w=LA5j;(vzmw96qNivlzEdb}H9@*ib$XN>l-6 zfNJn6*aiBhp#>wsG%yFW0_}%h2R4DH!8Y(R*a@U2J)1flj0ZaVS?_jS4pxD+;C}EB zcnoX-FM=Il0CrpfCV?5C8q|Xuz^z~-cmiw%+kxJXNIj&=!9*|z%m<4>D_9BEflXjD zcp7X2J3$GyQw9cs@n9CH1x;W%xCyKRYr*~CF|Y+Z2VMj_fX?6@115ngPz`3G@k>E1 zSPpIi&w&@g4!}mS)BrFBOae1N6{rSF!42R}a4*;hbZ+Q&@G95^dL2NSK{*%+rhz$N zF<1$7_UC%A32X-2z{{Y7F+&*`1crn0U>3L()Pg3U^EFq2wcsJ}7|)Ut{;R=TAX zS6u0CR;fmVHLlr8O~2;n72K0rrAJ;5ax9&VX5jMGdF}tzaD(0#jf+*ah~3$H5VB44eej%pY^XB2Wuf zfsJ4gJPdY%ec&)S0ZxHuK*X545G)1lU;`Kd)8J9C1MCKS!2xgxJOPe_)8Gu4#Ts=! zr~|E_8>|C;UVve5=YCs)m1?#{Nm;#T0?O+#p4D1JwgJa+% zcnUlVs#ycg1&cr}XauXkTCfqwJCw%3Hn0=y0sFu~a1@*Xr$EH9)*P@9ECm_R4pxH= zU=tVt)8J9C1MCKS!2$3DI0NRhhOGmwpc||MeP9a6&HCHHF7OyQ0*--`;3@DdsOFe% z71#&{!8WiH>;e10L2wux1t-8Sw_kh>TpKNuQ7B?MWGHHPPdLhr9rgTub#zm}Wtw?Y zd$ze*^a?gv|55NzH_O|3M7N=-pgWDfq^`=mZo==f6u-;7-%L)P)zCZ);dfaiH>TZ} zdoVZYo(AjPGCE+-fmyy(Pt(fuOWD-^gtOl;X3yoAzRJD+K%pE`PdBCH?IxeMY*wCG zDb!DG)GhOiy3Ny*bSs+$?0zD!r@ zJk(|CD!bXe0c90_N&J6N1KKBCU(XCA`qko;ezn;5t3lT{wXdI{CKkImln?k7`mD;; z_aJd(aW}|ug6emU4Q?&ytK925KkEO9SbxLt)JQ%an^f-g^9BEM+_9J^5~uDd)>paL z-&}~h-A-S|5r2az<*~6qIkm|Lu{w)mkHyie%iPSSZUP1|3&d>vHaXRLhsjy*^{DjXRGzefRRKl6)!WZ5VTx__3;+ zW0}QKesprnM80=ygikQ~m%#^RQXOv_wEa`gc8oGV~`vtEsl7XWZ+w6 zUbn5FdoV>;WnMQJ+ZJ)|Bk5OVUN`95k2u|RTPB$pEWaxAy1|&gkYl#RQL(PdyervdE&KWYKku{xMw~s9o6x+bQ&9*Ppj?Ncu+4Y^SVKQmE%SF_m=+2so|+D zyxb|UQBG|((_by-8aW1B9F@*>D);)#U#5S|>DxO$3-zROug^lk`rU4h6griexP!vpKYQKE%)i{b@~-< zWDMF`b=606(AMI6E@StAe(oi12bFvMU|bUURl)iXS4B2g`E^Hg5SwDNAZ317;OB>a zYRCG9%rOhx{IG6fY;*BgshrkZf6&LDjBVC$>Ax>OFcsuUIkg!G$}Q)o7DPR--;x`d zL_IEp%DsNj#}AazSGm^@`uIZTi3Jf4nDaf3p)U6dw>S;uyiL%@4>_CCxKp{;55{|` z*A=d=Hn_<&>@O>PJ7lRRi=l%BeK(n!zRI2dY<*BiHI&)=?;RVPiu12>uTLG>xU|jb z>&suvx5~V3P(N}Ga7EOW8P+QcKbU8wFF!wJjCj5uBU?{T`tA5yeFrJRFdjfOjl)Imp*D^ft2&gXx&I|lt<75-zr!A9PML$;4!B!>)wu$hjRKIElWc= zZxgJCq+C}s$DcWi>Ceq3JVybW_jSl%lW>q9B;mAz9#K*LmB_ddH+F~A8|It^EN@A8fl-|i8fQ2>bBAjRzJH^bXDecsec=*&p2K8fky41{;4C&kMhng+Z5F6 z2yLz9F74OK`LwXHd>wN(#r;}kUN?w$nOkNj+E`^?H<)jvo-c{o~!_#qEryTF?D50%O4(*c_EVYnAL#B*(N&r1${Nw? z7pEnDRpxbr_2FQOuFAYFeaPBbuEA>k=!0ZdCo1>)K|ji{MyYn^affe)6r=>PXHO^F;9E$~FAEer(IcKz=3PI1^FOcU9N>U|nZ*eA@Xy*}u=)>R9Do zKUdI~Yt_|JslLj+eh^QGoWA>jt*eZ%T*`SH;>lvLmh%dRzH1mEnGgRsIFt*Dp&o6AQlcg{WavQ(B>-h zxmT@IdZK%p{p{l8^p}s6kU~hU1G-SxtnY7_;uGm!n#wr*C$>~e{UImm3w{4 zX!>$}Kh3|&y?$`KGw$@;HA7O3E^WQWrJS?LHU_bDqD&ep_h}GI*3VbXl{^J$xcq7w z%K0>c_}k}fO6y7GJ`Li}`nud_P#twMDHZyS%DgUdXS#CFK~h&`UN?xh!55b5s?6)U zeyZo=S>WPV=D6Z~sNCxZF(>ySr0J_%^&5#fYuj1#)Ad#E^@F&R`w|$#+{4K>-l@#% z261;RMOS5BH;B8|t6V}!w@NeXc#sTHL4KZal z)mN9dQO?^0u{GjsN{@e4?)8JYX#N6MKVvepB(HTU=WXb(w*Gv?+pOcGp;KGUs!#{Y zd%GZJ>K1BRW?^-va<3o6%n_%5Cs#@H6TK5-4{YEJxY;P@ZHNKuAC1>Y8V}`0?%yyL z>Z{!A69-n7-A@12e8jmkuPG(k#_`^cRx`U<+&@7)7p>iK8|P1XXP0dZ;$zy`#b&X- z%6&TMTRIyTx$?-hB=^O3dnc;ZgYw>vxU%>@?CfNXS;&*hRJVzkvVK;}Jr&i_t429- z&WX!GXJr1B^ESkl)wA56Q62SfVa-#duX3+XY*{(ZIQ`+tuF1)+5k3i_IV-pUeK$9#{@ybBD);(9jLo^u<$rL{)pDVJRqpkPF*`1) zT_XDJOC_D0uZ!Yzl=C*ko7prj6C2LsyUHlGQO?^0bJ%WY!@4n1 z=PFlyxdvltRNo+JXut6$aru?=HpH9Rj5{0BC`_%fjdI>5n9oi)o8s%-D)YL;nT;2# zZj?L~>#EG_5?dDgk2ziP;yb;K6)N}o#FX`uIkn<@&E%RE~{g^Zto1>wj|2Jn3I$-hVKk$hCnvQTjE5Id%;r zm`~(9q`%dwu%0jRR{ha%FIf6|s^LgkdsHM|o$LZKCXE_jrmO z%@o@y@9ij)#Zuk#B)vGfSYPEnf5cL(PbFV2=dvb?ug%msxz`V3XrGh258O*}B<$ie zl=C*kkhRJDizN+C69l>{Q{5c#W4hBRx+?R!!Mr5TJZSrso=;cK+XVAc_a$Oed_G-e zUYB{v`rl(tH~rd-a^5D0AF7A<;1*v8QJK@tHjsZ?|2*Y%OI~1#MxjnsM{Qe(JloEh+YE7Q<=O9SyYun;`hz-9&f74)S^gGL2iHgI?G68NKUBHb59U@$ z`$f_E@mz48RAo*#GZ6IILr%AQ_`x6_DpTD-`mE)BBl&odzfQn=!|%r=&Wm#1hL*Lw zOS(%V`_Mr_U*$gUiLr2Ag|Tp+9}Am0<|X=~$}~T@VBD1JV)G(*Juc3>%DgW1 zZZWzmMOS5BH&N%y6M2v_F8BG(2C;d-$%|u0Wm+E`7R2?pkUT7>|Bv6{?&^s1ta7hU zU08h|ETgY-uTOoLzFZGk9(m{F%jN}@d;MUpea7kgc_fi1<-AQ0!@C%(motCfpD#^E zId2oJ`B;o#Q}oWmIB&{%8~To&znAM6%cJ(&a})P#LLHOpAn#7xQmcjXsjm8v`yec~ zS25N~UQ1mRY*ojnpDVgSDUXF1^eE^=ft_^pAzn`rPR76sO1vDVm+~-j2GpSde_K zOzGb%egCcx*11DYS8vqeXWVWo*E*;l6uG~@xQzZ2PVV*dg}h`a!^)^DKQdDAtun70 zjBh(rbXBIh;k5=SWUGFpA?NzqlA^P3rHp+P$%5MEwo_Vcu>w>PaEnIT6a;x0y z2eEj<>AU+Y++{hbFNzx5DevsE4aB0QBhSieI(jwF(owljC(u6->$}sNv453&{anHS zBG!ZIe~tT+hxu2z*Y7Xrw{p!>>#A5^J5 z$WOQzhf?kSFLxKMjz^AH=U3M zH!KI^j>=Rw8?2QEo$iK-t#{_R1tI?+$;S1roVN+$_^7kd54~94RpxbrINr;3(W6Si!pmMJt#MZVs;ya%6=oN)>D(7sn4OD>T z=d`ntX|kZJGVh-_v^LtwHBZ;BEayYtD);(949auLRsOtRsIPLbPYjy>T~6N}=eZQD z-c|1Pi6xsq30dAOE7yYEsd5QfTD?#X<(*x&ncA>2i+onfcs|RI=PijeYBUY^Or0b` zbH@EgeAW1Qw|THQjT=+axY6rog1&zMA2&v&*GN>Z`Onbzt)3*!>$rYlXNatxRIc^3 zIT+I)ar*k6V^TQ@Q$X4e}xDs!J2cc`Ea|!I&ZWSi&)u z`@kZQ~X>`S7Qj}8X5s-w2eK|Akow#6S1wDgqo=>_w`KKjNIncD*Y zD)YL*yddAhOX{l3>jv|}{uEu6d0qNX*j9Ck`9|ue&W|l}&!3GIb(FD=`s9p~`w*9v zPvz=6OPtv?2w9KUNqwe$P%9|2>Z!flk8bfT@1BwLip>k{sJu^iuu!IHXQv;zvOKEH z>(Xx4=2F&-)aIrL%*EE~xmu4sJowOq);{K_;w+q&l z;_qq~>%|`o3DdjU#)!b~(bz8d&_|G-@-Dqhf3Uth?Q}}7YpC4o=L%!dM%w#o=IC+z z_(qV1a^8kM71saFQTj&^!gAeg^`AHgb#a+zz%KUsjl__hN7ze#E{@Lq8L-%gG|tbl z$ur&$&CXU)9ejB^dh2VVu?O#ts@yw2PA!o>9YrTu6WVq)Kdy0q{NRwuo_kJzi7)wO zf2;K6?xSh)d)%$Lc}K*6luoz!PRA~ulFV8ykI)YwzxO z)-Scz=chJhqqg3jrc9>G_x8$V`L$?B5@0(D@j+q_tU4&Nxk5lS-lunWo03bL@{Vi{>yE$~K4glyc6>pQW6X(5jczS{u3>J9=aR z!dAI_uX5jM6}=%KX-&^g>HA@w7Nu1heXUVvQ+Gpmvvu0a>1X0`#$x?Q+Bj1oeSgJN zMwwjH+uP96(jk}W-Bvm6Y#fiP(U!7rJ6nH}vU472DmTg{>P&BUroJho)qIwE?snha zmQ2<7ezf`=%6VIUl#@-IUZPQ(x-vao4c%6>v!qvBGWQ)hhjtCpD{a_@sJSEC+S}98 zEyXxX`YrAqe4=;U%6krVyLPyLA~&&>($;r2bhI^h`6#X2j_ab;eq6A+Z9Rvw%0+V$ z%62q%HFwnOilTBl^(A#$dk%4_>6BJyHfn5b=xOe5J*V;ZuIP|-P_{Ebe(p+L%LL;P zef7@#>$l`5r=m<(XJcDeFDpphDwne%s`c~8N#Ay}&Y`dRr|_xL&hEB`ws@gYIj!5= z+bLbHd|C&8oHoAt8%E_6jJu#DK@s(K)OQdO8WNS$SsBT_C$en^Qh&43#&Iq)Q*BYU zH`Cji>FyAH*(&>96OD^QHk%8Nq|LkCYsGb@t)sOm)70zqEBozq@5>ZL$-5-6H?3dy zOi#(p(Ss{-@29!R;J2e?ww;U`8ylLt8yn7LUTAmk@07IXldzHjXSc~ z>K+^5Ts~JpT3fm@_4V0vio;jLV}PykhtB3dHS{}LD3cu0xvg@UZja2B!FaQN=F%4y!=-mNN%a~NBt9;eg#blmsi1@Yv{!q1@V^<+9*I-9z5>Nrb0 z-Ra)hDrw94Qb~JP+S*c1hP`TPcqHm>Xl-q1$@+p-E>}l9j_$*+_}-XSF7v%oULjNb z-Z-}u;f|V#s58^h+?FDr-+gbfDckkbod|0`r z(~e;Z{!>a8WjkBiIy-xG(yd&c)~H=7k8MAYpVMh=Bsbwm1T&S_XFKIHIBu)#`;~5e zFN(W>_?~rn%9?a7PeV-Tr)GP4n>#w&dOF2Mw#xqNO4?#qT3r?V2mLtHS>M>(+Hg*7 zesjFOv~liW+MKPo7&o`IG;}o8pUc?Xt&olt&dLlwVND+OIsgLo8#6G}`;%x>8*oU9BB0SwBUerM_0jbM&($A^AU;))vk; zuTXKV(c0FLsc$>CxpI|z@3rK9m9L*u>HhCs%e!u(p0>8ut|qzN!EKe}U_(5w*zwQC zw7MtH;=8n^8=`ueI-70c4DGq3cT>CuvtzwoX?;r`Zt|x;8gSo~)x+i$pIQ0Cs_1T) z&>TxJ*h}4uoXfE#n{d|v9@i|{gsTOylLk0JMm z_(dAx^8hGk_c&a+vLC5nC+kvws*qoWP15@rD3_OuQP@;akAI0>o_~0}pkx#79sE>(NX^4(S?#txS#Tm#Y3ndTs>nCum3OEgd2w|*O%T1 zC$CPHO>}LO-|vB2VS->^6-^Aw`|PjuvWp^ppN{+~c3*=l*Y4kfTkGw@o!H&Xm{t=C z{cqu30kEN7CnAaCQkZ$=w6T|87fin=9CjRp6#8`20<{Y?<`-SFrnZ1-nyl zHD`vh=MK1mGTe{gC`PK?zrvNPmtF=|nkm)pl@++V;L63jd_SgK8Qun0u0D6cl^Z8M zTER}fQN#bKWjIv9?kjM2ma%&YnY8t1vK{V%D>o+J2gmCRQuDG6uH0HmzLit1Pka!r zT-*Lh1@2RDHj32r*JkdB{}(alGT~DmD#O;v$jogJr%gu20pEyn$HP1D_@eE zg0r<$l6xt;s2V0VRGo1CaB)1LD%9rHcU%~D%xEE@2aen1b$>*O}u={KUyRX9i zvGTbNRf1vK;3i;H;m}J>pIB`35+O=r*b^-h|r@cbk_axxWk2OL8aS_}^{jTmGnu zmd^WUh`dtFJxgO+(t9;0HR?QP_VTB2Z-JBh0%c2b?}f9vPIB@MGOM#B_t^?|^1ZTh zKEGFiyNHR{Vl0`SyjScNEka2dTHq|+aUX9|_C7d^za%$Mfx8dR%FfSt!{;RrA$X0K zBz^vE;L~DTR3$IRD{$X}Gkx2uU2aOg*Jky3RaDK9zHZ|4GL&tNVr?v}a5uqO*^``n z^Q|1$0%v_UY4;{LJ8n#JpMkUEjwC1Fi?j1!Np2y67RfZ5l~aC88Sa2vDSxmPbNPGa zTlRxW!A<&KYWI(DRGZsu43a;@=a1oR3`lZSBx0N$Cz;*la5lyjbN$ha;BF8_wriq( z%d$(a1J2ejwii9g%iU$UrSrDH@xR-yji!eEPiMCs!p0*${T6TH^L=o<63cB#?lTqa zzEpub4rl8SYez}I)hC?I9j0U42dH4{XG!iO6}XSVSvw@{{sPY0A<2Cau0|4POLE_V zvv^H%{{m-qmE^9Xv2C1Aa?9YZ)8tCh>xHW+!)=DM^<2{DC>;O0Ey?{h1fi75$vgBY zMk;pzj&7gIeHqUBWiq`d;cOgCazCtKcNq?EEt6gkob}J7Px)q|wULc$;zs(}LvX)d z#;1Hwv0OgC3Ae=CS-SG4_^eop5h~yV=WX{9bm#{V80n zm(}>a?5d&zoBjdL%3RDv(U0IPZm%n{qpsns3`y=P9NzBrlUzSsIiI6&)?bS4rgHL) z`hwkezhK#^;>X+JEHBnKgct5ZaJCLfa(@Izw|Co;qBYpo$tSa*FiSu_WH3C_kW zI}Q{llHS*X^pe~+1D{FmNjN*Uv-OYp{65^R@&{XzyOF@6Dcojrmi$o_4UKidS)acl zDz3A20cU+*?V{+la5mpszcKFhaMlhtiO_FS_BX;=y(GD}!P!`sCuYYILsPnMU2gs(%br)-j;=f-Dx1k<&+Y3-s<3z-*Lg2y-grK-Ih#5DGTQ2L>gWpA zj`L`nD;XcJV(eMK8toe9VhL~WTFOX$1FMQ!dg^j!<~r_TSV_cY z@c)bcuaoi`a-6sgae~QkOLY{D(g5#=yY*t8MMK}v?dwJA<_GZapCN3i`Fz7By;BQwZ%Ah%;5q79wrp(FSb+_l&X{u14#q$AjlKY^?r25#+hcVBnh z%RR+?4~w@^QXOk|3GkI|3 zLiq6yhRn#7-IF;ZV;^ZVvJD$4exT1kU2)zH-5r(gNv9dP@;6n_$TlpOFAfiX&d62# ze8!Bd{gWdzvJDFnH;z4RIU|pDkLyf^KX+F$&)>)(?yIzLqwlZyM zHKTmECzfVp89c*0Bm1~c(;g<7k;kyl*pORz5_v{0lQ*T$$Vr$lI*@;2Ph7G6?CGC9 z&GLiwm;EC@*ktji+l?&R?6-0k@ZX&)vsG{V&hmAV{^#zkziI0WmfZH)_r1OL;G4eP zcw{!mb21dI8QnY<-7?CPd6UsCtZ;4_;v4VziT;tXf%{b;U-X^4g#}W-d?_M#mIcxf z&t^^WEvvo(dFg}Hg!4L6C;n-AJf63!!o!tX626zHW9NBgFz`CyKZBW%ACbS1c^+{O z!&4Ei8S)dq5Z@2TOT~vTtaGw#HFF{JEN;UE(}ik9{L;ns!R-s2-w}O4`T~39jVErU zcL6J4LZ3Xoz!~L>_VT6g^Y%J9IUt{(kumE*c|EN>O?Hc z6TyA>^0Dqj?kV8&b-tNLelI{ChuqV>7s3(K#h`zb_k7Fdr=Ih56W4#vUK2BU;p+cB z9(&!wW3T6%$q}aR3sC(d`V{5`@H9Gh0h~zOxTFW1Pw%3jVxua+Ddo33PrL~9 z!S&HW4k9}Z9tTJ8wI9FR;WxnV;CDN|j=*h#JBjQNzYp+xH=VSO-^YGcpTBuAvc=#f zpaxtAmH@i5d;iP7vi}))4n)YSz(qjLRm(d><+;sE!1IB`$ZT*axD3nza(&?i;0iDo z%mXh3R|0w8$5r5JumCIs*MMumi@+kVoMh!1p5$4s_sI1Uxz-}rG31IwJ!k-ppb0bs zLdnIN#IwY#j0+Nz63;SrNIXjn%Qzr0EaSj@An__=fyCcJAmfq5wu~nd+Y+BL7Rk6$ z1Fi#0!1Z7$SO#tYHv;J|H-Q$=3fh2Nr~Vbt4ybx4?e{zYVs5-vMt0Zv)%G+rjUGcYqz>o#0*I_rOl@`{3Q+Jzy7jFZcuS zKCm0SAN(iq0k8*r5d0zd5O@rH7<>eL6zm0m1pXNO3D^fd2L2TM8Q2d#4n6@s2@Zfy zfj?|@U_ zpTKv)_rO!&```!QX>c0+5d1Uv5qJjt82lgb6Ywnfzu;fMPeIyteHAeTmVsYx|Nd&= F-vD!C?2G^a diff --git a/src/SimpleSocialAuth.Mvc4/bin/Debug/HtmlTags.xml b/src/SimpleSocialAuth.Mvc4/bin/Debug/HtmlTags.xml deleted file mode 100644 index 0124f98..0000000 --- a/src/SimpleSocialAuth.Mvc4/bin/Debug/HtmlTags.xml +++ /dev/null @@ -1,195 +0,0 @@ - - - - HtmlTags - - - - - Inserts a sibling tag immediately after the current tag. Any existing sibling will follow the inserted tag. - - The tag to add as a sibling - The original tag - - - - Returns the sibling tag that immediately follows the current tag. Same as . - - - - - - Creates nested child tags and returns the innermost tag. Use if you want to return the parent tag. - - One or more HTML element names separated by a / or > - The innermost tag that was newly added - - - - Creates nested child tags and returns the innermost tag after running on it. Use if you want to return the parent tag. - - One or more HTML element names separated by a / or > - Modifications to perform on the newly added innermost tag - The innermost tag that was newly added - - - - Creates a tag of and adds it as a child. Returns the created child tag. - - The type of to create - The created child tag - - - - Adds the given tag as the last child of the parent, and returns the parent. - - The tag to add as a child of the parent. - The parent tag - - - - Creates nested child tags and returns the tag on which the method was called. Use if you want to return the innermost tag. - - One or more HTML element names separated by a / or > - The instance on which the method was called (the parent of the new tags) - - - - Creates nested child tags, runs on the innermost tag, and returns the tag on which the method was called. Use if you want to return the innermost tag. - - - - The parent tag - - - - Adds all tags from as children of the current tag. Returns the parent tag. - - The source of tags to add as children. - The parent tag - - - - Adds a sequence of tags as children of the current tag. Returns the parent tag. - - A sequence of tags to add as children. - The parent tag - - - - Stores a value in an HTML5 custom data attribute - - The name of the data attribute. Will have "data-" prepended when rendered. - The value to store. Non-string values will be JSON - The calling tag. - - - - Modifies an existing reference value stored in an HTML5 custom data - - The type of the data stored in the given location - The name of the data storage location - The action to perform on the currently stored value - The calling tag. - - - - Returns the value stored in HTML5 custom data - - The name of the data storage location - The calling tag. - - - - Stores multiple JSON-encoded key/value pairs in a the "data-__" attribute. Useful when used with the jquery.metadata plugin - - The name of the stored value - The value to store - You need to configure the the jquery.metadata plugin to read from the data-__ attribute. - Add the following line after you have loaded jquery.metadata.js, but before you use its metadata() method: - - if ($.metadata) { - $.metadata.setType('attr', 'data-__'); - } - - - The calling tag. - - - - Modifies an existing reference value stored in MetaData - - The type of the stored value - The name of the stored value - The action to perform on the currently stored value - The calling tag. - - - - Returns the MetaData value stored for a given key. - - The name of the stored value - The calling tag. - - - - Adds one or more classes (separated by spaces) to the tag - - Valid CSS class name, JSON object, JSON array, or multiple valid CSS class names separated by spaces - The tag for method chaining - One or more CSS class names were invalid (contained invalid characters) - - - - Parses a string which contains class name or multiple class names. - - A string which contains class(-es) - The list of classes - - - - Specify that the tag should render only its children and not itself. - Used for declaring container/placeholder tags that should not affect the final markup. - - - - - - Get whether or not to render the tag itself or just the children of the tag. - - - - - - The sibling tag that immediately follows the current tag. - Setting this value will remove any existing value. Use if you wish to insert a new sibling before any existing sibling. - - - - - Will always need to implement an Equals and GetHashCode in order for this thing to work - - - - - Allows you to use function names (via ) in the value of a property, which is against the JSON spec - - - - - - - HtmlTag that *only outputs the literal html put into it in the - constructor function - - - - - Adds a LiteralTag to the Children collection - - - - - - - diff --git a/src/SimpleSocialAuth.Mvc4/bin/Debug/Newtonsoft.Json.dll b/src/SimpleSocialAuth.Mvc4/bin/Debug/Newtonsoft.Json.dll deleted file mode 100644 index c07a3b2e4d44dcf2b890fdc3b6e7845d9fdb1fb6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 377856 zcmbTf2Y?($mB&5XJ<~JO8?>{#n%P~2m1Ik9PgqM@W3MG+3yiY?0|q1~Y-0?LZDu44 zTCb4FK_>vl;`{wybgLS3mUpm*o6hE|=%|$3JqpkKpQWi~Sz@XE)J9Qy&}3eW3i+)gS3Q=c}vFd(xGi zRoA!UC$=xWcGcrAz3#er`>M;Hu&TY|x>Z+Rx9TAef7GgLG5FUxoi(++1$h{GQ`m0P$~stAbn(`0m{S z<=XOWq3VCnO@aO{hlIeD*{dj=Jo61h{a-YD>{B5DSrrS@rCI(Tw8j@&z_5i#G zTXg2)acL+w?F>bo13e@`K!hq@4a^ADdBwdx7*IV^go{VAA4UjynNftd%yM0-~9UW zqXswp+i?$=ddDwM*>!gH+B?2>^}V?dK6HBi!rXgKn%VN3(eFR&hR3e-=1`n`eU0bO zo98iJbY(6VdbNmB1VAZSzP{0$lN(<}R5x(70uT252q6aRaErM0TyEL=LhddaNnb8k z@s%VP9j%Pkww*eHB<6s=o=0MQy~1R31;`)6-3R=)JPO}K_(8bYX9IBxKL&U9L_GfX zkZK4Wb3uG9S;g1DRS>t8>saH_l`%oXeuq+wUmz5*6ki9}E5^^0e~zE+?}y_gJWqIJ z>Hei_C`@H(M4JjgRaz?}L}OC7?zm^5GS(~-grV?9E{|$_J%PHv9dUXC4p!>1Rvj$G zH$Z5#+BmaPjh_teXx?E}Ouh+cBYs2~!l=VfIl8qBL$!pVnq#PvH)hJUt%DFUhTa83 zRT!!slp(6g8!aSx6|B%M4;ofza)WC_3KAqI8Hcn(NKfG>MJgsp#SA4%7RFC?NQ26* z2REhj|FmT2#XsFQeSCeyHb)o6buwAdXRiEVC4LVFb& z9q=ORBB;&uj|@aqYdAX47;&)inKG~&4OSVbMmOiFh5p77Y5EzZ9~>EsU@^qmg%iEd zkP@c)7nFafGUQ5zZC*CIB*9toqAN|5F6fjYjf$TR$+V=ymElbCN`g~KafT$l5w9{5 zKZEi(OlfEeFclq7G-5o_h>`eNi;)dr$P)?jgcEohIbGkT8D4Mo>l*4FOurZX3T^A` zhS#0-K8(1R+m*ZQUS}%3+_JvMJh=}o!CWr!qnp5LjyUEC!mHCH&(B9#j6{)=HbI)v z^+As2C(~W=n^$;qA!emD?5&cuxcS2ra9)tSh1XB-qUq)RsvkcS!VbBrGKTA1mI){y zKO0!xVaLzG-?a%Q@)5tbwNBoi6#~Oi$+!Gkqi>}744)_QT+4GJ&z2;7J??uJJwF3qu>S{l_U(8Qdo|gg7^o$UW@U*PsDavG z*(;efGIP4sf@X1$b+C1?Sl-$Xt~K+2rI|0GnJ;n8yja`X9~5QKf+E@_yEB@f94%Bw z15An;o8iW>sGAv^Vx>^qI$Ed{yh>npB|_jq0x7!8i4H&tNMjj(jtqy%aM)#-P{>yb zmMNL2IoBuaEBWVdcMU(=?nld&Ql;GTtBnDxqe?k`E|nD1#4rXj5s6u#wt|QPm=R3v zM7>t88ey|dVbWf=AE{=CEm&6Rf6 z3{(aki2+CAel-u&)!Ij#JK?Qq`}kh&K@+ZhY^-+ZUBcbc;W{1dlEfXCs}9#ZM8K&7 zmt9fH473E9vxlT-3ATha|PPyoZR;izg((&HS_my&Ee; z%)L-CdI67v~1^oEME&~y(e<~T#ROeLz-el(`M9!-i-o(5F?A7Ka zR)#!SKL#+P*n@Y$H^Z5V7ab2Q%Y9N(e_lmR3gOs}Ukc%ozWqzZ{z#w0D284zFFw2* zC3I&nALGU74KiYUAn0I;?p`&wp^PW3xb@!LQX*Rs49erR$-r4_mu$}(nt)mBXr6v* zCki3nUk~r-T(+*N8%}mShKSgT-mAyjHWQa)@*t5fgRjPDn%t_{6){_)hAR={ER|=V zNS~|npom_#JVmc+3f`KYItU|7f*uX1_mp)LSc92kP|E^nK##g4Q5|)R^&3Cz# z>t6d&eQEt#)7tY@6e*L493`L2kPkMy;*DqJQ%>YV>z4;eS4u>uc8{cFC@in3%FIAQK~_0|j&GqE z<~py2$Y7)6FxBxa+jc6ZB=;B|D%57ImBQ4}^kkz|c2wMm^ED)lZxIW}mE+gqGEknX zFzglc7200=ZHJauqB+m@+W#j+Ya?C3i~05`-eCkTd5(5GUjnCRr~ zBy5g(D}x^0AfeWNZLh>?DjDtSO2$-DIY}k|yN9o`ELKU$XB7F+kyJ2K_t9Qurw(YZ z2a(SQoP1Vf<+EM#QAAcg3ftsik$jX#MNJn-b8}ts5jN` z`is2F2ZK>`MNLgN9eCJWgP2Cu5S~d7N{O-Knn;?m1s#`n`_cKsYDND@A<3tJS{&Ap z`?MQmY=3l%PA{ZEwJkRTOf1*HLd&I^wVG+aT@1Zh{GXOub*uO0@lF&D>%(BhZxPn2 z1z0Zjn_U`SEo%yEi`#hB#uZ);v+KryCilsiq8G1)qjjzxY#i7ecjJK2MK#Oxvl{7a z{O>voL}MmZ#)V$)`_N)IR$(lP>BxKed2})FhXK>B3UR28EkjP>p2c$`&*KmA97EhJ z&x0~JbsC%v`Dzi(mELZd3yvqjsj>@Cq~XB`65ve@rJf~;XWU`hcqMP6fO+If7vx2B zctI;aHPGl=>5y#1h{$OBer^XYm75*^j!zF|20jxrTV3czs?!Y*TO$rqHKQ~yc-=wP z&MBZ_{!P?st6yUwS)yWN2-x$1)wX6584rcr>A1+0vFs7>8nRG#B5p9f#%up1RczlX zJ=oLIh~w87kEFLeuzYTO{5WVb0Eec^9|rx!Q}ck9@pwF;i_SIH&}pg;>I~+bI~As$ zfyC23yO1=mB!8_xxcrf!mxEiUD`Bu=+o|-#mW8re{D_70N#h!5chz(bMNH|SW&Wb{ zDPBIugvRjD#;L&`q6h~(ji6Q^uTRiqhJ%D}C%sHxy2h);Onrj-!`!rwzRqvb7ETuI zd~b!7oOW-zKW4hG8RD^$lxBwJ0WgyS%maV{lfy7i-SeyC(HSD@yl2XLj~A`R_1ljW ze@jAo0>ATCDrKI5bl&T{OavUb@31vHDqxP-wjs8p9LFcYeKS zMi=4@14iwceo2TwY=b2}<*S;>TK1X;D^S$h7J81PML+Wb(J;SyBdj{6^ z!ntBS*GI$F-%U5=20n?&dVv?Ie!U1q59omABf zAU#-kGh-E3i7QPeCVJgYSTs#Cj$4mLi4a#Z-b53v!#7f#Ra#9FnHX&x*H)D)XXV zew0h~duCrQSMADxRkYw#nupczgK;0i^GKfk8CP(@@+8eZvws2T%s|s0Z}io|G%(rd zo9L(N9)Ku{R*?f<$ttq6pdzdEQFCgM(fMFXlr*>eV7cX0>*YDC>}{j@@*EuGEBRwu z<+&~RCTEs<5&bR-wlMXi11G{ylg*szMccq`GGIAUf_77_=&`_DhQzqsqAP&8OeUuD zQ$r1;&!$ABU?ov~Ue_hy)JnsToW@J%;OfttGvj5y@jIz)RxsX$1^8FxrXOOj_=Hi4qT*>jY>s>n9a|ly%5tiC7JHoaZPW3~=sh zo}E0;#rJNKbF>p0&eYeSzwXz$3fa+hlzTEG*T6B)6d}48Zqtrc5?M!gOq#&j z8H3P@-%3}RGs5+Y+f10HZR-p88^t8Vvaw|A7%r9Lk3&&f-Rf@-lvp+Y1mT^`J$oNS75aq`SJ3uLK$C zTDpvM8(wvw=$|}-j1!SMSssThmrE{a8G~|H)ZnGjB@$$@6(H2G5f*FHnt_Fld{8~+ z2Sq>FHskqqDXdR@oC^*8`MX#g%GX}Ho{_b`3+>NWU%GL?`2-yYN|FRBpP&;!8(pY; zf=(u5^9PEq>e`e>8-lxmxD7!S&k3is+=OOvF+(nvD1w{sqVdj4`V6*LX6-f>Gz2!8 zh0)RlTYv`v!4}y3&j?26pgv@+b&meldG(P1{R}}r{;V)fU$27W6_jDz*hY|3Pro(T zEm=88f3dm>?A)!z+NvL$yIaC@kprdbs(S@2)mHttxw|Df7dcq2uKKNj<=U!0n!8&9 zWU%ZGYxwh96l8vIid@Yg%md&dDZo5*E>|Y}vgZkq2G&%jZ66_lHX&s13DHxChKr2z9h z*z?CD%y!`Aqut62jI&b=^8h#}1(@eKY1U3K(K9V|5_q;~3{CZm&O_5=<^k}q6kwjN z=s6$b*_dDo+3$J+NIGiM2+do)rQh5Yw+!t2sz#SzMiS9QOo-!u#W$L7T*7wiSMcst z^k5LTm9?^dnCWpp6`nq1X>+JXIVi>d28~9MJ!E;HkF3MiKe6eXXVW+DHhqKm zYe3OSoA-FR4Y_M?cYB_roc9@l-YUwo@@85L+v?S+@a7S6Kb$ zk~bQa{2c-1azv<$YVCIVL&X=y<(<%v3eENoBLKnCVeU{PT`)e* z&%^{j6rvI=TgK1w75uEwkEIS=>fnw5!Y*}@&X?3hr7kLUQK^ecT~z9#Qk&o_PVyB* z4?`|>sZy$u#w1@c(N{{7BrPd@N$E>UZ}P9W3aC&6yG^5SreW;9Tn&JRa823}%wuCF z`t`)#UqNKDpB%l8RLwkn8Vd)m-+DB7t7W5Zd?I*mdpYgd4HWHSgSd5+Hzzu7GZ~#r zHj|acHj|6CncSdL6dTqKT*0uxn-jS`Y6Uh&9E+~kCauf!B$7e;pykRGrMEBMElPG@9NA*d zoxw8?fU8n~c>r9U0?hNNq{~RQ!6gn>T*N7kXs~E1M7qP5z#`RPGTMPlk+b~TI%c<4 zY#mdfh3lAtEL_JF5?O=)U*l73#~HEtK7- z?0&nu=;zylPb(c48$bK{@(<#KC9%LuR{jOyne z53qo%_QJs24i8_8y9PL2Y3_C&rVlwfm)tLT{+s82dH%su1ZN4)19)aNbM`b#2xi$` z!TTn8&%o>3)`v|X!l3;en%-ozk4j+8!B@)*W|bL5!RWX_ar|aM2Npx$D(IiccmeLu z1iiNhb(_;Ph%mlOQD0ab#ULiskSUnGvlnITY0MhTzM=h+(Ae(9 zACt=--y7w!$G2DRg`W0vg2s6XhqgnekwMUSPy({uiI^!%(3nm^X!o-CUV)aiUxIvG z4cU@^`%Q$Sw=%%k$^61qE6JFb2GKkD(V?wACLUBibsKD&VtSV74vMZh8uhIhjsUg4 z0j<#$2Q^BjK%(heIC#1@_Qt-x7S6^&Rs=9DgTl5F#hgv;o zk#V;4XVD?WZv(@NUdnHE{qO9|)bUVS;_^83{=@5y>Q@(0HG6#mG!Epm0JJ1N%Tt5( zsiFGR5_tR4L3sm9eWT9e90jQ=O+9)qO!jB&ZgD1G3mXq`+>dY5;>D4rGRuk1EHZL@ zF`8|5t~e8v$G3)!5^D{N&5rq=>C4~AI?)pI}37*FF!x;78K|Os<&}yMGYY`1cFAk?O2AJ>-v1hyDZ{T0gbxaPHu*FGXnJ@zri~62^*Ja=va6TQv zOZ=DzR!FRiD!a%v-irI-S()M_9*Bo2XmNVt4ney|VAv4=z2{33_DJkp(&siz*|C;+ zt$P5TA*1^#g%te_LafvEqQ9wV?2?QA*5c@IEBdZ9`a6rGzpLoaq|x779Q}Poe>RQ& z!Q$v2Dq0O*dqocY zO~!hj?V&^3ohSXtLFoPTko0~gdS6^buaVOG`9bLYKZm6E3(@=MMf92}yfbGn z{=K5VlBWK{;^;prnhwC_{XdJN8Owy4)3Xol_n4ZhxJGjY2QvN_jAobJw9Uz;<#S80 zp3{;`H>n@#kkJX-=@k4(M~ryW=Fd=IvD+Qn&=v=(s4WuPMt>&mLwO#@^JJb^^3WyP zh>t?&P~}`7X*BA4CayZDS!Q%P{@WJwuh-8fRe}`q7eP!NQpjHgvG$Nc{w9c3NecP9 zAg1IgUUidqXWOOH>orsU`RmT2~<5Ns|oQn867!_FZ z?efGwahS6yraVqty!IEn{gWL6x1$Y7SG2}kmg-M)sUQ6pYM{~DO#|J&oCUaAM6(UF z$oC}rp{cU^>o*9p(VKf35UnW%%t$QY$7otme~}lx7I)#f1?B)@hjCUguVnR|DbDxF zEEB8J{1~ ztdwL&H8YsJj<}CZ-$CGpXZ3A4L>y)MD?@_1+drM=6eB_?C1TF+?A=Jm}{! zG%A?3fXH;Y3%`JZs&V_R&>KsUJilg3(5__XgQ7O+`F2{9Zr&)p%U{JP?CHm$cqa{Y z>jzwQ+2DQ-T~2XD;w}d!wr^_0k@%Fq8WQ?5GJjb><}(f-tJ1}P3}n=Xp^hQxt2ruy zl9`~enT3*8PzGjwD;=&FkqrWh;aR|+3=v@LS{H2N?<1+tL2NK7W%I^DItdxZs6@M9 z_hYfBWUQd`;S3$+Dq9Gc*e-c7F5?1t1K^}MF9Rwg1jiEyt*Rc$8Z0ZXlFLMk@?PZpzpMe<+6Ecu67X2^I5lCc0f+U zZ6fZ8Sh196r$d~N(rPOj)2+i&ezj*$Gp9Y zwqAThpO)SB^Nk=MaX29)!31n@s(*Dp`jp~oe)~%)wY)pq_AL<_!!!tWd`5G^DY)rx zY)Mj=XO?D`Sq4h>20?#gwcj47bQx1(TYJb54KhU?4Qe+dt3Kw5#XHJTzX}%YQ#svk z2Ws6c96V=5C!%c0@?i|&CbzUT$*G>c3B1SSiPb@^O{CjIRO5b17yF zi88K*nRQOOlha>jB;oHeU)$C_M3eSutjTPd`5lS*WEFX*XIzD|Nf zY$X*v6i*3ep|O<$o9w;`+F&96CGxJ#)R15etmX-cXV*9(`bv}S1b&mPJU!VK`~*23 zDj?v3+h%(m0xmcKv)hA!gRFp)YS{E}x~X1Gu*?BsF-4>_(hv78;<>pee9+Z}hgyH+ zp0r-_ISQ&5Zj$xc$(c!~<+fnhnS|9;?2VvFO?G<0W91QX(ytJ1cQwOh#BNIRbj6&tw;`0=lT$Ut5e<19eqbj9JB9h*8^o z1!C#WTb~S@ODG?26S5H+62gk8_q5YiM0L_xHT& z#}g!eGyXY2+L_ z`Igd{(H_eC4jKojjPuq{+b2BZ1%WBMkoRNL*1*(^{^nuiqd$LNms#UXR_5q5wLzL@ zi`0)B#V!^m@esC1YlClwKD|19N#6BLtkct_j5T<@SzhbH&=?sczx`JVWhRCWZ$_~; z@N0XcDY!Tmt)nm^z)tj0coUR?6eYoE9_8rkCBu;tePh`#8ERt;+LrTA$+CeJ|ERKd zmg*N?bOPDB_H-iyG3r&!Z#t~CZigLIKbN8SSmvsB`oe5p``K9$+)z_N~b|t!^RPg)<9|5^mvIr zSmRwWuJ_uTU^F~sCo9wXc9v;tQ`bQYCMunl(R!q#HCX0cwU}4GzL|$L@9AS3$7V%+ zFgYYS4+OLPW^clr@24pxGZ-<;L<4Wcu*I zq_LD+MMG}%mtCT6|IE3yeDqa@XV!=KLX?^a(V9sHv6Mx0ZNTa5-SCASO2&Yg)CuH@ zDXIi5G~z1NUoz0k4iI@QbiLRuRb%d92?t9xb4T-IqlK|iRNVT2#-$ngYB}EcU*`7X z61`i8B9~2(M+=QQDB?UpVfbitKtXO&c8-feoW4EH!tpyf{i@=)4HLEC&soPiIId6$ z_>F#mcwGDRq!+mdQdTC0Hs19i=El41qibBfGKl^{OtTuq8!6VlZ`uWG@_xCy8o=-Z>F~>qL zFVh^>qKARh90=Nf7LQmgrkXBlyc_lR#ZgSR(`1Y}l4L7;w{K^KA6uP4E%@K}}6^`v`J71zvjd+q_nZ+0|_~RX>}-=3I_RC*s}| z_9&9jRBNV0^{c*E<8`Zz=TjjArQ(PmKM>S)<+UwuU2%|?d4M<1Dc5ek3(^vDb*gzA z18FW~33ojU4qKJ6{lP_Gb?809-2xdrD$s#NRDEMK-(C+x7{3RDF^D1hq|=eSElNK` zWjN&A*zCyR=EhUynd49}m7_oD8co4RyqI$g;kwe=*1)=qr5p%Kwdf(lB%SJt8Oq+R zEpDBXoc;E3aGuQWWwRIet-M!$s%TIbniF9&v|r7N=QEIlKaz`2BX-l@h-SCdLD!BJ zIg5Wf@P$~-5{CEgZ-5$|L8Se3&csJ|aTd;KsXAJoRS&0|U2dUsI2-6dao=}S4XVZG zC?UOXW7o6Os<~KIgOvz(3uJKJM%2( z)8(b^#9yA7$+X?hqsb`@2JShv-)~Eg43}zk-0FyumFb{wirvUQ+cu5K{kH#8(w(fPh z=^(v~y}9}$ERSA3VqfyH6p__;zq3_R6#}*-n+E+lbQ&Ra)0|=XFxIj(+n|}`Lo;;w zT%de}&`oourP-6Dxv-Z8BjVDavf;cC)Y(2xP)=RTWuSOD>MU?at_IuKJOf-RJOM6~ zXPs`tdVJSMDr=)Y=LTMjKIktWJppKZ1wXB0@@8Czy?p!F8n)AbgDzm5v0`S4=>|?z z0M!b8x1^>Xd)V`u5Afn|z)`c6Z$C0c@#1d+vc+^S{#NRB@BF%S3v=ogoBH%}n(tIh zW_u+wy{_#8!qTt^@a2mAIc z6*omwjNNb(Uu6l~&+Eo&+~V1bk_X|%gAbMg?BP6zWjD6JugY*IlO69J=p6P5Af82e zI#-hiZ>?X0GtgMV1$B5>R^>fpL{xH1HNUziEHw#GTI`4!bedISO9q)P+e9h%NH2Oe ziM+YDQ39+1_*UPVGj9Q3V=YwUS>Q0I+(W54*MqVX*mHn|yI6?JbN2qp09#A*3{~=e zw3`^FS#&Bdz*oPD1NTI`JhXeHykhh)tiQ^Ksy7Z*v=OQn#r~jUC*C0(d#6tPtcIVn ztv*FS?Iq>H;d9+i{1m0Q!i9M=!`SQG0B~Mun0s#D$(SnMz#3xxVvm#cDh223`IX{7 zRmp#IP^ON^GQ}ISY4B+ziFPVom4D)MO)57pngi~~2r+cxN<;$RH!20USc$D(fvLc7 zo$5(+F2FrU<#k+gymK+Vek&itd5OPSOQ@}OF14cC; zl5M1x8F9&pe?YMv{xYaN7yQ=S?im^>?yo+A5r}IhHS2DZHqy*p@LYQvFgG1N5A@yA zbQzfE6TqE&x5CtwQ%d?QILvDs;HC8@lCvTQBVzFH*>NbM;Jl zYrN;sE3@W%Yt)PImu|U**sx@aKY9f;XyKn?;4^?d*OOeL~n|iNL!T9AAJK9fqZ86mW=Rcto?Dv}sh16yK<5b%` zM6mwt0OkSk=@eid0C%MT^QbR=H1+myvq8~&RNc`9EK4%YJ|$3pj`FXQ@>iJPDHwg+ zRi;*x%tn4;@JXa^cArb{hOF^YiJKeSI<>>=ROM-FICR|U79;* zX$)pl-GP!`|DTH7O5|!#9>)V@dOGI!0ylap0DBn^6X@LR&HOm3!3KIA5o9Q#TmrZD zz&!Y0VWb@IL8QF%|26Su2)s8_>u)@%eG-Kz?YT=zger#}dfx2M3IH@mmQSi+5~N0lpTFX+?Fd&{tZXP51lJ7jH@X0C(0GkS|5Ek?jt1I z1@!%?3%D=fXzmNRh+&U%exUwu?}RKg-a zvHqat6b?Q$Szw*O?qe9jufL0T{WD^1g&oFM!EX5tAj|Q20yai554f7MuE2#nef@XD zY`{&1jJ2HKoYwDj@sB?}>^1v+dK2G9PmFGLQe^InDNXYL_(BRWPinWE?NL9=qzl_4 z4$#0&2*oXkIFJ`VP*QgR-lp@b@i_oo`^xKl$^V!1-PE%4CzAF&@{axq(Z;Xl$D2Fa z&*ix;kN!&tNC+E!F8jrk*bOr2jF0# zx&}H_bPq~6kLo%>$ur;N2SF)`3ChxPxeMXA zi|)dSpp;^PpbXFxlu^hCN@aCA=4p*UV}c5@N=lg&Fe9tSERxj>=_RX;xQVRfb+Y1? zYSW`*fz0d2WVJe#6?Q6-m6Bv+b(~~%KC&`WT*yJR2`l~&$>;$DO_}7G-@p$t5~|54 zNuxL?Bl)<5%YH>^<_o4$O1D5#2Ixu3=wu|NlDahv$w_iRPDu%q!d=&XQflhFh+$Fa zO!~Rf+UwfyxX-vmzOreLg)Vl+tY@HGz8m#JQ@!sTCwJXK#u%{pzmVD27px z75Gq8pK}N+wFRTJu6_s%KYobp)+Vo3y}639j{ZpQtlRi@7vWavPg?^VW+$wbb{@il zsFvGb#oD-6%*Ve6+bz=!+{0KDKUO~cQMwlD@oLai-L2WkhBuMfHpvW=`fS~n?bc6r zXmx|-1h>keiSKaE)A?$)k?LRc+P_v^*ez=Z#f*O_iOqrT7K|?T3^LU}-JkeER;Ft8 zXSmRcY2G1IlI7C_K8p*{|EkF9CX$2)z%NV43@lENMwAyvyvn6mIn6zw%4!+=?T)Fz z=`_b0H)1&0PzGk>vy)RfMgK!$1X~WO(ckd4mbL%XQ_MdBaY}o=ls1Sj)1Y7V6@8r_ zxA(Z|V6^_~XdSma>Fd4dptS4|JO)SWI**6W`Bry!1NSTn$~|R025a}1!IoYBtn?*1 z@P#bfI<@2bpfdQ2z>F!ykF4c{pbUEPXuz;VF)|km3|@bwvZ>F$hbP)-mTL^>BlGT7cEw668$(7tv}x{TCeZYQawGcC$}{R z$}Lgi!xh-olhQA&CyBt`HS6icCB6JuZeLtaNq&bDipx*w7v?81byyWkWOX^^yR?@d z=H))}JDlKLeoB8}eqZn0p$uhr4q7+&v$;B*QRD2%>arg1$KEIJhchsaccov*yG%}p z)yGVJ=mY(o*-S=Ci)EFxq2pHGpEj%X3-fyuS#|by^E;@l?x$IBvXT+#$%?v8d7n9u z_e8I@-!I;kej)E~7VmHA@~(FCgkF9RxX=9Fcfaye`i1$uRr#?}nw0NQvO1hebF#Xj zE2~4%I$YH{TB=AVclH^QF_La0Py5$W5dGbm_un3__$14At9Ke@*M}dJ&-+=8j!#vZ z@W|Iuva{YGI z0oy?~hY{63X*!_szv|?P!fkI?6=?YFx1XANI|Gc;`+eSP9U?(74he?$gvBO)n*!Kc zh&uzaJXdMCIlxA*>PxT~M{JR?S+CS~8@Z$5jmNPtRZDS)Y>mwDf^A75y^D9=xxUl0S zB*hlvTIO5LrGceiHqEiY^H-&e7pb-AL;;ZBhIcoCA3p zx-kDG7PY**^Z$#M!LIXe6fC-lSnhPWQ9uhYElSUe6vW${(7LyyyE7)wH}#?n?p%q( z6NQ7}t>ZrJh$SekP5E}C$5pE5&R1#eEMn#3eR%4de6RCPq)_X;E7i}_l!lU?>D>7H z!sF7qpW?El^snT{rFCD%VOr(ew8FR9Rdkk8Y~oG2Pt)?2_kt|#WrJ+R^sVT{exVoS zWl{HX-hhi%_(MeVR-VzOOe=c{F&n&%c#sHeQ5vE1d^PI(YRQyiWBZqGqlL4l^Eh~Q zX-y|4!6Ak-l~83etkVO5XM4~=bcM>r&W!0#A$Oz4H$jEVX1DPCrd-~FBHZ+r*1b`_ zhsO(9G#`6OoO;S>C*+kpALQ9jv(@vR1a=JmC-Juh&WZoa@KCuT2DX{C{*-PcRISD?|MymOa~3{{py9}#kUWDWPN*&<7O9bS{G3%dhR zcE6GAnAUi%m0mm1-#~sGnle3*Usdx4%GosIQPftX8|MdfQ`ecUzh7)2CArO`y=K9i zI(cSw!MCke-%7y81$l?X9a6S4T8}`{olY)GbaOP(&3>nwCwvUP{HC9871-Pa+p#3o zOf^UTe(l8sQ~vkd?Riv2N)YHtFQy}}<~6#m4b@Fz3jq~TCFYd93n8V-e%d%~Ru zEu7??s=fS!p3XX3;fg9;k-|Mufayoiauy|rSA{E5xLJNPg}ai2hiKvjITzvFXqAMfvwX>MKM@A#tJNBKM0 z4(e;2?eCzw>1&rL&uv_V`=IqJ`K?bM%Woo^VMw3BBiS@g1AglCk^G)H zJ=~aOZ;q>@t=ExU6xy~RbpC?S1>KPL-WiFVEknpv5FP7F)_5zONB0E(hV1l5lbFI7 z+UtEY=5>vRLCGa%MxB6W6M?T!1RN!TU6q>iq#`iKCcu&tc+*=>qoRKMoX<249MeE> zG?Hz4E5Kpw(%1C$O-M75iC0z*?+{RRmw3x~k9XcBcxAhQ4&#;G!CR@fFHEhA?@p@Q zuBWYUx^a^FyBJ+vl8Zh?18I3H>v%tnH)NT$%=Zrp`j$c|0qTpH-kgmKa5YSTfW{u@ zK<9esIH2qaXZ#fJ-X%({%?o7|XsmX+qQ>rzNOkTaJJ(y=kRus@Fs8}pIQyxKSfDFR z-hrN8R-6jA*@an1%+6G5?li{Jcp!&0Ezdj1CjObu$tRF3Ll*f7i*#?c`*wF7=V+9+ z8L?r~Wjv}d8ePlRnYduUpf=);muk4=SQ;oT-*zfvZMzC)IqpMwuHyMc^4yfTG@cye zxb8Fi69NfUXFb(y;=9C{%ga=Q^VtbMKh2b<*8{kFm+q^WpFALqI_%`~87q)ev5|y8 z_MR4(t;I+#fr z3lLn&4u(J7aB$z0VrH2OIW~MNRkV!;s}r=^h&awq&WYL>&*}XX`Px{}26xGT&|b26 zqMABKw?0dDI-F^I(Y-pKalvU;2TpHxwUBkCIvyTXW})D#<9AsEttE^D9HJe1s~231sZRng zFi;^0a^Srs+Vyt$E+i}$8vTU~%lY_=WZ7SwI%55K#i^z1A6Tqz=A{qrI~Z_pN>>Ry z3jR*OeFZL~8}loy=i7w;$TNE^0s7?4Wpj_1zQiuqRM)(Qo_X`{!RhwRcN55gCwKO5 z7IW(6edeCIna(pet47VMel`_y1#|*M)oc<&@$Mt~uo&K<3FHq;Ab)5AUWR}ZZ&HAv zd~^YN)f^nk59QCbX|@%^b)3;ZOWX8nfc2oX4DNZgKGfD09*97&TL;_M^z;d#WIwaB zgB%9#8Oy9_EZE*m?gALeEj`MuIcTqQ-3I5U_uj6?M2|ydxU($g0f0Gk0P{QpHW~K? ze7x&jL~vMICks1g7MTY=O(d>J&&_>S{i6HS)ciL@gL0(p)9ga#sut7B(5(XQyO3_! zwE~)P7<~!p>=g_GN>9&g``FnFSauxerklgf&4=qTj zCPxR*YZ$|Q%+)O8e@Ux_6F?2CAGXk)XE^m#QqM^08BIO(mkxPp>S5IFAhpypo_Z!y z4>M?ovn=({<26(<-%RVlJh~8ynPtF-n^X^WL6n78E(%Y$aJO25BYM^HEv3|%v&SIQ zrCVmZHzWbTQ=_HxmZtP;$#fhVINy=N43zM=P# zs5keXQ7+eN<@EYjpYnVxdEQ`oVo4U~xl(xw?#=1fk2yCN_AAe;?pL0fZ*ir0BEs)N zN)LvG>OLC@!LmC$y% z@uPG^x6$9em(sZdj6wWunzp0k>-&DzUm>D*sYUSu;XX22mzL*5;-9AcU3>^eU(8}m z*gA@%n?FEKwXO4Vyc_lF+F1t$V#J!)N?=$tO*Y~M19aEjSO-e!Dqm5h?A_D5_o@<9 zx8@Aj8iq@7R%C*zvdNgR; ztH`SVp7F4KJ=m@R*rEd8jD`44x4uh~+|W>NT>4HO{W9gxJjA8zk8`3s_wPh&{qbAS z*MJG{xAEG$aNof*F9el$VX>l5N=389>g!A7U>-8|Qh<2?_$k0V0P-ooJOBzQz&rqg z6kr|z#S~y30HqXQ9srC6Tz!}aK$rr|1E4*QVQh<2? z{6k_www~@G(Tu^};rV=Ytjedy-Dffzebwf0`_as&vR#Eguf!boVt`^a-1_j1RzH79 z>gT(?`uSd3Ki^mV2%)?7Ja1|Knxy$bFAZmFT%G<%X@t;Cv&+&jCNe#^+tN%(5AI3R z{8(v(&`tAnOY`?6&ApbUrZhiE)3Dqe&I^I7_vZc&*RI$3vjA!=f|xDJzGJx`pmgy^ z2rbdY$ENhQik=Ya=Rf^_arQ4g3H`P1-{EUpFf5V&FqNB-Sx0Ro{BIo-!<`w-Mr0vh4b+RWQC?70m z8p0K6#hD);D%~#*m5v)EhoR+eGf4x>HSJ3SE3yHG1iA-0jho2E(W%?#Zz|C9<6n|1 zbudQ2>cF#exHnmugrPkyCTQNA1%5>!nE_h(*Mu#tJ*^zwvXn{kNA)_>XvbyUuvAl)m<9L!B85n}flK zuOoD!5doXUnXvUQyb@mKmGE**G4v{@m4A6L-mW~xig8;mmpquqC3WwBZaPI5aSc>T zq)uN1ty>}W3PrD!;p{)Dl%bVUHx5f1ywQU=CpCO4{0PiIx)(XNW_gqPaEQJc?$`YCwHeKY(f{tjyFK`>K3>hwj)8wqZKd(66s8Smfs#06q z&gb4u{?8_VUz?phi((@_M$J!whvqqENbT?{BO*J!>W;aplDO?gNI{1INf51(-Yn;K z%T!K9TOF}#@T2{*nNa~mUGUB6qpd8K%-7)gwZD%+chEb=afik&-I#p zX${j6aee7-c*m?FJF|qcY4)ObKX6QqO(Gew+8Nx`)mRb4+$x@yF--~Z#<8M!xUJKAx%zE-%X1kQ~QHS0v!&!gwYXHXvCs93yQU3hnFOR=&x#UixNy6 zm|(ygFJ%)bJtwD*P8SH<*oAFn!GJvHTaF!~Yt?O6@8x?jC zl^Rpb=I*G{54!Zfxck*gKS=t)`$|7V`k};L>wC0Im3}Bq&rm2=86y4AeWhPQ`Xw&C zK1&geDE*Q&{kYOEA^np3Nu~A!5`r$M^bJkpCnDoQw2_>cPTYeGPsxOxAr1xfdax7a}2NuWc-` zj$*KSyffIv;;6e>XbMoLk7T8}59*mgq9uK#d-fFEB0jnO>E8jS3jeAhRD@gCqvV3dz3>^e!hSLpDe$2eig1EZzYm1N)i%5s>UiCmM z=aYH*sf*_6?(!_I))Sb!3@BJ499KdKhr7)$J1QN5ILyV|`|(z#FK}H_BA1wf44>6a zBDkfCOAtgE;S{^Vf%3;Plttq}%2xqxKAelzapMA-Fj{IH&G<6FtL;4vWn1H3dwG=d zSj^NIh-M`JZQ-~yId}G7x#Ny-?M1r8^isN>$a3<&W$9LH=t^|s6W<0iJ^KN{6JCot z2G^i#f|{-sVe^{fq-;V+l#P$XIt6#%Qg-Njn5Qqxud^ zXUh08B)@V0NM0;50SapD-frxU@>-C=OO+xoh8p=}%lI#wN^71ZVZERDEt?`jWWK4U1Afn<{RDI*MW?y9WY1Gy)n2z>A-!eQ zCHIo9-i{wmZ*Mq=-o8ePa9FiHwb2#uttMb8C4&pK-x+@z7s>LBN-zLPZBXj}gIGB9$y5_aF^*HOzfgHUc zUIUst@B27-psjFco2^w0JC_Y6Wu|Rnw=}WYx$yvCGvWh{F=xWVeBf3i^0oeZs)@D! zdG<1?YCYM*(06rLJ;LezNp4fwpIT+=Uhjs7UHGql{1`-O)26)5?pjBC?Sbh;+%9$x z=Gx2KZ^rIw8{gKX$0^$@%tj0|UfJ;gkZJ4Oe)J73oV)Y22gT8Z#!bO(9(D+vZzW6c z%gDf%AR&F>}5i+AfRkN_#TA>aY8zw&K~5Q8F*jWQ8}igU%r0 zkC+EGqN6o3TS27V3dy_Y$*qtA8GP5uG?LfFgU&E1cMD|j2rJr{H&%{guxM*Y=OJzz zI%aO_q+;2 zAcIFOky^tZB`d_N{GkvWosEyxyeqRCQU~88YaW(<8vtzSmtm8wKu5n}jz2H3R)(8N zv>mLlgo03ye(rOW=auL~-kq8{BfobegLBT1i1gI(CrR?p#?V~YD!fXum#s=I5^ z-|ua1eE@en6I|IMEnR zYh}rWoV=Z2qZ(3je3TZz$Gh;ul9&*xD!;yv#AFwKmbYp*>M}3Y@S=^u>)va!c++wy(R!Z$^65@?CP= z7dCC4M6<~;%}we$Q`2F#rgeqXVZUuMF*Ba2j?6b@TSxKnkAu{s!!`?>UZ<{QpLH(h z6{`N{t-l}DZ=XWt3V3}Am9a{O1|L6#$lni5Bv`DS1Eq{kmRx;eIjpkSF1->tvnj#q zkQrWc*~^d{FQYQFv0;Jb*}w_~v<>-CS~#ECawsc-My&fau*8p+Et?YH7y!|FnK9Fi z4d?~~G5S)GXIXK&7)({BhZ^Jl_VZD;PFp1X?H9Bvn zKR%jRCx$MlejuoEAc!Tt#R*$o&?6J_`9eJ11wJeV#>aGF-AoZ+=xV5kwxJ7?eADu$ zoNr8ta5^A<1Z6WD;oJ9iC8us~Gd;vYg7^#O~ z)4guc>0VloQiPtm1AUJuJ~pAK04sb6MT_cD>;@N7lnO4O_(4(JCK`~p!1)Pz1^oDe zB+B$kO1L2P$CUcQB!L2ce33$@@ij$7T}&Y6-MmGRO9Vj*hSTG@8(he<)9_{RI$WRHYV802BV|M(uVDJt`cB~}u9*ZDsCq&;{ z5dTKv>pwNM#!UI!QSUw{ZGXpB{DR4KU3&ZJ8x|Z*V(re){VV*u9)89`Uso{34(cpl@OH9WICPfebO;+~WVr|>qgD>Cp)@Hd{4uvvfuC(ufJTaO!B18*!| z1VC3te~awx9l?70Qb6_g)AgIi)Y~sT5bu?S_d5Iin*ILJe*eHPU(A5up2te#-hm|C zyon2+tU@0()8&XyMS$4u@@Q*4zP=Zschec4OI36NDRSOjC(~%G%l{=2I)5JS7RcZc zThE-k;>3*UM|6V(ZtwnT|EAKH%h6;iou>lks?^2<^YO_LDaPzNhXY=z5Ph4V`{=_? zK&@d@a_*rlbA#j@kV?Mf^u4yVpR=P%9p4Ci;|GIy9(OdHeHomy_`XXaZPGkl9^RIW zcjKwejIbqJjc>vqeTUTCfbG}xz9H}1`)N#pqx)*fjWbFA45cp(>55@CSl()LO>~Pd zy_6f{O2g?PktdhU;RdH5%rb(O?DC9oi=W>{s%GhYWb2Jwp=y*|nUWk=~!T zt*-IxrxMakP;8fjB=ub~sk2dTS(;Fr4^0_R z1@SGIC6&T{PBAC?V)wEhkES%&X7Q{ds~b4(n-Z@&+9^`cXcZf$^MxH5Eo|JW^!^&>y`PIBGoHLIEgZrY{4p<&V_3KGsLoy|`Ye zI?$Nv%FUQ7S%!t0DW$HzEoEuAM)TEf67W=we*8w!9Lk??0oC5+(pdYMVp1B5WImC? zh1s(u&Ax>Rx<;niO|Zxu^^y0%CBKlFtem!QLm_#aFX16mTTV9Rc!#8B{Q=+Wc^tOS zHDecHi-hI)DOsE+XK)me;5;>p^Xv?cA`B-HVEZ;AQ<)sh5GQ+Ef5@G8db%eYEDEN%?)6bGWs~b%LzO@4I{=eyb(1b|O3+sS=>q3Ao-|Zo zAfW|YjqSpCtMYybKkMp?Vz%99%=z~jb3rC1@APqEDDS?7#oYmeboN6ssP}@GEEtc^ z3<(On5Zx_sf>SUFGKf(>@Cx*XK8CUzQ4S}5wO0fFP$Bv;DMMo4&GfE+C~sp9t(S() zM-1g__W3f_7`w$DEE%SmX|aoc)q(`Gf2J>~AigEJY=|4N$z4I5*OQ4uUuUr^?1GN;rv===UE{y-W;$N1DAD%ffS*d2^8b-I% z*1~|p|1Sq8TCaVSS7fmJXIT04+m{?iOA)?feDS_TI%GL39kLwHNW@weda5@1UdoNu z*?6Uqj8_Wt!opM zh{F20_D}IyLooICcRZf9(2RVGjGs)tt!3cnga&RfFYcA4RoULf53)^1?M=3Be|m78DE^-m3Ner7i?vH1r4vzK-O`b^s7 z^iYMbp>Af^FE`7kAX)W{K-t>kCd_cI>}-@IGa6RHsUxRP=XcAN|3nyNXFoVrmDqA? zGh7*8#v;6$0(m+j_A?56!p}j^(^3mIZ=C)1fvGe3j~4PyR+`b-0R1YiZeO~F2HhAQ zDRE+l0d!c~8a)js-}a8D!!7MmwDn15BU;}*06tpeldHll+GNXRAvXEQVp3-WxF5&n zjb)oMCIx96#YYv6;F+ooG?uj|p^|L~y;)YVHN^J-oIp0ch+F5AJ;=XO;J2BbZfojh zP2+^m101t{e)gq!GZI)kT4-KfDcFF;bxgt$<%adJ`x84_V*%Yndt z4%(+1O5N(FVYSb&5(%`RTUWjEvaHj>!7b-AgURcoxEE5VgN1U^KhjA#O~_;)Uj)i% zULA((MBV&e=acV54h7c-(lZsTx*A2k1OFPtpUmEyWjf=FA<-!D`Rn*``1 zyJluKV`j|G>_lbXE;}>WY01n$MJ-4}hY5ER&UfLU#>1O#urW30KFcvgNY892Pu>RW ze86!uZ(|U;)w>ap8&XxW!-RQp&=sk&8lSnQ8k(u1>~o5y_m!#Q5`IjSNi<`sg4&k% z!Hu&{CtxC#yJiw*p~@{@+t?pWrv_@Utoz$Iew`S$#?vr~i}GnaAyW+ljR9dWhczCO z{7*@0bji$58^_aWy9D;7)A+IE?W(M?yxuf2qM_)72o z_UF%nGH(e!T+S-Z)^EOx;pqI?gl&=0JRkDr9s!^=;;quHah+@F&*lZ81}vr;Uk%9l z>zDC%tmyG}tdaF=+vXo8ddN(B2n_9WSQUN$8!(wz!cJ)cJCa!;H;3%rDVbS8mUE%G zd0K3?iMR2Yqy6@K$lAs+t9FCUsOL6uahf+Z9N1Y2Ba2!tM(m4j7vc)mdq)vK^i1~V z5zBDVw$qbTtahnS{|l7g4IimKuXOs%cX@)TMlF6Fga%4WXZWUYD+%p-J+Q&j(&_Q> ze%^IE9=Sz-qO5}fC&i8<6b38YVDJqf+9*Yb1M~q`=|Hcj(`ixH!rMrp9Ni&&4Y%Kj zr`&lHzrAwSi@HvV`8*ZPvyz9xRb`nnORSEKjy%g48uBmlgO*R-mX5yNOeUX`FH z2==V~@$>VA@$-lB{25x2ZXe;+;h{0DG9 z%sJ9^7sn@pH}C;RrEn1EuNI@#gEtp)Mr5o;>Nc}K;il)rkLzQS3J{vdr* zS>fq)+8JY0csdshUHRs6&u>k+tZh5_t04PLPTV-Y#}f|oTN#49nbL)U83ay9387l7 zrkIY$qFIXB=R##c(FRJQkm7D^TF@vBmZ}@ZT!brHxmt3x%0{cP0)&G}CBeFHsgyEO zdC`@Qoo%&kye%_lRxS~=#6{2j77B-wt+fi_sxV7jDYS}ML&+;;(MgwSIbSoB@O?@p z*v2xQPxL>McXCG!ra4D{w?N+66x-+|tNk8>jBQp=eDSDMEV1AlZ2WaGIEMPE*%`G< zpo4N&yu`}1_ViQ2zTEn`}#s+O1Uxl5}A zHaTI`kZXJs@0!hDbg-i~f6{p_oPJ>AqfX0M;+}aIKPW)-dkWrqgBLg((B7M}>Mt%x zic+naus9Zc_%!69hGMM0TtiBm5nZ_cSY|{=t*`OBX7jtK8wEG-#WVW?%nPAo{$I|{ z1VE0W>f@8{nV#9%BiZa`XS0D!xI(ityFeCUlW+u(Q$awkAh!a7LgP$=z_KBr;=!SU zCmv`7_4B?DP((#kyy5|PKt#N6yzlt^{;#TMdUiL!_XTFV>Q&XNS5>cGy?S-6eysza zy80@Cn+|;L9{mKKJ-!Ej&mBKz@>B=Dh`SBT)rPx}4HI*YMNB(+jpZ*l$>2bPom^fz z5KW%u-Bn(npQJ-tKoyBSd2s6K!NUmRLVEG+mU>RbvmG7@bRnFa??cj>i08o?687<5 zX#aZ8vj6-Sp&3o0mvDV#{AYkG--4TW?}K4ijVrIl-@!oDQzxF61yoMHsk(lGhrI?$ zUbh)O*)>*Yc4OQ5EYf^SEY;MCj)qbfA}IbfZOufzzf@woUk+M5d!@0M$*nq5-O9L* z&4wyvTDZo%)t-wR2jJ>2I0n&7F2lW#5n^t|8HP8waa$?e1v9pU-hON$z99@7ls4cm1Cm z$qwC5e8YWY>OIA3ZS5iG2{}FD{tW+}>6ZVoeoD8k-?q}#))uQLuRaUR#p+pW4~amr z2G3l-V)fG1lZ4ffts3ZP!!?ADuI&*{gnk!ab=OZn3&- z^|$emZuP4LeAGO<@3E*@t*?HY^Q^u}A@`f-v~g--dVJr>FXDBDbGc6pF`P)eu6i~l z3aUNR8o?M3I%X)7Pf=h8DByB4jhPHGGvIyOfX`3i>EP6vPK#iSz@6A8zs2Me3e^!O z?~&U&-sBxPqxk(WDqD*>@Jzl%u^Mkn<$!w7>%|xM4Ar?S?(ws# zfAT;;+o*x%mN25qQhiwL@rl`dSKU!}mhL)H?IeXMkeiVfZAMxS zgufOCjrzW+){tfCS;O+|iDgTP$@GNks&P=h@QI=9X!T&kPaTUklMUh!`YNL*vXKoQ z!E{$WV>}A0JKK9)ZjSId>g1C%WtZ=gJ*Ar#mf$);Lt^GFaIm^o!p&2rRp+gRV(5d;Ro*k+;#0C(qpgX_gjR}yZPy> z-&^@D^=`^dXd)40-Q?&Nohi!uJ}$&Z-pqVaP})pgE( zcL)i%%nEcbXvLK3oi+of68Zf2^;vx5~_(74~((SfF zlR+G>mkvEB9zU>HJx88idG-n#e@L4ln`o9o9W;&~NSQ=AFZMYPcjnA}tQ|R5k5E<> zWyM^)&nNP_e7wl{I~l){O4UyA@Z8{POE_11wh^Nxro9+?kCYoHhTbY?M?RA`0NREa zYFZFlZh1^b5s8{{70(x|U6Zp!^hKSS&@D8-A0}A& z9Cd@11XblQ7i)9UO+BTt{W_>@iLdVljYMeN+ap%5Gl-ac85x&MZq^sfpzmhn$OPvo zlp~jg*sxqXtwasaPl3iMwIh5HD=D~xYigsVYCM6`Yj|p0T=RL+B;n>Cw{8#DsZ1

i3_suJx}$%8Kz#%w8qB|*mmGK<2!CU z@Q|(Z*wm^Vy^*o9<|>-IAI%jC*4iQN9xk0P)DLt>GR9!d85?5<z7S zDb4Z!((_CxAcrR(p>8`8qRN!_&=Uz&9IM|;@Z<;hgG@3*jGjnXJ*k~S9ing8Yi_G< zR7m4*qRC0WPMLJc3<=;(NcGb@Xu!I5R4S5O2ahncwrA*_NVK$^ib;-$$YxNRF%}h9 z4oh8MGK&S=Qi!#T*+!oZ`Iz6>OlhXi%35#Y!g$KcBzxc6f-gGxCRSIqPBTuZj0Wrj zd;uMA#rHgY&g*9OX2T702ZA4N(cP>Ipwm72lUf~hXSy%8EA>tBLL!ZIwz{t0@#9vQ z)7tl4;0qc2ciUsPDAhVOgVOIT|C2jnR6K=f;|J7Eh^o8qfiS9%BUES@v) zrYBZGgJ(CLmd=(~QgM{ro$XTle!Qz|qOSr?p&M~2#n9-cV8aDcCp41Q=LgktVjqL6WHYBZx zL&4IWs2Kh|`d{nXDS5wdAtwGsbH%^1BmRB|ro|!t#dE~}dnf*DTk-D?;saEewZfMongE|%S?T+!9xvLKJq2HT5CtgW;j%DFk~-GMFdtksc@ z(*@R%4s)b;>3&vxIQ4YGbbsj`WF;gxKZTRyBw-VKad}!1=o{|NQ$#Uoj`wNqY^TBQ z?9$w&G>XtlbGW5B!KYa(Rn_Igq{O9R*KB!O5n5?JZ)r~SX+GP|=W}U3%*4vmiqJ}P zgrzyjr#ZEq52jw155+G}D?%&HVV34(pXNb&ucwVzE)8MjX+>zI!DvJsP!6lNtJ-NW zU$``v;h0v0R+=eGLxC;LcfjfMxi8JV-R^iPQ=EN3w4I5gd6^8f z0=WQ{_nE?TdN{OucjMD^4fp&O#Wy(N&r(pEY2xzP+ew7f?-Dj%ixNY+%4{VSrEU~ zy6nq+msOCutVQ{PqMRPYn-s-BjeE!~VG+jQx3=LgtfcU7QE6;#OcUIjCU6KsOYD(- zCk>;m!rZgq4J3!jf41W=blGax0N$Ql^ndfD*2*{DxM8<@Se^p(_d6MF?CyZg^3xtNTCKk zrCi&YU8M1sNakzNwPmsSWk41m!+tp$+T*(tZo*WpyIfN5GUw%Nu|i#ijUE@o*q*o< zSpy6M%hSY`05RYI)R4mb+yldyscBj?*H|B-yv#*ln7&RFJ`+~~6)QWB6^1d2n>Lud znryarcm@58gTAg4dY6Oh5~@sGM6xj4+zCbK3i<}1OWSx6k%H=$B@aCX@7)f1BT%Z; z3MV4I;J~lxM0}5fzP1yJ^;(E;>V$sDL2v1Ve%V3a(h0rSLEj40leP(jUjZ5hF|!Z1 z2V?*%IF-v?=d=1fI8*C4Gdv*&aCuZV@m8{N8TX9{TTVn_DY7&G);SJ{}mm^Y~ zKbewqX57&Rh`tJ<00Jzt7m=13f>n^}?Q0eoZxXnx4gR_VzikHiM-F^z2COdpV}UL2 zM(JSRw|yD2UAQj|gBiJoyOqeZErRP@ifWR~90=IwYmXJ8ExuHa<=Pr>S<7{~TnDAF zpb%dGUG$U$WjrG0^W;66gIe(vG4*Cg&`bm)r}NUB%mLupDZm^6&QAg6ctW&XouTFV zWE8N4u4&&wyj~eofI*uVQ3G~qlDm@_TCY^Fv&nGS)yWRPMtBg^hXcD=37d&sbX*SX zlH=}LUPh&SfkUOuD}(_u@0Ao<9tznXh*j6NngY!`k9RqItMncz$ zIKB!BJ{#~4y8^i57&D&J_4Jn*931_ye`tlDKhHL@=dJK=Eln#~{5T^~nYe&6RJFTozB(^{Ds&-b_4b{`9v=x@1>R2zZdq{^C{JDQ-x(hN z^(A49+~L0m?DOaK@x8S@%Pr?HxUTWO`MIq_?AMu>Y@$gzVqC;+Eq?=8k4%r_ZEi(zZL=J` zJ$}3LXGE#Q=WA|kbZnVtcc}NPVWs_z2Jt)s%h5{P_mlh`6y3#PcfL1IWJxRuYiP*9 zTc)_4!dJ`E*YlIb>;3%h;`dE{f8zHDKW1!p?st;uD>_UAyvbWy^m)KP1du*8>H+^0 zKss6q_?H0EqEf)W1(3Ry0{$a_G_@44RRHOlDd4{XNIy#fIT|^Z-kAc}Nm90ZPg6i3 zfV9mN5DFkgGX+pLWz#WJKtX`3GBF|nr0R|Ons!e(_5^lSUHn3Y1nyx_VEf1jBrOZr zO5D1JM&DSv6fp4sFngjnmfAJixTo8*Q84$Lp~uq<_eutpBj2DJ4*tKtyiZ#*GggR< z+XzJe0=ol`lTk6-M9K?t!OY9TWWL+HvyRe0PC4!&mNw1@o2`H|U@GX$cvd-`@nUv0 zM)5mU5$H05@%x<%^~t-2!uY*{x&BA)y8D8qhKOClLwj%mL0|Jx?mN`6e@5e|$o!n8 zM2`=PolC1bGY%syIx-u=@;shZUIzQ*nxCK~+@~hKZvLDO%Y|r9CP^O62U4;Q%6%1xZ{1SUzqivfjQ$U~oT1-b=xGecWn|pcN{)L3Q>*OnYW}9A zS$~!eg^J$a+@0ebY<`|r>?oX8^e8`V@qYn%(bi}W9r*Yq?qoltKD9PD7~kP?aN{{iI$P-%dLBoL(nfY13!+jJ_vW@0O?Jq{b`e7OXeEClt=i|R^MKD-u~AP3psgZb--Ab+)u%JVIi z=SjXiicNVGo$^?GU!J{HofZ);xAcNmY4XcofmxaRd8@++}HU8 z?PKa4B#60n34rb`8jA02q5XUw0*6Gfy0zJ0q2YvuRTh?WjA>PN01H zXXi#YYGt9Z{>izEH_GVWxJoXK@{Mcdl3}NDi(InYH$EtrZ2pZe$R+Fi4!MmV{o7xz zyrr~JTC4c{@#ohzWxY?OnmJ{?U%(?Z<#n@E?h^Z!K&d`-pLlxeCFGQOcWW8L1n+JM z%DY=nrZ>!bcWY+4pCKOBZ7bac!PGRk#<~No=0?-_Qz#*A97Dk+gi!-z$ACBzV?cRa=tH)zu#9?E$@F-4YW*iG64kp($&f=MI zEQ~no+i`|x#<4KsT+)s+D=!Np4wjNMuUT;{j5yd((m1o|u`uGm8flza^jH{iu)w5o zX60pJG!M*S&9f2Sn3l(Z^my|XE+~Ewl1H5T^K$>hxmm7=lAk#@c6*+3b8al}QSuAtX3iZYzjAIY9Z~W-=Vm4v zC4Vya6tj{1w5kaM=s)BZ%i(6GlQ&kv%_Jv3Ef&Ge{3buGrpL|HCO@sl#{FNp)nvGH ze5~DqgekJF$8wJ30rCtIrsxhPNAd@QF%5SxIg;-ijLEly$&oxLdNGcMrcmW$DHR${ z^GQ)It9#Cn@_m51=k^9pvzmU!{U3-%uc|%BTVUu>`Q#xz_-bQ=X=ZJ_<~=7IN;+R*oD)DlP0vk#}_>XDh`b(8P~8w@lXf?!Jhv;LGYsfcKb zE*{`bkFwoYz|$TtWtuRt2>(?$@ayCESyk#(iqiE`DN2_N;|ZE-Bpvv~-kmT>kCGn> zz@^|tHg33jb9L1la=CVxoh*9kdXFb9jhUdW#y z7bxy*7P}c}&@8fQ!<;golyLZwjLQ>nWs2vDWQ~=ftJQ>oYeFGpZJ&t{tuC4 z|JyorDs`UxRBJFd1dXfGrVa+TMvOAG=2jxchvSNO5H0N_tK^-T-GP z@4V5BKY5ix7AS;6>U`p3Ti8cD_AOWXR6a?9I2`*-pjYp-L)vBKDA&ul(ey&0o6_I< zP6W%5LAxYH8+(dBo5?jjeDWDR+>F6FN>J}8GsdT`X;i@IMf zI3Q=)2f3YdJ0I@cY}^nX*WE&6j$YonuwMkQ5DaO?r_*9n4q&G&BPP&>4r2!BQ}nrPLjrNdVWGmg1t86tA`t4wK({(sWfJ!IVDMs~q1g6Li?( zSIS#<@kxC;W9Qp>VwOmb>2|~g(?O2xI^w%GzR|TYye3>7ytX6ZVXI8WYvQAn*G9!X z!u=o!ot0_{bjEl+%*%_+Zoj3P~4`pDLTn2 zHl5ZRU(-0%fVEq^h!ibnl+|BhcW&+it(Qm1*(lDA5^kuK$Kh;ejfGe*z|u*(Yi@`d5M}y`YiFn|#N zt}kP(%h*#cpzPRF1jU|0lG*l@nd!`)@&wZT#PYkgGr#A!`~)RGhRWIb%}i(cJ%MyT zwfq?IvgLcO%TG}9J9)1BW~Q_Jwv~>GMcrbl3Wd zHY#cP`v~+0fBoyPvU?-cMrmIfS>bH1HwIH2L&(>cH0B-Z8II=^z-XJ}-9yl6+e**+ zd8V$Np0ykn)H`A!QazXZg@wDeuP;Vs2)op=U5U1(gnA(WV*)ZltJCErxf01*>3^B2 z+m7_{W2fIgNX963!V_62%z@eV(3Wz)0$&)|Ys40T+o==}c2~@z{nhqxZs1#j?V281 z<_a)<5_E6dwQHBmy7(&|tT0j-hIp;IMd~>v<7w8x+zNSyLfYfPuc4cP#YJPBE=rI`ce|cg#rcE?@@k`XWzT{PLgYm zA;K^RhR)TNSZDfl~&aJOe3fIidQo|R`n5EitjO~UDt`3UQu2W0wG z#hTLJ`dI|Xkw}v^KAk>8p^FViZFhp@cR6vVnsU;|L!raTHFl6vPBr8`&_s8>fXEUQV}<8AEOU zlDGT+e`9^qaiV(To(mf1BZM03`P1A;v8WK1C!!! z^~d{scpA!eJA=vLq`<`R05tJV&X4%$3BY`UIVIu>PJOr|n}r<(c?3Lv2nE5EL|MHz zsD#ZiNK96Uo+(NBI)`raVRKy2380#n<+TQ?_sIL%D(y@2jaF&0gs$+R|7wN$vby3K z`Q^Ea+nvQySv%gUkdxCQbCGco8KzQ|>cvvg6?o8!9}T8H1*dh@qmmA1OIV3IO6KHO zg|Z5qx;c3OAL9I;5sF1 z-~VS_rEKA9$#H?PMY{rLum$>EnQ9a>&8W?hYz+>xBH7%%#T*(R&!_&}7;aqc7~hTF z+y|{W<=lw(A=VKE<_oU8zmY(M^K z(I0m%B)c-6k=tQoTE@WEY#9RkZDWhx-l;?hRy8&XP896fQK1;p2TiUIdm7j0njk6-Gz>mduF8!^ty zvrauajqmpO@8Ej@U+kV8KjwROr;qf2W&B>kFO4&K4hfnMQJkKVJw~P*V^vqB?n&Xw zk}$beao<8Cbmh1~b$C0RmlG zYfatW<@19xlxp%Dtr%`|-f5tmBbrQTgVnNL>zXV0r54=1jo{ja8Txfhx_JPtqO;JR zn04!ED&5M+!q|IMJkBeRl?gW*IX~Tn^AB{={$h7+Sz~L;BJMWU_O;w@R^snv{S)^q zz@M5U!O$j~W{8pnUX(B=+KY0Xl}eFcWTl8ET27Ai<+dAja%99Va@Dv#&+JE3bAOQh z8UoiNLgyh=DA{T{-sqs2Yc(j2B1pOV-Z~#9TpJt}m>j4;TUIjZDo{rk695I?$2nB4 z@{pxmBliY`7I&4KZr19&jb|U3iqBI5df8dTG^|d}R&=(|b>LO4V9TTBH3_ey35X7* z_LP$||L@;QBodYzF&gaK<>7%spU{mNRz9QMPmFASC0y48Q`e(3af9p?`ZgI0Ikq%` z=v?kXM%{jl=h23Lq@J655v0lNo@5v$Pr^60r13_|Yetdm9F?`)2pfo^IMub<_-7h# zvxJ=6#izsG%}iXAe_Tmp6;{-VP4~aIi24ttN9p81wZaRAM6~MJkqsq#lWFVO;?HV4 z8E;+<#T%vW%0RAi@|}96^H04(-yPXDV2<))6y)YUAemMKE?rdhZpebz`40@{co83$ zO0^tctC)HqQi39I!eR8rY)V5GHa@izb=HmSOf$9lz^>HupCnt?H>n|5nM+tiQe^qq z)!S^OjN&IL8{Hz@e5qVEPd|*be^y$T#Gb1S%xcan$!0b0sm*tt&X!>RNCWwi`5sSEK1Ke@Z$Y$M4dPOKZ-HsqxE$@HWM9J?xKjrJZ={ zL!^;h`%3T#{3*pk2vegi?{5g~U+=?%8rMOiZbsB_U@i*bI&4{6H=a!j4*Kj)v zulQ}HfTufP7&Fq<%pBot*w=*X-;SuPb03Kkg}2G)(tBMfMQ5yhP<*=5vxT#~kqw;2 z$7rdodz^QpPW~d9IQ43v8CxGLC0n1M*uu^L$*jFoGt-$Z>%=q$+fNp<7+ZR!>0W&^F;rPAH{n)L0zSzprt=&ux* z67tCYCNNzzdU~GsNKE})f)+y;FT_rTGyZ!eIIu;d3(eG3#~)u;4NXZZW97@63q5mB zhUTLEb$y*29YqG4A0$ZWsJ=s^_h`?!F3D^)_%O$};i(TJ|^h4$v|Nh-UUpp8rxo{hrgkrfCGrUH(#BB7Po z4Xhlwwb%PZ%zolvfeap>Ev_~rowHd_Qn$=mJL=YqAvD#J#;4L62xkeNDE@%R)|_hP zW8ygHX}%Wcz>$wXC?urUI#reLKa7_AF|Dp1OIs4(430*woWu=tyZg9QuZw^|HlIw; z7_d*GnuUv+2dZ(TY5-FkIXi{qnRqg2@1L11+Lnrh#}I85iMHn|k`^lF7Hy{g&MnVW z-WAaCPtjp}ifzkJnQL#L6DHOCqP{5dJBfRu#wp8Ef{Jj8?YoLU>dO@7P{rJuco^@4 zqQ{`No164i#+NlJ$9ggy=(;H>2JJy4GUe2bZwG_tUupyC%HBxgt?Ywtp6>dSwijt^ z^YincWasChdvUBa|6bfOk^@{sA`yV}l`p|WE{0J3EP@vCL#vIoeK1NM zC5FFa#JyMB8K+>63ow{#Uc_4iBh8y=pvy1dtX|Cin=+qk__TRLL&q_yNaeXxnx~K5 zVn5|9j6OMbLDL6rA^yKrUr)d$aKrg?83b-P|FNwByE|>d39k@~z{`(gXe2fF zr;lGHXvR+P<*c@m&V|?JR=>*W_o#6f(JA(!YE-Lf<>-Zq@^ZTaTPlDn<9jLN!)k}A zvoNswHCSftxfk=hkl*Ch{K3YqV9eNO^J&{Nrk^Ef#R6+b5G=nLIIKw1&vc3OF|o+G zdpT9tRE~SmEBrTCDJ0r<%ulVEQhKrl>Q6b(>5XrLEY^UUg@FpqC_a{~_O@=3208 z=~cBBkJa7 zz^X84evfP_%_9|XPys3Q6kLhMBKo=;)0RQE#>_&xDX3U5+d!GvPbGGgXw(st8^evh zJ+v)M8`u@(2F~xRBu5c*qd*3apQ%9^NpZ9?W>Uk}k^E?RxHX57zpXFXw8lUged%G) zN?&RR&eoR(q5Z$m9s*yb(MtuV+>rw8o0iejtJWrxMbv+ zd*CA9bnL>uJ!9?~IAmWA zlUrwwTk})E&^_o1|G4?sLbf|N{+x3@_FziZY?bD5=VLE;x-ZhU z()#%r3icd!6KAv7mYwDQVpM^ZO~Uht_zu)q*!a~F2=mjco5jrGG&>w@B0o+9@jgnI zefRL+J^dF&#^7W6I{uIz@pQGRT?ADh3#Nq3R!PxK5Vvo@8;y&*LnOVf7E^@yzv7D2 zQy`>*WX(R+;PK0jDV|{-E@CIxGLsXYFku(5)Srb>INldJ8-MZ}U=zGTbU$C+FmF+* zVEN;`&<+19C z+sRddw3=$Rr60*Ih|N@eD!lXUo|S zT4?}G9ZXHzo-bUHQ?sAQ57SR>nxCd_xAFTVzpwFonBSlI^?@?xH>oX=ob6}0qS@V* zwWGme?;mlKHN=K}%KM<#StSZ6e4X`_yrvUZYeRo*&{(S^ zOC0n9;(pqob_D8r#2eQT4T(yjxzmE|GS}_f(9byN=Mj+^=v@v5pW2fe!!`Z)*v z0??&xydb3B?1DoNJp~#_D(J_E%gs_P(nu@tJ)Ma03i`!1RDC1NEu(KB&?GAfi?}9Y zo=xuK66!7X_-vuSvj?;8$aVms=-EE&R$7QoMy< zX0&O`{h+WOH5nDP14ffTci%U zuTWJvv*cXs6?>`P$|J2c5v%L$nuwRAR^iLFq#{chO>1|nALOb!=VvO9l{oP0_=r}w z{$7jnP0e#+GsRtidZs+=ZFXO1XE$O`xeNI$eanT6g+n}mX>INnD@9Mb{$MtqS?dqW zPoUu*W3Drzxz44Eq}H8#t`pe%xNiMH(s=G^5272L#!k^spQ8!Br%i1WqF*(iVbgeS zXe5wZEVf3c0%-mZ2;;-~6HQsF6wQ%bqeet3hOp!~DTl7C^i;if(BC}G@HL-K(6pi& z&eJ<^VnSEQvH4??*EG;L|C<902Z20pU%$dil2kCy|Z2b}<;_0;-G$%#0+qhfpoaBu2i!*!{S$2bK9ZZ6%M8`;(I zipJPq5?B;J2FdZH9Ai@UbRAb^Hu4}0CK(|2Nl1m-yhcd-PjleY4SZe; ze1-#a))pGhZ-LKp;IsLt6we_*2dCPl2wJ6hri=P4AN4|__VN^AJ8Ia9dX9^FE}t+- zl$jOeJO_TZfuAR^736#eUdN}-#?vVRxY<8ZGlt1k`09+^m*CUY3o<(;&sPcqxd=_# zB#NKKEOj~ce5oaT5eWzK3-hj`X^|ps)$^IjWftKKVcsQ3F7TKoq>|?tW`V*)5#n=% zG?kO$Bh)DDMb{8x`YSME5OC$q2Kl}wUz0t&<>{|lz?2~I3kWO2N4lp2nV9P$eOTW; zOkPSrK4D`pR~TtGuKbnjU&GkVOC9-5UGceO9lu7&Yl~cfj@lB${Xqr}rbGdpARN3} z=zQ$gE{}#|rF`=y($r+TRX{v^_ zv3{6MY|dNKv)7yuCX(%{cTl~6U0(71eDZvy=;i%qbH!H^EuXwpz&-)xvdZGMZ0$wd zkNPZIeXI-_wGXB5>u9SCc(`Vpq|a=Z~-bM2#4+qgbj&c%L>CcPV`Tev}# zV74wV=a6z#uQa1RE zeR@mZ!u-}DCR9sO>!F(7HmTJkN3v2r=Pu2xjI`Xy;Jq%)#oeN%p+e zJGL;2*Wv6XPoKl@kcr8KmV-b+mm`}cx-ya3FIgVD7qTOJprS>#Dj7?euWpy5DI}xw zVtNx7&K-7Tj!nOE-<&(_N2&YYxmA15Gx#Oh4xQ=3e)CV5ycl$vrC$OG8nnMovzfMF z4glXs0pWiTQxkw!jGic5R27qUQ4< zC4QM|sd=fK*R`EDnDa70Um+*gO7bz85x)c%_K-quLnrR6{2_<@rpU>k^AJLryc`=g zFK^`-CgK_guzX!FXil|qcfBAM|Ielb^{M$Pk;F2_^+<=&vhJJI{lurJ!T4wQh6Wq3 zu()N7*DAX!z`ju+gU8Q?$PM?UFegJn9nTFx`EgA674Xm-)fy4N%nb7W&RL@fDWDe=9 zq9qn4-EMYR&BCPK&92&`EKK^`?6Abbq>Em+<$Z)Haoiv-?p%83G3jDN9U_bOj#3;d6n^8-vmD*QKq$QVa-Lc4IzxBBW%oO(}tbj z7Sj&dC33beB;Bt6(3T$Vd(;kYn-w_J$!#<_Lj&~GclEjbI?c_&9W;ZGZ6ZWpNvGtZ z1M4CGN>g~Gw;EE#O0K4>4HRn6V+;5TaH7D??D8+-Ww*u46d-CZ^Eow$ph1?_k%RLQXfy{l;*^NZ#DC37h~-x?`b!EE=xlUTD&= z;1$UoydtR^PNYXVCP=kObwsaCKG3;@>a+JcWhFQEWH;~AUV>}LvtRPkRO9$Lh;$uj zaxJ+sEt3m1owzbFfLbCwddMlx%GW3Gtf)YnklG1gO-NBTtv)<`9VdW252y_ofSlfY zVs7MOMjjr9$!&zNK<)ybwQ^B5n8{ zy}<50xfN=gFC}oJKn9O5)cARk4Q9#92pXF=%E+YpkIYYz^OW{lg5r0oY+|m_yp=Xe zt^?d#8|X@|$I+cHwxe`8p8IL`p3}Vbv2+gp@?7V0XW7m`Pm!MQ<;<~Wt|v|KZqae#K-jsr+=dOCk9jca_{nwo>INLRAh?ra*8_kG}v)7&@ylJ zZFq#-b{QxzBRGtzOQVk!o39{hEh;r%$+x$Qb+j9CppD-_N-qiv@zY7e7A41n2jwO& zx9j+Gn1#QB9YS`zjMLG63*vJS+JpFGqJe92&!)z?K6~Hzo21!*UBxlpg9JBkBGZim z89YWL)#8i!)6;yF=qe7crXF%(d?q*s@~lF9fK(3AuTn%0wGaukL4Vqa1`4I*)u0;a zntY*pN>}_E`KY)Lk!)t$gRMt=K3bsafrp0R)s<*bkFIBm=gv-3FNP4lbl~c*6CP+DrJxDg?Y&Ko=H_?@!lHN9`gJX|{>N^axJ_TS_k`mRiK`z&Z=^>O*tci{L~vbmjGKh~el?6h<| zN49YT>W4X z9xLV^g2xtl(F#$PqG~z4$oRwX5;~sPu`&bQ8k3F^Z>{y@y^7HD#>y_;Yu_| zF=0O*mnM!OXAC>0Ks6tfEL55(*`AM98AEd=OC7Y@g36UFbI{#dP`Q#(gHH7axx8jB zOn#M%`D+3&*DW`h#+IiQg}lZ{&@#|MkNm`RR@&yt#7xEwXR!hNN?j2f7 zhVeP{y3rMJ!iQ-XJPi+oy3am0BHlAW5I=)ZmWcYoXzHbs5wBCX+{p)Ogy}BU**pGD zSfSn%R$Tol5@tTbklYP-BsUAP;bFRvPukBiV)8~olUMV%65oMvC&JC|5rIm&Lc< z!GU7uj}=q4)rIpG1`9))_)7pl`!XudZf(33yv3HE2YT?ATK-b<7W{}mi@!YYWPOF5 z&ZOUrttxwSl5TQ*Gtni!EPg4ZQ@#s`(OSse2d&$Q*1=;7gU9yq>C-nFJT|QEoxF>Z z_M)duzJq98{rQ`bMehc-O8c<}F?~vCAk;TwesS66kD-@-ivrczVtyS86Cmg#sF1-oo5ejiHBP?Z#nV@-xGApTN|&wlTAe0bLFx2{^)t617>;cA5~ zvoM~v$%LhgwY=kol{!BdChwuzB(I|!BU^34IzV=4c`Wulyl z43n==^}M$s&A|MhasJa%|GmzCdg}kO`7?)6d*F90*lkGie${|*f7PX(B1`jI+RcTu z)>x5NUsFt<%Qs12{%~J+dKga7S@n>4VKJ zh%3E4=wW#ma!g%v6qGv>hMek*(pT_uV4ubmx`b_K7`Z+GD;DQqQ&cHzigx&v6A0Z?7&f69Pk)G8%L0QPzBnt@$wV_ zONOm1^YO1+xdq9Gh`AZ1DO)!?G6giX;_q9o_S`s(n8 z^M@y%6b{{N>PEX8S&3MEt@wcJQxRhUD_IfDHQt=&>FSFY3o@B+Dpi6_rQtTlO{K+~ zTUdD6pk4Z~UWJUx#Nus`QLi=5IdzWWwQ*-Es4t(l;|lOvA$K5T9&LN6{z(n86Epss zzQw?l|50n~#^7nWi-%h+o_v`4rP%|!Z-SQo2!1Cw-CMZy8O{bQk{rZva}}IA7AzXY z$q=oG>3oTj~zi!TPOgRx?luJVIf8`%~?zv zHO0RZBBh^|Vvr7?C6&flfiCu!k~<*RRR6GRtcQ8}qL;(<{TOGu>{)43%PpvT>!MdE zs9QnDt3ITLTTsu|MNd&skAhB6kkoDq>fO2sWok)(uYyigkko7o>f5^LsS4^-&`AoC zT5Un|w=UB9O#gfZF_FmIM8bj=_@D&}LdDM~2V1IoUstk}c6Z`irR#P8y^0+r2d1d| zJ+1vpkBXm94oia;dV&@z2xUK?970fEG<2M^{8X2nQC&8HE>=0Nt8SmZ!m#sW0u$IX zAr?NjsCPC`Z=#)qLne_-FS_kxu(Qn%SoqA1sxLkh#f4>mb-%_n2$s;@jtDv8YzGa(+vJRYP9a9$?h?$O zXX%_hmIvmQ5|};);{<}*Ft76`xiRWses1cI1adR%)SvhwK2M0^&rtzA%(OnQwi{~P zu13{{Pk&R!H|af>a~Is*1k3&;6|BBpqEt8pSNxM?@#o;i`XUz12p)5ncXtv)OH75yK)<4`pNp zAb)wRqOAC75fNpixc0q+@=)FEkPs28-j6rfe79KnUedcNldA5jtYlR-{V!FswRF37 zW2}xE1FV1n+U@Fk`c7@8ad;`K$J=Fi(I#E;GS9$}g^Oi71|xP1>d7;fkh3#$ z(d=aN;SlcT$uiwb%sF-|N1F#z1~4+lc8c0`I0%a*EfzEgrhU3YFGfh~bmjoimjcWI zV15cP2Y>}Bz#Qs7>@Cghndv`EeE(UJ5*1ugCXwquV35c2Kef>ERc`LC&39ZS!&m%8 z3W=SdDE2AFUHZf&{$_fGyslStfivwDeL&SK_D%D5783V3jGAQP#Jo z3v)1M$jT&iU>C&&q8oFs(s8GI{mkVYOo{4@_QjZgKUv#cq5`QCM*m2BG-P0;;1uT) z@8(L3_yMAhxl3Q1hwTmDRdTa&U{}d8-{{YeOw13oq2(x*n(e}zYKy-|wBFiCSMq%v zT(|1hqTr2umPI6MWI1Hcg}z#IUMOabNq@RSr_4ggP00p6jO060Dcm;=BGDZm^6PD}yj0B}+YFb9B1 z0g&_Vy|yQbhvOf>XUMX~*ctSI2k}fRmRH6r@fGlr|^UvK>)NN&z1ztNIg`YP%7vGl<{K2gV&Q=!XC0@ZSUl}l=Amy>pqw3%JE z`ApvV=9{3EBXh|urm9*R#@gIU(%2lV`6eWlrl(B8x_K}do2*oao5&+dHqp~KogGd; zL)9>~mcQ&Uq+YnFA9rTstQ#}k`?sr9mMJA6p3=C#Zrj+}MuUYfrbLzTnv2~y zSnXn`4P9!5&bsn2i?|)F+B>l@Xx>0R@oV_Q8$im^Q-L8gGQ2UXfNXTjponY(v(4>R zQegH+8eK|Z#~Qn9DH0=f0%chd8lOx_EoLt)ZX>SG_n4Fn;+UqYo{F}Qx~DWY)L40@ zFRa7hmKt~-CR2zgej}x*?Uo^G8^vJ6QB)rhrjKS4aEGrF%BXhuHQMt*TBF*fypmTJ zb6W>CJO=~NstvSHb^GQP_+S?s9f#r{np<0~E8eaB)x+McP1TFNTYHN~yj%Mcmw31K zE^p`E+GxDJcWdYMQty5P)xqg&m)U#eDSMALA9EJpg=n`i=kT3J+l#Bc-lP4*)jsdh zCgJLQ@6m2zPJp{K+6K(wZ|Bi|;p#%~(I(*PfcI!$X?4(hw7<5x$a}QyyPDRD_J>!~ zYSB*NYFaPaA6!i%GYa7xvaUqqx4r){JuVN7Quk>?aiKf;nSl z=y~qrMYw3r2#y-o#>;L^;8{;7*4a-eR^ti9y7)0-wQK3zOsv>A;u;5eOD3Sr7@3MW z`SBv0IA;XclGi;(*qJWu7Wa9x`@G3Mj*z_&h`MRSv9U&@j6^*aCdo;_rR69UK-beK)W5w3)%0vRq3C(dVb6m9{a6a$8@kNvgeT zPG^Hlk%iU=Naw~&U$;8AP)vSI{b0f#JA00SH5-vPl8Nb2+gQ1OHlMyVAK_g@KkPSN zpJK~Inc4pAop!8c)LOZdm$doo_f#zHp0?%F)r=cEo3R`XuU7qYPs*CtsT~~8T-lDL zCNZ7Q-FT3prrOnF)(4&dv5$v3TQ94#+4N1kEUlCSp85DZHTu_V;xd|3rjG312onv7 zDegYZ6vgCHS9RzqVeXAo#(wmJ=1-}$w9QNv8$ZM0Z+u+DxQi^>oYvNpIKW~&q=sG& zm$1MiF8O_0gsl1%ale^Kho8@2kQv(CYaG2%a=A#AK6Ptn8|x@vvaa2FqPTTICL^ld z!CUhZ$xdqcjHST)(RC&`Q;zzKhWUEhFvmXY2{er8W#KKi|J?O@nXlJ7o&YXSQ>VO` zS>wNWA~pWYCs^Z`IOb3p{!1AS=$uP*7l+4pD$pAf|NZZ6pUB(bL6w6V& z#78nUz1@)xJ?HW3F-qlPt7}>Yz3hs`o?d3*Jim3(#agk>*ZKgSLHsRAD zgm>?>)<+2ym1~=Wag*S3NyrPA%C{kVt+%D_-f{dx>Dk|c+B3!u8Z73 zO7}Y;Wo}(2?@ID}JW=D>xT_1i=Mp?4-hB=3Veh``$wXS?J+C5Qsdpd6OF-3S-gB!^ zUFkd3b*kyU)QB)AI33H-E$AQRoe( zuEg!9(28Lb>vSHCu8=#}_)aNYy5tWe<8iS+s^|{X8Sp1Vs{}EEzQ(>@?j~sG&N9lN zk>Q@Omn~r^{)l)TBO`YonN!!CDJ1W_AIsP;Glm6LMn!!P7V6rFGCUN2LU^R>%*!o< zcIFN&o%^lFgHdu0JfTb2%46))kp}~x;_gXYR>nKxo|la)&uAFG(3PiHO#VzEwJYD* z=%32>kQwQpnN2T`UWJoA@mzk)DEZLP5s{~o%7jds2W znSLI`?;*8^C-0>MyF?Pbd!8z+FaLF)kz3fvD`wOFKb(k%pc{fPn_w%P% z?+N1f$ze0Sf^GzpH$$oer0L_25}Ih{Hv|4L!8PmStP%@GLQ=ibM5EQuWSvQG*OZp6 z2L}2F;EEDWQQ!yf>g@>Hg*7^U-{ki)|DAjohtH_GARm7ctZkf~6u5S`Vx+`&twY%e z;yXw+`JN1>WltDW+5+lY>kk8&PJq;P$m%0Z1lW_sqehMqZDm|f8o8x`l}r>o}|CXXhgR;siN`S{K`3hmf)aN(eF;>bi7E)7vEldt?7^M;hDf3sk> z@`G)_=HI2ui0-7+s#j~0VPv%@JKp~{SkfjZDKa__CocQDlD`u&u!u7?i;{oH$`H9Y!JU+%&b1Y;*;MPEYx{fJ+%S2sc*ybyX7h?K!@}N$eYR}d-|O4yRix_gjYCz` zOWGLv`-Ys9HQlxLylo=(0UrOHOvs9O5PyndV|g_CvK^x~)HvkXzQ1>M^z;v?{xnpj z=T=`Cp7aZMhIt&BRR|G4qao{C`7<=mOIH4w0vx7s%(5{JJCS;ocZa)dg~y$Outgru zL1=kv)vHMswNLMSieoYrSSqhQbz-TpaXr68Ogpjj83o6;;~nD`!@%k0t*8awB z;x7RZB{lvQk$^U0aR-c!Al3Uho+gK}ip{GW!FHFBI|Efpq&~V8r&UMm5M#Nk&IvhV zi!k0Qj_^z{PErxC)Tway*undR`OO{8|dRdT<-V0GiW8)tol#SSPbbeKSQn4OBNN8yNG98ULb-9i3G zkpEDb23*2rp(@5ebxk>Rk8+nndxD$iQsW#!-Nl~LAp@jAD%daL+s%);XHM|P`c()| ze=MNqcH*bCkJ=7V<;>AY%o8o;C(j7KVeiJ@xGLqy;&sQ+rNhjobY8^yH^rRZD22qS zoG4!}z-QW+IRLyc1(@S~E@p>zvm1t1zfc>07G_}I)#v$0m3u{+*c<>}nF7oK;KmeS z4gfc$0CNC%RSGZ%fLEsgbI`~bNxw~f9I5_t#mfn`(R$U#fdxZmh@2KQh`$I~sKrC^ ze<(O3q#GP9aFPw=bnY(`BT?__shw9!yOvmg>`2#fbbjtm`i+}Hyds@K(Ch$*&#?1u ztPJE}Lynn?4l9D7Kyq@9+& z(4MzLGE62c&qpm!>2Usu%CVw*$&gc>n!FBA>{B#_X?UVS=ePoa5Ej?n0KW|m#(yKD z<)dNak_-IU;dXb%-_h<)m%g&*tzu3(FL4LChD=CDCics`&DhwE`)Wqq68|nfrVF;6 z)tQ(*KGadP#3-6}6v55GU@88yQRKoaEZyZHR_Yf)TRpK~pOe@I_g^@D*O8d9#aU@C zNpC37tfF0Yp{c*x*HFs+fP!K!wRdOEj9`y-#vb{23puj~V~`sA8P2q#_v8N1q8qK^ ze*+(@NA;bfsdu5Ba(N}$`RHyDfvWj!eBioZ)Lx_XHAF%O+n z`2}0KS;qBePPFH4`DkvZB0`z>PhKys?+JqD@kE`L&%wAHYU*Z%XhrUh~V zu&Bwuqxqhvxnp}RJzrm%w^DCjN#nIoX>s%-z630z%^qld0l6+d0inN|JG3>Lz9`%ZMI(DGv7Wh=gy~9 z^P3s`vnK$03-xlrSXI;P{N|l$%1kqH2EL8-wHgUH+-smYvNj`HnabyjS2#VLi+>?Xg5oGb{x>-7F^eDL z7%hxd!bagDFCFu4NyTKMkFcolnOn+Vhk%{fm!ny-!gaJ18TmM|cjum#xwG5<< zZ|7Sh$c9!C^ZksogM;)1NkJ|`ab@qPNb59Q3=};TCGNNm`-}0P6s;8W>!?yMZeXH7 zV+u*=hQR=xxZlY7hXZO>H30ASbFks>0)>rpT2;la{htCez18#Bl0AyK-@`e_(iVMP zoDMH>I@}lPd%!b=VqSzruROH>XMuB3!zA2a-FeN2XU4LfCT{p#`FiTb7t>*75oZ_g z>PFXZ?BDS1==P_y#}t?Gwg%i1=RF;j6Ck;LTS)rY-D_IK_fP4buWsS;*pt80Y=xJ1KZ2<_(Q6w)pwA*~; zC#X>rVP;c5VEpw7e?UUr!I6ZhUIWD~OE~4$xT)!@)=i+fqvk%TLH!6{lV9|r-*-lF zJkdG@d{F+F_E~5rcz4eq!yDAQK+M?AVdJQEJ_lg3TXM;`J{kVv*xs=P7}!*fV?8HS zx@(Ont7O%DKp*l%eQ0K@XA-WA8lNXuubu7Y6EdtEQ#gihTkPvP#)cMk3~S83Qhygs zK7=7URrXdN#hchnJ~d9}avz>I{FQl3%Xusw{Zu;fQu@MU2$}U#HrZpkG;Dl3t$_UO zuEoO_{ss7+tW-x2P(HW7ZpTUfIq9~Ny}CAB#=nF!y88;N&IC}fn<)@P8))j@zNlU; zp*c0qzSLKHVWuKhNZtnP`D5TN^8Jqy`G00cKIXD*VJ;?HH31k3IL$i`5<_}IU*r^S z)VnV4{|iCOODnIX7F~*Zm2m@enmZ%ooOXI8eyPe-yVQfe0^ih^cC9;@ewO6n;!LXe zN{f1w18u&nH4N)mM}2Pxc1Kj~Kt>k_GUD$OW`|pPYlB_uKTqw}d%En{N-{vuXji$m zEKp~iQJQkCr59{al{x+Dj-;d5p`|Y9%R7ChIN0;hjezi@`sM2<;6QoE$1-Eq_s-i> ztaZ-k8#Hg)OC@GOqujIQw0zvHSVE>W`M5yc_G~$X%Qy^Bh`(eJ_tNarp)Hc2XUk6A zVdKt}9pKX6(XtSzbNEFkNb=g`?E28M+|`?M7|n9?-X4xcjfIz^Y=n-k{swJ&G0*by zH~ty(dbG_=Qoz&?x=qJCUi|#-GH9nUDV{ ztkQ-JD~kmfMNq-_6PRma^yQ$dy&#j^OSSpF{ARl932IZu&c5Q%aW;;YhmP~x=euCC zy^v}ZFh2GiLvV2sTxR99ACx*w%-c^}c>kG@soDycmJ+`l0ISzSO zI;OstE4G~w8{5@+X7rM=1^#@ruDr3O7m+6m%2;1t@zAj>jk=zQD~~*lKNpQfXsk>O zdZMb`6YcmcEy@OpDaR-Hr4p2sApQdZ^_ou=ucBo2?eR&(htAab4l!pNS(wZhN#OG2 zYNnbj;1A^->(=<72*=j;=<5mqndQKZEeL)WI6jyU%%j_$Xm6Y19?KK$-Xbi%3v*}C zp-!aD+-*$kx1L?xLf)N7weqzaZD#ovu$F3OTPuql?y`Et#S3d%zdw?^n#{ep!3sfG z-OrTgOH0csM)R6Ma=tMRFaTCvsnya~_=Jy=(&7EXr*pq66W$J?- zrKvkysgt}H1}>ypg3LL|d&wkkQ_1c^Ql^T=78Zg+65+CnOuAKV39BPM#LjA2JA4S3 zn*{7K*1w!YiZqy3anDdM-IS))a?glc-_-P^43+(*YVYbF;hB7xKY8PT0gkrP=a`5f z>qUqsLUTao_sa(g`Npf-bs(nkF(iZf3r+|Hc}GSmYq#jhXQol5`m&M}AHyXgt2kNX z1h=4#2#MhB5;;S~02+6mRV^lAK{6uG9ppZ8c~lR%|0qeOR*uN2KFQNtp!Wm%=S zwq3sQwyE63t}6?*3oez5_n0qU-za zy}Nfy>Ly{6&_XETn$3n1Iw(Z}#e!H6u%XznUEK{9*2Gw_AYcOp1Vj|RK08&v)<9jA&A*7>}4E*#Avts$1~^=IZoP24FEx#8S4wP%NOEAs2GNyN^>2UU3H zldsPWCVEJVoRXuYnN4{h+KM?vcM;RcqyUWA1#BGp4OK;b+o6Hdw&wv92Qm1xJFq}v zKIAJ3C6}S-&0vh2EOhirCm;)vom4EL)42kCY6b@}d{-Y7=VKU7gD6-cBa<)^vFr2V6?Inr5MHT*vs}+?80XMQ7CV)o52ES z#NPp>B?T_4Jg~qSVq-DDao!=d>UvrdkjzElTMd6808{oDVS345{Lm;}$>M55nS? zvzOxMjLh6`y(%NZzW%>5^L4!s_nF=MCX=JW2<@cJ+UNK7- z6tkr4e`=0HT5@bva|B*6-7sUr@ghUU5~L;GIs8|{7!DfgLSH;M7<869&>)~~^_BRb z;QbEH(J89f$N)8#o1V8t5h1J*Q&R_1!t5V01c3Ua#3y4)j&o|-qw7JJ1N#zT7#7MN zSp=y}gj$AQI88;+M5ANfiLRz<$3f_qOfQDCGM)&f8qw_W#D873uR|4AWjkX$k)22G zctYy;cJ0q?p3bb_xD+H*Qr!p3|3xUlVwzRvs$ZiFo`5ol&TY|EC~7=O=+u99BBu2_ zk|YNMS6Yf}yhD~&VADiL>=MP`)I=w7Z(QJd8uTooC!NIIx)#gtxrtVA%=6n3Jg|#q zA~w5}^3@w?Tu3HnSWKb}2-$uu~;k94U%OJY_7l+ncWaWg0f@pB zG=?sCbGO&r4vX6vdu#Gx3%4D-+1N&DQwavEF|da9jI^G2H0#fJ)bmM!lKTc}9lNGL& z!k2|!mi@Tp$XOe`I2@8iQH&^Do-%DL##pTXXKZ$J!nvaRD9*#HQtA}vhx2V@dZ@T8 zS{yF3v8WTm-a-sioFPe>+LH9?cB&}CWm63H4&~u;>`f|Hn@}79+6=jZ6d|S8E^Hw~ zI2^7yEnFB5i&ne12(Ll)icN4f6se)&*3nMk)*`^ts~AX0xCooMDv*eHbil(t1Y{tQ zJyM%?vrw z3(s8q_(%62k@}tRVqmk-zDo`f58x?w5yp$O(; zGIc`#k}-9<5=3E~svL+BlhzMId}stY4-y3mdek?O@d0TbyTtOU4B5`4@VsDuuFM5h z<5(2bl}YD}rcrqXrD4R{J=cLTBl9U|n2Z&pY-$;})R%6bof9lF1PrP+__Te8f;PJ& z>YFr>gcvU89t~?XgPeqNgNgGfa6e%P)N8gcL!4UB;+41 z@KC*2wHRSCy-8Rb@rJONIvh=_6d5k1?uTDb{5s&r}q6!+Uu0`d=xeZr!WYF*6pK_Yo9t1?)1J?P};NgEg zl333iQwC^zdu?LU-p`sG=@FsXH!kTacc=${gEwxYkZ+{*3`I|J1|vP4!3YjTNmD9n zk6L8QI}*VCQ~+lyL7*s6eq#MLBQUzUf$?I+c-7VW8VS*Wom_hrqW;ydwMIQWnfaDA z@8RIZXKw)8SgEV{qMoNrR9I9P4);mzYQ(-5b%%nFeNji0%_cgDd*hw1r%BIF^rVxx zTbL6>_cGs6({e{66UlX^CjPKLqaDE1Pz(Ff4(MzLJOE0CBJDt)k}N$;is8_Vq_C<5 z9lhyV09`yskS%M1nq_TYi?ZU3m~cD8|2&>@H9wqTIp1MemDzB3(+x-F_?_gYr6G}I zBnCcSLxy4)6Jb@<7j!1*sflF^9Sg=pf2U)?c;C^nJmQRrIOSc)g>_DOSz!I9^(S7l zO949p0~Jfnf8NyA&sF0i>R8wmV@U>j`~Fk$3N2=5WN)#r9~QAS>`Utc3|d613eOxo zyW)v$^!`BUkXlgq#YBy4hunl#DAvwrbN`%JWfupWU?{{`;5~TaDoxl`!Ao9%LrhrL zPz%}f@$9!8AXr-K4VKj*4VF%G%Dpm6lA$B?J1xH-hcDQ+X0-f%wP`hoUO|FU>0{y;Efp%1*dog^D{S-Ck^{O#% zE@r?`D^LNWCag$L3+XrD9(LRLMX(n8AIyqW$IU((IsyLm#m|exp8ppCsEDmpR z=41-?>==lBUA&! zp3orDnuB3tDT=XZ!!%P{I`V?f(FjO|&0d;Z-FP~l_4wV4--GzA!w=hfylO{>lN2Sw zM25mSsWnUkm!)#qk879=sV#}{W&H&xL9Syv$5Czda42(9ju-*!RUE8A() zk*MU0;t2!eGPx+P4XPJx;*L~94M^FoJV>76vA-g~r7T!jape9;`qOfdSs2NNu+JgO ztJF$)LE`O{nA|g_U51U*DlDK}zd06ias9?C8}t#dLz%H$#6A=)lO!VV-(Uh@tj@%S$$2bH zj>vZO!O>?w!{pVIY&^VnHJY7P0~aI6R2)8G4o9T}8IBp23?h%h^BDZ1$HdRPM!O&f zTPXeUrFe4|P{IgEHUF4#;L3pbde={Fug&m-*7g=uXlw)7jDV(cnJT{9rFN2$BFvbB zpyfNYueh}OCDou9>B}(PLMjVRUi(30klaY-G%6~uPKDf^k&f8LPo1w>Gsv-%-)ryo z@!S2yK7J1L7HCr5~_C~-I_pu^z(XgdH->9!>i`O zbF;4$RJovpRnU$h5wVA~7LUC}+gWQmRO>cXvs8aNR6F-!HFagbFd22?G^7cNF%@tF zjs}i*uE+Ps85=ZY*v44}!TR@iv9828gausz=wj{jeNHi>0t2oo1%_Jc^}~q+53jS( zO%i^nCNMnYf~(5&{YOggDjTloJBChZhzc0obI3Y{<028JXFgnO$_;R0O>xqiJi_om zJ7dVl4sjve*!sXNmheqk0A3imXI~B!g%Di2nuz)zp5u+^>G7P`9nY!zgK%iO zuCr77;)h@B)Llm;sc24>EUo4xE%|;`q^0j~K!i?b9pacD=69VE$5t0jn`+@pGMie} zo?k1({>+9oquyqZAz&;PV+Yn4i(`lCm4@t?b4Cvii=D_r=at*g ztf!Gb>Q+K`#l7XzKsh=I@!_BDL)$9drR0$8yh`*!|hdi zGP56aj?mGFrV2B$C&8~vEKr5p{6hE&^*4x_RH^`?+6JY>Mcd=e@nQ71xgDBGS-z60 zALFD-NfDUw6xunb{`*q(-=9(cclc;WcN^pob=SE(8P+OnDvcQClF)nk)$rMnJ0DFP z!IEL$zETb|dalo9CY5RzJy1npWT+kXuohG8!zo&Fn{2d2KXr_D$9GCC#8P|A4q zFYU0KV3@-A|nv4Mk+R8m1*?c(-?wAZ=Y=Ehso7=%E9lH@EyD^{j z;aaYEk|RtuAz+*Wp%+sbB)f}BP+yZg&*2wId%_Uft?O!P$Z%7SJn zdts#x?xx)fFgIEkuzTYr$3V;52QLyWm=*O{eSzuD)0r7MJ$=CL2fx_5|EW^`wS-eQ zaRb`7v!#8@^#31Xlp3d8!Z909=@kc~XF?Azc250rk4epO|G&m7j?vVcFkZp+C0u^M zfPb6UT8y-|eb^;f9Ev7z8X70RQPZ$m2bIVo_|=@`v!_B}+y~-|qP^ui##a52db}qD zH^{Mf#G)Hl>{unS-QF2Yb;eG5FP5L3hBT0BNV5h~AvKV?8iL`%Hb@|X{qOU|(+dSs zJ6h{@WqKS{zua8{_)Hs6p>#{S_O{k^gh!SJIIsB(U!B9e#OT7KHkJFMD1O{@&U*;4 z9v6z8ig~sSKCo1R!3W1nvZ0)#4eb*2|5Gik5gnO@Yy zr@cPU^rFHd?e%4*7qBRwm+G|^;7l+qruOBkKe$4Xvcc#}*SzbS9di|2+^=qcrZ&_ZyXL|jS<@KLT zuRU2_e`b1NJewiBhu8!?xeSG<2G>CFiP^}#e857Q0dGuVUHZFo-`>>+2w`UQV4iVXNk1?MZ zYz5Ger8(u32v^KlumfP~t>x@H%DB2`dmt+l5HasE3Ujm+0!?5V!7`;FPok<@gZK^F z0IrR8#q&J0=Xxkw=3L#qKfG}Q2gmuaYXtPXAc_4zY^QU#aT4F0&u^TIv|+_U_#QyM zdi}K+y5dAz$|=VmI|3Klv5^^J%4JQt(H;TQ+71^X<{dtAYj#Ock>v(6z7B{Gx&Bzt zF-#MC+0XS-k5&sg&`v@QUS5e=GfYLn@&}Sm?qp*e(CXlLv2`;1G4R#PaI&Lk$g%7?Xg;nqI>9gAu;xVd?S>$96kfve}Lh1C7N3Ew9qE@y%(uPc=< zzQ|u{-6)ZtaRSCEY~NL;{?*wYhPV}bu~#$Ng?qE+RWlnVk=5%LEtXdhuvN5u;nl!LN38GQJ6`BTU}HOV`w zEO8)`+=9jRQ2X?2>%?%^wJiNwni%1_Dq|Z>WV9o{O4$QZn8TfldzK5ehMKD#bflKA z=A9m`AKWiOd@f&}lB3cZ3D%f99gGL>XFmi_Y^WAPBTb}J#KQInDa<%`{UO||txs8m zS75{0X?RJD!iR}N0h(A9;d&Nb52NehbY&evRXPIix;+}O`XmrxC>2c{Nun_%qHpy8 z$N0O^@C?8Csqtwtw2p#bO=~?#M;W)o2hGH!wHs8nuOpXwdoBhyJw!W@h@(&Gg6 zf|VmZ39B()vrFl?kl_U^)NfwkD;-~GnC0EPzDW0-IFgH3?7ME@r|9-bAHjDNI$|A- ztjvM3R4~7F8A^)oD?d?)-Ovtz27(`htNI*me)-I&8FOKl8^yJ0d<#JTKQ1ut<^`ff zQXlpF6mEGH{c-xN4voRMU=QqR7!SiLKr)5EEWtscCZZT5F4Vojp06VlxbK>Ii8UaU z50wb8GAzL>Jd+piGmr?GDnbzz_XG4Ka|A-#$FOuy*Nw(w@#38^4DF^h7O%Rm;W$3> zy$$0?g06o&o=Ztk9mlm5K&0d~=Xe~e3WoIw3Sr8~%Mq~pPY%iB0S)^EK#||nj)MG` zpbR8Vgj>kOEed$T)Fuh__*CS(brN105t3~Nx?D*eJJl@2q(^h3&SU^>1`kx#E@^|vr}ReLkyuvlE9h_ z0Ac8_+)HO-^PdN|K$${-%b(6Bqdn$1c!+e?x%|cz4heG}a6NfGpkdqeL%y2Y7|4Z< zB;mvbaH3o!gFvLy&YpAhJ6wJ5GKQB zo+KIe#c*WUBt+Px)Z=ewg-tK(5&(ovA2Uf8H|$ICzK=Ya3NJmG6nGh+VK)F)AEhVh zgE~dW61$O(B3F)v^EujOlFOXOOc2`JN?N22%%HOqc z(UaE+ydKc7r;~omOr6LlE9h)fP|-imOGOXR*)yOjdz7h>GTj0v%0yzwL^{YMAH^|HbgCw05{e`VtXlyf z6aBN?9hqjsdml2*fftNZ3A`Q9u;&6QnJ$1#ms6&BaH32khD@Y`O!85DP?k(WktBgN z9{@7Z-%Qdyqn?r=T~F@-wm0!mQ5V2VPc8&B>_vc*f2=D_l0vQ&R%5 zp3=)&3;p&au+=I7Bb4u5;9BPE$|*dDDMGNs|l|L;oyyC$H{<_ufQm)RXtaOHV!^@IiqO0b;WvpxcgMjKO_z;lv|w zq-^{MvXS2OHShz7C_LheQX-Z^L?KKHU6N$hqW}<;RD1D#jGXqEkK-ZYX1B3Oz$f6N zC!ZAf6rf=*2Xy7cmTv7T%DDoLl#}F;lavrpK8vqN3CJ`QiX;iFrvV@u{j=PiG<*i$ zN+@Z5C+POGa7iyzSS$JcGQDvXp0O~-oX_!#=K-4NB<|L&7>8Q3Idq4t+okvYAk3{tbO8c5~swG&hmY<)dpI5H9C}x^(#1 zi|EeRE!dJWYj)!To)_@Flud4Gz6N2!sEss=Slz^7RxH7@-E><_7^g`!nV{!dO*@PW zuf=z1Axf+@_#~8gkso4~CL+rCt90aKH6Bpb7>W?~KsifICizS#RR0TW<*!L$=ogfHd_kqHzAG%7I_|7HJ0C zAn7ztM@uDIjwD)cVBd)r$Vjw+O0?1QMgpZeHjtQ1<4GF5tqnfAwqgql#`(9T7zyKfEHN0J~QtBH|67RgjV@w zZGb3_;HAiPWi^a~tDI^nFsF&XNqQ0}V28m^Ox3+>qjz75#55I12$0Ik;i1MT?H{yQ8 zK;}Lwujuq|*f;;BQzzt`T?A^_)1g07VyUuTdnjEI89_Mwg=2R_0( z+7&}P8~!ul-?$#K#ZHa?h}cD}kKs*Kl&Gg#$NzC7qRjcRcxP@?Q_K5)YYAj(dL1mv z#08ed%NGTd>l=*p-S97MVi+iJY?r1X+*t@W-h2~yi|Q-B^JeEY$JA#{mRpQr=pZ`Y zjQ?^A%=4F(sC!}42Sd}Q>QLcJ>`x%I=!2XCq|o<7BC^E41WQdwT`X_nj9O4GLzY#1 z1k>{_ULPqkeTL_aEo3rpb!Ad4x=z`3t|sPDRkU5W1O_7H1>(iCMc&qO(=_!? ztls|8OnLof%~V=Q4S-)c4C(mYD9G)#*lu|V+T5l$k!XQ<*DQ`$WFp5v7RNvq#{fA7 z9F9K4(Wf}RrLqBW_Q}5PBhUv~cOi!w8CFT_nYt7-H|=l$cZpeMEHTR)nZrv=bt^Tt z#mc#tmORM)?|860Wbrr~b?;DU{0#duq@L70s5agPnUobn>y3Q5iDfuRM&J=Nd^tI7Q^;r=DLe+2;U?~ps=kMqRZ&BB{bh8oMV5JkLb zkpJ62-Zt#7!Px!>K*gXsY-s-mZ-)IXpsMw(eAYh!s<9C89iO!c=n6wkY!f)Y`JQg> zgtFFpl-aR~eozdco^s573*;2H5^Fc8Yfg>iHf{t-7cP!sLtrS=vwwUbicI2PAcQji zF|bSgfOq>x08s=&fBkQ~WBckkAdJ{Q0cm20V$U~d9Sw%tMCYZ$+Vj}cm3>Rb{Nr7cdBb;+Q6e#*wkxtJcw2HuuiK=v_4iCKXs0FL3}nqVmgGLY9=?RtdTW! zwq>_5Jstu7_&uOf%0x$xcqkH5j>2`IIT5x2nU|{b@^f7D{s$8fwtiQD1uWP5F#xpx z12<^33Q!LB;5FADu%CuEQ0_d7eTjV&SR(@}32EAYf{1OIiqlxFZQR{Us!JWhR`YN( zHTcr#s8Of&I5?t!><1xfLQ}_(uz`{DPa)+}g6grVsIsgjUIKj+le>CsN_YDnP}~r* znXc`1dl{-5pNu%=VLjV|=Ujwu*jVp__Svwp(ibZ9q?04Q7716;+1BBXs>5^6IsV4? z!Ba-^&m-Ifmj6OcbP{(9_8+3w?En}jFmSXZ2(n^?VLySd1GX3BIC>%>_QGPm4|wAi zm*Z-3#0p-hiB95f%_T<@!1lwVDrg7rU~^zv&w(6?ZLPu+=MV7qEZ*>V1`p`*8iOFU zLjWqyUTrwyj3ERLrhBcGAY%D_9)i_W#Xm<}m9+7a+q4VxB$LqY%98RF@-~6hN2qHX zbMY|kJn~%W!~>d8(yEWWmKO!3I?Ks^j>*ryy#vChKC=||4UI-DLxNWUA#}Oe<6Vf? z(s4aM!{UEq81Evx-Uvg}Nd96#TtOxY8gCB~Re)AKt%`v!>q!?pxeo!+dx6o@ldxim zjd3OT7Q4nlyP#k*s})u&CuH`u$Q z_9SP_x73g*H;^%BU4mf&4z8qn;>r zL|)zzpe>Z}SP?OktKf&;#twK$LGdyqk$xwn#U|2TSpqQBfD>jE?~0Kbm@h4m z^%1^NyG=35dqr`E!F3VIsBb`#5FudC#I9jrNU6sm83U~!0$=N6FmMFQQ%=&ZaFYy$ z$_qB9=PpEvOa;6+a^%Q1sir@8PckYh%BBWNw>?AMuwALrFJd& znCWb51~0Q2lkv=KBZ>gn&YlDQcQW5BTA!<_L;`jLhbnI)Jl&k@fmg%s2^bw{RP-v5 zAWQ6rnbT;ahC31AvV6wBNw*c*@lr$O7A18bg>$3C z5@YSmSQ3?XZ34n#yK0o$b%;Z%S#1;lF(tAzT&h-!+~!^i6dHAAF_LHjVlFx7bu;V# zeVjJ!Gfo&i_Ch?eOS?CtA%=v#L69jS<#XGF_^{hk?K9KdnI|!+Q@uSK1rF=gd}D8o z0@{SlB4RW<*@;&FraK}U&SF0+q>*k7;4Bid&KZq;AgnH32-dFP;*`z*=kjjZr@YcX z4Ry+iUTXK1a^jSMeaAt{fy6--4M+Ui#0LneNtVLVl)uR+t;py!oywM{H}*p~s%BN| zjs4Te^fXDj^6iskK>EWhE)TS5sSqGX2!mianyJ|ZcI6EMrB{pw zK=qN_pWlf>1*`2SK$2g&HWul(81*c10Q{-T9gL@$B#e(jkrOS5sT`)TJ#82w1cZ(i zgFL8`hXPFu1E>aaUM*KY=*u?H1?WS0m2%%6DXD*k=HSA{gK@*eL==5__z znHR}5Oxg&nP~c1J9D;KJsvF&DS>imP4d(;s-UJkXp@s|Sk2wM21ckr+VYM8NhJ7I* zjI||6;65Q2ssUtq3%6DdR|4a?t7C&$5GZ`CF=7V#0*bVRBJjwxv5OKp2pS##Ps$ zy_Q|wgS~PuTuooc0(F(>Bs?(QqKiQiWqTUbVtG1%iII;=09<_|wx*G~nA3Y|D$=?} zSnEL2VtOVQW|WGm7gn*wR1NMo{0(x&AeY#^YZEV->&%eU)erGmz?BL_pVE_@J9(Sy z++0(_hxMiONnnL7G=qMw5NCUv`?e$%Are!OS~KW}%S5mVN0kA^&5<*bNHRse&Hb{y zBPtp)iL)*v8xmmSD^EXT18E6P=0AqPT@7Y`u&rS?2p93ie$ry-3LD{46AHlBzMP)A z+%!^W;nqWDQLqFzqXzI+9lys-3%GDwSVE?Y`V>UeQ&X(h^J&5UrkVP}JI_fy_lqNu z^i$nZjaF?giVQBy5jY>v@-ZaNt!q(+A7B}tjpD?WQ<9>&B`uayNsL}=4$E2-#P(SW zIs0V!_sR_%3DlF!i(69VDi(5LhT@BPCJqFc2vatU>S7z+iLTTouXaA34@&ukSp+Bz zp!LOFv^5r{`BIKhR2#oWdu)0W1>j>}0b!8tMOgHBlT|n!SbT(=8jfxEm|u*Sb2_yI zT%AOf=0>$qh?4y2Vybf83dBpC|#JViU*%F2waa*jt8GJ2waat9S=Td z5V#(PIUan@AW$Ch1+MIl){J*&sFo4Ac?QRWkd*mGUG*DmqpUyS8Zz6cYevxuK+U-C zUsTTMaF?W)oUcSGCawZ#V%nk|O#Z`pe#0j=lQ+---K5|sNkr`zk>YxiPV#yRPH9Ye z34tox+DrLr6@fpN$mN3qk33XOgJOwa!i^7c!*1)9PPZE0#uSicuPJDU+wfFjJzpBG zhL|Wx4b%8M<1gg!5sD?akq;Eq3-M{#*T{ECe&&paTA>tF@#ZKYgieo7``R>}9RUS8 z{T7_AOH(+UN=b*!`@#slnuO@Jug@U#+8s#LGPLPw68mj59DgCWA%g%L%iXco{>WUO zzilboj5K+MY$4o0sb@yLEjXDtx}YR>qaLCFiq2Yu`fZCtOOZ3E(90~rE@Q-7rP3xR ze(-$vBZrtqheFk_q_{qmBJe8V6i;skQ4m_{&ab`36d#4A>tFXL0jo+VZta;ZxBu(~jLV_o9sLkzVH z&^!#)M20oeZN#x$;PjzLpDFZ=b=6}XGsr}BQ=H+z(E=-RDUZfTp~le|KAqCRvAMcq z@FBL#XUW>3*ZYqatP-f<6X0Sm5R5gH3#f<`!)uG zvdwuHx^?Y!mhq4&wo(;Edh;!qlEemOnY9xNwWCo%&0b=9U4cqK%lKg_+kaqbdD} z6V0XkrX|5LIywaRDyAGuTnt_u$2oC3RXuTT^FGk1hFA*Y$h~;5^n^^%-cMS_&3XWD zHQ1NWEXZQw7T;7EvmXRW^;FDzQmKUZ>{N2fH`jvs=g3&6p4Ji+!p4WdMb_>f#!KQ6 zfF?SLyLC4x>_>sR5tnz2rXHi4TMW^6OPTd%Re8xbujH7j{BF6y;6li4M&B)aLM^3R z(qS*WGYfVmZzX%w_zK^CaDH(kTgvyWKON|ff7s_qzMk4 z7~P_~jcIL&-M@T}4ChlCA-7c$Dz;VCOB{Jpab@;p$Cd3*)nC}LF>qT4VaGOuLqQ@u zy~rn;(+=qf8ub`wqXU$Z4ylFGO^8a;NvHS(K4hoJXLhGZ7xr25A^I#n9a*c7Fyc37 zbO%q;3&$az!c*)JV;4Qq-#ser0{Pl2oR6Qz zljHg}*um<$)27cebUz&KiD&tC6)H7kQ8Zj^Pa)VBfUO(4y%J=RvuXJiRSWG9m-Zh+ zcxjD$$V^{#AF-hv2*o1tIgD@|43z;fHH9e9_C%#(_C4SZu=aH)g26e1*E1ZpkATTM9ZE%G}D>HLa`tDibg z8~d`_doV1WAlAM3N~M>ny@zyz6@jqsY%;^n5hRVHwUc)%7n569M&M9Jw@$(%C-D*j z$Cj{uGx2o*x1+rb9Hxxd;*k+fcJvbK;A_7Eu;bWbbq7v-H^M3xg|pghX))2c_cYA~ zSee5*oeh$H@Ufmkc80x)SMk|Y*-2*Fui<_0nY{FXab%yMX#=!g=WEA$F^_~E>~#>p zF0P@?fDf#xV4TKV#c;dzj|(woQcLanA`}oVva6yYrY|uJ!{jy8_;1Y1q&=O8&k}Ed zT@#(e-GaRX97DC=ge&%plp^Ea!YlTwikdkOQJDcA?%t7IE%uH$dc_G^=SG!pnetu@ zd7u0*bBg>9pXp60bjAc(T-zIVv!b##@Tv5KsIS^nh!;!>LN)X%65Z&J z`mL3ON?@@F#SBIdHCT!02a&i3q@qJlq-%#JBuBS=peNK~7l?OA4XAL72=)M0bnV_d zY_=aioTFk|-5P-3f%s9AaV&o5J7{FQ<3OlU_|moZGP%DUuP4+V9yU8*ZlKAF)d6?6 zh&kG!a2kbQbW*$ug#*WS8{;+VWlFrKdO0`VPrXcvAD~_)#1B$0W8$OK%faz+>Sb{J z4E53{Uawwa@u}*iGh$WIy^TNSZ##1h3Nh}z@msr*d+{bkV3e@J)C>v+dbBcWu5=@k z6NXCy!N7Pq^M=Zh8}SoR9&rCbS$+dLo7809E{XiF6HxkxM49+1h9 zu^YeClO&!sxz3N%!WTjS<)C*-(zgq?;Ya|cv9S7Iy14nqx!?5k#v!m) zB9aaVpZXrsq(##sN@z8AW1F;sX(Zf@ab*)k;E-Yoc_@hW9?Y^yXKi?5Uo?h z;E1%!({in~lcyY4SAaL{f?_W>IjiYt;sf%60UnBKJw(YC;V`1>-`owX)Y62rQ29O* zMdl~foAvanV{_LOouePcpt>1)B1fnFBEF(k16+}(3J&vy<)u5G&q5~bK*cLhJ?cr= zRPZkG+s$lJO|{yAHGLeOqI*EC-tyerR(uPKL*bI##BJy^aWuYxBtaoeEAAAo4wpjJ zrX&hp#!#%6DA#d83DSB6NGK4?3+^#*r-J!IBu#E0rx}BX%$P~jdZltO?7fUZsRTP0G=ja(6myZ+faKt| zxv+PSInPbMykKtgt8V%^``A+_Ua*xLMg`S)gj>m-pm~Z#Qt=h0qT@J)C9I~%!Rm=6 zHb^@D;-;hHr-qZ%R7<2(LNfi%L5KC6l>b!uHX=tsVGlMn`D(~vlpfWO9h;uM+!Dj& zwP4o&E+irB@}X0V%>V0Fcy4wNU@yD18MJv3SY@=gqWlyGBCvTj0C&U$=d%lu{hjPH z)i%Vs)K1`zL@8zy{_~RMGw={gh~w_Q1OrUED1$x_2yJXv83v@&gNoW z#sH%xX!R0o6pqBhi(Sbwj!B@OqJED0v*%gIQ)AvY{Hc~rw|gMoa_AwXN6d(WvyrEH z9K+gCSkg*sc%E7GRYrS;5>whE}$ z6KhKL4sfpVmgek;1k}#rPh<%hThBoLge9IlaUW{N=>{~G2*^;q}e^BdEtN5}X z!HT7ZC6{nw7i0_RIXJKUHp}iuK-Ftaxj$l4{hS+6&0jDeEniObT`3b@?I!SeiTOoy znb@m`32a>fRw}LQP_keq9;~XdDWC`3as8#Z3I~{#VOV)Ve{D|ubQC(Z8tGcxRQ6r4 za~uYh!@k*zTuUxy&u?&{WV97FG>6SaG>T?ji-2&++BjB5C#0UcWS<=tZ#B%Npzn?3 zM7tRN*|~mLj3^yn7r;1Olod3;=?=`8f}Xn#w1-ALUm8A#H_vxiUu4r^xF%lH z^(3EMa^lmlzvKtHqsK)9AZtWI0_}&8c8bxDq{f74$2n#4*_;gmqtZ(V}7x~nJm|@*a-^RZLu9m^j zhTOV0&T0kBx^ZuQYVphZC;d2XQTvu&ka4bvmrCjxBth0t1gv%i@OlegtK?>eteB|f zE9*Oc08NqjK~uyh_BDLZN24C;=G?l2wM>kt&b4;K-TD{66uhj4%2MV5xQ%3X>y=1uxbR`U#;NwDO#lCm9%jHY=s(1VF~wiK3V)2p z$e$1E2Z)&X2sPD7uYRag=P|vEI!43_aMmesTqk(puk#T1?Xf`UFGNF`C~8w;IO`KXB<9WCUQSae!=4Zg4h=bT!n5kqTYuf)+qj=+=xh zX8p*7*QcyT(;q9;r>x^MpijZP#)C_+9e2ZVHXN`mTnuOBnfi1jcN z6Lrtfu*529s9Qf%BBLg3ij?v2T{x1Zq+~jfwm+V)G9I%g!}>51vh@6buZWb zB9r02+4>b8G`1F~mKL37BtMF{d~(4DT8yxcd*eOURSZ!YWxM;~u52zDq^}rY z!*UbStyL}VYsk?hPNn0`I=@je#;cF1HZbb3Va6x~4Be64m#@{ejlV&hCY~F>l&Su5 zBoX-P+EBu%+sxGo0 zgD_r0nt5yX^TL*Jk#7G7Yyz;T9Pi#ryTC6S_oF^ZZh5DUL+(fj8F@ib-k{iFFoHe~ z#^#VvM<8T8!UI+gK2ISaKC_1O;dAL5#RX9npsj2OQ!gKui)b$h`c5$64 z+LNE~IM^PDRTb@)jdt+I@=9~k-i5fjH8&6ord&i1qw=BWbfpog#@;|(&LV@qro-@^ zJ3p2UVKFpVvQey~nk>XH9F`4ZMS8|jh+L*VN2bnHCg&K=cPDDleDZWo& zLKkYHlek-tgAHsfWyVSbfDr^PutWLqNS5cXaIC>VyeA^m97D-di};KmTC)-AtC(!o z3(<}BAOzX47X*enIQ2tZxOa3o;=;eIxZItN%YT?|>9}mzYg{n=Sf^M@`Wyg$l5T$+ zH!&sY%${&1Hf|x&#VO5WvV%<07Vo( zKYnIKVQqf2vtEBQ5=c&iIJQLPbPe7|V;RK8h7t6)_k&-YOqEgsU$Z^rn4ndQ@UoBe z!9vPgEHn`uO^ok%w=0zG0asj-h!GOk;;sjux3l>e@e?rx&WJ*8pmnW30Feu#1C+>y z+K;d7pBiezf6k6!q4+?C!@8)JXk=b*CUgWjHGZw@mq|d4L`Li~Z2a}s3Wsa$cpQ#> z@W zh1StQiaT0Vw8y4xAbLtssS*TBOI|p!H5Up@oa-Qk>T8i7%)b-&&bw>$5QjI+&6BOq zn_{!qfXo&F_00^()dXUJic3Y+*TB5loz%!}M5@=|d?a1t7v6(B!zyKn8fEG#c0#sh z#Ji-}Ow6a^4|*!2fgdJjqou>rK-jPN>;NCz4-wK%yHZYe03L}TK#tj1>~=Pv!9Nj# zV-uak-FgBw!_I|UaUgmm?1AUum6lfFoENZA-J)2>Ev+lyk>aOFi=DlpXcby)Ggc7B zKJq)LI=mH*oS0kCp+qrqgyM{%fuAT13g-bF9O%d7fnIA+`Y=^jbBd5 z)Mh<7WiKjS+{WRvOA$dVHf8j$m{77dg0BxZF~}vFXk)fP1n$}3)HhHe;4Typ3AHk#v-F%&H2>?M@_GuF2Y8M zOVtwo6@%<@I9ku7>IiiF+Gggz9KUdK#BL3uL>mAuYg#)IuxUNZZyLZ87h%5S+6kRqI&`I27k)G>}QE2C^Rd^aQ-0D*3aZHLo z>z1WS2xrS*WNb$n+q*J;j1Z7xy`U$pfE!epJVvc6lVPnD7RWFwZeoW=2M|gwnRX>! zd%jFl3&zPtEr;F4DXC>N+(*D9)RT)Lyu7OBpW~aWA=?LT8Z@NS;1r|*B~;4NL)Bn8 zu>kcCYSjiZ(y;`#knM0skXg?m0dfPa>hkrV3Z@fWqj`G3K|2G@8caXjGP!1@A!~*oB3_9_5D}`^27c)GHjt%W(aU}S zsf&)}PDY@L5qKUEz-j{PXbI8;YXxYNQ^%-amB;!9StS0fIm%xdQ$nKy|59HjO}iA0 z+DntBDa%hWJ4%ngdz{mbP_NCMGt#apeZS}iutI^GtlZr{QXSckL_*OLR2kN8>rvDGQA771Ci$ zpn7X12X!LbnZAinBj4n~Y-VmR zI*Wzlo}gxG)v2f5%X#*8o_(BWU+3A+dG>dn1DxkT=Q+rE?(aMgaGrztWZS@YYX{>K zincMu0E?m09ivne(`nZvqto7PQ`2j%Yep+^iQIgQi>2vyKJs%8p1T9fvsh5UmF*d1`Z#+7SP4w}J8OI~t>fs_9x&+zDL3bW zyO>U*k!frT2}I8lVCd4}(MjCX9Ug6hK-E~wx||bjXZq)hzSVG^mW6z$rbspLNUH6! z|AX~-5W@Qi;aRtX#-0m+n>i3dT`SzOfoH{@x*Y6q;VZJvA4xm}LC`WJ(dc;_V8OyG zDZ3P|vgfWFR9U-N=jH1h|8O(_Yy>n9JWh0;Sd7y8{Q;o2Qk+ZG114I*P!uZ-4>QC_ z!y|a~LleV$b;T)3m-!73(pyjR(SXGB>Se;BG_;+}b%$ZO%a?SD@1rD+G(3h!bTBvw zo+LWI;UW6zNj?EP>V^sds;|jtGqA8H8J;c_4J;FwZm9g?yhA9|I57-{ zEJGE0+|tp&(!qium8UvnpbhZKUB4f*Y+EK`ZM`VfNVg9}{W2Td;R`A0LHH#Of?E@v z#J#b->lvaaw*7^g=p^peOW=d!CfFtCw87HuVfVtb?ucJ0_Y9>3q4JS?U>zleYz-}q zf8o-q+ksu$Q*|R=zRa08IBO;^GraRN!{e?h9OiXDs!jV*?Va{OI`QuqK&{@-t zI(leNW;`ZE+M8S68@RCHlY)w(OMdF}&4`*`Upi)9(aoQqzpB;L>&Et5T6*0@b$&gWTlZ)3%L!+%UUbokp;y<}y)yHmGr#zJc=sAE+ ze>`XX>mL;SGUo8nr$4Z(=O>*a6TZ4?;sKq9<)41h6`k&zv@7S}4+qTt;n`Uu#vGn_ zhs^(GVPhJpR8K4?UdEmUHRQV zpV!(w+<8vqd(S01FI|6Gvgcd=FV8vQ?z=`j`fJVF5AWSGb-|3=H(mUSXQ{pA-OENj z-F$zy53uR5%MrW!u1%c1y`*XPhLax}br|+#A(D&E#MwpYoTQ~C5 zzO#Q1wcUTsnC1<`zM6RS@1tMam0z^Ix_fkFTeDu~KH=a><=echLge&Ev16K~R=d(&SP zZJ71o(6TqK8u``_fr{pPj-9*w+QaM_PloPq)m^{z^|nuZe!xQ;PrUxrA)}xEY5Kxh ztIoP6GV&kEwRKBppZn+9M-wBz%HQvX$4{UyStGab%;_3LBEmutX>CW7?4-VaQ-LRua z4P!atA9auy^{VY&Ti3m=M}NBbv~vM_UFp#}VS2q7&uyP+TBoDyDZ&SZTSW)1>$|=v4(8J<2MWLBTQ&7;XVuQXa}TQ;H>d{{0uM~0(S(@I|PIe+dsTYTX!X% zsCZg?{Ln%o=>Sm46~pB4CN;j8fd1@HMZQj6)yOe7g3UE5hdKe=vAmA#uQBkoFp(I@Q$LZpk`?>FfMS8 zz~=>S68N*gif*LuRCiTTNSoG+G5xg{B{{h_VcR~0?fWv6{rmF$(1D#W-n{Jq$~k2y zrF!C^4JAd|$l-&A7iq0V5Naa{2MN3vFrvLX^5u~c?Q?;H4(9vG0xuVMtH1>UKN0u` zV3F2-)F5;-=3z{wheu0_9d+(eruIExzP9)n=KB`{tB$=K@2iic%XWd`Bm7ig@3Z;dOT{_$EETUzVSL{eIR7H1K<*`k=Ln2V<@;Gv zN%PLtgxhXm?)15pWn{&buM4c2Z$d>| zKc6YTZT`CXrgr=tgcl2(eg{K&PT;@=bbn{zodxZ+a~6$VRHU7BC)20?9)>>RUc%$= zV=8UEk6(3tDDV*IAELW|<+sn8T8EW%AGxycN>e*;r3r4=i_0>B>jdr)__M&GRiuvz z9I=YrCI~!BT&@tfXchUty6UM_PwHEtH8HiXSCMn*ImXKZG_`@xk>+rDzrH=+uM(FM zDP4=iWxcq3`5a5N|9O_@F3*=gZ)$zqZYN-t`WFY;2MEj1pXk<_X26E08OpO z3k+*4U`U($!er#~kTuNZyVu;Z26?@PzJCgwJ(BP3UnJ}!aHPPqUSxVU3cUVBrt@NP zU-9DVf*-UuU(~c8v=0QT*!@R*BQHI*%GBn+O!&mh46Af4)1+=KTf&8FS$ZE?%dnmo z_{v(+T)6Jef+FqyS6C~T3w&Q-;j46MBe0XeI)Ot4P5_K(iC0-$FBf=?z-GWAZL83H zCa~r;mc!#-XSmZ|XHGpM?+3iW+Pd`(y4SzOny9a5T`OA8+IrL5e7_$sq)mK>c|GMF zwkH=gk83uy70pb~^#VT;_=mvJLzz~`Y}jq(YgcX{hdF?zws8YP>A8{h?vRbI7UpY{ zHqyP|T~ao`%lGn4Ectymk@F#&7}g1!q!zqKmj?vC0+_FT@E+-lHvjYLz?0KWpGm7{SMD2S0yzUBupM-{YXGz7kdT0JNWaf{;+&4AzK;@1ba$Z?c&Bd{QR zCTmT=77Nb<#bSG*_5iTXSc%6%68x46HbR>s*b9P<)TRpdIjpLR= zZ3nQRcDQz(MCTvCeA;MjCZyK1A4TfZfca8VpQn8xQvV6cgK+j*VIdE>G-zSZVtiNX zsQ`VWR^nmY2Y49wMy%^Hwg6jT7v0t)pO*9jr>eyUf9&g5Bm|JtTyOfHAG= zC&d{%fZBxop?qG)tW;xhc4^VB8eiBmR8tr89J5v0v z2gVqk0>5&sF;4_$d+1kyxJJ8diP`e3OJ75dKvlHThb(w9b$|%f+!ic ziq!SM)@ZAE$`X{*jd}2Uk^9eqJ&Es#z3I6NIrc0tO-J{30M%=?Sjn#He7pOn=jZs-d@Hb z+6UU5^4&A?-G|x(68f9+-G|yEBIl=G%DGj03Rt1`C$QPj6A{z2A|L%e(w-H+uE5H* z&mHUlV6##FpF?<_|_oXOj5!7Qb$u3&d}z_;vHd#qVhG>+az-)`i+6@$2rHD%hpKf?5wxlVH~Y zJJ-|GbAwSK`+PSRraOFy!BGVCCA;p7vg1#|t*mGr-IAw1FL@ zP4o=(dO8$pjldRYXLu$Hc8g$Vdg4O43|Ospwx`K^1-PsR76f*MP`)9QaZj^QekOi# z&-+68qn~+uJuYy$0^$7$Y>PJC)78hi62gQsh}$Kae3Yd+(92lsxyf_2FNhHO0;_~| z|JmXNHx?vU>e$9JP(IeoMEog#koJX-}j3s@m6U;iZ76krFzW^)Kr*+T6~p%3ddGN!Q zM6FW$m*-pYGehL^qi45Z#lY5Tzk2>KS(ds0^J#y2yy%z7UW#BTzy z30h1)#80U&46zK>>Z1j_R5L2liFsANG!N%#g`I{i;TY{aS-!GKA z1Z&hE@Uy)9h=E2>yGmapA^ZtHpEgZjCzSa)jKhtYgVcFrjcM9eeXH=iMJTuGu#=4M?i0$bIw9EtFr%cRTf;gy(O0EN36fXl<$k*ulkumrpp)kjKgpG*+RKn{PK*mg>sKz zg~ml9OMU^RE;Mcs$~M5J0-GV&e!zm*g0UdT6s!X_4cOhnWq-%-USQDjIoK28H&L)s z<14|=6|AlClVC}~DvX>E<-DPQa#k4O5KCR%ODtJk9c<^z#A=Lk@%ve@9!8~LeP5$r zA7ekkngr`>L~C}v>}0_P89fBMS+E0)x{U9J8odQ8eUslEWb_qm z&|AcgG=>VcOt9mOQG!icPrr%AF@l-z5IfyCUN9x+8ODhjerFmd3s$m$lxG>I2zKd4 zVv~(Yf~^tkY~ysaNSZeJUHYA4oSDJp+$`)oV{(Sy`Nlbdsn9Pl&J(N<+rENY!hk_L zq_qltigBS}7mDA-MnbU7f=x9p60FS@e%D}JBG^#DnvAJ}T_@O8#$|%77i^l*D46*H zzq`(85^S(wGmI+*8@GdgHyT$9rgG(G<66N!5WicE>4NPMY_>5&uuePq-5g_ zYL^xFMrF9VcmUv$C6@!N=Jr9>7%9eX5&+Gcwrf16LK%UhCUlrIa@WBGQZ< zM}d0;7L=2wjlfF4F-_Iwuj@Uuf#m}bi{S!C3mgwv2}3VMXkSOQDn-|F30x4n@(y^v zsk}4bJ>?eQ^70zMb>++9yH((?<(H?Vy}ylRjBR>M;0prZ61YX+mjZtl=xUNapf_9|5p&cdpSG%v_ zlGC2>NP%axzrkP{{(w-fY~LC1dVvoX@coN2!m47zo5X#-z(oR=DN2El30xs?jlgvR z-xBz~z?}lW68KMn{|4-#{n0++t<(G!5wDxGstnv$(iLOk?iEqMX%&3{Re3nGGBe-1 zddD`sT1MC`@WBGUZ19HX@xnq>32Xw zo8I{)z}p4h*ZB>+zub8fzP+&vL%CbvN`dcp`NecOEUW4RIiCV_U0$nt2Bmaugm4?6 z>%P9~KDfLq@O^=w0J^@fRYk#PH(=VOlYeZ}g9U_Nlo1w`cfv@oCPLV^?Zc>Lzg5li z_0alu9e~l{kgh}FUSzTMwG$Y%enBjTTl3&D)_N8+mskIS7~LuGx$2kj{z0`5Beov} zmPUhk?<;Vez>5UViRQz7d6Xq{hq&BcQwNu&0!w1#P!}V&V`6UrULMl!;Ca2KW1)`q!cB)CIt|Dh+tj@`;Q&C7 zHn;aFfKT;4Bd=2Xt@q`4-_Yj=yzkeyAm5|)?pp#lqHjCE*?rk|J=u3yex?Mm z+w+fZ8am)rz>@~N1(+PL0dV$!X@HLn*bMmgfF{822dprUZps6U?g03RB7pXcbN*9JZV_|d@So;vN%fuH5qY59ZhW{XEw!k=jJ%~BwAN(rfQaku9z+(q*25cC-0dVo)X@IW`ezU-%eLR@)%^$KA zu=|i*fa8X&K)f1;ybIquhin0SX~=fK4~KjVxO>QF`D|B*6|w~wQ3%SRM*>b8dMx0K zp%VZn1y3#vYdPzR4h?Ig)>R)`$$liaQaj?n?fB}r13w4NZwIn$R2=lW9@ef~$6C2+ z-NlE6wTf3fhljOOUuk!^n@0@?-GcPLTHtg**Zt;$HpBfkfqS}d&L7jX;2`pR@t|2@ zlm~fd%2aCYMr;jNYPlmj6;)~@NA>|+F>)B-){#dPd9>n#&n#lg@aPeQvC(6i$`4`d z(NSQnz zy}*9}j%oVt&|9R>T2z9b^f2~QWrwlubP`x2u(Uf}1{}r^M;>-JC`TW5ANF{!KH_J< z4M%wX4`Fv6U&Hl30RPO)nYnYbNJ4V6uM!D@Bz7W-SQ|tnvBlQX#uh>BL9Q&eAd!gJ zm)fbNw%C=3EhUteT8a`BrK&}%Jm+)H$JF=rdp*ySKhEpE@8`@pv(K43XHHn(;|E>f z-1V-DE&FWgdYOF|XSR^8uy54sx`^#L|Mx5h=QN4T>I&z~^lC2bWt@_(9xOf8bpfmE z`>s$gv;ib?yDQXQ7z@jOHWt3G zy28HKxjXE8gS*4t_@E2yx7O~k-@fYt`|Xh~u-{(n0{d-oci2C_?(X0wk^S9aFFn^C z_R?G3VK1%hexK!mBL%KRFIfsl3j2l~DIeM@qLm_!5jbjCi^ct}1MI8g6WCJ6w|AGw zzwzB!+9{zwOIIYoIb>tP9;p%OIVi?MA_E7(TKaNOH;+bS_w+*%(jDT0i+MyAa!tu^c4SmIt4!e=mTj5|2&I-Ucu8XJk8_jdY=Bk^Q`fQ{7rb; zj;AeH`hT~nMEpj<7H>9cj~8o=jDmCZNS@9cb%1@dg{P%Fy~%UF=c)f_$k~#oeMcW> zImeH_$&UTvhG*F4d7~lSIU3FzKaPg-Gj_nU&e+Kz**pTs`|k?p1z&3faUKu6~381^}lP@ z=^Fca%K_2{Zjk;k71CKgklyB>AM^ANo|0+%O>FO-2DSX(^5HtmTFBFQy*#zgsIQAN zi9}jVhn4`GHzd-3I^>x;9k%F~{->DB!ua+!ZGS{g5=Lu;X0Cakwmp0?xZ0G?)L z!m^8&$&{9_*!gW$ONpH&Of8{Zki_R}ffC;H(mp<3#*c391N%99K*siMxWdjG4WGr4;*kR- zH^_lwN*pz|J~k}sHU{eLk^^UzFLPk344(7D^%{-{I2PF1l115`Fk><6^7cDV^_lS5 zgQxX)+L@;*Jk8{3F;BPh^cYWX^7L<>R+|MSg!1$gp7!Qx8c(x%x|pZiczTSdS9$uF zr|)^{G8@XN!_!ZAn!wW`Je|PPJf3c3X(MuEc0u5WYXK}Bv`jX$Z(teOHEWKQEpM|? zuxFm06YKcj8DNhW91)OKq(J&3|Ga{yTO8n<2X2sV;osbz1LviTT-aXsau=}u%{+Gz zOGR5WcrLU^yUfiClE@gI%JW*YsO!A-LDh->JZPi(%)iT`5%V7e@pIH5I9E(!>9foE zEdBZX4}+b^Cs&>f{%;Of1w-wSu5?=!%+3J$(29m~{7GCvotpk+P(cJsp$(jvA=b}| z0$6)u%WmVJkMZ;>Pk&=+w~Y5J4JY1(uWE&p28Fb?6X{m?T5}>TijK21o~7YrMbRGi z{gI+Gwf)JpBDhP1)^)dxdqrpDZW({D)SoDe{FD!^g({2S{@QyHeBWl#LpD{XMSIv? zdG+GLP$#nd+Ss9q8Sjgs_Nt2^_2+3MPm@^cM8++i&(5L?c)D%z0zW5mn5X57;k?vw zN!tiWyG7I|$xG%-Dp|_XaI%%B-z*s$;Y5C2GKuB+bSa!^zg)VJePes_n-Q?KkB(sN zy`{fLSlGF@s6L$MT^jiFR+c|$yqwQ7PoXrnm6x|+(HYCTH27~@TxVy47fm4jo2OD! z_?#boot+;Fmyclizgj-NK{%l+Dqz|bFb{=1r7L|K`V*U#)fhld@o@b1PePhOG(FTBD2^uu&mJzz0F-vT?4*h z?E#jut2|3ttAM4fRlri#DqtyV6|j`G3Ruco1uUJM&%fs-Y~U$tC$R5X3xTbT_Pi~+ zcMbf~a%>H3@%n3fHEu*4*S&8Ha}L+IVaFPdg}t}!IB31YI)8g{#^}ThvJv*ik*p`>zL>AuHCwy4jp6-*I!M#7ETO1&Lz&|_i?@#g1B`lRl zo8xe>XVXmj1s-pZ$ME^-?Hd=hmUI8Y$kw);XrtH?wYE|@@#hz8U*9Oa*yhel8~b@7$*EnC798!gG+m*aA6Mor84K zIhcn%JUz_QGv}@(Xyop>Tdait?{Z?w8?bj}dX-<{Isfna8Olm7DTnfpmBZ)L{BuS5 zEmr;`mO}aSdy4sl^|`jEM&5n5iKQZs`vun0AayPrXRjLW;Oi&&;sQU7#?3?7RAD92{Mt}O?%I<7q9m2UB$i^srY8(&#+Ef?t^XmWYbg~y?wVYGfI4p-yO`OL_ zw&b!An<&|n&=4pk->s%^by|fq<;v2#xtx-!kXBqd`e!cXOdV09Tq>C2xXR2KE>|Q6 z(wpm~d7jHPrq40wGM8KI8N@Ku9+!JeX{hrqkJ%Y29d*y;ccyIA-!8AEsw59(vPkSj z=5nqwv$Mrku0}4S0xV8UH&Edg7p9k}mKIN@(3-G(W#*0+U#4+fIeMI>I@1hPKTA!f zJg!VK)Dk8;lU-a{Y#YT%F617Um5j4AmR-oIT2Q8yOtwVH77_!)bTCchg3qizHOo>i zvCi@QuS}g~dHs6+DtSQgptI+W#%HZ)3hC802W5}U4s<#Z=IP*+$^cS2!kAvWC|7V{vfTm|H{>qOau zl%ULR6J<|wo6AZpZW*!{32p?_-H~d$#Yx^IjH^^?=T^ZK%~dABvEoDeaOLO@9_37* zqryBYn1-Xev6wGOLk(pyUor&+N2(vmM!}KlN9GB!y&#NTmlqpqtOSs?hN6_}>)KtHx%pzHAycN>;*N+ zKosm}HAyPh2^sc@n#8LK)LzEVAvMV-Tvk%VmYv1;n;}-Rj?1r^n9p5Y6PgPh@rYwN zD^O=V;+2}@KI)1`Z>1J_i();7m>i?TbhkXB<=UhJ>JeM^+9bK9h`r=mhEhETDYeP& zPejbYGers|uTj-KhbVPOd@B*F?-?i6CCgE*JX4gqWG5=d(^IZXPNEV$N3+;9R2|be zrl+U@o|Bp6)}qW2o*7C#;>IP;d|_lBR}S0K{S@{}XUUesu>$w~w{$|cSr^~q@wBR9R)DD{cl21+T@p@xP;<*JmP zd2M2H<+>yN>$Qu?mkZ`BPHIRZgjgwwOzpWuDUC=cE-2-=(ugE+iBcMoL1H>yN+UAf zP&vyvS4fAmX%n)LOO)A!EXP=wwgQd-bX17d_r21L zRAB75_cbMwTt%JtzQuG0^%IM=AdgU$EY^a&5Mrg=Q=*7-^ndH@6XM2|qc`xmrhG#D zP%V6JG1Wu`SaOtBBplVwCsArenhEhW(V9ea6%cn{FWQbOy~%;iz`<4m!Q3$Y=nzqrPrR6mGiqFlJ?9Z5M?4ymlxn|35_pTc}*G7X@eh~8Pub+TV?8bdasrucnH zJCn;Ov)h-n3wev`@7GxFN;-ED)6HZx#F7ChxXQ$mwWwmh6xxkEL4EBvRE{I&SeUL< z>d(}j*rJZIQsRj{>KvB?>Sr!zu1xZrO&3q@bCpT|vRDFnhBEns-k>c02{eKHgYsoc zBzE1P_A;psQx9S>G+F6Md<~7Ky-0|mblRJQ8?w?qq?w@{nnc2f zV>FrUF(k=D$Yn#P=uq;9p^J1FsT%iTEnTO>Nw}f=bOebt^o*vEk%r#TktENMqNbAD zhV0c*B&_>~GF{ctB*T!uI)+pjs;#mg(P8KYzKt5HV@af;R_Zv?$53Z=Jeg#umpXwg zHZ)kB$exURC}os7iIf`}uTCZp4NX>OGE+}Z}WRN5wc2*2itR%zGr_yw?lB9?O|a>hu!z!SOejM4{mLn@hT&;24`rMj4u{%p)@mji>X; zZbRubkDN1PrTOF^LpgK-aq2DVtK&b17LZ^=6;dH-VJMF-B=Lq8(jqe4&^2ihS!QSn zEhf7Rt)z>|Swm~-5^~$n7P^$EeLmFw4P8dO42@EklRAd>(-owvp<{F<8D(g^x{Bm- z<&dZTqtw;pFzO%wd&(N}vk+@DM9XW*11_uH&S#XmmOK|Rwl9rR*TIaizcN(|h?dt2 zFjWayt^OysfGz4KBjz7aqJB;MllXK}Xuwf*8wnILHwq}1wvk{|Ypz;c;`+CZG!QWY zHEbhETvjqN;HA2g9KsmX_YK(rqf@YJV|u{f>R!^UAFq!X%E zQV(NL${7-gg4$UZMgCW&E(>7)6^&$lRLVtCB&5Syx010utzdg0|viBWF9Gsp@5-e-2-i@il*i9N@|)-v@Nmu9BCiM**?gPsDDJ z$O+4Eoh(AZvj0rha*1WXO}1hTmi;!__R(~|kPbTJs{D8p-d~0swZj>Ngm3E z=@GH{LevK}{7Srp_(!gPO;DJZD@Z!(`tO!p5d#u!ZZ4>`qUCEcs1Xzxe`s!#O^tWSON5Gd2i)~;2P zrQKX*1Ztqt4U7%0KAZL7pE*?IbPLGS%+d|6GQMBiNWXE3+HIx3g!F>y<&v%R4z;d& z1(WkIu?#S0cG6W8)aM{=94>0uSACOKO}aWlsOmj2}uHMmG7K3zU}bhN9*MOx0M z%O~;2Ol>TZW6FOuxJr>IsKG-jM?slB(k(7grms{fql|>XH%)#7*S?HaI&eXnzq$+KD-<)VyTsB<)A}*SyMf9MyouK9$a*I--!wW;RMrY_RIs6#a$GHK()n!ix9TQ0mwsh8AKh;6Zh zT9TAAfyeZc&?b6cX&&lKXcW_F)K4tdPpaU`(VvH&GWCB-V;RLihrpX*?$`P!H<!zP+pY$_;+{jxWWN$1LBzwBi* zIb*C{SgyGc%RFJ~`akL&Hqi7T2EP_AFfTM}9~@RLEtFdDQi@3LuwoXA$1=yTQWi-` zSYLYB8m7S*%Vx1+X#~a=uvoD)PKcjv7E2i-Cs`RbRb4C{Lv3YRBE6o*mxvq)+hkrU z1zLqlxniaZo#z_DRc5XT-o7o4x-q?J;4)H}9(D?h9=)g}0md6hI)Oh>eE zUwMs`g*mnG7v?q6Rjz#E5dPM@R&vaO8uE!}xN5UbYK^MO{=w~fsW+;6cr}|1(qvRP z(1*jEs$aOB&35TAY6Q~`*69)IE7B)3?UZ5+dD?s<6&eb(*(I?X zUd$P0vs;Qa)YxW^bj(m&o4u0rj1M`x+w7CF3=Om?k**pVVY6QfocSSVn#}N)pA&cAFKeQJAA$}!Z- z_L5X!Xt3?~(lSHCZ7)mf42`k9B5gA?$@T~7prIVwAEgt9=G$JCDhw^Py(Zl>w88c# z=~qKLY_ChN3>~t)A+ett*k6%8BmA`OP07j7W!qblkD=SPKT9e)S%9vKR5?NF**#`248hXokmQI+rf9Ar zGAg32-4p30YEr~+woj#qe7;^t28;bBHRH-8*%6)Xo=Lq8#oIlX;D05+bHn_Ia_NPX zCuBYt;VHk6N>C5EZgJ%h*ZSj4FQkWtdfWXWu^)2SU#V2L{%3Z7O4YdTNRdo`NnWV5 z`cCpIDUd6NEU2GrekFx+!8Lro-7BfJh%qg)dm|+pN~eEIgAG~fKT?{ZIrOcRX()&O zD=jdzg}#&47^;xoOWznuphP}oXg`(YbB4yNvV6tRF{;S-3{7SK<3uljr9C0TRZW%a za+T?D9n<6nT>0cp@CrLkKC}>W=938xHrScvm#D%9U)!;fxEG63;7aKrSK%rmD;kv8 zImoW4txS%xA6Guv-{7d7lkBxblv&o`yj?XpjtibbEigOFy}5Gu6DntU5DI>EaF!2= zoa_$ek=aFFwoKFxd#kH_i7TI6YjDHPRi?`!Rw-3BsI+sJow>?LWrL@79&$_6(*~Zh zr<{m_E0Cu=iYtd*k6ze$%F_(Jvh$L2xhf?s{GFY*e3q+}!2aSZ-{86)dMuZ;NCt!f`2v;P*#^{$SOeURL86-cz6YRc^m)wZuG#~PZd){>LB zipa8n2>aS{Dc1=Z)_ka3E^_Lv8n(0#l`nHy_1K1OnQmh2i-s}wb>#b~X$=#ZeiP#D z&$_b1YQp|tUb5`#$)Q|UqBS~h4wHv-RZ7l{=GceJI}8=r*Ozahf*L)wYbZZJ)oZlW zzLESK)u_=b`^NGcREtLI?3>8)8mO;Q>d|4sMP+EAo{U>rKR92&l_O0aZsJV@Pux~9V zp^6$^w{Ig4=E~7mHo9#eEssEzGy4Z>s(dOR z>r{!Azr|Q)+lD$<=`NerLJj%kY2$<{39dkgD4Hsgy$4TSlG(#JzjFU4BCD8G5E>71v@|HG1E<`0o-eX#h z8W&mBVWPYal^5y8v<ULzP!({ms>aWNMrV5l@i>40g@>Nt& ziLY{A($z@LqQ*cnX=tRv0k7L!7Mof1$_u+$)BL055a8t3l#Jrm@TJ$$jSQU z&5@U&pkLk`c_RvX&E?AbQP68HS1v_ej4GGr%Dq5UWj?J3)e{qzT5#d*)rO3ft)F%f8S~XQy!|4EAnfo&r066n$BWt zQ8uk-I~K}kx!~yUO&7|~gmkagN7W+v6)L!OzGIQ>u?*)5U-xvZo`>te@6 z@@-U7>y?hh^6>4Dvy4FRuwpqE1^vj1<*g{_M^-GCqoC(lvHS!DJ;#b=yB(qw=s8v_ zhoYe8Sg{<>WhG-<$1z>r1vy#2H8wBBa_VlOWlW3Z7JG!gW?CXAqPm0^J1&(|QT>>f z$%poeoZ(E%<&7mm2Ura&R;joXbkivl>>(&r!d$-tM?s z9)3tn_gCwEj$g^?DB5P9<61cvRjtht$8~Z!muUHKke>_jmj4FX`7o4n#|$n14e}wr zwE5(Dss8B(`7|oxq~E6-*MM9!mfF$$ji9G6Rv|Ch7u!}Z<1d)xI+|7if5v;UORcI!v6DgUF~ zwtGK{1+b&zzve+fJwD>s*y)h@FvtLBV{U zk)Mm4tZ$kxi~Wl+nCmlgwG*&>m1dahGjb%Cl~ix{fN46$U>VNJhfuH#XJt|=zBja{9UI`((2;g})vF)Lq3Sh5w%k`NA3JhFm`32TuV8b1N6tXOT;G)oP%ziO$m>xs*Z1W8D46T} zaybg-x>CM_g1LSq|A~URek|)JVJ%fkN7^}5eIk3IV6K0YqYb@sdM*zaGQ(W|@nIQM zOZ$2sDY*R$yO;7@o)eCa=2iccS79lT^Dp@v3Ua>sP>OwQdtdprp``!OkoF1mzt}hy zdt>CxX0bQ&HKV@vRsWVBi5kpM=0EaZC@AwESt;X7Ylbrak)2Rb=3ChZ1!caKL%CoX zx>x;IZjLcHI^M}`xXR3Mbi9*eQE)uGle?qfcz7rGM!^yAPVS3>BjBAp00l?DJNa`I z90Bj-p+fu!crTB_80_;zN#n}Y|7hQv{U`2pE~~C|7{HXx1#>;1s-!Fw)9Emuva*<~ zlCKw8S&xGCA}hO4uwG>4TNJDpMLCax^`a;@xU72n4x_75z>WU*5)KJLe z#U*MmD+yfej))yAX5}*!94qWUC!ye2u~pJhaIDxVvrurX*egXSI994C>rim4I4QeO zaI92QP8)Kl>a09P!Ledd$QhXHN~xTc;-=IP;>U`o(t)dtFRiCCk;|%QcUWE3OUdDa z<=enCU*u$MMPJ!lS%!jr!duylg7xX6oa2I0c31ULu5v*s2bk_)PAJ7!`3(i7_$qHv zP>P@8eO9dNT^&wU^;2qbK`Gxc)#obHVZZiQK0!g5{z_*Ql#pPT-Q+gpkS_RC__+Cd$2MY1+@n&bGa%dI7zAPHL>=o`F4a=@qpo(WU^wI)ZKqn!ot3a_LI*pA zId@T>qrU6(iF0?Q!%rgiOQ%lG2};-vp*Nj+IrmVS+!Q*}?hEHWN-@gz(=_M)ir>#7 z=J{!+^XG~c753?D=fTQ)F45cP3*{mgZ1*_nOJy%#+I-@3`cT&|m61Hgdgd@CE7y#i zUpo&`>~BL2nPfoBZs(zjh097(Vh%VDQ=(B5VkRrYlmV#eG1sKwO5q(g8M}X&7n5Wf zp?KXDS{jo;QxyMSK>1`_%rWPYN&_w{IUExwr6~td7h}#jrzximRXC4TJnxHAev0|Q zdA!mDRmn6_$>3rw_?R2cla(i2Wd!bQ(iKxBOefyDNmm?DaJQ7MxT4^`DqZnK!M#(u z5{!a-r*x$r3htfKl_p##__JT*Nl9oYR## ze+cd7v5lzG&J`^78ue4>7tWbV;Y*S8AN{xM(B-@+67|E{uZj*CCQYfyhV94 zWh*iNh**m*Pn~m=N2rc$x*1B zB`Ej>YnE~g1;1d;Ql6mT*RB@R5E6-7#yKbv8U$MLw^U}NPZl*xg zmtEN}CrT)4Le~VEr!+x9Pqlod9}0S^3iCD20Uv7tC=q4EcpRe#*o*JYvNOeDSr|7FX!Q1L?9$4*ujDh*KZdruL2 zcSz)f-+PMK7{Wr{u~(!;%4ew1Sk{kP8HQ>e%YO4v#-KXJRxqUtvH1*gS*+~i5`Ep5 zD5WUqd%i@0G5KMygI?-Ol=mp;!M;RsW$*Pu40^sVQDV46ANi$h^j{H!{_M+?Cm4e_ zNR}(D*qik*COo`BvRsKp!5bvYmHu2-(jzw1Ww|nftBgPo_La(X6!c(UslZ6>P&@Rr zU#V1>JXd&ICtTJ>>+N|s~w1jR^$_=fgTa~+p*3z$)*M_#xZAu{hFfXIj z?aBm0-_RY(LPPuMPGzg1WAq#4grV{3F6Ac_ysNNVabRzG!}7s<6MK|EF4hx>T?6(i zp!eb|Wz{#ceg34f5@T=%D^oULY(I;YDLXI*bA3uF!5GZ-Ddk%c z<8yslIb$e+o>ndyGMmmQHw-zN&MB2#FxNd?zEe!>EqFp;t_QkYQk)D8b-ApB7#i#H zqms-e+8WoDRIVcS%rx8Ox{_`v*X4!+V+TQ*vE3HC{H%nUK#+5t%N?bOp{*`=l|rrp z_8!t+mwU=qLnmAwC>d;=BPeA|w;x=dD1UP0lNsH9ae1b=vC%1@tudq9uP)D(46XuF z%=AK8YUmf2m&#g0FJ1mr%5l2=-QK#qQl4P!r*4wvwc=;bm&JyjG}O;xOK%t& zY_X$GY!oxGw8Jg-w7#J+mMXNXp{^DO+RM-+iz6LmD8o{f#k+SWwZbJx`V5L zbcoBfIMYZrnjF-S6qjLfq3sM6SS&Qw&{B&VO)~VA#e?P=+Gg>l#fJ7;eCb=%?6_|& z0aSAoHO!7XXQ@sb7`kc+qN7nO;~rWr zqi7X2+9H&4CvLcFE9z!wv}+r>3iW5)WY>1|7RuZ`$F(DUXlSl$C+b*Dlw$6_$Tfzx zM0s>y}=^96iP<6T=aAnsZL*Ke4(yfNhx%Q;jQIXw$aP33y8M^73 zM4ubF@7j+xaE5si&yNPugUCtPLbXWhSX7)b+Np!PEJ8>Up+3kA>rM$t4BJpUU-^HA{oZ!|4N!Slb- zbTu}p01|Tx+r+Mnob*|;7RBd+7bm%LZ{FUD0tdAm8PKJ zY3Ed$j)JG1)94x$JnfuDcc9>DX9oQN1y4IO=)Dg)+0#xdwP9mj!j^`oomT3Gf+rl) zX-yP7;h0V%Q1DbXlSZQ8sca_AK*5vHEV>>APeQZkZmvwC#g|Ljw3JKi$=Ni7je!Zr z?Xmz5w`@9-jnT;NA4spJ)!lOFB15&^X417>CzOEr+HSMy4;ZT-pQz>1+lC_C=F(?| zBHiXwlcy-NetfiB9(CqAp|oULK+D;vYfxYJ_|9&H^tz!0w<7wG>x9xbKEbV+CbMzg z;5UJh@kwq==mf3;ra^8?=?;v|4;}5coZjLpVttTjx~-s2zA#-8$%>!pwvx6${nT)Y z+bTL5WgD{9Z8gm>bkyxDI?K>Sx3zSEpBuEYlxf+;*Yv*r*4KC zx$mGC`10kGyJy=a?4;}!BvxNOdCBw*ZHUs&4NcfZRbF2{sZ-u6aW{?RrBs?r<73?S z&@|L#roD74SB`E<=;^+X-b1-Cl~Au>sG-uFlrYGBKaEF?W;#Gwfc=%)&q)~Oevr=M zF=)HRNe5}6p=|R(`do-?ONf&WQMV8%vsAj6FxLGLZGw7{knVn%PC)r5X1X7tC0wE( z;8A*-E0Z)#ob7&;2GoR7%5>-%evH;bLC^4GG*XDI`7=x%QP3Cs7`Q+~1 z7kiKBG;NNWlDNeE42?m-8$f4i&w3&!yp2>&Z=&+8=LNXS}Po;E0b<|O;xYZmRyX=Dhg?dWs{Tj^VC;J0 zF88bSHtIp*F7tKz3Uj_mJm7wVzDH?2rm8n+l?bRIhdA|!lWtNsu1w^0Ezh)zef?){tl zuQXT4T-du@dP3)8>_P8=rYE$Ri;Zp-zRUcSmS8NRk7oZHy@2Z4Cr)}se?+D9d208J zR-*D)&gb+`)XqNd-G8TABfcig7yFb;e^4{ZCJAIGBt;}mRsWz~sJNub%1auAIn$C< zk3VT$R8i7<_rGWq<}69t;{KX;;Hos=O7fKdrU{tyA*++!s))~Yvb`Z zO-C(dv47|r%vs*IT>6K;McMWPy+?K6k{gR{yS$&H$3N7Jy4=s*<6r71WS07uOYdnl zj79ag@pw;NP!s#dvEkUgFy}Y@{XB^3i+a<)22%hkYCt*58H8HN6@vPWt2USDdqC6% zDCm12tDU*T6;DxHafx=Fq9$;a>Tm{A)V?Aoe{!ya% zS%!LhP<5@LfgY;5%}}z3Nj+jHftuBOT%ymjjq2J2)~Dz}YpeQkmGPd%wrZ9Tdv9=; z*y586HmR4lWp@$6{AiJ$zW zMpYfW!Na0fpn{oPRkb;kDYlWD>Sk!0hnpH|Xpe`x+R)Hc)kBTt5^K;?orHojw3k|l zf^(#=8XgHXWRjMH4|@2kU!r<21*l`W#G0?JPT>+;y1JUdl|z1Nc-*79nuj{&R?c)3 zl{)y0IZ%C$)4?_hR2#H_`pR_JMnP&iS0!7!<4wWpM%1;i7*mLPj|;Zg_a3#>;ZZPM z5t$Tm-J`a;8Pzu;p-QM)V(6|%9hJ1?HSj&8o;rZ5l3fF0OyTNCt~=7S!AYk2>J%aK zqro#w4b)uB3Gc2pPP;bO^%w6v8mq5SeqY8(P1vA+Q2QNe z^_MoDP1G<{P_o6dsrp37ydk+9n!|LrJ9E7I5fud6Lm5w zf2gngi8>YaBbOCbe^?yLITJN&SWl)os4K&2czmMHLj@1-$71;?>+r#zt<+*eDW0v> zm8frrr!lSJ5`FU9sQdUHl25vPSG#Alx|7Gs$d0;`Jlm?JsH*jHJUghbQJ3oEdw!}0 zM8oolqa#Lr&SUxH#Ce-uF={Oy6USd?HG)g*yPegBA5GU;?OoL2>R>~x z7q^3sEm1j3Kq%F)D?5$foW^G^Bxn~5Qtt@ycEK0wJ?Nx{D0t$Rtkyum6Tf7&E()IbC9924@Wd}!jY7c_ zzht!omw4irtS-VBJYh^$H*#4?mz05~WYwty)XsjbPbrs%sGdUlK(0`XjZQh?IYcc+ zO--5YK2)th&0rd)I(HPMY9V69iTrl!Zwt1xb z9t9)sq^eD0U|!1jXg;ZG3<{owq^bkC#Iul5>JW^8A{L*LMu>Uu+?)LCkYp<{Hmdcn|sI!CQEG+xbBUvr7G z)Liz@s9|1U^gLgAuBxK~EV<^nY6z;G&l;vLgxKD5&|{vO!*xQ2`>OeBF$(Uh^3+!- zxC2|Dy2e5cCuF!gD^MGwpj}X?4ne_P)*>|x1@~jcY9R{VLMv8Jq2SE7SiQg{&aI2p zOI&cbn?M(Iu}{lsaDP)e1w6y*8>1x{LJ*PjI%VkzC>l&K9*T#^4FgR<$$6 z;0exFH4$U*1m|nDAI9Jb&e!UfBF2^>PTHo9G?YNMsS^yDP21J!h8#^h)m$#|1ZS7} zwTS7RyOv8O>K;_@t`$s2P@i~3d+k@tP>)kOFeBPIEOdK=|7^0jnO zeTb^XVh7dVQIR9Nc^y*UpkhWoqlZ*EUaX}g7CWrkppseauv!h3#$rcQPgDkr9Z>^O zxg*P^qiQH>^~egQhN!(Pc1&%7I>%zi)OM)bY(BqLyP$q&^ZBjX10|=vmX53aQPol< z`M8>l3QXR&y~H+pvIXA;#iTXL#RMmt!nBwSZ|o#-dVJdEZgDVXQ;y7N&g| zo0_`M`>uKvwJ7y4(`g~LMEQ=tsDVkad{(AJ?|bStt{k>@OT8=AQm!JBoA#ae19cx) zKIw3wy!S)(C@TI!SIZ-{R$soB^et(=KEJ9FTv__zw3Iwe`~0oG;xRb)%y#@obsEfT(3g*$Tx zqiM~shKzCS4Q8zsYQwl6Sga%JvP>UyS_6^qbQ6lHIi3fZ_G&YP4TQ3FV@Wfn8O)ZNnpHxiT7{Q&EqbC*+9Z=-bL}!} z-lS@Nk=l$&5IZTYo%F)4r8b)@hm_gn}fQ<)LPrbw^%-TcHvS| z8%^R{C7*ayTuO@8O8I=|llvE2^=qpY@-oFQJnb}($xxrT`)sFG=Q>HC_I6rrBUaC^ zz1EzojKJ?i9kqBAyyMW`l z<!Y>C7@TdA zv`!d!*#y*oZ0RQh#j<#%4{a zV45jnY>5tP1GM6)utb@p+SH|f1GVI7AS>~o8Yg|Gg=Gk}m|CKKre$&E=-+lH}@EH+r%$CarMoYqADLOY5YH7$zi zw3v?1=axcPVT?>(V;itFl`qK zdJ_)Q4xw@~T;$Tm|@J*+)L zRb*`P8>ziQ-Obp}L^5HnS>G-8CV8r+qh7N5QZ*+OjGHz}b4S6rX`{3NlxjU?8m-kr zxm(Mb>Z9sd%cU_|b5v7n1yeMtEsLdTF{n5eOVbii{aI|R))zIL#l~u1peC}|I4uR0 z$718O@u&?}CwaU!4OL>Ds*cxYqM%pj1Z^7%dUa0F4xwPoxQSXR3dW3^sC|dJ9l6(U zl6D34SLC-$w@`L1zVn-`Ric7gTxEKOY8}~DPuE_dk|JZ7NS0XFnRXRQDDP19Yt%Sqg~-T3$9^gJfUU z1pisuE-ot@e{h=rY^?%gx3gyY=W3BTVqL>Hm-Dn}6ts8eX`N9p&gFb90R`h+&e!^( zI(I!{%G16;_3rwH=4m5QPqL1f^0o1(H(76JzLtT~vX7V+Xfshx*>C6qEg$8@Vg=e_ zR4o=O(AJ<}T+KplGYZDlEYx>o>g%&g8;9zUT9auSs#U`k{;RbasMv;^nDS6lQ;(`^v|`kv z)O^P^+G>I(m_v`whw)J;s^px_R3t#$wfcbIFn6R0NHzVbTl9I9=00$rzFM#W|K z_FAvqK=sf5jOjiK?o2mmPf>7Zx_Gx4`l$ptX z^N$QD(E_>Hs01wMer@Xakr^u;4`}I&Kn3LNjOc&^+G#_d1{`Gn1P)@N zRe4C8!j+?6p1nNqkd}>lG5af~c_`>dc34}Bf_`L&wXeCXe4QQ9_6V`HyDRXB_7FAM zav<=i_UU4%FNZkJImXo6(3!wv+F(Oh*ng`}GxT#{skWBOO5Eo>2|T4$paPgqYmQ6A z(uU9ZBk+utg=#+MpTKk4vXvqhGe-|PuWdwiukIXFq3uBRoZ}O8NjtVmK=4Mn}9iC^qE^)1`0->xuwlQRc$sr=w~e-RlV7GrX?sCZR)nR zhD(e#bz9qlv3qk`+TYQ3VeH+UwoHdG=9ZfobXO}yh2_p-`VQ5B#eUJQpa!wnFWPOc zOnqH$xpYsf`0B%&IH=vzy#Yw+vr%}V^l?MH)xvhgT@32t!~xVhMRGYt%Cx*dqi-KvPpGDkbkwjpnAXy%5VG*?FZk zT9{^XS;^wO?`pI(<&}u(w&vZe5p8;TK@!U4Uv}}e)SdOtw3;HhtOWL+ zOjA!(yZP&aGffjvd-AsiXPNGyPUjyDo^2{TFXsBk{7b=krYERh^B)8knzAm4*!%p~ zY|QJ2C^iaW$Wqh46(Uw=L4w1%8?^*b1H!&G=p=+_13L++aLeiD)j zehGPKO1dFbwcu6AZ>HFrLIDLfHUBU<|18v_lW)y8reUbX`88_(ZOTH;$~sizt!Wvm zUBRIm?@YV7%5>;$PW0m_=xr|P6)5O!F6%c@(A!+rAETgGwW7a9LBDN9S8v0-loExJjRe zf_~|`o{NHh>AJq;gIIrdv%UcZ{n^d>9u)MEx6zNIppU$bUV(x>^0xX-6!ej|)gPmv z@421+8U=mN?R4#qSQF4E-(IhVf*^GQPA7mNuP#--sVpF+z&ZfZ}Y195)||{uc~iEL2vVF`W_VjkCgfe z6!bQC)+^fq_V-*9EJb3x;p7TxhKtO+=4v|wsvD7vPrp2T%R zhQ8o#`g9cZFZa+lprH4+mtJm6cTn@uS%K`Y%zj*fi|ni4;ISeyy3nb%ul@*?Tj){S zPyY+`Rblno{<`uD%u5m3Ul>|DKzBs_TG+65b=?o;zA&nGpdOEEx3GQfApHia@50#H zHFV28D20uVw6J&W5IqnzpQ)xE%~eEpF8sW9Eqxg3_`;Ohq52ri`TfH2wd?2^sHaSI z^$JwAqKw-0bjSOmhOnX>re%ia*ACN@E5$N|6&2SG*LMi%8RJ&hj?kMt;4%HPB2YSN zOwl@~JTB3~jnI#X7zr!-_Wxn;P2j7luD;=Y&K+{jA*KWa5=bFH6e&R&ZYBtjKo|{E z2y=iNh>$>-!=OY>Gzw^}L=i{{dLt1*V=IaSZ74Sqks*Bqjg}$k4WNPr6iclrwcna< za*^U|->2{Ue82Da!7uB-roHys`|PvNKEpi+Y=;7Dy^PZ&;TF5!(aZRnq|Z$3YnRde zEY^Uw+d^DMDoOl~$QZ*T627G|&iJ;`6P^__)H#2-TU*8(x3i>rY&hCA!N~oBZ1jDn zL}Ld@g(`l7uWO=FO%h(Gz0|e8afWU1whcXcpm9k&r*6my8fZlS1*7a!b2bD;rx=wY zt=P~!dXSNFo^6k8h=?9yctzT<;nwJ(#>5M3+p^(~=wU|mMV5AM=o5XH;T7rK4MU?x z80lZK?fnhoqDL9$Mfz+*X7m^%_bawt*)S(M%`h&pG|j>M!iTm8()i_Y8ZdTa)oN~#;WLPMv_RYHXeLHR{pdm?Z9{CycMJv3jV?@43!cLlW2iwDBxS*oK#T zK5gu03C<~x25m4Zf8g35+Vp16jYbtoh3e@|f9zRm-1JYh6{;52%i%}?^=QdsKSz(ls1Ydye;q0~5I4siN zHnr%r%?MHW0w~NgO?%0RVoCjDQ~O>o87o8zD!ZdsrGI93gqHQ~^>U-su`IRMZyTk5 zY?|EbcL7pPuU8tSpt2Rcb_7VPdcA5Kq#F2pHm@0VB$cRPWt)1vW*G1VY#b9<-<$CL z36u)e)UwK6ZyASmwqfnRH@e%{wxaBfUVkvQkp#bnhg^0WVRp7{D)aXGqmfS%+H!h% zjk98Vv+Q86Y9qqIF)`1*#$zNsr4E;vPI; ztRaae{UT!)QABDDbNedD4? z?LewCLW3}u^(uOEGuKB(qDVNhjvB*A!h7D&cRgn0lf?ab%m_2Mwb+BljddbnpPewy zHcC0Y>WxIRsb5YSYa69iy*@VHCyCqsiLs9)Zu=+KwB0XZ+uOJr8e7}2w3F*}qjX_u z57+0$agJ%+wK>6c);J~7xXo?#v&I)9Ws&qXOE7kQUC$b(#d+d2|GyX=Ny5w~x&C6L zvZU5-p5;1k6p@6_7S3{AFru1aIc~#6Beqd0bX_zivIO7MEpdHiY!&I%&84odjn_r; zZhp>n*{C6Dy{g~*lIt6zwo%&Y`nyrrDE-0ptx+%1+08YsE5;d-zS(@p^_}r$qg34L zd&3osnU$!UpJ{MiHM}IPS7EUiUH>q?4ME#_cuV*dmoi(zbF9C8Jlmq_C6cav#`qUR%q=b4uJO=hS_ zuaFeZ67=q!kvExLNa8!ozc2@gg!guTVNNCq@9nmZX>LM5__yz-kDdwDL(QVbC|zSh z&DR>G9x*MxB*Aa^pY0P9Wu6kL+p~vUx0+!svA)kt?CaaiXp+{eq-P&) zd7GIp(wJwHVmh0}BCULOSj_E>+vtgBL-j7^L9*fAF(IZ4{0 zTwTp>t*Acjrfh4Z}F`EPA{m_tN5 z+;I3{AuuSLr3yeuZhjBL%hJU;osm{{{ImS{}G zo5w`LF%fTG70*g27jJsPx!ji#Yhx13zmmjbBEkG#q{GkJLlVqiwL#AY^RLfZA$`mV zBDM9{LlVtLSkeZ1JTd*u9U?9CTnO%G9uv=vo?5NH`ISiTdbY;&H{mtLxW%-}&i6a| zoBc^@Fuw#_l6f~v8jgu1^9ixxm>6Jg6$!`00CPV{pP9J*2AB^}*6=%1-))Nqn4gdh zx8KQ_f#zSu^Y!wJF)5~spxVtX9YggLGeRW%nq!I?FVdcJlpbJ7J5*k)rI^Jc)s?4# zw2h?o>TLOU5VPi&7<0Y)d$}`qka@IGY7SCeJGO;C*DiLjSp=_RM9)sob%`BfmQs`w zmEwDM(NMFNJWJFhU%}#GWxN!c1$lrD-G043gHX{?Cnw9ci}i$hl-ZH>y>d8PzCFh#hMdko1UA`y6}=!dxxV zvFBFW#+xN9L49f31hb-1T4|eLzQvOI?73swMDuTrlCSF|vu7u2gTj%VVGbp!P+fqS z8Rq>Y@m-;*=Hue&>@h8Ns#zw|x6dWGrkfQc@$5a_tRiW>vbJQ!PB%XlDQwHaShxAD zNFBGVjLkIDqqwylw-m?DG#?PD>y~w~cbhMW)OSm9t665$t?W5+OIhq}bM$R2&Dydh zHrq_^%u=(pFUIDWwYRh6?6@;_u4#2)>HaO=*m-8_M(Izn3(W2!J-WpgyVxuf$+P9J zu}jVKB6Xc;#jP+?e#KF`PW)xuy=ECnC2Gf(?s4~-K9Tlp=^b~!nco#X;d!YogW?L! zDw5W#D_cgyJ!J0SUQ!!5c9bIEqnYTt`6qGXKR+~vAeFnd6 zc`tm8Ia8z+6F&@p)LbnR{FCl0GxB zeNUU_9o&OS6^r7YHoJ&4ykc40db6KMV=Gq1Z7}DHGy$Yi^O;6zZQLgFut-xXo{!sX zhTZA!C3xEu^{0Qm>z8oN2cHKK8?JX>iffWCEPXw0iy1*t)~oD_-EkG>QIXbG?2X%M z8r?bTS1W4cwwt3xa`q@_^^#d2QdPx?xJt7{5B7Ywq9N{OGon%YJnpyVP?6rRxES|} zxmKjp6{A|cYHkzh0!Xi!UXi}5_$F?rY43?Kd9QlYY);a8)%JNu{F`QLkz$_@j(^L% zTco7tZ;sz(E*5Fz^KIgPZ{{~jQSnt~JxL{M^7Erw?J@Iuan=i;FK*>E4~g_JNY!Rt zqtqk*ZSz}^Ha(vZUt@;3xZI}a2gJW)juWZH?ZvI$H5ZGt1ETCVpApIX{PL~`%vVJE z==s$6gXaE5X?%RGnIFS3zXscT=DJ2{eEbpfEJ-CQcSEQ7! zS@B2B)Ht?H2iplVOQdBW)tmVuJ+^g8{7Lh?NL#k%$A4@_#B;eVTZ7|2F*7B(D@FQjYgzo~=Fr}3`*!Q|@n4uJeNck0!oBcD{CV^D zB&~;QYa6>>G;10qZ~T|0Po#(D9E`tY?oH$D*r$`wud=sZxVf{Fl6))VHV7H1$TCbjb;m!nyW$({5Y8}3+oixowgm8h<#5|*{L?v>2?pV~gJjTI-gPdQbvxUDr& zV)okhTtbAkqEUJ&p}kesD7~K0$$F_COz2^)73md-;TN}ebQ?&0tlLHEw|#lnM60_< zL%`P8iWg}lNd2rNk;a46-x?~?bdZv)(IU+ODcPDRQXWVHEVoDn+g0y@*5O7exc6Yo zK1kZWJ*@XoYqdyQw|DG)mz6k_Z9BJj>pjBC66u}oy?c+e3dplWg`C+wZziSnV~OgU zVOkFu5X5wLK3%crd2Ew);H5yClb~-)4KUVEZ0Ew z&9vIGq+xwCt&SpLeKV~n@x=OOTG1qNeKRdLy=@q!G%d@@W=Rd-|IN)=*3Id~{Um#?wCF1Ct;p-?WrMPRuimQ?jYtl?;Tv^8kA9eQ`%Y%4mFCG4}=mP;h;v)R_! z4rDW@9rC8kw!UJC`fRrKtw`8sv#o_4*%SM0wsjv#+-I|`GLi~a-Jvus+j>i+3nV3V zYRV%F_&y>2T7buwsn}KLUng- znwDct?83F<-jQQ@M8ev0tZgD;?K#$0zv9|)@5r&fWr=Ffu~b)%g0<&Zc`TV&dybV) z64#z%Z6XP-bwTZOtT#ovOj1}fN5T5$SU#4_<$o%jILA6GHXN;Utgl4E`sTpw&6#0+ zbF983aeZ^FRFb&9xmH9PdZH~&n`=d}q}so?x!qiAW`J#;HCJpdu+6hZPHif;z#7kz zTJv7`lm%Avg-y1FR%@12&m(7hEwnn_(_~v@b!AC;-oFsM$a*utw%FPuwsT-xZ2fLS zQ@JJ9n=GlfKM2cQVrBoP$(Cm=WJ&$=gJ&}HtdPGn*_K+ZSW;&{YTa$A^=N=?nf0XD zu7Yiu)tT;dalb6L?qo@I`g7}U%dPSN+X`#D*hYbEh1HJkh;g}ltlL;pMPR$fN)l-k zNcUP6-5+Dml~xOu)E8h|X>AU$54Vy z@}M=5B{lEklm!o3vqUNasmS^`!1EF7GqG*@SdV_h`az`MleEmx8%N|L*8ME0iys#( zc*HswU|VIqFSeUMDOj+|YG*c;TW#IOl8XOi&w|y~;sD#D*1ckz2DV2nEx4&%u@%gc z%KO9$DYpI`(qwzw`h+F*{wJaO;~)pGe$)lr_Y8zZGA@T7xr9lU1Ul9{dCLa>#c8TRnnj(oH@RHgOxNG+sD_| zHdsSN!kK7;nxNB&>aM0T)12$SpX{ytUNV^d29zc5nuPYZ&o9ajUCXJ@Xkp`)*?k1kga?0#KW(YSdq=IYRn+q76jP61_u zR$T?=hE`o&@5%b_DOz9z^Ck2T1?unlK~DW;{i}p7C#YF7-d#S2r40*e>3) zY|2fU^T?SCyiF|wY8O3fcpkXcpWAh#QatuWUQ z`wi8bSFpD@kn*`2jUMB{~qywCf*0srr7gS(w`;zHCZ`x zq`LaPQ4jMo@l5qfv@(ySG=&;XHSyP4zkW#ve{O|~Jb$`HKi}G$GU3+!d%R60QYOQG zMn3E_kvx&=Dif$pWmoDj!{lD0hYybZNQ0hB{)H#%S6ovT`!F#6ihoh+-;4iK_1a~N z1lGts@7FZd#rguu_A#QHfa=OaJa2dQ*+H5&$hwR8z^z$D8m3$dsefz)#^L?0hWt-c zH0C+l8akrk7S|MS_ly4)&!zsIRZ3th{(qjg6!-k!8++crEm*^p=T%;5Fpsm4rkpS1 zb`J%rDV&j*`bShd(lf>0_OC|%Q?mz;QatAB>UOBhrn*s$$m_!QB;Idr+S3EKK7J9{ zKYEe(kEp=Wn?gQA$jbQ-Cw?T+agDsLnCDir57X=SN5AIBvk=G6qL|#J zy}xg{pL3~flhxm%|Ez{H38YJ*UVl#_uc>^Z*Xsi_Sw*FICdU=5uAZh+*gu+jj`$x_ ze=V%XV~4IP$&-1Ge?5;rHkmW|i1X8Bf9&tCm*c-dHS$sW9pae=w(f%fpFsWpd-%^O zLtbxOApSDZz_G{rpHI1UP5!##Rcn(*Q$Ij0x(bG`Wort*$m*woJ%j6NU9~13F8c_1 zUQZ*zM^_!mllQp5IL!b2b>PqUZl22eQfjrmypRMtJs*!VBO?;q+^JKb~tbv-c z01fx&jXcNGv4;DZJ-LUuy@CDtf4aR~JJ-nB2J%}2TEzXpK7l>M8tyS3A*>0c*N;ZF zVh`x5ifZ{O-hbANK5*R${OziSN^#`t^|iY8|)?+{WYmbjI!1T;Ga+uNFJ4pB=J( z<`K>jns|R*KR)ZXOIA%e=nB`OHuby45uz(^BhM>9_VLdKSk^|RuGJiXQg(G1sN)(d z>izy7Qe>pMLcOMb%==n$P{dwj5{MIIoKSE$M z^_m}h!kkQNLhL2x19QGsgGUoy3;Fwvk4@at9*vp%Yfoy_=n8q8nnIfYRGgpQE1UK; zzVdnPKK{Sn@3hlL)dcRX=yR>Lsgx%7wgNR@AH=pWUHT^SKmVA>=h~ckAmtS%U*p1S zq`G>D+QrvPo35SOM9^5?_ZHc|ifWlyGo8L}pD8wK*5)sHp)>&byuj>+|YLKz~} z)!6`^uS&7?M(1?A)%e_p+x}zTe=f$yah@SLGE#qgxyQby+Sz)eGe>S6*BjX9JV$XG zv6uYYC2%|bgW@ygmD2T@@QMrRwYl*+3Zq?nT`sU)fu%UIKU&ij`=8#jet)cm$6K=< z$hRWO{H?_EbuB*o_Funhy29+&U_Wq=@iiRwzfte;R`@wBy}sXgECr4+ZfVmN@sGow z?g4H!-~Hj)BapI{TQnZFk*1jP)?_R5=;L1l2lCvy|DE;8fBMM6TOqLD0(<7idjEK4 zA0F-8QlxP1Nh33m??QUs<9N&Re9l*I{5+1C+i67kHQ1|7yiLWDmHRx9{`Aott$f#v zSMt}cu><4$-{D74E5-xWRp7O+i~tR{nvdXowFmb{oA~FDCvKN(H5^U02#v{~)1qs) z0`@s;I8S_jMpJw}lcO=u+cb~b64(mXbGG*dSW%QD(looXog2iEd)c+M7kLsz3A0<4FD+Eorv zhq{MivJX;S@fGIBNRQO7;bZHQps~@DId)Y6yaW6(w^tkeHN~D-)+YMEBf{bLu+>Zh zXGNaX+4Ef}tE)PS$;VKhXBtRzfvn#VZ+i`U>;m-|YXYr-Wm~+4F*z$d`?jkNp!s*^ zL%uiBnM!ew-DtG1XY|kTyitVzDLuD~=Vx9u@fP9x^{nUpG49{&z5l5e-KbtZnjqB` z&qaJxMe5h!JmbHb!9E;~d5*yS)3gU&JE8^$i~-)ixGeKy8m(NTO*LsWnd{gyE5LIR z@HX|pk2GAb|5+C<#WPGGkNIEggVCUp&DJw(3ycKu$)dd$bBRzr<; zx-#aF>rU6N%sCow9X^&}R)Oc3HdR8Ivk$kFw+L%+ZnV+tYNx&4p|*j)Q~e%j5IqUT zbFY5}J_vdn`PkL*fXF{5&d;k+SBBd6impsKCjPh-x9-|DV!QnLFM}32rEFkt;I^=- z^N_Qh+Uro4DSzHZJRAS>N3C>g9@NXk7l}G)+@e6^s(HP@VgmLirxR!i&0KK-Qn2Eox>#g{_ zt3&-EAU^i6P5oDZrU7`HJQ@2)z}-x~2O4;^<$Wsf3Jh;4UQO{R;;qA3@&3a5LZHu= zP@{iL2KsPcafbgOA1;fLby^kJ6qiM-L-w-fulue3nU*ubIR5b*SW8nT{uvKfO*X}= z%_b}F``5+{Y#rv{lpKCs%HO(AV6;0`#OpZzG0%S|8t#cC@9D9Avyftr>a|+Z5D_q+9c(24-{9}WA=K4$m zYnc>~Gd~~Bvk)IO0(s2j+9Tcnea&>rb|F!oF?bEnJm(y^hw`zN$I?&JrZW*;6;ga$ zt81!>>S{CTZxn|kus{3oUFI7-b%R?+Q+%J1&nWqRCEn|VRXLqwvId_LpEVjhhl#Z}(Q9)! z0D1bK?L;5Ds(Zb8bB8)f`Co565BeKh>uykr^_+j;+3WY@j}*2YoWa4`iOwAP`BLsB zKF4RzW^bV9H#8se*!FAubBm@>qbb~{_!kzs;wP8*stfaN$tN&!poaHou92@8bf$V^ zs8kA3*6`>}B@J42HG%jnqVpShUEK@3O|fPT@T}43j8zvsT6MLKO7WFL?y=xvmtT^%AHF3acCM@ZAOPw9#^9093c(-i;4n(Ipi zj)%Zedi{97di{6zewsf)Idh&rryl}y;8DSuH1YrHiVDvIpFv$V#lJkdMD;dZch%Gt z%J~;`pXD~7x{4Ma&+D0weiM1L!c!1L`3g2)Gikb-t;tms*7v7qxGJ{EdiYumUR_D0 zXxHko798QangUjT+1cdDk$KNTt1giPuQTxV0j7Mu%=G8n0SUZb%C#`PULP1O(39_2 zF~xiCn&PVvOtI(v^IPCn2z(m9N$>ak=~n#fnEtX&(KHo!zb4s-x$$*5&VM=ea3JMt zdO76Dl=nyW=d5^zfNMXSDu4)f^(e(@>Jy#xwrlj80(|)R#iNvuR$Ix6zmn5s-10r0 z*GT_Ipm10BI({E%cpl)b&waj+M(=w8{!KpqUg9$#%-NnF)UJJ1g=Af&K zRa%EUpLU4&ze9U^RcNAx`N7k6X(yA`x!^zfA4Y>^lJxxCnvWtd#nre*S5EkfF7y5;H_+;T zPJ?@uHQb^m-lqN@kd<>6#>C?VkZ9oIp#!1h7AK>w~GZ?4I`mZ#D zz|$_C++$oSpIZGLT`|UM#gGqWh}TSXdBU7|&Tt&%fEt_R9B4%!|J9F~*LiZ!F9p3# z@o|=~c=K5~kCPnwMHrvCFF%F(;FDKy*N;j)3G{l6U2XUYy+f56T{tq|qq=xYy&b^goX@K-jr!2PGQ_oq zCfBccHQ1DiF1?Md)76I*4Ua5-o@Y+hH}U=%Be2wID9fe%)_2~zyV>|xLy2Hg>LKm5&tzZUS9WIF=3BVaoMw&RfFal$n1IFvgM z+vWu5PJr%&O4Ck&?gZ%SL01pDdeGH_t{!w})O`I6=+3CcfX@Toq&@}Rr=a^3bf1Fm zQ_y_|Wj_PmXHfPt(0vBF&((AK=fHmse6V)h5v;WY{21_gz?)RK8VqlM=%T)aH|My3 zwhE3`hdZa4lhhr(W(1E>#l1rHMe4Q~=S@4*@(Fvwcc>30>M2u@2I9)s-YG~n`)@#pWz1}=1V}^Os&-ps7dh7)?Mn!sTLf>-XZ=U zpx>qXOhdYo=)q~t!FqLCIM5!`Q9o}w`oAze4fxNeM*`o?eH+jMH(HMpy*0B|%UAd| z-h72`;mue0hTS4+V-e+FL~SghHWpFNMbySis>K{vTciVlJ~Ss4=)pPd^-C&jF4Ek& zX`p#$?nIzrxwo~sq^9Oh1OCn2yNS*R`a^DB+bZ>$>-eoz@WtWx!V}=Fz3|>#?Qmxc z=&|m|e;MJ4Nr1OFUkFanu-_82Pdje~%|)O`?D)>0V?-N(j~wqR{fxelMS&#rpbK8)Uoi~Miw5u{(F&98d0Pr1X{38|&$V zKKb_TjXkkvS}D*{?RlcFSG_@=iyS+k?PqLZnzyP} z3)ApTx1|nzANm;W{i^1P7~yDF&!j}MA>d_j$ zO|;apAgk1I#L<0sPGU4{o%---$YiB0n%=w}t>Hd$jC!CH^e@?6lxL|nYWJ&&+Z_{k zpNLBYO`5jdacAsjiHTGyQFC^@2-cyo&HJX1{~GXb)3@9)YWI-7rFQI%9QZct55b}I zh1OJ#=?L3$FrfrIm-j7oEZhAu&`@`;mKx=jn0}Z}8{t851X}h9*_FQ_u zLffBqPwQ8%6}7s*-#M_3vqMkrp0AZ_$!+J`%C*$CZS`_(eA~sqf4+Moc+P8EV9THy zGhjUL?3Y1#=8`6tG`XZX;<&o|qke^2%RgR#&t&6#RYW7CnDQ?s|6=O5QU`noyFX^W zynh*O>i-&WA_1F8T%)oX|Z)c z`^KICIyCl7(j@5l?l#Sd<87F;W2+Q>jB~~xmv^1y#J6)6LhY&X!<=WbF!4e5oNugDlssBPWTZh%Y2eYsHk{hpTkG41#-rwqXHp9%DXJ-I+X*)uH`X_l?j zao6TW1CBvoEdza|x4mw{Uio#f=DgMWbwZ+!Uppvu+~F-9kOK8?Xm`Zn@@^Y&#Nq6? z5B&Rh|2!a3$8R8*@XgV$2JC`!xb215fopVE zyY~7T{UdMRfkzx)c(Y>DCGwZvsRNHtZzMwNN?Z^J+EwigukI6*O07Od)&`)@46LDX zSOb}#3eV7SKFrW@mdgOoQ{h>p$s$b_X?oBc-hpP11mcm7vm-TwkTwsxF$`uV~SDYVO0{_`_5kRs3b9LN{^K_j5%^-}EPub!eJI-FDwET;zz7cDTYicQ`YHQI_lBu^p35(puzWP9dMqj?mjSr+N~!}q)oBh8qg zU3;ev8WVJAZ(AM5aGF-BFUVTf=7^(tO;+qqXx*wd)zI6egSI>R#=Z@7N^Fb4+Z{!* zZ3frUR;wdgL3F!gW$c{6JB5EdwrFsf@ator8C)s6v&UP5E2-xvQHE7eOPW>#^itO~ z+HEn-hg@;o7IVvxQb$xx#E>1p9||i0ea9iCK)Vdt1+@E+Iz9K{en78u9y+8NG^2-H z0?$=L)@c1|N`MY0I*I7rKx=6%)k3f8(X~+5sqj!()wI<^VTA+l7StBiJlUt7atPP) zE32V;QOzeq;5-C!+wOR>=KCQ?okP#-dzO~CE(4wAT0_37Q<=R=-Mn z+*R7AuF_txhqV|%g+cGvBn`VKsIs$bn9H`T)v0ioZ6&nYWy6u?vONHNBKWUrlR}y!uzq-8 z7;4hAR2%LQ={DRWGHf^lq}Xtd$|8L(>GNzjK96aqYF_S}XTwpNZ^N0&MG=Z9w<6$A zg%^QUk1hrt=bSHU3Wu*F|8*3hjPw;mD=Cvo8?HKbQe9P4R~5|>Ji6=K zG@y?Uz8mOsgXaVNHDnz`?mXn{;A8seA?@{JdIr&) zA>-`F^ku|9415E%;wt2srs15Nrkx}IbL4+cNB?u=e@;jLOZq+UR*kg7{=T7IgFYMRa*JR)o^zQHZJb>r+Ccm7IoNA1j0^?M8QZy_RXr|`>;U}tBhLk` z-K>ua2i_WWMIYS#LW?W9ZK%7224kSTuGz4cOyW)ALv6+Hw%0>#8;E+|9cK?GYdBfM zZLW5$N1Y48ZE-GWJNR_4eKx4~s4&X519^5J&kp2y2{M^9s)Mcb5cjAnwD)y^OlFU| zO5^#e?dx~bw5u@EcJ_;~<7n?<`wlcwb~+CgjeY+aTZA2F;4Ze%{a**;@%QynE~@c} z<4f<+QKoTg?7@UY(4=X>cH9dR?YP$@+VR+zV#hr$5n`@SNrjk|Dd~3HU#`+J5F2&4}Jm>GP z)l9?LBc>J76r!Q6O0?zs`;lIa$&>tJ{&;j$24$W>*>(?h5AH4+v)ysqf#NZE z3@sW{s`WllHl_qm4j!ev}!H;z#Tvr6YW<91u z)|}f8@DXio+8S+DkM%%tg^y=mo56Ev>=w}6+w;XV%qMpMo`t;$dRR|Fjd*^MZ^xN7 z-;OhFKC}_$BGMF*rie7fq$ws%F=-NPcy5?L5fW_KRj{rAdQ4jrG#1)|=NePSX7HR3 z`OF<#svSJ=N+0yex0h&tK2R{W1Xg_y1N8x4O?^_WojcH0#~Ex<9D1&_Rcn6*O$n@B zA0CS<+g7dc?DB`;9>D()oIo_3=oQj;AifLHOQgBv_~(Han_qG`4!+oY7ip5ox`yVo zT|BeFSlu!fkKMb*4zmqE_~)_ffZx!ri!uJ-nXzT|PA`@^%IsmUybn#okyb&P3en)Z zqASUNC(#~;zidi6u7b|k@CkBkbQE1FI&VL4=)-ZB zCBpVY3(WKOfo~rfciw*L(8oYuCk?(S^t^pH@%SF;^LBjas2#TBN}Jt*wb&gPKiGje z1UoQ?V6q02HQ0eU1Us&@5cj6i-^&ZfZ5g$$5Zd;J`_lY~G-fG~l zPE3Vpm%4V)aJAEgXgbHI{UQT+SjjtRCGWtok>$YkLnTGXa$pbSQl5E~LlLcE@}X3k zR^-6zbw?Zn-pffWqw88_aLsL&tC%9JbKvY+MiD9~LM27m>A?AOC)DLlsdC`l3lvre zHRM@CrD`Zb4d`K&PCh`vrxxO@PpN}Al_~XR0h;V8VJT^Y5sjIs)bGuBqYVNTp4 z5l(DN1e||);bTtQ-~0WPC^~9K!8zus@MtRQa?&vc&RgrlQ>bhzl}%7DEp4x-JFy4S zsT9&_F`&Wq5|zy&eHN73*)Nw$t@|k4+0kpR?V!$38WmGAW`=3hnWS2H*u@k=~Sg6f9a%t*1ieIQLJ@S@ghix0sLi_7S zYBf#Ydjxa%^AS8Y)jkq8txPg0d~fQsHE=fc+i5-QSYr=+r}t~M9`=M$u$RGCY(t^c zmQCHKYx=U?e@m&LQfq+!?X*J8`N3V&qiH2@%xL|=-P4a5%Xa4iZQElRP&{X^bmEr= z3$^GE)=l3@Wh;SBa)rXo4`=;a!UwfL2Yt|1uL6D7m;3J83-EIq`h3j(U5iO8cObyPmdM9c|4sv|V;-nIELPaVGydc%1{U;GKtP zNO4_pp8TsIlT+cBK|d?ysuS17K*4I~bB!R>*n?0LOgvEF!-8;xLk8T{8Yuyf-;FDEHz0Gp@pnROr&o3$CLxLbcKPQz9dDT>qOYyJyZ! zJT4c{z$19^3_NNV&)5m)yn1vV#mo!B^O`)$FfRztZt{ZgyyhJA$?aL^v=be&+pL4p zb+%VNwXTS=Ehf5-B9u|i6_j%&>35RnPU@MeAlz$es2{3=@T&Vcm>bXb3WpU}s2&b0 zu28*}eCnudJ<&4|bA8Hrh*_C(nW9~$Xy=1)pE^VS5jx(#z^fd^Gj`Z!e^`4{1YH4$ z(6NULZ3Q3VoZm7oXm+7(<+k~nX=1;H+RHv{9&`?_I^I4z)Z9~k$Lw$u$9%YnnS`1c zKZVXoE3nn!SA+1|({=-CFwrog5eAOx4kms(GK%;@?d*r`26Ta1va=J+aUZ2=$-pnj zM!GC}lIi*AKA^9DRI5!g_X3TE?FeHA=p>hm_$cBNjc3-s-Zh0{rjkB|^a=K5yWh^( z?)d1V53_OoNcvb&-K@_%8;Zr8&jqQ*11$yfwmg|U#DIN`Z#C{egV4J!1w>B8~F9%$3h~6RY*!fgg@8)%Je5;Po|Q&+WpqxczVPVOo|WQ>U*N7Z@OuF} z!Sf$EJIQmB{>IUMpy7J)yWBes{BA%M_=L@=BA+T_1++Io{~KgjC7$@r?kWSnB2WXK zUFX!0XAODQ&^8*Q-*GG+^cfLkW^U*a1eqW##N{yRSOQmY5R2O~DvDG=X;*a0` zt~Ky$1L4{`#~z%MsfWd`o|A5DKDHDnetWwPJU6t<)IUG=JFw<#JP6b{esWGdML1*N zT$gU(cffH>{xD~l9gjHST8rb3Zs>2!#pB2?=4R^g$6EpId%O$K3CH`)O*inn-(&1k zkEhN(Z{R$csplPE2|TVeGT}6e{=jmZV&DI;~(XAAx#&GoN3oiU@wgw^vRG+`%TE(Tal*k zacy1?4Zq6W13cj#jk#=h^Le{q9)PPEKo>c7nY~Z6nK#MIJ<(y_0rSBV-R2!L)}KfM z`qGKP^Nx|{cDUBM*tVVSzvS4R^|R)MnRs-FfLTkAUStoghoiZ@cRe22N7la|gva88 z^P-^ahIWhWtLwjFu zXn*=7tQqVt0M)FWpogot#2*5_#Qy%t!`eOeizjbdpjqF8Mzd@mbIeu?66`@A-??B7 zm0e>G`?#g9SslTeV80#oniT`QX7wRDi0CMwS*GK6Yj4dmpV-lVK`ym1S9sLtn)n@# zRO;tk6TiZdXV$;?tuxQe+PU`DeDcpHO}>fW;m8*~eubmR-2TRat_k**asNyyCeLEh z6r1=Rj&zE-&V1ty59Hi3&I&0bpEA;vnfN`93b6*q*+VMHT1lEp6TirjK@oOJEx~bT z7gUi?6=|wW{4z(4S^1kMv>J2O=8>)%vtaW;p!hxLS`$||b+C^hk6RWru&t4w7E^EH z+T#q-^Pnjt{j8Mp=DN-ET$e$E{FcqjU3GNl{VI(a;9;Bq5428U{Hs*Uc1Qi@ov=!* z-~0!-CX8cv7wkLZ><54@Usw&-C>~h2!}jtgYkgAC zFH@<@;)72?TvpGFdjh^T)X8^wVU9KC+3yxcSxKGKVxp|w&(4E(;nmax`gUy{m8zrX z4eEH+3QsBS@>mJ7xlv#I=hdu@aw&apg9S-Va}=6tL6U{lWO68y;KXocAE}7tTQQc z21O2sebye52Rz)(QFxayA0ohcB}8i#TulD!ES&AvS-7$-qZ%v7r_#dNdneH<(8R~q zkSAU>HG`sPg|^1Nz*no)QmHzMSx+%5={(|$l?iv@&sgijT(M^?T$`PzGsIFyu`dDc zzJ2C;xi7ANc81{{>SjyMQ=H2b=PJdqH^cLYV4xe?;W<~`lCWl&RYWr!u~E(NZd7zL z9MvxHNz)RWVOt8}`oPS*#AetcJo~sW?=sZeH72E5uZl@=$oGi3O3%z(rDtZY($g$g zVVl;6U!`YeF4K0rOj`Lzc{@ns6)e;)HOk!iB724l(z=H0bZV$3OV2t3qN#! zBX5!A?9mWc4tHMWYrBBv*b24g&;K(H=d1UFaCUk>C{&x0KQj{VyB*Cd)W$co)bFtt z08OwLHN;QFdu?XW8vBL@JnM|@SPS!T1@Qxb&vJI$vZ_rMooV9P>q=WX_0JJU@TuWT zGn!$xSiMU2jJ^kqNLJiNI3$-bykDSP|ULw^E}1;ieg@-nBP*&s}R$!lC;}2yGqe+2Rc;y70^`e z8=GB?)}nz=*S-aQqV^ro47mCa-w)A#0Gg#KyIo~#I?!Cr4s@aB1e&KAKv!rM(0sVQ zZ&w9c2+$&}IndQw3!ueXnB7osY1ji*8uox!!yc&7um|>Q*aNj1_P}8cd!SCk9yqFD z57cYe13v8sJw$!0z2gW`SG5+-5O|z31E^h}=``S(LW~@#W8|U4rxKq|{6yk2bgVIp zG})xdCCx&ewgTz%Nnb?#YT}E@XD#`-Y*V^$kU zQ$`vOXhKwlJvlT))!Eg}A?m2T8PIxr1W=zn0q7a~XrO294*)%HUwyNo3fdk zRyuLZzT(6!yVHqd`z24P)! zL0FeEP-8bxV;HCjHn8^Q2G$;CVC}69tUbcO+9M6Dy^2bCsnmYrYl*KT{wVSF5G_P4 zG}AhUs62BD&=uxFp!w!Xpao_z&?579Kv$bbffk$RfUY&a1G>&MJB6r?W^15jW&%); zIT>h$ITz?QGaqQB`54ew%x8e^gl~3-sJG1D1FbR-0QH*3f!4rR%|q0F^D59<(~JsH zht1YN>&&h|kD3F3)|;b%`b;;_Gv)%IXU#mI=ixi&A?hph(J1Hv3wtTT!d{BBu$Q7N z?4R2$?2Tv(d$_wb^;Sct?n)LsUew(C#5B zvRRiNFp8SdC~8Kds2Po-W;BYL`Jmo2&4$N99P;^!d@hsEx8!pbd|)I5X3s>t!8p=x55|!e9ZdZY91;wBY}W>3ChI7ZjgUzTwWdR@9;uWX z2z%`vfSqi=&PVJea$DQOBzLuKAl$2O?~nFP`U5Kvx9Fb|z63K8%CG5vCHXZy<6e~i zpuf8k@wAk?+4ca%`9R8@(A$!HNN+~?SMmE^Pa(OPZGL_dl*jxE0sGjx^vQ(J6{74D zgoo!z)@+Ph?2w1`{J_0}4>?f2Jn%H&l4gTa9&$4770iTMH-kDyo3 z7Q)+OCLrZ6xJB@^U;hjC^8jMpazU@4PY{*?WKR-w3uX!y2o?%@1j_~C#{pD6QZPx- zEm$sCE$9<$5QInEsk|mQ^JebfPA#!t_GIq`#PQbvi0#l?F?JA47R(eZ6f7647HkmI zZjthW$$|p`v7T~~s|9_4H`})NZxH!3AZ~xHHOGkrM0+PdET1X*Eh2lxei{(BS7bQ* zp9VyKc+{TCYk=6k4uYKk(LYJ-nWEnUh~@SQ`o!KK_S2%*+H$-kK+JET$TI~W65JxV zSMao;ErQE;5`+iVD8HG44+(A&+$(rm(Dq9yFE~(err<+@TLkwCo))yVlk$QC1!oFA zB)COzui$AxTYD)lI8bn=;6s8QKpP;9!=mo0< z8wB0aY%dV>2zmvp1$}}Ig78x&o@WFj1v>~P`Q;w$=k6)>2zms)fn|Z6pR9V3XZ!;BD)2%L|-7XN6;(i6NH~`aXi5!!Gc)Udj!h` zy@J((KEVb-6({W!j1=r3m?W4i=oZWrEEFsktQKq#)Z#gQ2f<{)Ou<6Ia=~iB20<-B z$_pk7x&;das|6bbwcb)rFj+8Duu!mE&jcj&|A%M%%^1seplz7k(BSuj(u zP_W!D_mg;n)q)LzT7R(%Rtu_Ro?qO8<$!qnsTOPygrCgOJfs1lJyPUkkuwDg1wCRf z7uhRvwa7JqI8GZx)&_Fi4uZ*onSzCa<$~3M4T35~@&ly&MD8GRvS6lQpCdSFofeJ3uX!y3YH623pNO9L#2NNlLa#c z3kAyss|6bbwP8|TFj+8Duu#wgh{v09k*ft81hwH3M=)71Q?O95T(DZOK~Rn2@{xi` zf^Na&(QMBYEEI&FVA6Kb1S17I2qp_=3Kj~M3nq=_@@~OQ!2-cTL62a$V6|X_pnIa^ zCs-ip5%dcB1mS0?Jbna|1l@uKf*wJypifXumhys0f^NYAL64wU&?nd+sHSinO)ye0 zNzg4=Am|bF3iwV+Q>WwAX{FiFrYSm4*+ z&3<{=R%hb)U%h^E@B*5YKN# zf?hzJM|^_n5tbtbqX2O}tP%7)%KM>Du;4L~1tTBl@=1RDHOp?n0zr?USJ3CjCpn&a ziZMwLF51%mU*nPd%NgCz@%cu9phwUv=o3_1*e_Br3Xs+#BD)0(1U-UYL7$+ikT`-# zf^IlJ1j@;=UKrdLAPLmphwUv=o3`$OL@U0L7$-dKghpP*`x z_<~7-Zb6@*IwgLBNrG;{0zr?USI{S@PD^>gBtf@efuKjwE9eu1mmKi;5KIzu3l<1^ z1igYjL3kkomlsSD^ay$deS+|^1ojt95_Ag|2zms)f<8fb!2*{TOcHbp76^I-y@Kkj zloL!6bPE;;dIY_KK0lu0^6CqTBbX%U7Az3-2zmv5g6c0)UNA|}Em$Dv5%dcB1l4&d zFPJ3g7Az3-2zmv5g6e{l7fcd#3l<1^1igYjL3L5e3nmG=1q%c{f?h$Np!!nE3nmG= z1q%c{f?h$Np!!P63nmG=1q%c{f?h$Npt>aG1(O8bf(3s4-`LMBsJ@kQf=PmIL64wU z&?l&_NIAhILAPLmphwUv=o3`mNgjZIZGS{hQW}kaw_t&wN6;&%>>Bw;HPdLFk^=~o=z z*Od`&tn>aX=)FVgxl`&9RNX}uOcHbp76^L$_8uJ99n0kk1S1ng2E_G;N6;(i6I6XA zFF@?4Btf@efnVQ`?L~mtey_+r!84*){n;;4Fi9{4koryJ0zr?USFi>U{d^+B&40?v z4v6|lk&^`7f(3#eL9d`sP$f${1(W>p08PCH*JY9f3j{raK0!5*{UQaE1PcT`f<8fb zT!G?73ML5_2zms4f@%=^rvOs>2eYh(FeVAQ1wDdZ!N{TFCs-ip5%dYFVd5v40!Z6M z)v%Z)6Ug;avuW!G({qE`aNWZ80mG%2wzu^Ae z`lt4v+<$ui?EVk*f29B8{mc9N`d{teI?0tZI_W~v_er+okmN4O1Cw);OOszo{(bV1 zat1yRa13w+;N|~N=Ps%$f&Oyxv zg%0X8sMny8gJurO8MI)~eS^TsZ_LwU zs^Hh1=f@n-TcrImEjev?nmcV)+T65-Y0J{`(;iG)llE@f$+XjHpQnY4?Kn1eZ06V{ zWA7RJ#MsiYo5#L5_LZ@F$9^;R>e!Cyz0woXN2HHU&q!aA{#1Ht`m^Z`>359lGw$!> z+K!JIKYje%@%N5jGrnT{8{_wnuN(ix_;1HMCj?JuHz8(1zX_QW7EX9zLivQ>PVi3H zH{t6E_KD3WwwgG8V#dU*iHj%hnpi)v+oWETQYNKMnmQ?G(t=5kOxiGM|D?Z7>N0uw zRYq+_$kaQg_MbX+>TjlQnYw4{k*R;4dUERNsln4C zrgfZl`?Ncz-9N2-+6&VTPa7~jZTghy_f6kA{g2Z>nEusthx?cAB==;u+da!Y*S*Mn zue-oq>3-XN)P2Ssk~uJQO6Gl;#hFiM{wcHTj1e=I&v^a(_s%Su`P|IcXa3hrJ*!97fUMi^{_Wj0cmHzMlv$;-UYPa9tV6TT&-!N8O|v6r zyJjcNcF$fv``y{cW}lty%nr`JExUVmO7^tuhq8Uy9di z=dL+3=2XquJEv~WxVfw5Zky}K9hf^gH#>J#?zY@daxdn_%o{Op;ym}f)$=^_BIggE zfB*cK=kK5Y&3yZU$ORb-mMvJn;PnL`E%wDA1Gwu?#@?OfDy z@vOzKEq-tD*NcBx+-gbulDn3;m#kc}b;;=^j=VN`o%8zUP0X8dBq#`_`#Uo=)u^&C8BrqoQcwXRg#@CSi^D}B4B)IZW+20DD)4xrn! z{sdIJ`v_3B+-aQu#@0+_xwFYe)^$Yb&u(VemA zY9PF4ZHStqhN-z~I6U=smzu9qRS}e03*JwwvG5#Qy7H)T>P2`H+)HYbs#KHJ@6;6a zDqIr#e~5b*_&AHIe|&Z~$u?VffwV{w5G!|SYwx8J+NMd`Zre1aNqPmA&F+(A+hjM{ zXVWzDB9tN*DK}9NxqIOvFCZ$SBJv^#2!bLaNI^uo%2iQNr1<}yb7tmwo_#i@eP7?- zKcDP*<~eibe&)=XGxN;+5GT*wg&2RLQZN{ts2)Jf52;S|2x5N>u|J8}x2bORjLNA$ zA(c0g%3G+bw^3K4BCa|hQc~k1gX$BJA$3G#6ZYQ?t0|GssHu^Y)y&9e)$GV-?0Gv4 z=dgWFwMEWSDJgEfPfwZyb9% z+Hn22v*8{ZcOKwro7YLk;Eqi4f?W%PVNDTUhXt???i^j9J;**u^k$Vqck0kn<2@>if=vH+T4g}nv;iL)JE~SoP*urov!=4GB1b%1&rE)%FzA@1S=GzSK zok%fEJd|QP=FnllRfnDqc;ly%wUmbw0H663)y&HbFQ2wyH>&>uz?-HG0Z#bH$$;OU zM)CiMF?TbJ9KHqk2ig5ghL2C9*!G=HvCU^Fp(F;Wv8QGfc30|!8H0fD&ip6fqqB%Z zY7z_oL#Yi%QQ3!&qO?wD_k~AMY)8)~%&oJ@_nPWEKso)>cLQFUp!yt0ytao@w^jcI z@XW;D0qd$i08BJg?WwSjaCgA>cBeYuyI~C6_0fF+Co~)gcud0~fUONj0`9l(6u^}Y z^?<^|Vcrl97w$cwfpR6~^7FRz2;qO>{QVmrK%7T1oY(j(xED4)3Fxn@xlP0~ZB10( z&ZhnMLN9AN6!1&qxc-~2hI?W&(MakKH2)NsM;WuN`60MpWccUi$Kk$;d)fQ!Tf2a2 zSfGSD`C}B%j>FDcKr|A=TMG`TQ%c|$7ZU!sF$6DXcNpVOYsaZb{F4{;B7VtRIJS;O zXTev>D5cxD=rW6uT%EV*W?-b$LUZ1tyUQ>SFZwkwk{_WQwdYHgM(~m!iD9qgd+?Q7 z6?#9-txKo|e!hfw;P(vu{Yd)0pBsf&g-eASMKWC1N-h3=jQIIImK%O4A#!8YZqxS$ zKP)Fo;jWF#N$PH1PN|DT^`|ZvKX3c_UwVYU@A&g6Ig~z>J;Lk}@&YxoVFNOzo)&t+rNo8EvNxp-f#J5+l`$2~9FgzqfzQ<-7 zKz~|hA*I5Yw-_FhC0|Kh_*~?V$SaX};v2-1G~T0+q;XdtN#ncvym*3?Uj8r36OF$Y z{~%8?)1UfP<2)%EZlm{O6vKp%Jhs15Q(YQ2=P_L7{uY?E3_BUFcZu>OhFh8DQij*M ze*onzE=i21X8Z~6+gyV8yMF_Gn(43IgWBR9mr{{&su_E~WeSLBxUgolWsgxsS7VA*tq*GfP%kj+?a`|v9Ek} zDseL53s=m+j;O&aNajptZS$@xDTap_zIi2ajz}cYNkm?Wr1Hxsp}hVoqOUppM(m~< zefW0)BZuD!=#OFFYwiW+m}{uUdan5y+*=v?W0QEEy5_I&{mv&SPSG)be+{`srb$_5 zah?zUI^iRSZ@_LTe_Db+>>g@;_a34d$^FlVUhXh7ez%`~_eXACZD`^zP%TlMqtu@< zE!b221u%+P9nI|M9Qi%*MMo88hED+EE?wNlgfEb)Yk)ZnFoL%@@OuD`Qb$x{FTDCB zU<4b4Yk}Vja8EU%IsxA!0V6y=jAAZ08u%-!cLV-%K-^}I`C=5OSMLt|Rrm^Ll)4fy zf;r?K!0!WyJ@ljYgzpi6QME7Prfs-m0QW;U+GDjHe${iRVQJqA?`K6Y&D`j zi@9nPTM4GXeJbXxQFRK#(=cz1s4WaXhq-GMGgE?R;*@pV;f|RsZrot_dCX{W69mHx z)Lh`tXLuoU9aUdIPH~3?@`!tyFyD=+i!tMkVt$*1`^%X1M%5(@FU8C^qP_wcRWD)A z98oVbtcx5A%w7!ljkLl2(MSj2ry{FBGd;2f?r98XV5><4v)6UNG)9gGTp39Lvx;Fh zk_INj(1~P#?*fcsChNf6!*G418<-p*>M)XndjrG1$Od5YfKgS5^ugT^2)je10Cy2E ziZ8eZ0MEnR8a05KHA;=SbwquU;l-F=qtpy9iJS!dmjR>dQp~qeYQU(vEOH9mmovN) z^Kabl0T@wNN4CIy6~k*VACIW7GW>evOyIu;7*W?o&W8INfVfpBat_?r0Y=m}F>jAz zW=`IA!hgybqB+rM=k^A zA%>4)wvU^jBUb_bI&ux*gb(->F8Yum5JUBcPC&( z4M*>RdlSRYM1Km*NenNH-Vgi*fDwEz@-w)k4 z^fAEiMjr>wZGchrgXj~0KZ^bqm^&HX72O8Rj{zg<-sm%M-^1{y(Px3V4=}3kk3I+Y z1Aw@1CHhCWA7uFR=nKF+1Q=0|;C%b2dYIuaqOSn+OF-NR7JU`&Ujd??qp!pLYlgpx zz6s3Z44=R$>=E@OU{w7!`ZnB8F?>4uH(<6gd?xxX@V{gD`{+M_e-<#J{t*2q+|L0< z)br8paQ~6v3(%3e$Hv3=6M(oKDRvOt2LndcA+bXM4~-oLcv$QR;HSopgnJ4gBtvW>+|vLd6Jno& zdj`W}VpHIr6PpG&H#P%sUThX%Lu@wS{MgZ;Zv>30=GZZS3u1Et7sVO?ld(p?#j$3< zC9#EoOJhmEWw9lIt+5us<*`=8a4cX{wZ)DFY>%}8cE&mY3$ayzgRwP$8)NH0IRps4 zjU5m7Fd*b}ECu(;u{7NO2^dkQ#4>Pymf_}@1NUjMZona0h@B01W9%Hz-yAy^?wc6i5<4I6Z^bSI{C4aj_92saqD8$qi|0LjHp>vkHI~Y;n7u(!(CtX1n|c& zoLluTO_NVE9ti z-++Ia;h(DB1^yL=uU7p7_}2g-F{=Iv_Zxt?ZK`TJ;9FJy0_M+vQT3OqNEB=A4F6UY zgEse9hVN8W1OF}{BuP~q?tcJA)q7R7aQ_n!Ql)A%+}ij2(7ZA5kRv!dd zs6GU+zxpshxB3XcQuUF5gVhrOH&uTM@TBS~fd5%N4e;dZ8GxUyo&|VH^=!b?tB(f! zT=g-C`3ykx-0Hc27gRR@b0HvlUv(qkW!24q->hB;cyo0UzPA9PuT?LB`&K}VP}MDf zKdNp8yu12Xz-`rSfKOL4wpuI41Tk7t;wIT@G}0C9h7%_(r7$gs0!GcXy3PR$nJ zvkbdxJ_md^!(7do!1pj*UvoC_8yNQ0oCAC>!+g!Tz!w0~jy31QJ;2bdxe%BlAbL&B zMR1n@(Q9hH1ouWj$m*I);NAoXNn3L%+-Cwt)aPq1gZpfT=hR#Q%vOfy)m#PqxeU** zxd!+P7=EGVYrtO!2tBao8*pFB@YfYHk7Ltu?p8{Vj&y zuK5ly-(h%L&27Mcm*MwnZU_E$K=i4aAHe-K!@t$s0nA?+zEg82@b5DGN6lTp|DEA` zHFpF5PlnrT?g9RNh9A`Y6!?Du;7*(_5 z|A70`4C~|n1mU zeEbmL`xqADhXLQuuoyoA_yLA){7B$SfRLr}iEwXZxGDZAV1@v3_gQ=j+{1vlpDsQP z?vogv9G?NqX8|E&cN>;>QB>6NW#H zw*h}2!w2FWz~9gCXYp0QKL`jNCcXylpEG-&pv7n|}0r;7K7!5}azwO1A=2m4Z%H!;k;49z|3XXFzO`W=L2HCHtJ-!n;0$_bqX-e3>S{t z4E!R7i$`q%J_(4iW7Oy1Uc#_t)S1960|bYUIveig3|EXg2bg0St{rtQ+<74Wshv4C$R+5q25bO8P( zu?q073A#)0oy0o8zbEKU!S@m=!1oh$x8Mhf3{FCtFuEFhT>3{lfW^_>fSX3=06#N& z1K@v-?gRYn=mOxWqXz&_8|?y~KALVDJa6<6;1@>It%F}2eG=fsqfZ9>^5|0lzcP9= z;N_#Y0A4xzbAVTmJ`?b(qt6EX`si~2uN{3ZZYX?y^dW#Rjy?=$GX2MHUyp6VxgpmA z*6ntE>`L|RJF02kHG09;%* z8*pjeF@VeJ<^nFSYXDqP*9h2N*Noc=&qApC)#vLj0^C~nCBXCQE&;rt?oz-n)LjPn z#X7p%@Z!3w0KZaq4dCU7=YDl1;<;a4jd-3?pBNhlJa}w1;Gtum1w4H05wWM#C&wNM zIALrIm`P*D!=h6U_ck>hl-txyP;OI4fpVMrG$^;JsfcHrnghzG)gs`ZR!yLMS}g$O z(`r6^pH_=O`LtS!c%D|vK#4mL$3|+NSN)*GJ&2%uUX{kifY}Jj=hY@qKCeCl$`{lb z@O?p@4$2qQX$bX#It!F9sLzA)1+^8FFR1fC`J%d-;l-eQQGFSqUQ}N}eqL0UgYrdn zB`9B1UqpUhQvU_aOX{0rH`lzRt_S5y>Sp-9q`rk1c8e_C8>e$c7Vo`fx7{Mk_I?)b z<$He)?iG6<8QU$=zIP0mm3xnmCeWwHsgJ{^JQ;hP=BY*4tF%U)sCraCcw)0UPhF^f4B|A>4fGCc02qqiLW`J;by^ojL1)IVDvKPG?76USUP z=f`vIoAbz=cjml5CpPzpxwp*y-rPIq-aGf9xxbqG+qr+6yVtyl^OEzNdHH!CZMe4K zriP~)o@;o!;gIjL+qSH!b*S~!*0Wk4Y5hxU zWO?oKam(*r{`2L(UVgx_)ouH>O>BFnt-8Ig{iE#@+CScLSVvpOSsmZ+xU1v!j@Zh> zS01^tV`cx!Gge-_^7d6vuWDGmd39vX{%ek2lUXyk=HxX$TJy-7XV$#1=JhqzYwOm2 zd~L(pt0>=_PTwKJNCHr zaqEx!>v11D{?OxJIllUYwiAv{ot64Z>Za7osqLw~Pn>k(tP?Lh@zN8&cH;L>{KbjY z>5r$6NFST-P8ZVONZ*qFVfw!Gmd?97@5@}1{bu%i*$1<~&OVoYGy6fd&e_lThVu`n zy6dQ}rmp2(|J8k4_m8`O+5Ok({RT;`*1?zqQ`o@aqkK-mqWqgx;aPQ~G}0r}C@w>+|2qe=mP% zVP;`zp}o*m$QRBioLBfp;ikfUg+~g%FT7QV_V3oeU;pg>hW=!KTmSL>H}~Js|78Em z{jq_%fu#c*28IW=3|unsje(m7ZXNj5z;6eh8+dKt?*soDm{VL(Tv}XFTwDA?@vFse z7XMTn?;hb!cAMN@cbhx9G^RAYw4}76bW!Q%(!9Ze!BYmK8}Huu$Bl1q{O88~hZYPi z8(KB=v!O?a#%&tEY09RmQ|aF5YDIq${LcLJ34m4fs{gR6fjvIuxZ|;+S&qA^0$qJ` znC_m1Vch){;#+(r(a|5}?9LZp=s?cm*v&W!zdH2RqcEPfU^FdaB-sc_zEz!rRhCO3 zsjpC1tE;f9@J4kLez&04eha@_@%uJ@KT&t12j35gIFn=`q}WXK<*fQ0e$V3fd#o%y zhu-O*=r!S8MS z{)*q<@OuZpck%l>e*eJlJ^cQO-~0G&S9hon@cS2jDsqR4;1|U&7P%XrWZbQ)Bfn5J z_{AfSV~6A8susUQ%-Sc(4tJP(MRQh!n8r8zx&y)&<8uiF|nNAI4$CHmO> z%c2V!H%C`CUIq8O#9;HR*w*HaRa=|KCbl-eU$xhw_pA2CZ(sZl!0#aZj=*msepB$9 zf!}QWj=}G-`R`XX;Mt5{a?x3PwJbUVzlUNi$!)Q-lW)|Wova#j_~PwwUlchzxjnXY z$>wP1l8Yjb%|D>(#-#@${6ST3F5MP;Z2tCGeGBr`a#{43c>bZ~qR6Xo*DTu{9f#kq z@LS$`S@hMG*Q;J_sjYssWi)!== z=#}#lV^-EDIy;somaUuvTvOuk#Sg`! z-u_VRwN($rK3H{G^qP*%(U#Slqld1kfxjB_*!+5HrLS-S*f+>n@7WbKP+lMb;hnYhJtZv2Dew#PmI{)6MTqK-e0 zUtfIago`52gXa4uJh|tO@w*ql2T!;x+Op`PNXw#CNNZyCQR!7RL+NYBoROXzA4-3} zZpNa6s{T9s{Fu121#|~h?bWp_ny5z-gEt!ti)idbM*IpTcWS@ZH^}L=k2w%`2zgDh~F3RTQR0((Ph!y+b@dj-j3%0 zo&(^ufz8q52fkOgwfV>RyOYlUulnG)eRf+vc))J!jyn*)Z^G{?(0+96D}7f**By6R^z!0mc)nG)?zmB7Uf(!3 ze(2D4@bUq>QM`u^T@-nx@7&#bHtj!lYjX_W3sm7(jh!d^sPX8j0$O>neH8wNZU%qT)tb!-|cK-*YaYa-zk=amWx3d)On@!eNKr#nN>+Cb$J0MAzK>} znNxJRnD$i(z4zXfE~VR?QV`Le?(B6uRO6sqD)coLopdQz$Xoo0Qxrlw?YTaWc7ED* zRI)i=%9VzfIKwSYUni=!?A^wonm6^Q^VxzF$3r6|SJv`$jw)D6!j)tS?qOFrs6g*k zsqB(2&|LJM^cf(NJ#nsON`IJhf_Z{Cz~ z`pJjuVL_qTmoC`^sA`s{i>?#EP-U$xDp8gwDPLBDX~9FXW;tVd!Od~viw)Pbs;`2mwksh9?XmQ%Dj#ay~K_Ze$cU57cNNrP=`xF@YskYNzgoN^J)~AR z1B1DulaspJZ$%PBhfjI+XV3%$slYI3^LgT1A& z$MT}%I>n8k)InU!J5(H&Bpz4jXgEg!Iut=F!K0<%(shD3Q$bDu#Mx~4BoWbSJSP`mlVEV; zh30MERC4kprNNc9iZ%b)J`!R?A~oV(1%=OIX-lP_K}jP6wMZmWUo4)Cx?pNf=b)md zAst1^$bF`)aEyZ{aS>vTcZW+hxQ zYrCN7;f1^>zRGY+OP!3WoCbOZ|tN7&&rF>3m7Vu23y>pjM`7?4TkD&KHR-mlm#Oyy6t~@a+_n zsG?#%-OKuz%_8>|H{4^0%`_FXXtVkTp!EkskMBRNz`g z)J;yW(~TNjfL>iFqW6hTH8O$aH6vI_lUr&z)hDQJ!;Bo6Vo{P5 zstkiyTe{0>L)IKn5Q|X%w|#4VE(>i?RPtW0d>{pXk>(?fLE$ulL`PC8#IGNFySu{OQ@uFc;dhclOze!l9|`&IS9vx zA(OP?ayJsy6YU_70JXyrVEV-;u%5`BfVA{8_C!Oym53jqR zL!cjuJjT2puR4?|f(;|~2FjbiRFXu182P0*{gYlq+k(keE|YdkM$D-|HH*|WGS6#Q zlI&?{oe2+Jkl9o6lWQhtP$*X~FjlX!?< z&^ze%D0D_xjyOS)f1cCmGK!Qh-QCz%WR?W#D0Ll0Idh>h^kxQoF}k(oKH~)6R^>`P zOPzc-%o6pLvN~r&Dm5R&JnCXW&gsqC(SQnQ%abaRosZ>BiYs2F1_lcy2mD)9smx#z z)BTdj#}o}_LaFiAYNP9VVQ-<+v$!;ZYX*yA8$nF`qEcBDCS*8D^`$p8!Ti*tQax#x zgrSplvMm-#fr9oYEdo-|IHAchV*)T;8UEfkzUEK?vl5M2r z#G1>1v%S$-P03`)wO?{gAjN>Bb%X z#E5J;qTaV4m(RJ-=%t|m$ zs|tmYVxImnNt_N8HBw0&Rqt_jsLuyFg-546ezy$hF`tx2IE=Z=a2974`deRruLEuL+OiO?csQmjnPLIK=Fl870AMPQpVu!2ToXdl`I zwOhNUS=V$e^NF{hakAv1XQwCbQyGd^M8A=9+7u-+t`pj;ghwt>T0?~F^NgJ%T~R1V zsTy1{xun)3*fOUyZ3YHj7};5QD&;!Kjy&v1zkm#;&P%%Th`~ru?2v$BpuC2%Lm?}A zpi?;MKJK2n)a-7=)Nz%VMmd~S`_Fd5n}3qM2c|}1+^2$BZX(DPol_hr4e9v z&$Sd9&H{{x)YzCS^()=w(X@kPZ^p3hVl0vNayj0n!XRnmlq~mpe(I^u)NwcjBRR@eEi;QeD;ykyB0ZRSQ00Cn72iu z=C&gN1{ks!Q%h?nd0WLH%iV^2%TV<~9TFM!LAsE?P9#W$-q8b-A9A7^vQP*;)ef3D zTH1RzdYPwQyORt#+7nYLKXIyLhCgD6Mi@z?q~049Hkr@#4rU!)O;pw(rrwf=N>d-8 z40+ptDnQ2rGDIWUrF6}Un{w02%V;j+jT@EC1fc}#HATq7#BO4sn8|X$(OQQ{)Ovak z#Zb?lAvA|wHppw4x&vC%s%nLHJ-<-sb<(m9$Z9HhoYr+Mr!ym?9s4>9y*{Q!6_r2; zQy*r7=m35FYH0zAcuOu%GXaQlday7RS?M|39ZWGHI@sRhq1B`eYt^YPUXJ92MXCoL z$XW+W0o6{wlYct|2-87S^HK&XvxhNS)n<84gSAXjtu{=7^t_d(5X4EoSMnvjp)3$l zRY04hiY48#8G-KXe??h~SZ||Mb>r=OV_)BJX=y?@GZb^2bYr-#Yp%f)D8SRMEpX- zn8z#B?_KB(7~WN?UnFd*Uz;bmk|E}_BwXS2(Rd?7KufmakV@uUNtk&rjDxx>F*iNw*BsmlLF2VegQ9K7W6pqSdC71i7sz7yO)7_|*(^g2 z-5-zw=awnhrFCDL)=z>6!aTU>nI~LC2dQMl;dp8CEW# zyyP<8;*+a2Vs2UR38jt)Wve|`f}TSNaS_hgl3@R4AOAb~Ct<(@N6XSVcVmt)giYmK zPpqfVbNZ6y21FM*Au{>=~-{5DA)88qpVz3I&6Vwq;}A@^|YSXcLMjRJee-koT!z(1+@e@r^_t znapH7vnJ>kEZL;HX`tYp4dRPYJX0*tMm2A!Q{ZCv+#qju$Bl3PLR zSy&F~XLFhi20$ChApM({OT0B6uwQ!tT7-*DDpnkePQU{=&!uR4Mk;GJF_F4SvI!Fh z%nGRn_zen7kzQay6S?j=2(70Ro@Ah*4*^kD_C_8c#@H#+9m0l$ybnXkv^hd!SWdMU zhY^v;I6{KRMHG#bd5a_)vh}(Tij8_#)n4AV(%~-jvAS@Em{>N zImZYpDJ^aD3#DEbfcU=*MN}g2B?=<(zq7v)BP?ii-p~l-XRIe4mOGhVul2B6l7nr{ zb}m^rV}7KFTCt3WDmNy0ilq!yPG$5nKN;bK&Tu_gPU7+*f)rjnhJ-L=bjHkuNR5m} zry=V!MOTIjQ&|CDf!y@oyw_@O6tA-;F`rBp<6Y7Qe zkVmlEwWekJu8h^TTicpc{!*hY{jb#E9-pwMuZTwJ;O3;ociF3_Uu^*pgYX59=}1@h z45qNQlI|smXHmqk0R;ES-=?kba^*UmC4b>fc?~wHeF^^df8lh_)umXr|2!&v&2xSo%j2_lBod_5&8F|-or#uDm)FInKDHsf; z0Jo;=Aj7Gx951CHUZotnR>^`IGcfEuBF++*G1zjc6mTxo_FP_EjKnC`yb-I7G%Y4` zSji1>fkcJbh27>$oq%4n3B|lxGG|9SJN-;3Y6tSI6%2}D86`{g!w$k=ACzQ?Yt6hsrE2KHM83`G z?IQhZzSC7GI`RfC#Qu5g#P=wC-V_aW49=UZ5p(^(x(f|W8wgi8{k>!rXfJ5a!#4)5+$M5Koh`34(o5lp#BZzJC2;{k*ih)XVUt> zz6*+lK5bjjN|z6X8rE}bq9#(|eW>g(A+$Lq;!jq=%JUZ3*gnb6{X3@Q#`c(a=ZGzr zgTt^BN~|W{M4wo~x3NJtl$N%WM&8mw%@GdgZIqeB-9|bO_ZxW+bu;c_UPt1-WBZNp zIIUj%Z`+sKcE=S)&84NzhZEXbm1TWBL*VI$^eL}~+0V*bJ?0prny{PhOQ=$Gr$L89 z;6>0Lie0iN6I)40zPZ$Vwh!n{L6`-~7DnBezAZ-BEya1nM9_1I(S%Hf4ZTBYJ*Co9 zN%}ZLq*sCV4$&(s?^9(=@R{t)R$V_io1Cmiy%%R_ATWM`5Fsirg1}VQrjT;YB&W!t zjy7L#r5P1~cL=h)XfGIn1{bZXwHIi03=fieWCbOsUYmzYmc!Z$kdaen!V6EV>hlvz zVi2}Ek~S!fuqU+_It(Q_n3No#?IuxU^hlb88U>QYdnJ$hO5~x+sYFC#NGibamJ%(1 z2;Mo@P3I=2>gl+PfBXjsW5UDgbP0YrTuKq&9^e&UdC zAS?{Vn(L&~K{!}NjZL-4o)j5uVVrF}g~8sesar?Vw4StJSWWZ2!vPlO z#3%&mp0>wPC-Q>(f@)6H-x&IXXlAv#G%>38;?u#iq#SrYSP<7sp|VbgU@(*RgWX)c zLjYO>Ep_05uAEA-LH#Pxj+3Y6s!tAQhFU5}xR(%r*id3?Kq8dM0P< zK41pao|X6fYfrK%F^^f(t@hB5ihk0&xSn8lE)R(@(H-G~FC8iB)h+*YQF~FF2;b^Y z8jZ!M(%#ZZVv>X~fUK95L8nM74}G1z!)>KuNVl?Rji*o>Umcbv(VE_~ZI+kL$lSor zFJCC0UX%xF>~S(1&`0>w#&j>rk8glVCNX}6My_Kqn{2R>UNMy2BiDv)Rm3lqTb~%G zvJdlQ#ScN4D=Yd?m=T(t0*&BBp~4(S0m4|K)in@gIwG&=K_P4xmBHWlO1?W_MT&I? z-V{2-ixeh=^i!6xm!H1OOXoe*4JZf-5yETw;3rF(IEW-l+wNB1Akr|FX!W$32(*)T zXEO`)S1Cj!b|In>m&uM9K@AHtzB1c#W-EKu+no93S7>mpuPDjFWR;mQOc&z8Fi9o8 z3sZSq7xo*O$HKJbyfrdKkekAE6ea~#-e9$MC5}X*!+EBEwOtVd7-nJAUMz#nT z1a%vl)X>Mhz~S_Vq`THB7Hq^uqvW+c+Um*^G8h?QNTwx06Hzc)>9wjIW+l$1&Yol( zD`rxbU6Nn&yJOb}<>^{IOV)xC3~i=M0j*u29q25#BX9)rpBg2cZftL;0z6KtEMk()v{^hWJd}d_d1^ zLvazq+ZSGz=B6euHa?QSo@baNG2|7>8}u^rRt@+TKc8iC<{gTGcN5WWBZ^7y5@%wY zpqH30A^UZgOJ+BdKp;YYWctH*ScfSe}&E zDr;PAPRT~YC0mG(7r4l+UAES!(M_}|*b8~%7uC^9IRk~$x8DE}JJ}ba!XS{(rpaE; zRv_Q23GYLd)k!Mr9jIV-v4TWSBGD%+sMMyuUM{A)L+BPL8? zm!u0@b3x~en}|qZ>6Rja*Ih@~8^a~XM(mDyu^e+(<2-F9wyK+l!fyx*|iPj(9_#-{5N*Z@*%z#w-g4e4k#tFc@xC3!be@+8E8x9hU5h?FUy`FpAV?;)r(G14AdDea2@vWA zcQ~K%kI6a`-}u*%FXV^&u#JUhT0Red3})3u2dBjB+KivhCJ+6hTn#ZOk0wOH2rD+q z3`exz#vNfnBGp&X+D&UjMpk=52uRX|XtjX|g4QTc##wVzsx!y-C?+ONn~X|g?$I_R zdBH~Cik7N2*!N8Z+K%k2Xn*@ye_KmllUl!pv=9fbL+fk)giu9<7(26kUQ>r^aD9i1 zDf%=6a)J)M@Ee8wcrKKW&X~viC|dc*cSGd}L}IZVh4-fG#zTy73`Za`Z@-StFGm{2 z>d3<$Bu{zHjtM&Jx@ctT1f*7yg5}cIa@Z4BI1t!HY{DBRh1XXsJ}j{{Z;}2=;;d={ zf5q&mWSTsjQ#2i|9=W`&0$Ko{45E=*0%8ycg;@4T+HY#@B9jmlD6@IJp+p8kjpS`u z>?ZAw94_s@2f(g`j(kQqz}oF3UKA8INBS;aQsdg8I+3j~a9F+*ZJ+iXnQRJ1kEU85 z#)_`apt!J`ozmy+N~}Ukx%u7HfnDC#(#@`N^Eon;yrW=f6A;xrkCuM7Q3I$O$my0| zjho5+4r8V2(vgszQP-*uW3y(Ck+H`FP2vM=cD&t7Hy;n+Xhttf|HIfI2}_8KAOE|Y z2{VC_tmA(dUpMJL#HIhcXh=2r&}h6i-f``Ni+7lvosEYlDcE9$smi}6KC%5^5+=v@ zc=_-#mxtVOA*s{zHYH!ZOte)ynd&_v8_tS~_I%FF9bucoGE7R0%%ti$HMnPii9glziHf_PTtFl6lM203^ZxGl45h=X9vvXt` z64g5;UUyB7?vmKt74gNAZzrV{(`w0NYhYvQE;1E_E9l zNOuprUp1A78CA*7f0)Pm`swT`I{84ZF0eb4Y35?eSZTsv=Esxka$HgN#gwB1@958g zX?wY6IAW3jm0~8mnP3KD!6;D?PXP=e+eUY+JbRyn*J~aT1L6d5aNwpE7(Tr(e`sEs z&gEVDDBSP1Y*s-){m)V&(aj%@|KCKt6E);1aHfVlj3|j#z|1J-^G9}yrC;pGQfY^M;!|MO5y3nIhtG#Q&7#hnk zBxh_*1c$6jM*x#yN{c0JJ_^3E4a~?bHnrRJZ;#)1H9;E%+pBzUyO{CD-n7f>^knw( zUUoGW^J$7P&RKgKBdE}jrDA&D)slJvDTg)|9)vuT->$~0_r`H7RP@06E|y-0HBIb` z&Z2fPMw(AzeHi)DuCmhp&-sQUVxG~iUCfy&QR@(GTS5kd2pikKZIt{!8X^DxA02%% z(QI6X9Tsy2bQ5;87qCBs=T3aio7q@JOkqxaBYLPx1*{YiQqlbc_FL>gC^;OOV-w@Q zKv~$rhb(%RmXZ%j>FBm3Z4J(OdwqF9-tNi7Nr1V&!9L$PjX_K|q&|)bET;)zh^8sG z5%)>p!^HV=K$-uYZ6e0f*=Yk$ z``D*KSmC7#9ujHT!{d>Wf_fAq#o=d`a0;4_x#`2chHJt;I}YG+LO5ilhOa<15*LI? zi4($D!wDguKm*fJqCOenYd)M(#uCO*;5vh{p6wwd4iiGUk-uWGB}#WV@e6mPN|ho9 z{8jWZg_9lLSZB^-Qy?!`;<6pOFpEse`qKuuyyhUhe&f|=$`9f2AMV5)6K#y(m}PLl zr^4Rgk6j9`1U?Uo3YAf`U>8j2#|OPjg$)q!@uVk>SL z%F(&%{9VonZg0AbU5AAdZ*^l*X&rX*K*KImT^=oVRgyQWmT;TRBFEAhEOcTWd*DbJ zGa%^8Fsc0JKs@s_C*Cx;wC*6cW3U@%BFoK6^PTQoUXx*n)h@k5gbW0H+avajxqPk< zr)iBh)Pndn!)mRxBLQ0!>0%HG$oEJo-uDtfVNcNp>=4zF2E1$(X;d;Nrw`DeeMCH! z63Z}sN`;vW9i=IsMrbuvzQ4iFLo)S>FEP=`zEp2^PYNma*sxmE3E^f3{;Xek>BFfg zt|Z^-XK3kA0=D*a(LpkllO6e24sWMFBZT+-7h(#*^(N>4iyKIPZcK^FzTfrgpG@nJxyWoe;$sdFuT9zK$67OP;pua*X%{PHelOWo;lp5O1`*PZCF|tKh0=5m zy)(lkZ%H9ExQil2W>h@&EDV{`P0lgVZdBQohb$Rt8(Mb;oWX*dymV8>|VGsJXz(+P{C6tOyARKmfgQ9Sg});MdQ8Nvw3|=Gi$x3c+^&n zy<9fCH(z4*$#g*oXNaZD9EuVk#a&-wKCn!IIP~Eu-aM*JUwBF_Y6;1->tt!ohwiG? zMGGD?L0{d`GysNlb8@E~ui=_jG`wQw=$bX`c*J<@$LH<8x)b=ML})OmH=PFjQdua3 zgY2Mh?+mf6kPvZY88~8LysdR3Uz^!72IDRqYEc;uFIgC$f^Pv*S&oWduP+Dq{uXYla_eH|k zPH5w<4~7oabG?KQ<8=ffk6?UCCvTFYYm_1?1sXR{%^tC@nmwe>e5ms3JrbKp zn8=s0kf#@cPQzEXHcC24*cO$FZiKc)Qu#wju2lX65gMOYodFEdc*mBqB%!#tkQY2YW{) z2~YY`=n80})`J0;g~dexK@?>g9}|`1h;CtEm}Rmu6vq~(Y73(5H!G%fLrkN;CDpAO z_U7+e!suY5hW!KW8TR%!ZrHc1Rl@|jiNhYIS;Ic2S;Icz#thT=8#3%$)`DSzVB3ZL zgRK_wH??IN5&QA!V`0-1gKa@uum|ZPYEk^k>QXBmICI_f22(LATn|Xc`%(+v@&!&E zBgNIH3YKYxqSoSi5LZ4YFhx*CU#5fma&+SYqOqRD)RZya)ndA-J-lpDE{hM8xHD)c z(YIrxy_>^UcJ}bzBrZNwLFSIyPAF4V`JxXy9Viw1LSb~7*~7RA-%NM1V`@SHjGOSj z!w9q!vugRGO5e%A!vGy~4AY4zU8s%grAT4CEm7FZlql?DN)-0dMGAZ9GKD>)R3W@6 ziPCLh^9k0{wQh1D_t~TFbOre;#4Jo`dk$4-;7|{J%a2%lz$bLXfY4f|(OA9k3Gze8}J&KxhsM;7kVyAo;?M0LH8!L(dQ3r7r|fnlS@7+pPjv zpBX!Vm%bQ48B1~isXI#mmkiF+rO0M5@z_)FOVgcBZy>m}&<3#dEu!>S;&Xk(BdhZ? zYGDFoY{g0Mnpu*tBl{Y=APpRHJqjGYN@hILg0wZHM&9r?Y)s0y7aC77v1$2Zkd^H~ zNGMny#kV6=EJa9OYO8q&-;kH1IWf40jB7I5RQ4fJNh`U<9AAK9!t(f32~YIeY8NsJ zQjL$~N0;mxNz+QVD5r5^-AOZ9kcOHy4jpb?7!n} zl^+%b3W92rgVL?8<*NmA10YUou#-iEp_-$m6xzZ-Lc&M|Ur1m@EJJ_u!iu>?4sO@B zm&H;X{l>k)L`PBMxNMxRKb&sT{0zK{wD#XXYDbE}WDzAcJ+;wGmdoNoA6O6Zey7 zZbh?MQK;?Dri}O$)#u9vb9o+wdg7{+bWuv(O30yh`6>{0a+hzJm2Sd41}kRffE=8@ zf`v89Q=Xm6qNGN3-h3w{>$<1;7)}V$=N9^rrX2E-F*4nlE8?njI@!cfmj%X68Jdml z@`KHWOvJ*RpzDQWlG5{mGICG?Rg=wzjY_A%CKQY0mb7n`IU?A^mUslTX?)>P&LB6N z4d>%T&xuvFA{IuxMGIeJq2{n!jk7vj(|oeJERqx}Pp}x3(!6PrQwn2H^`<`9;Kj8U zz;Jh#N)6ymPtyl0$>C+nF0IhnG<1%eNs`jHMkspWME2hP|?qm(SY z1LT!G2wQHoL);^vr7%Koljkp=ym}CeBeOsyWMC!DRFZ8LLQv2EqH+rnsrB(UT_^>= zr>zo`L5slIi)PU>uyUX3f)+fCQ&n8^!5pnU1`uFuef=6;{DT94oCO#=3+PG#QcBV$ zC;Vl&Tn^&zEAK?c8)v$kBfpd!dPB#<@Q1I)k<80IEOOKpVR6Eh(^Vn`OZx;~`LGR-8jpEchfpvGc>lL3Ht-flagQJJeGl)qS%cumhz~sE?(Rm!Hc(} zlm(Uef<9PzD}^JLI;FcLM)X5CVHv6c8dw6aH1*+a5L$zg!uhhUTa9_gi^uBAEA$cf zW=$CaYhw-uCT_DfC=R+Uz54T57^*T>AT@!hXwRD!8QoN11+!bs$2cpokCwD(03WsLl9EwJY_zk~Umn6tcCPWqV zU#&3dylFBS5NysRP4V;MOfI$A87cM<336#$Fe8ixU@79;P%ZSho-eR>@2`lNg^p>W+{ z5l2uLaE30r1NCxxwijejf!2+>m_HnR)3i7Pffq1oM>;VMHM73L$M0h=c4fLoTnnRp zX`hxfNdQUGo3xbHBBAw6lH!Ks%ys8QHJ5WhNDnd{lH8Np2G}Czs-#)e#)UsJOG&yk zt))XnAwBp=HD=2c>K1jzZmPSa&yU{QJ#W944^32FfABUA_+*L?iE}McD6<>F=dluc zdzXAX$eE#PgWaJ-wWej#LI{UaMow|#(`)?*IzJV4z&9iXlt0=KOZOn@c>!;DWLz-g zJ`v}Y#)mXn_Ms{mPm-SZNS`$NNhk}n8ekgHs}C1foY~usC%HRGhYBHsHwho`_lM*U ze8yj|ei$8R@=P zFZf`%+Xx#9jCUAjA;^WmcrJt_q@A=n61$$m3`( z!}f=yZ|e?Mniie*92%oS=uysg9)m~RSU|xU6B+t~Nm!q2UA4Cr28-BGY*M#m$as_4 zJ4VMu_7BtSZE?CAC*-vkDjPz?muu2AE2K|lTB<~k6}XsXuSV)f7352LXhU_j7ZzbM zfrT&n=z$Jo!Nf>gWVuw@jcEkrL7vY3Z|&l`^(=K#Q#+!-_$M1f6%v#C=e7XflHEkfWIe%f=J(^BPMJ-@1=7<+=fn!X0UC+Ni$s1%lXSxeRHX& zK+CRa!yK0T$WTJ-F}{4F;u>&OA#DSqymBuCLfV!tHWcxyg@PT&G@9~DpVndnOBtno zhZK@oIG>EXk#E=;qJ@K^!agX~2?;C4uuQs_mIz?xlR1!|7R0GCeBq49N$)7?#CRqLVgNHs{jNjspx3hm-EZ!7FS+rw1LY#@)F=UnY>%s`U~u z1}~RTIK)gNDd|BalvGK^5FNz3>QtEmY#b^N9#T42ng^lQqkMVX#7x#%7rs0pY2xg1 z=H@%Zk-gY;mQ@~t_#0cd)Oy-&#>o!3NQK98)R${b|Ej=ejWfGAn|Rdk7U{$l%y^EL zT^KsOO%Ywxt&5l_ZBkHAptiYb=p$@!@kY)Z#04izMejw2Wy=7H)uY@_WfUe?ZGZs) zP1#2^1<{LW$O5R92g-(jU zsM19$0o(fEr0OM+?kX(T0qvs7HLBPORgI>}sz~SFavH08ocyu^9~`XcOGQjW54-&i5jngz$Og82QtViW(Ur^I=Zw_j?BzxFo*mCduR}sS(B4zY z^d@_M4Jw58xgj+gT+M|YefmZc7EP#aufyn)@S)r~W-Xd*ikwIA9<739RE912=p>5I z%U5nOLqB~wdlu#a{PY`HA2AYf5VK(fZ38igLCUgDp{onCFrFlJ%0&{KP3CNj5ps^d zrDnhOf_+DWw-#H-GDISUWDHmn-LwSNKXC7-K`2R2Z9vDOc9L6}bMe28^G|H7J zj$3wsvk{J{Q$7}&I12IuxAh84vcS?!ED{u=OdQmI-BLq_xTSz0-Si|3Eap&2M~o3P z5aXyo(xZfNlw}P_B@BOsq8;7)vm%G|SGTT$#P;8mCu{YnIPPEQBQQ1NK0i|sWKP=xAn*#k=td@YqfG6%OBm!`WG*+lE{;O0F#RJcU=sM zt52V>E=rFrpA}{zame7P_je#R(NR31NFCdI!-z*)Ak1JUp58lq%T@)O2)M^Az=;?W zVM#XBPTIqOuD7uvKq2Muf+6EF+Y*_8L^&dnec0|e*x8%QNK@M?m85iW_@$&ZZW`*K zn(@WF-1m)#H$=;3mqPH1G#-GMtH49Nu7s5})W6wbZWGZ$ltwLaT5~7HIOH@};;rU9 z*!#qW+{;I!vT!h1sM1Bf)I>PejW-TSTUm@Wvu1-vGZymb$RR8PKvl!dFc2vifwg(H zUo*cKY!LTB2DB3&i6q=zAcdz<+EX$uD-Ez^*b34ZwhK(h8l|!CX`Z%+j?beo;eoQ zVR&`SaFWqMc@~Dw4n8qG#xZ+AJcJg5FrP!r+tC_g$@U7}P{;s}?!umE4lFi@*P2Cg zFlTp}K4u(xW!Su~5Iu}JyKNALBUqrIp6JDVu#0p%|AJo5Og5O^QK$NYO@5WOhQemi zB-u6%o5e0PnaoX8u9xREYzelKg5q#Fu%^Pm%d=XHAiUDYi5NCy4(g&wFT09-*%4C| z_(-R2S?6N8NV1fvSo_!G1~C|Xd5xufFCf|rt(*;^nOJ)ob(5!ZdX^ykVi-hBs?cY> zC5^mRJcSU$2?im~G!MEwx{F$Yg?BLq$P6Ui%abPY(=(NfSj=3Q%0jV|aufzj{kXrg z2Z{;J38@k3c84ZxpTtXgib_vaShG#bop2ki{KfnpW0c};B4N`Aln#;Y*l-Ggm&@3h zu5ad@GZrp0ENEJufBWb>na%YBG0RU}JPCu)3djZ)$}~wqMAY+8r)(cHi4(amKJFBR zqxM1WI5socVWSXuOSil>&FDAuD^gH-faXy?_?Z>>Te=;D^JJPXq4tX1nB=5kT%l{R z&>Dk~6SQpxNuai6GR(C|x!~5}pmng_JZijZ^C77dFdHQ7wxr_sF6i@&uKYAm?S!$=ao!&N*l z9_@GsIR+zqn}-7FT7*HmG;Jyjd$9gtoZ}m?V4d;bO9gEug&9nfnby#|o{W(b)-jPs zWN{+%Cq3CJ=9!>6+7}#UuU`cT2e2O;Sj(4ZPSKSN%jW>rjd=Z%rVQXfoMNG1TeCKH z+)QLA)L5KAFMw^56d0O6%$(jPR~w3Xp{+FBi>wv;Q)Y}&ZDg5p*__%;_bGxNhA%J5 zrUDdQM{nI6CR-QP*v#o%nN%z>_|i@^;%0io>I=;?#rVcEPLgzOTs^uhBtuZewD7GP zo@9tjWGD)HqcUhrhcpsBka8QCitL#A(v+EsaCk`USnS6ZAkvVn_KV2M4EnTu1JgBf zfEGXz6bnTN`X z*(79WH&~fg3phe-jDl6ApjBPeAuCRp?`SJ7v$w`kTlt14+9Aif4&Bu=Nakmf@N)Sm z*`elirc#qtW81;?b7rSfJgdY#O8P1_QNf^v@TSZus=b)&gTY$37fgtpDj9^-;sO@> zh@E5t;`Q}-Qv#FqLmLHa)M~VG@KpCCmi1gDkH0&BM#MN#9m% z%wg*on<}Us!4I@%LJT2Y8`;JHv@|^ooym(w-nmbs0cioSye>_96VrK_!(qB$G$A!eD9PiT~TPyCY-uLTLoc+t+Wa&Lx)prD>?o2UBzH`kC*BChCIwGXc2c# zmN=!X?Q&O}e3(~)SPH)O? zChCDC&EiWv%~JkM`6KbCS3hTZDpl&q;bvdxyqLtznUPB2a>5;4a+Q}jrGSdd~ z(WO`Y(lJB;$sF8=kxQDhf?zaZ0{Lt`!5 z+(aC1*tm1@Y3c|u;8d%f5vbF!kc#Krj%?aX8t0PbktEFxg={ z3EsWi-zh-F%iqZZwOL`=Vl^9qxoB!N$E;TKm`}x)0fqBLX~O1!Z!XC}o;IgUUZLQV zB_=M7A|h6xC@bE}3Wv08T)~V@uWh_6gf47jR=6K|!(hK&Ey3ALY{0io0QDE4N#bTw zbaE~X^us*mhG;Q1EL`xDbtuGC9hnz7zQdCwsWd$7g(89|BC*5C>Q>@5ohfx9qofyO zD10VxCA-NASd<4u%M=_Z)cKw1v|T=Jp0sJs8#E(P^@V5GI>iF#P}WlPo-%u1ImfUF z>m4|y0-7JTNMV1stN3PQxb!EM<_1q$Z;biF=Al@(E|K0$@IjeIt+(5P13K)hOd!G&Cd84^J7zqmr-wp-AX2eE zNQ{)fG;HhI%wZF7Rjb{+15U7+^r0P}>9sYua_uMg4Me^GA#T8eK3nX`plzx!@D(}b zls5TM-OM(paX8q(k)<6le9s6-ObwzfF;l`m7uSV}hIoPZ_ke*1~SpeS>&Zi_vtLwg{2f577bq;fbhnXS3wq+~dU&~^BAyu{9 zgrO}PEUmoC4^?uPa)U>}`D?rEbM|)FAE>TrzF*#Rrz+PRAZ&yQ_=>a`|ABHM&ZW~# zA;yyxM`Nak=9=d3Q^9n!ra^Vdm1+s7hP8G~!C5E7UiJ-4<#9Dsydhc%prL{H>sqrh z+u!xJ@HrY(`8>#zKHxA|9~RQ(jHR?Rpy*37s6XA!v=p#7ea~Sz))3 zS=yoVOd7GqgTtG>DV5#>%%+8+d?IS>**?*x4aBdFLq4k7G@jK{!yb|p9fospymmn(ZZQ; zXinhQGtF>78ZYdmP{)ZS3^TxTg1ESeyLiK}9_URQPg?F2`*OSs(+9sTtRqWV1Cc;G9G3}Tpg5I#FVaJX&yY`Nmu_w^B*=g-sGwTQ( z4H0sTiS3TS6ZB4d!_10U*xuj&`|inmZ&p^7gy|l8qoH)~x#ynqo$q|-JKyV^bCYF> zX-WvyZgHR(jI>>VdsAAiqP%O?|+5j?44Zs-e zfKD2~k8PLDuNI?(w1X;Lp(S%^BQnAT&ZmktQBD)Y6^5AV0b=%L8z9)!2~JkI4Z%iZ zicvEC4FW5^x!G3B+cu5iuBfr>XA2BULe%WbHb9WO0%F`xtlO&3HjxO~ODm3HwyUC) zhJxf)kvKq1`;gtHA{0?Y=Za?Cv9V^|)EjI^NR&DQZ#Ea!u9_RW$Ozw)V8QnemJPwm$B7c*oS9o-4>2V7i=Iq#;kRWG&rBi!`00<7zhBvPS0Z+=i` z!oGJA*#`%#ySolDu!O_}N2W!bX{R5s;rNJv0^)obKspo0OFoxH=0Z9s*RbQMVDusiyT1FzcXlmJx=)?Jb5Y}^~91qU|9z>2}^B;@{!D2mRYnPevrKY)^bUcM2J3DE&s&~wJw8isKYskPK5((~WkAgwHZItETEu|7rYUWEvV9i87F5lNL5%U4ga`Gh zNzFG_LNT{n?eZ}N{+y0J$|@Q&R=ezGX$HLIWTa}Lio&3@d)+RMm>@uB1fz}LKf9#R z%+jtLObS60L2B!VEGdN&W-OW>q~c#qW6vpZ@5#fy!9$c!tT#&8$)dP49$?}Q+D3x- zg{5yIFdaV&=y=4Q3`{?^*my$wH`t|doV`2K$CN~fAS;w=hL88f#|)amXy+KIr^M=X zl-bX&Y+IQ#7cUj{N}fmAZ^@R;m|u5m!y|`hRnfduM>IYLXgmFH5_M9cmnHl(&OXer zS0g26Vy;NScc1b-q-uekjLlWArBxE2EmdWb`SXxWq$9^MqCajQsEM6)A>W=iM>JdF zwF{d<7OQH~(w=-@jc*^Mv>6Ib@epj<<~B%)1I=mMthj^}xF&$G8G9;ooYl#?!b@VY zpJa9a1mmypi;{$*9y0OMDq_Qgi}MAW2}Hwgv#NXIKXq8|d{NK>#+j32Mppe|X z`Vf(AReO}X=;p+*QFk&ny{;@-Qzc@8Dkp`rYO5Qmf|`0U6kBtP)A3PLZ*E68Zt9QW z$Z7nfq~_f;|~*j%1=O-RPkuk=Qg*qwjKYBm+VH z2%%zI8aeHD-A#uT!Db@NT0+Yq$r^~{d>s5wEr;M>h1|9~L}K!6Y7_bP-Zb%W0y!N+ zMCqay7Dt=ZO;^6iD8=Z6jEmER6^|c0y-6FpHpNEdrc;EW^k2v6D7y1rwsX&Oj_(B5 zS7W9-%e$kS!>N*(`T9v{Oc> zm#c=adg(nB9jdfD%{w-ol7E!@owQ9nlGN!`-|5Z0Q$W$#*OSx=y$G=8Vknz`qE0gA%fkb+Pp#D7q~%NR@w*)9Oi<^)^&flMo9*ClW^~~g^JUM(D{E!K!&H#ibHR{^NeL|FhpD8Yc0uD}MdEQ9w*3sb zE^s)FOBt0Hdq~*Lura{}bd|El$a{qAQo+3x$ww)#t_qffo$85rf0~HN8>qvMXWiZnHjXvC7;HZXEAq9uw7N(k%8d6TM^CSfo^{h9% z4@S`gtHE1Ihy}&vV{$O2hUhbI6p0G!8O^yU+SR_5ASPW2Wk)B7y+A{$LW#4`=}l+MCw9d-3uV>Jyf8f$S)$kWK57Tk^-p-OXdY-x}0$7#s!0&^*sFmiX?1)D_Vd6(?lWDpyO!kfK`y>3q zgbsbDtxvZv9q?RUsRh*>=<9uW1Zu0LlQzYlY!5t*%CFNvHJVytg^6^DcDR9o;?y-c z3|Q@-{{5pfW#fN~@j)wvGRQ4sT!fKI&&)@mZrY^uu`-^#PVz_+G4N~<%n8Y@+_;xZ zOR1zp6+_Li;FTpM7g`ADrLP~fL)MdQ!#?>GjLWNsq;94CYI_&(kTZcNmR$|t-Y zl!f}97@?YBr_3bPplX%}>8^Bo*4!4G+F4xyj73qKX4$^(OVx!q08>1XXqK1Q@B48dw+ghkfvHqJn!1JB z$N1l8PV!E}>HdpP`=e&t3rh`x+6ig`GVi%qC>jgdPl@no1MTMJp{cKr(sqK|5?pEv zQ#26VjL;!*jGVH-fr*6Iu!pXsoigW6cY7YSSt!TKt&2M|7KhKE9oFhJ17>`8A4P+w z=hl=sL_BhYH^e(^1f6RR8u*08HHL>NA+;u69goJi&ZJ5uaxaTMpPHbKMkkDDmiOH- z%0f>_aq7KCeRDMN_lNpNchK#u3=mO8!d7Q{G$v_q|DrXTR($pf@|^@qw9R3qM|#)A zLAo((g1ZKvhP1oEY&{}kx%j`OtdsQ;?br0d#_1?P~Inz@&t#|V_Y@cAB)n; zvx(A!?J-Kr+h2=pcejVH`5Kg2G8DlS41EbkZaS(E)#|rEYe|*kaN{j>P8P5HAPIc8 z8^XAV2U`WXO1V17iu9l!+%}b0AW<*7At)KQo0!B3qHsI);me+VT+OfO zON3eU(WL{K2xF-;_eC^>QeD@@Tyz~=pZj2YqPkTBep{BCIkK%pDZzB?_JHG2M51~c z-MbQ8r;pl5e9SOV-WSPq3C{Ff2b+i5Lv7Cj*?F}({L~C3C?E`iz|KOFAXiYX{S0+l zB%^Z|kPbr;(Q@fHgc-2xfd3u;qf%OAYp{^llvwJqu&e zI9f&}wSy_IPCb%m7G#m`>cwZRCkAo0y@YEAQIj@A@Rq~UY24Droe3{!66vk%vBaWw zeW6K~#jw2)h_0Jr3QPJ(y9D|ytsCvV%O;ojWvMP&jaQrtZ)?#Axg9IR3=-Vun%kXe zentb{xvMz}VFpOVNEVBCM4iNWoUu2enF}H<>D-nwjF@eo{`KLx<>3M*am%DZ+QDAE zkI}|3Tb)ld>e4hm>yFx8eU(2(D=qe^Tv<7{?o^8t#dYGCv;+%O)uI|OS{z2%KWgzJ zYxgA@J^GmI;>3Mw)yA$THAb?K`JgHPOL9nqgGuZNUu^vl-P=bmTbIs&_R&kjM&orl zlE+2e9hX+O6%!y_A}w}8g=BGw`thh-JS{X2JjVKN`z}ZM-PRq2a+i+vy^&M>-PPV3 z&jWGLyKg)0^(E3fU>@_!CDz^xrv-xq%;PZ9#g27wkYs!XHxDQs$I-UG$K2Qa-V06A zUW}fi+o!C&+cd3i*KH|lMUhPzSF#I25bqwFr;@Q|AwT-w!Mc*&!P$g?>{K3LE) zKqXP6n{P3nQ+DNNR7pwA!D99@37~+;V9(?`5nHtKN=Fs~05lUZbnY_O*!yYFdAj?JcOJ zWD`9c;ypbiM97&`jSRl%mT_J7neQ6(&5iNWy zg^4V2iwb`rYfT7R6Q66-R7henfvRqIL=Py2B#G&>y44=NgVx-^4O@P~*eX(@I*KZ} zb>ucwvU<#DFT>4=ebknlN2_sU^WwZZ+WC~*CIL71H^e=HAdIwvdX&Coy(8x=$pMd> zIlqND0^D2Dyd5kxw>v{ynq~4GLug&8#JvZ`jbTK>ObV8(BsSmWw9%Ab6-Ucv#UBrw zeA1}MQqA(5{8ZWR(sb%y)&frJsq`FAqy;$5C&5r*BhHdu6E{guNN0rJN{5JRg^5}f z6&21<{JXVI*d!Kj(>Q+dtvF3(wS>hl@tY{=vg@MS`&8P7$V!RTdZCsz`tpr64}G(n z_aisGJlu=N``xy%GzOs&;Aa*LQ*nT}{Ig)~zH5*YErF%IyKG#;)~Aaf-?a42(j}@r zxjaxYuvoht%Pa>{EG_3$(??7vr6R{pVsa_tIq7}v&y3v%mc!=a2WdIXm@*gNSxJC| zUzY>9T4%FRmUQ-0D|a?Xr+Fh@i1SP0{67Cg)UfwNc9ggwp0l;51z18&EER;n^1{DW z{Dl$JL|Q6*mojrA{zQ;=W^52oww8G3C*X?XHUSdsR-4?*4S`1WOYH&vXJFs^+hOwF zuP|?q=8`o*#YNf{;U<;ja=Q+-28X0_WeB(C--#j)JHHj!U$VILaC=PC24<@p zyE0~JRo}M7Hp^fEqI!{bs**V*N%N0ZNA*%xRzjm9@ID&8=rxs7tK)HLB+F`|wnVGd z-|I%FOiRh_UAhCPEehN2Gkc`{NeMSK_cLvFL(cRlGIAe1gt>K^DfyA;M*e@){@=uP z9PZYTJw)yp=P~sEjZEI7=qO>uR?)uXDeCwLXA82heh-}FUTGT2fq0a5)Fc1wzrxv? zT}OfBf+RTXf*rzIQO9}$UE2wCT|;SSi)qAw+%j#b^yR1AklqTG+LMVNb$pB^`H#i; zMmJtV4c{Z=i(&4Ro(7UH)kqj=xy<*9<@&AxhBPmbF2AO2nP{0k75l;A2i! zB{HSeX_s!0rJ-=3Q_Pl|`Vt2t8rmMa)9Qt27_HrIJyow|_((2Amv5&J+7TifN4AGb zveEfnW7--L3Gy#s>^nA?{n<`CT0ePpsa7rQwt;*mU?) zcB^cuo_N;b`YJb?CowBBuoSKAGnik@LN4WcRbHmCdo2JNWQ_NXg z64iHGdca6SYHV45Fhq^CCrE2}8uK*MB!}h{IZ|a^lj`Mwq%hQ@a6Tc4vhf zg@U*f*sYRGF;VYfR$hhZBiy~r`IDtQ;t@U#_{u{X1hfs`z>VPL{ocUNqwA%*w*{Me zquJ9N=@~zGYj*TU;O?Ug{Brj5KVEG?W;uRLFTZ$DQ4XM(KyH8!PS9m(5#sVq!zTV# zm)vE5aLY_C*Mh2%DQ!nOe1>@7&55Gc)1pH|zSK?8&}%!6YC4Pz?3+Ihi3KT{Dq;mm zYhNG|TgdTt>a<|iabQ_3t@47Kp3SW$tY-dU+6s1rhltZV-Jw1aMYKse#;2bFZ6tCdHcc7kjkPvY5y=QA$$&t+#2q%cga^0Bni^p%D}Dt;V!DA z0k=am&4sOWT#87Lvh8`oUC!3+foY_2huh2Ziyc*QjKr^0FR zfh@7T6o!knOCtWsdey6f35w85P`*SZ>4E#Zc9yiO=`U2A*X`s$Gv( znv3n>XL`{!!jy_QQ5sH+NM&h^W!8w%Lr5e9Mx{QoCn4OK=Jz)lU*GN;mNtFjiWi!j zTQVnfTX|miCVo>pJ{Ru4(|%w1GRE)4jzhZLXj^(ouN6ye?n<@}rHwlz+xSW~+ieJ@ z&dn>;k=T;}N-upS97*lWl5Q)m;?ai~7YQ#nTQt5wFu5u1#NVtp2_IA zqqTioJ_!QX@s{nE#!@R3z8&9v2}P?CbIOe@31`(B!LyG%)Sec`?Zr`A@m5Viy14WG zXjy45=Dg1s-s6giaBNpvj*jZf+Pluuu1G%wdbxF)ZgTHGMTwx$qmIuJG;k5a4$=;+ zr4H@Wy*`SrTPj?`DcE#$D(bqCsS=2n`4D*V@AhEF{ra)dT*rS2%#Bg5t4$FMDEvrwpMK?6){TfwIFO^Rr@SyUVaPDlj+aw&`>A;!#$=H23 z4SD%xDwA|~FD>hqzIZb@pRTW$mzlTNcu8lAuO+tpG*`4PNhj?@lkIZD)(bhtts4yt z(??gTb?G<3F-;K!!QPD!NBp(hFr0t7)bc1Cwl@BV#Jdx+571W z!^tFRnOsw8b>8YE2SYK5Z-tnFM3^8;z|g9FlVPbRm+gm}uF{NR#H@kt3)6{v-gLn` z*k^h;jBmTvbI}+1kOm}bIsPqchH}Q5F;V#8<;*oZ6nUu1$J@! z2ZQEMG;kRAFh)K$$$mO4i7(s%y>!SrEaitft`NMYyKi2*y~t}duT)BrQs<+vpCJgf zz%7hy?O*IbiiSe~-q3B$kd+55!>1?Gnjjko7R#oMH9yRgE}!;bsumc{4nx{b^+6TP zAe~!TPl$h83Q~ObTY>J1pQl>B2dmD^+P_+9g1>vf3R|W(KZ?u}rN?ZGW)KZ&wsldO zo=7eb+(b`&<%AO=j&r$4mzW8Hm63I0V5y8-8hi*6EGzY@(Om${o{dd-Kge6{FLWz9 zglVLBRzIHDVn){fwA~EKs+mM2{Ce{y3w0?ul8&^SF;6EmCJX2{0=*@>hhv@z?TB-y&-R6L8XZM(7PjU8hfcIiMJI=Tl;1^ z`H%+lUQNF=%uCm&|1^;fX+Xab$Sw0Nv7p{G0vZcV57|$?b`C2pv%r&fSobBR*Sf+= zL*oaqY;+T~rj;&DShXZs#BXCa!*sHJkHQh@NfIVzv?J&$ImC&(E=Sh`b4%Ag)3m2I znX?;9<=|4Cx0>*ZYXAMpQ}xn8{`wPk=^8_7(h{doL|tT_CcLCTUc`}78P9S9qs!fi z(qgTzSj78XhD0s}{Pe*F$<4@eWXH&+(UFm8Kv5(OudI@2t!!TnlooE?rHQV0b6l-C zT$u}58uJ;Bn8)`-5z5uj*| z%(OsHHpKL~i!HZ48WQaEF_37Ddhaf#j$A~0NaHa-TIxi+k-U^Png{_D)NR zP)WNge+pVUM?IDa7DTh}CFFaI3gQD%Mtb?bVw-vN@E&+Hy8)uT6`i#sgGn1S@-4>I zt(Nx=`sG_(e6y^b45%&a0s)sa9v9buwHEW!*J>uc+eP-WN5zvfW^xHUWEOTX>D`!p z#KYs&F71>%9zN~i2ME$gNbD-I7d}U-;Qbz`Bowqx?PxfF)teNx6uY~a4&ap6{_s9} zp)VQuL5+4z>omO91wsrb-CONE*1N2vcaL5Z;-p0?d|6%$9H<(o)NTZFk4ZnL%|DfL zF(jdzC6|*Y;L&bG0{%(lK&+@9OEk%KKMr*JSat2Cm6}d#koN+OL?NCgFrt-9UmrNw$d%6=Vbpa+^6D)`L`z+IUm}pQ?SR!F* z*xLyrF{XC3+2jwnhuDuisc^PbT6I z`_kxGi1tZ7xL{SwetI(#{kp$hZC_N;>v)h}$F&#grJ zv@?|sQm?cNBv?!72RGkXxf5HY;^?6 zy?4MJ={{&IT1AMQC3mMT20lFjg+no1VP6i}B zU<9XI!hD&Q=7rhCYb96`qr36>9r!b9rs5ha1Vv_^|-`U`}CiM~2 zpKIpHdrQ-%L+k`9?^*^Psg;D6D)CAkoxe*!e3L5~7v)yD!YRM#%D;>rzSdGr;3e|Y~qV3YyTst^!#-*pN z(`Gjt$j?a5G3&f`w%%YfZNA| zmai)dMuFeN7D!_z^AhNM!2I1p&)OLp!<9Bss!t&XoLiIry+5La3s1gR+9oX_(z2^n zu?NYtoMrkCS|u^|+!IMyIOr)&%rw27{UsC9WrH-9>E!3swa}pH9<)$T2JgSp`ag%`OVf6Y3xl$ zoXXBd>4M+_xZH0igacOurzW^LDx2Oq;v=HbNkR&UP`qks&0u3_L}VFMS&muy#pNJY zC91`P?K$xxTRyr{%W1*>p0u_%4bc^!XsY$|(5tjl5tNQoHx7!0vLljhB_USenmpNj9O?$UdT9VBthz?^0Zm3<3{CV+wtKCnLZanD zL$VBHWQYAi`oXBG8IroU?|eE0Bps>l?TdAqa8fYT$*XH+G#qqp;p7(3vAiyXX}#}>E*q!$0ci=g-E7P zqY%q<7I9XP)?A(r-v6)}T0gGr=BRL#->)Y>ajRdGdoR6Xv4OrcD%L#~vy;3>pO8Kh z%lA&!fPYk=)$3l4ZVoqSq2>IoFd9K5sU6?$c=2AMx6}$LXwCLm2M@G$q+GOVROF2Y zJ>udo3G3X$`{05?#;|lZ3a?~zLwAyx#eHdAf zxGTJ87Rf~miB=l8hVmacP4p^`PyO+g7(NVaR)A>#t4Nq=xU7emUUqX0)2dQs9_|B5 zyRed6l2#LW?Fe1`QBUp#v~Fe#R!E}wMN0QBWEl!V zE4Kw-WyWBKz^BL=Hn=8)Xea&CSP3^*xG0|wwjYo{ULD?E+V8|V%WlF-n@DbbrVS0r z3LOB>GOIh;@V7L2qRL#{Bn_?1JK}>N7M3^rbT%a8u|OE;wzI zxjuBiDh=Y|x+YP7m)R}8daceSYrKB6V(F03-G#IJV*e$LX*=zp>MLonFuLsom=tB& z=yhZ8A57QxZeiyiOjk{!Rw>$Qf&Bm3bj@A8be5gWoC%NGmdJc#R%tTj< zvTXK{mO9lwjc`zB2O`>KT4Lg9$IKqe$zBQGS`al$Ba~9T?_JA+cAtry5Dd84K6^b0 zPWoWVh;7)_&Ke!)ai8*LdN6MaO7__iD{&Xk+8wVz(e1o_%*<&IstDpJZx3?c8cp)6 zdFto5{qEpA_eqx4Tl=3JXbO~w1|&Aa4xOk^W`{Oja4_r2eTdA*qE8wP1u2{n2yevP z8jsYQ4|*N>Q`)B^J2CTqoxgYEB7~}B&UVi5C?LkEY5dIr1FQoe3}law;$BTRo}j$ zk#)T(zh6-K>PhX*JvQVD1IUHd$2B+MkLVDFtiBUG-4hR!N1eQjUOoJ*y+4T+SA*7$ zT_>8X`d+c?3~WD6Uncptg@2>`KgZJueH!OqRQo@~7p-Acjd|k7x7z=~Y^p~0TV1W( zY7N4D`>>Ydj-H>-m7UXS;<@Nnsntle36woj?=FUpA?eIk+OW%xZi2BSQm#I*dJ`*+ zZJG;q&~(}Z5R1tU{Vf{v`sIK3C5A-W@u92L&|X<0q`4+7 zD}F0Uv$l;&;sDwbWpv{m>^-Ayo~ey<{` z)g{yush5Ne-W@>saqed+78EqIA6=JQ9;B&k4#k&n-bd3rd_pWKc!-jg@)A9QEbT;% zHQAi#gC3K5Fy8d=pndx?sS#Z*-RkN{TTKr0^ibyDnSYI8`S8tAFqLWT$9tn550mIi znh)A9EGP5}cxS)Ku03c9Te$fhT=fu1({D7d20^Cn3K00+-K7w`)#XDmOYkT-V@G?I zdeVs#ueFDj1GDMgqHzj7HKKtu6_@@ZXHXu|T7}JIzs=!pyF!W9B=nTNi^kg>v{Jp3 zaGzEzJQyOX&63vWN0)2a?m=LB*w^>G>t|3rf6BJ!yREAbS9GQL#5YgL9=;DA^xsR3 z9@|G+s!wB*=vVD=ls(Xnhm&Y{y1ZlQkq=?H5xC38NTDTPcTHMu+R$uI_2_NFeS#M3 zTiGHZu99FV8(S8K>Zs*VCYc4kg@{(+&z0dP3!eeL!wwLld)x7+0ww9u@{vlgUKQ%c zG_SM2y5bhsF7{S>kCWbTsP>o(L2%^~fV0RDSUCCxC&<9!>`6LPg{O=~lX3#a=NHfc&eN&5MLI1ReX1%0L=8VJNtNH}+m zzL$|@JC}xmBCtc(0Z9?A$LxxRB7M-VGj`=?Fa{1lXfcSQCH|zJ9~(=HJ7 zE$pkYcf_QLCW?lF+zNO`cQ2LDiS_Qk%PcvUmJiyV6D)vMCW0~ewrH!&Pea@ZKCPRF zE&+P&1&J>W`bJYfz5}=wjdp@IF;K+-IusQGRLdJWVp9cN#3ae;tm-E%CS{hc3rj8p zRhHZ9gbDH_F-&|B!(~qP43pl3AxpRE69Qs?Aq!Je$;EE6O-3++s@66TeP?@?-W(xc zCV|wK!VYeJU&_89*!RQw4qWm{ne?;@6Q+r4E}G2BNGXZzg6~f7_q9)FS{WG8{mV;n zjYJlv%jGOoal=x$V81b2HwiMf#pCWv!y~;!y-fQb4bw0YajoKFIXx0xRNZ!>5Uw$U zx)~JxLONurG125sA0%+i*Qzl;0Uu?JZ3Q4&9e@O$o2*laUWvcciHSaR!c;}F{1)Bb z9-}n)o z#eeY!2kyIa;^$xLURNHar?7P+1a(OyeC)j{DmTo-y0fP8?DVX8;Kvh5j_kz>~-aZ4OF21!XS6*-_0%G-PO@O zRLn)WTrQvM$aUpvo!#ZybGm%HqkFiks~Qc}p6{;aa`8?1RctA8%Io{89l26*-B9g& zxnfr}Pr9?3D=Jwm<|$GvukY-pV%G*iA-OP-@2=##J81MW9_wG#>+h?z7nFLo(CxtT z-FZEKqX#@|KcwyNcY?@ew4A4fT%JUS5*>!$vyR`h_V5jV_(riBIjkPa1r#GNpl*ed z<=PoiMgEoS=>^pT4{kJ9bSU37kl&^8;jZ2o;85+QBzZPTp0g?o69ouCGnMWrm*-v- zyzi3egb0`MOEG!=br?mSwd*&E8)8iL2!0#DZ-e2t0sJWqLD_PZQPyy5=U=6xyIgfL{M2th>1Bk= zwV&o0K2QEcNgMqtq=P@;jO`4C4}BMT1N`gNa4B1SksI!UFQW2#z^@k-wsR@34;b9k zEzT*gCkO~iuQEezJiZy;Cok5kWMyc(SgishMCA#?gewqAfESU=@K|TAGuNFf{2dbpKYd+_yC13v)_7qh#${&Iy)Z zd&VE0QO{r-7-mp7l?TNyVYC+}7;u&7(FIcEa(%k=>oTBAw=M-;x^(Gus4w~LtlylS zYCrR**P2}1(@ga?Q+>@;e={}EOy!%Y?q;gcOm#FAVU1Ll`(u&uTm=ZjT?|bGB4?Obg(?z{1jat z>U`Q@=#DhdrLIV$P79#g?WKAXhq$MjXM+5KzoPhJce(c0me@(c>RbU9q|1YYnt;Dl z7ZJ%(zEtY3=He82;=eCD4bQ|vF^@2mq#bJPYo^{7i#GPDAUAt>+aKQ6EI%V^ldmiJ znr6db2m)^o)!r&b9q6Z*OC>e-U2p82-Y8d+21EvSgW;ZBsn-#eDwAjncOFZOZoWiC zdhrUk@T%yKDnaM-C5Du$%0WM3z;F8@NIeHFtxS-)c?pdD5QulmvzH>> zi)y9zqP0?cu_@&n`w~`f>`SuWPG!F>aMX##Is=d--v&*Qx3o6ut9It$$9hj?umY-< z9vG}J2`o7@oXTG}ToENz{K`;ZI8~tbR8sM3<%dGo>LIjr{cr^`SxdFAHQU@c2yA+e zHi(JnDGe%rd67&xMjj>TDmi8>Rr)q0X%YBGq8&q5u5U#p>8io{kq_37jHa(}9jd?4 z6XoL;oW`#hXPD_l20$t{jwHHAa=EJ_@I_75t=Zm@oTsmfdX$8qS4BS0hRgfm@Dh@S zluiBf0s&Y1O>Gvu={&E8YUjx4V7NkV(%s(y2$ z>oh>ZyG~Kkz4R?)(e=#Jxy;i`smcRhx!Z3AzZFvjilND~sm$I~x<3?1gY8ZgD5TOo zsdS$=7Gu!wPbI(g_^prb(SN}@KcT^@ZA0a9JUwnHt$ZGL-6Sp&Ls>(Z-Br!M`v zlyoWR(xXeC%dW;>2HB;QB$nFNUN*Cq52iNR0~wv@4CHyQ&8bX z;i39XYLlB}W9@Z&;ElNFCS7Z<1EH}`m)*MDC4k$NLeCG?_i(Ab)dcyiX6l({>e*)M z8)~Dm+uCUC)pvt@N*Ha8hEAb{T2TH3VYb&4}0|B)(bZt z$_=M)10pdud=}NQp-_`wQXOuR?&Ugg>qS$gaoRw=WpHb6X^8D(*R^q%rK`pWhO;Pog=Oy174*cf=5K)zX)rO~HB79?TNn?6)&^!v-MGPQi3?&S zdo&`H8-AD3>3gaGtVmRn;%Zp5$?; zam1$75ExuAl=sVU!R;`L)GsK3HCe*ehmJy?s#5C88vp@G4bL~;!~#(fb=3#$xQ_4HAtANKUahT|jt z@Q7YKV&ERJ{Kq{1G3hmR;bD9Cn7w=4-#uj}$x!m@m_)W2j| zU$U$xz0{MI^`vDzFOL;Lj)!d^#GuhG?F)Umqnyu1-Z6VK4PYTOvu;px$>4 z8-=urtLpmhi+{#q(=|LCW_dv?XbP8lQ0_DfPwk2qKSt9>iR;~S2tcO+^AUcf_QvS< z;()aFP%88pwsrYZuMTxPsy9+YE2h6k8R2%y>T2`Xv50;`TZ~pb8qxS`viv;7D-Anl zFutW{<=0fZ@Z8GveUwzO)bnnhzlL{FDi1buV@MAD0M$y>yw4FzQQTlVxZS0JYG=8A zfGYb0sibD(mS_mi3n!>FD5anoygR<--}zgy&DXgsY?Ux~*--zw{G4IMw#e^|x=0uK zv)~$GwR|y8R3*<1H8fOv4WEkU7PfkcdSIES-@rh6Lf^HNsEn_dGvC z?OsY!TQ?|zfv;2^iQ22SN%t}l?d4fAOL|l4=;BiDQnIK^w=M-;dUWa4rB9cBT?Vkw zN&_V&?PB!^xv66>`R!+ZdrdcDAF5F5Pz8?#)_3p%%j*p2m2gbIWp~^Z2xreEEvsC= zA!L#4!4oOh{{$%g5e#T4DzAw;k_U>>PNhWk3JiFI-?38$yj<1*Cq+=cm1ZIQGzkyYgE%N(m3}?xav@xV+2M`%5Ic@L^cK zV5GS5z(NaGZd{3vFjBc;K^3fFdr3(%{jHoJG03}y>SuvbEbo#@%7eVXUBSKpe+x<# zJ2&7&FnlV2NZh5){&{S3g--rhxRi!v|HJhK@$!$&FjK681s4pnA?|KBD+Q3+4+QBP zeWUa_rGMh-_=bat0&t_b{<@J>dP9BzSGb-S?43Su{W%}^=e#-Z_45_$)_HYnfEpJ0T$q4=M8ESI z-U^z^ndiJxvVd98uxJNV!hapmVn<1rHM$JyGQvSHIxyjHiug*!-~%#p0lb@Pdhs#(rzP zeu36y3><-VtR2N+g&VgR3LFU@nCy;+Tk$1xT$&{S3#A%Szvx1oxq(KuoK71owbEC$ zY~D2XuZ5rvzkwtZlt$+o=3z+lyx&%U8l6RwMt7?iplK09mE4j0tDM0%9TKNw2ZJL0 z)_-{$p}YpJ;j0cdh>cEBsv($qp*F0sUQ~kSlQ5uPbpzcDP&YaQ6M%+@;_v%{Zvza= z_SVeE=?pSUy^BZ1d^1`o#WS6@oWkVc3+@zIi$&;#W!Wf}AQHAwpdIm5$goqx=Pz(n zhZ=HJ>%X$m|COl&(lGE9#>VBwWoAD9f?&gC<@#U8^PUw1c=1JMmm;Z+N<5G(4tsQZ zsQydi$oek_Z2JB(@2^UMy8fuiV>GQ#xo%<}P8mT@go*nmi8V5AVciDS@|#3(j5p{X zk8i=j(2^KC<$S^ktM^yC!S4)aZm#v8f#1$cOKgo3wYNj!LP-27B;JS=|jEgf>HxcAClU9$OP^%?$$s>P%>9Y!P3* zYV1Tf+5%8xCxq4WP@^kBv2nztg-IKvk>;PLNviK!_VvPrQKl0VBfOqY);w6chL#DQbOC+p;dp z?hW#v>*#fdS-%ZBs12U!uV{QoPINeR(*8#wH~7X~0SVucYyZ2GEx>8bkDDe-n5CnD zke9AaRYxNp)4vQ^RZKve@%*C+zYnT9l9rTjTObW#(Bba_Rc-wN18*V8C}sOw_V>Ff zt^-5bAxf6oOlKAK))3Y?l0b%-nxc+ef9-GW^|e}UQhJ|uJLv~Pv?nX6)bIOo)$Hl0 z_(9!s4Omh@fr`Irkkh6?n)*sN4z@a7w`BHkp*p_Y>!0Dp;;8 zY6(2#l5WX6;>QR;#Mcr1)vzd8rLI@`3*xSEBBW}+V#xtJ(N>yO-YWu+iU+%IIO*vG1J(=Vd;YO)guj+3~*u2>kBnFZU_1)s-rjISvOGu?LVN$fO+JysF zdr=bA6Ms%MgH51n$SwFs}{VV6f8Qf z_9Lzm#L(@S)A2GVGpseV%#3II1x2MiM{PyIoH%Uvw$ zfPu28FEc?;+T13y6H}((=wJq7?fsKLio$TQS8a6 zCYgiABB}+QHEN;t=Y>jhjyG21_36qn)X0_8xxI%3_r7k zm_%3bXVaUVN{)9qYTzb(5nM;k)_;aee! zu=_rveb7VS(l{2a{;iPMVlCI-fmOo;S|T=IzZxg%I1^^j)-@r_vi+kt(HIH|X05$y zT#3nyr6mg+^%BPi>g*XJ{N*hvul{OW-kOv1LUoHsB?(**&#Aw|?z_BsIOjWxq-2Yq z?{j+_m_$$_f+nQImcyO9rE56S6G?usu@D=LJE3oB5H{$pjRqwI>!WKi=ImKphZGn> z!aPYVLTXfruW^kt>sN-vK)=7OUrP|_$?!0gez;l>F_1dbunA;iC_bzb_|9C*_3QP( zUwFAr&+I+~!(Mh}a8t%Wln+UsM8w9`<;JxisIqJ0NvvAXsgL3{e24zUx63o{C>G}< z9hcUz*?hePELi!&3rPq9X2e^6K^?iCfe^p2DPO-fP)l7XDp<0yG*~HkqS6y#uxll8 zW9^^Gc9i+G+y_p6Grq!5`_*cAuKd}B^rsfoqt&4OX7sw=zZ#w^_d5Nti5-mbZ}%rk z>hJrzr^avNXE^G;?;Tyz^W?XY7OV_bhKm+d*eF*@-o;ZU5^GN>{WVXs&}&lOB)lXf zN~S(qZj4G-y`sycX|~BuHkx;_;0Y-I>!g87x2eF2sk}**-q!T2wh?PU3EYf-!EFaR z;tWqxBK7c$&OrQXPYOF+Zw6PDFE^%|;ZRIeEw@>dCdcEp5%}oB_@OjnG1{A1A5>^8 ze%zILBv_@ljU5ACxQkUG0A#8*hO>`ZNR5`qVfFUsgApFyE@5c>i-U`e9qNv(Z0ob7 z8p9#4G1csBlG0nPISjKmRmyCbu2>kA`!51zj2uRzIy>&mjW>$b{95$saK)pqN~sz? z;#!FM3(SV$4pilEM@&(jrcsi8Zg$GX;#Khj{2*BF+3RhbB9DkAHQuCp9Bl3_H40Faw{-RzM_5O3Pmnxeeq@jc`PBsDe_oW)fPM4 z%`>dQ%ga%c^%u|ApaYz-yc>)Kgs9}S)~K{jERB-`@oQU?pr9W3r^H%6&g^p>;$TVB@-d_w8> z^1vdhhF%!RPPz(H7OtKyuPb2SP5V$-0GLMtz%Z)i609bLAIKlW2oMX+s~hFPTu1Xk zOx4U1cr~M}_a&vg-Db%=Orw&6XYuKv7iJIbNEN9D6k57nsI%E#mV|-=fKz@J|D|Gu8VGd&R z|3dlf(xlbK{iTX+M4c6kSBU;u-QJzVqctM{~sVEr_H^oze!5tVu?JdScDJA1U4C}_((~Vvha{X zMD9j0d{Z<;)hVN1eM`8WlcU{CWI$?*UR%U)NImPHM#ifPboq)NtmS}6jR zHNt8Lk*Q};83ccW9I$K_5E>MqGFSg=7Djg4OV}w!y2Q$CZKZ9 zKwNdjDKh=-u!%og9Bxb#_UE|baK~lvZ%DB5^qX+}?a zlw9Ek5{w4Em}Dj$q{l|h@L(lvYm4@qST!cRD_?fUFhNBYO?b8yQlJ8o9UP3&xtfJJ z3Cf|y_iE2X>+xJ`QS?=u*KQr(dyob)P@dx9jnluZ(?n@Z7)K zaBT1AyFR)8|Nh%&-gnE?fBNw6&Q-7fi)Z`)?Cz(&bnn=gZ#)0rbbj%g|M->f{JX9H z;qmYM#r6N||MfqO|JlF%*TwIQ=KknR@yf5A`O5V_cdgH7vFhCXiIelQ)2HX>s)vtNPam4EethqpcT`WEn4dj-@Gvh9A3wIK zdhaRn4>@RdA51z;Nw-Sn5^MP%#gFFta(mCr$o4fSk4|82mkw~yn zk6kb20!McdhyHH3i|r8s`b$U_Hms?vwKLTCB}v+O$=Z1-ZfD6|)&zktbMmw0Q>LqCuY*|)$T$E zYZ;Y7p`%>o4gl@Br|e}zg#u89wwJ5rYEh}nP)d1O;b3Ba&lel@J4i$}IpX-Hj6mTNg)Pt2-dq+{He%qROrifN776%H%gWe$&MJZGubxTC2 ztWtl0t<-v@|MW%&k2`w{ol;i%Kkm;>pkBU7iy%V_U1-yS-OD${uQ|1@{POyEf7TC8 zm&bg@NmisDvTJCehoK+JRoqyrIE(VyPDVgBlKux-pyR8ym8OHNs|r0j5WC#p07C*? zcvjpjD&J}YB9^xC`Mxw7v}=eV(Jl3D-38cYVS<}TySC6%)F|?wM#M*wA-z@SLv^m1 zgXx;9SkJm)ZRNLm|9_YE;a;>j>|>cII7Ic-OVG zUT1jcYY=fgzYW!X780+ysqk0Y28uvq>nF!tL=Nm?zjgYJ)i7li{01NCsmpIYe(UvH zpWpiZHoy&c6Pkv^OG>a}(b%J-HNCm=z5-ACh8C`c&EN`2gi4=APyz$;$G9$B3x?%| zNrXmu0q3<^o+~fhT&{hy%&GuR=)%ptOfKFi+lub6tEYESrcz$u1WI|~?knJOssdtR ziafy(nDT&Cm~wD?{5I7ORuo>ClIaDf9)jKR9pEZ1pnsxBvnO~boi8)R&9;(d$93pQ z1y;Y8Ly53~40&w|0~jm%m4Sk-Wnnj3W)(wbnDYRl1u6ThcH`vn%=EfjGv|r|OMOjq zNd>VJE85-1v;+ePdRKY3=*kgZ9a7++uS5>Io&r}$g>-P~AS%snKwcseN<}6_?H3&- zUNISpw58=sZ50_V4R`Qp2dA!R*_s)fGgsw0dnv3Po!EY^Upji(tSk`2r6C5bOAd-5 zA$ZI{5sOnFkWXFlR}imMUU(q(UrCkLzzFH{$1cfTJxG@YyC<3Ed(=E+F_$i|HaMaPVZ*d%2c;w2Qea9dd?aL4B zICA9pqkA4Xa{BOzBlA(vvv@9=!#YeGYhIEe@9iY-ZI%;CfU6=)+JF=94K38UA&xZ! z-1Jcm6Kax^uS&WNigfRg2pK)#x9jvg-;mJdw(uHV$TVhoPMHgb?0UqmCkn7f?G>yaO`BKfi=W$NTH^%U(^WXw z2$%Y{9%$W|F4w;ywa?DZA<_Q44Yuold0mJ(DU)@{J93;MIHaoS=rv>@rOPzU8020k zGeEal#5T*5T>#iwNeySHVk#%rGN~L_CWTZ^uVK;)-2N7L{r0AxH$5$H7NkUB&vE5T?i)zf}FE{JLk8bAww6Q*M?Z}?DMijs(E%?D=wnauiaQ!%M@>#Qk>a1 zCo={W$RApdKMNbZM(Z@EuV54hm=Xg6W`Mm!9)If!J)RgC=-?-; zU*dUyf8G2m@~@YFo&4+PUx9x;{OjYNq=oOA1D9c!-kknqB!&qcYAZPVqfU%6~{R#ps{Lug8-deOp@g=E&#uY|pb`j{0!KmB0NcFjnO<@o?^eC-d=7`~7 zIG?Y&mXCj3zo3GA>%|h@NG z3;D~J_=V_DVsFO^Z1#OS#yCOTJJfPj%Q3y)?VS)0@)Vtt$AFd^_Xnga0nVlQ(giBa zs3c{Jy*RzCxuu@o7?uTRf0!$+F(VUg<+f&N7>#3u<4jD-5RV_sRf*%erS;fL?j^P@ zYn?A`DGa#C9f-q+nOI`GJZpA9ib9+1o$-K@Eqakq@FE8W^4$ZPEb625d>$EPy?vF> z0x=P4FKasjgoE04w{}@7$H0OpIBXVYlIdj3;8`-NIQqNBBGgF;frbpy`oRutT-v-U zca;MP)dkJqT!o>AYA1jk4>s`Dq=uVEz4HNI`VP_yj*YR3_QvB)I{T*77mvB#m>GNy zJ&u`+V|{LbQx-%q;t&S0RXs`1*6+7hc-Q`9ug=B~c<{`|GcZqA?1WQ|KiLQ906^1D zc|pROb7M?@5G7IOl(5LAguU7g{fFug;2V)sUN~p9exg?k=i*um=i*wHP=WfiT@RZO zo3^?DoVG`uhc7Su)QrW2SN--gzrE(Szhaj&&fQULDl|ZO;TNV;%k{(d$jytL^S4k& z4bb+&xgaig%W)UFf32-L>e<3y^Bhk8Ec|uAT)FD6y@oL)4R`lo5qnA}r@%s<(!!f+ zRd*~2J*jm)x(#>2=<=rZ@QAhk#d7`0(0cvJa{Y^;_4<>6+R8O*D`AbirABZp-m|#a9ZlS^Fgfc&aXwR z2G=9z{=D^OH>|3O85#irX(F=CIu6;)b|hJNxE1m0J8%zW(UCR zv+r*`q;r!1VO;GtG!FcR@Kh}sd3;QVM8 zy>VfnP-n~YS-8oB08>9-?9f)x+G|*Hy>TFtX=D=THE}i);TTsGn8{h(B99F99Oo8y8h6RVKgn2#$9n9r#gZ|U9X0` z?MdEtK_xWT2CB|55e!uj`z)4{2^i>3)D$8fpM>ud|tD? zA{!dPy~8BP4LW8laaDVVzAI)^|AErxC~BVFV8mZ1VaYl4p%L4}@Fy0FAj2Kcg_>Y3 ze4DyVpoK+`D=DU`2RWju%-XQTr{y>}6OapEw5XRVbD9%*UH@iz(G2^AFB^(q!CIFg zT>lDxIy;T7j1T<2U$H1Z``da~U~4}e1+1=(&+j1gTzkQ06*P&28dG$WMUHFzcZ`rE_N;}JFMHGv8S=$s$L%$s75pK#nn;vQe0t=9_g(hpVmg&lw**#{p~pEa%&n1M}(6a-O%G=gW2dS;XU&&~r&YA_dbo}MRWVWUkn$Ksu@AOJB5{z#>U7O&<|V+Z$ZE6B=tG}NjM3s-$+LT~wM zlA>sf#Eof~HI5E_CMIB0LV>MgWlyz;{a#(*17r;Ik1UWxf>_dd1e$n+D*{bE{bOt? z|buL49I>{Ikm676MOUbllW*d=ij3xDhbxX9jJ4f5hfkv={KU*3hF;b8VU88TF` z2E&7({ZyCNproQfoVLdBR}*1ozFvY?ZBD*!@mx-pTer@~-QttSCRY|FY{YwXu3GCLdluj-StS|WD3eJXwb&uHHpPG4Y z-stFW{el4|5)dEi)xb9N@#Sl|>$AxSF?&Xeajv`2rL)CFg3bH&FBMy8>`xDfP&D#2 z_Fsu+jHBaeNMFTC*f7S^>ISS^U|!`JEs? z=h|%8IN{3~nJPl7_9E$2UMiWd1d_8^Cngvv6E0IRK{?Uj1I&IO%v})o_kV1hdgVt7 zeL6Q`NU$p<+{=x1&7|$B(L48?ns*E4+k%yGptdg|B;RbJ^rkhW6Sgo({Y|#t1Qh*E z{Y`^Vf0LI?49;dzeS@|%)!&44a*lLo0#QY5_Ejh_1X6WcPyW0sn1jEJ-?4m2 ztNi1G(wc_b?YdRh+S_(j#L-SwujK%QQK7uJM{9e-LyLDaVe}n9_Ft4aH$~4E_&g{F z>s9>?1NCKH>#wpf#il9#*R~^>o-9#CY=&#>4CHR?l!}+wBz2{QbK1=|n~pn+A8I{f+@Tz9&x+8Kt~8jj3b-swBcD8;7;73X+H*TreO&fE3ygN3z_%ph?b=Z}fO=gW(S zjixZ5$W{;<0PQqtkf1mk35(QEXe3)roM^mB{(;AThMGXV0wfe%F}A0>;p& zym(ZnutDZ1e=15ahm~jfDMv{&-I^!p#XO5gU9tL^dJ}NgBA=&+_~3AcN<}SQPiu1p zBO)XGP2qJJ{GttN_FzNIBg2mrW;?7b7S+`YG8ZajYT#4F6~mX_*l9z*Gd^u@+f(Bc z=sR78P-HDtIaFtVG$C!a6X%0f4l4V#+&Ca3X3(JZn-~RWQ-!D`;$q16{bsVFCba%5 zbs;X|F2P7!e(bzYYKsi4B1v}FD*O9GI92l9$_k#XR&<}K+1UvD0P?1(bGTc*H zn4CP}&&s6*oJBf&OXc#W@;B9`6fw}{pJ1dFZ7onQsV?B`P*##-p>6Eq#z{NQ5Y-{f8m%YL}ktlSK^Mm zeX)011>{!tEwlLLn@JHDHUXKiykvA<%vZFvtRBn#a8L9@xk=L|od*j&75q?k5V8GW z7@mf$w9GU;UKqsgVDJq?2y40JY3(J{o}}`0m;f#ewaw_-LO;NgN`gw!mV!kLY!P9{ zAm*6_$eS$PQD&Is@c#0~qKq_7_S!4jceLa&pd9OOH9ZDBAPw=y-U=F{{#GT#+{vw^ z;_-TnO)3>~wPNt%2|;d8FP5{QR(#@tMI|xNct{y&JSDR@1)Tgil&?$^21)?Nf0;xu zKhIjYW)hN!C%aRm`7A?^d{r}}Pig&wtc|T~0P5$@xr^iJ3s?r4JJIY+}M*D!Ny8Eok@B zB-<<-7cDU2KEBPuKao_i37Z@oNoRw`A2AER3O^{(7z&AXraI1G`GlM+6%~|Ke5Iyj zgT63NHpnz;3^8`t8tj?pl@w8Zy<}#6y&PK#?~mVWmfQQrS6q<7z+YKgC@7kxS6A8I zu;NwGm4zP93nqH=4fVkP4CWZJotVhi{q{}2J!etMZ>#aeZ^t}nNX2Pu1%{`uMB4(= zmNdVd)6eU2(e`*NQ_rqrhvrWnW+yf~8=8Aj*}TJm@*mEA<9hoPk&d8UFB=EH-@=`C z4q66C$XNK1zi8+{vBy7^1Blv_)LYOwYP5cwf`gt^DB()I`f;;{Qp(m!=z_j==YW(_ z_O*8O!oa;uR(v43_N1VBGmY<(zg96R!-Gr!sjR9G3F<36I8>#SeYLXBH?x&ec8{`u z&VysERKR+pUj1dWhEl4bts4ukH?x&e_VvnsgNJezUqOh*_>yu=^in0)spQ`@0VpN$ zwD>$FgCGLHBEOb{t2C-T6})3?%of)8+FJ{JS}~dW&+BBz;`b$)g)Jz8|$9y77ZdbZWzxGVjZrfLQ#Yu&HBV4XMIV z#C+m8{BfQ|&`}AzUVK6LC=TAZo5 z7;#|>A3oJmtHL+`49wzBI}MC9a5K$JTHB$zYgrouwXd}nwq*jQ3wUa~rAv@u#Or08 z%!kA{uPG1oeTtVzsK}Y&bp^K4!5b**u1Zy#?yNvuOygvQ;sQGS2?d=YZAC(Kwf(G5 zmK%R=lzOr(Gcb7+?{YXPJ+80}qxvd;l2PTw*K{;=@vq8@KO0*71(6HRtZF+06!{t1 zd3MyxR}+GQ6ed}GXV^Xg-neh)DVx5M0X#25klBz5yy5hI!QyV!FpEoY~0 zHPCFu;%E}|ZtMa%p(!=}gwD$ewIqd)>sYhZrBhwvmDtX(P+dWL0?MBWSOZF$@lD!; z%AE4mK-Y6RC&(r@o{@Bo9k2zMKAihB?cRES|||RXZ3JRvY4SSov(ILpx&QT^sCk zU~wwEy(=*N4K%BsK;Ef9pvXr8l_4Is9-H0mkvKV@ z=>w*}Bb`sFbYAwUym*;Sn99c3>0YJu6<*q7(;;a6*42gH@-!{^A9nwn!VK|er6t`= z$SE4gOt$Xmm^8Fu8)n=^9+Lk0oZ=;76!YH)#_B=&B7<`;o2Pv(m2=X_OxET&9L+XI z9?ijGgNqgvIa(@$BN8Z2Q#w~&x2WV!28!Ju0|Ns{Ttvi6nijQ}G=@6ejGe;{kG?{Y zQ+y1hc8qBI2>&UfiVoZ(L0x;NgUu}5Sa)W(i9DUR1V>?Wkv=Af$iOxYX+I@x0?x}` zd19!-Az6)}l+`e4tVCp0lUw;91i}OMAg}bnc<2eEa5N&1yy%xw1Ys*E7P z5;i5{M@?hMDMs5_kT}-MFo;mU;f-tu9l~!ixneeHF77XARN|v!mse3?9K|tv zkDA7HLyLD0RB1=JHRgF|Gf|(0I>R$&pNs;sZI6XhfjBQ2ahJWsFd5=LMGuFE;;By( zkDU6$VjXVr5H*HfpvbdPELL}@sEYc^EeRx2RrR!h&sa&N8DTjVDc;EuGK9qI%_MsV zxuM+^6j&Rv^Q^om*#a`@4E$grWzzFA6&mnw6SD%*$P8yKdK*adjLncLVG=~$}6m74N$ zcTDa3#L4NS^N$`s`I#H;n?HGqGt)Q!{=}w{8}2%J{NUju^Ecme>7De@ka#4Nyj`>GVA3t{L_`%bg z?A5;cQ>RbeP`&GsnIng1Z=Zkc=8=)Hi4pxbvDI$d{Apxl^T?QG#P27^CdVg6$46Dt z@|EJ>!O6{|a|g$^Y?<9WJ2Eq|ZOh!|v27#cV>1(@BeQd}2gkN*VxiNVsi& z%jU_sk?GkjvvZJj^VYd(h&R85F`677ncq4#1|3F6N46atot&7S8J(EkHZeLov5gv| zlasS^qjM7nXJ@8I4o=U&2#oT~#606axov!AWOQ(eDNhukw+C z>FSB&CmuO6eX@G!@I!|-o|r#*@c7B2)5m7#tGDU<1P8->tCC;!d9fxJ^(KQAMH_O_ zHMbl;@z_ZqoUZ=Q&sA?@s-3EOk&U+>KK4+RiLf<_uFpm5VY>0jt<%#R$49r!Y@FCO zHo0-@^xX8uiRrOz^V=rIr^h#sM-iu8`X)9_ZrZwObaHHj3{Ew(d6Hk)))yZvQMANW z%HNlN-=|JapSa`rv8m6_&Y#ey6!slDdHm5+b`&~_F8tS(yHr|rE98CgFS?>HzR<;I zBX;hsU;FRB_n(IL@BEkl_^GS^m#=(uqpHk)8A{E_+TQ}d?|d79Bk`d;H}5{HD1hN36i#UJES!h{QkqXB5a8F|LTBT9zQj@zF?|e3iSEfBS#l z75$ily5YYccTAAHFWMVD$aN~Zht#g<&gc%FcX9m$Y5n)Z&j0xTYA146)EUiwwAj3V z%--^O74AOI;tXy(`IiH#ei`}`e56vJ3*W^jRP||a{kPs~?c=R~3|!yq4j&!20?~Im zZvfXEIO&t&`ds-#Z6Fn`%n1GV|0nqBH#CU;DEb(6{ZqE#ch^ple;XeQ*O$yU(Z8u^ zAFQSCidSj9%7=0F>2rOjTv%86PP%?@?GQh)rq9lwG~7?}X0lGXwloHA&4UoHuauM%#sTTtTp9 zwVvUF84^cg^LrOTRk@J2sw#e!VSCJ)hhsQnRW+*aH!@4S)f3j?^*}F+9p+UYTPuXQ z=s?}6M%_GjVfP*HG4al5FyE+qT4A7@@6hpG_i3{JiSs~zGt8X&T)}yyo29vLd6Mc? aEBrlbrhfn17c=ne(@~fNnE&>347>nZR4A?h diff --git a/src/SimpleSocialAuth.Mvc4/bin/Debug/Newtonsoft.Json.xml b/src/SimpleSocialAuth.Mvc4/bin/Debug/Newtonsoft.Json.xml deleted file mode 100644 index 52d6762..0000000 --- a/src/SimpleSocialAuth.Mvc4/bin/Debug/Newtonsoft.Json.xml +++ /dev/null @@ -1,7631 +0,0 @@ - - - - Newtonsoft.Json - - - -

- Represents a reader that provides fast, non-cached, forward-only access to serialized Json data. - - - - - Represents a reader that provides fast, non-cached, forward-only access to serialized Json data. - - - - - Initializes a new instance of the class with the specified . - - - - - Reads the next JSON token from the stream. - - true if the next token was read successfully; false if there are no more tokens to read. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A or a null reference if the next JSON token is null. This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Skips the children of the current token. - - - - - Sets the current token. - - The new token. - - - - Sets the current token and value. - - The new token. - The value. - - - - Sets the state based on current token type. - - - - - Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. - - - - - Releases unmanaged and - optionally - managed resources - - true to release both managed and unmanaged resources; false to release only unmanaged resources. - - - - Changes the to Closed. - - - - - Gets the current reader state. - - The current reader state. - - - - Gets or sets a value indicating whether the underlying stream or - should be closed when the reader is closed. - - - true to close the underlying stream or when - the reader is closed; otherwise false. The default is true. - - - - - Gets the quotation mark character used to enclose the value of a string. - - - - - Get or set how time zones are handling when reading JSON. - - - - - Get or set how date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed when reading JSON. - - - - - Gets or sets the maximum depth allowed when reading JSON. Reading past this depth will throw a . - - - - - Gets the type of the current JSON token. - - - - - Gets the text value of the current JSON token. - - - - - Gets The Common Language Runtime (CLR) type for the current JSON token. - - - - - Gets the depth of the current token in the JSON document. - - The depth of the current token in the JSON document. - - - - Gets the path of the current JSON token. - - - - - Gets or sets the culture used when reading JSON. Defaults to . - - - - - Specifies the state of the reader. - - - - - The Read method has not been called. - - - - - The end of the file has been reached successfully. - - - - - Reader is at a property. - - - - - Reader is at the start of an object. - - - - - Reader is in an object. - - - - - Reader is at the start of an array. - - - - - Reader is in an array. - - - - - The Close method has been called. - - - - - Reader has just read a value. - - - - - Reader is at the start of a constructor. - - - - - Reader in a constructor. - - - - - An error occurred that prevents the read operation from continuing. - - - - - The end of the file has been reached successfully. - - - - - Initializes a new instance of the class. - - The stream. - - - - Initializes a new instance of the class. - - The reader. - - - - Initializes a new instance of the class. - - The stream. - if set to true the root object will be read as a JSON array. - The used when reading values from BSON. - - - - Initializes a new instance of the class. - - The reader. - if set to true the root object will be read as a JSON array. - The used when reading values from BSON. - - - - Reads the next JSON token from the stream as a . - - - A or a null reference if the next JSON token is null. This method will return null at the end of an array. - - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - - A . This method will return null at the end of an array. - - - - - Reads the next JSON token from the stream. - - - true if the next token was read successfully; false if there are no more tokens to read. - - - - - Changes the to Closed. - - - - - Gets or sets a value indicating whether binary data reading should compatible with incorrect Json.NET 3.5 written binary. - - - true if binary data reading will be compatible with incorrect Json.NET 3.5 written binary; otherwise, false. - - - - - Gets or sets a value indicating whether the root object will be read as a JSON array. - - - true if the root object will be read as a JSON array; otherwise, false. - - - - - Gets or sets the used when reading values from BSON. - - The used when reading values from BSON. - - - - Represents a writer that provides a fast, non-cached, forward-only way of generating Json data. - - - - - Represents a writer that provides a fast, non-cached, forward-only way of generating Json data. - - - - - Creates an instance of the JsonWriter class. - - - - - Flushes whatever is in the buffer to the underlying streams and also flushes the underlying stream. - - - - - Closes this stream and the underlying stream. - - - - - Writes the beginning of a Json object. - - - - - Writes the end of a Json object. - - - - - Writes the beginning of a Json array. - - - - - Writes the end of an array. - - - - - Writes the start of a constructor with the given name. - - The name of the constructor. - - - - Writes the end constructor. - - - - - Writes the property name of a name/value pair on a Json object. - - The name of the property. - - - - Writes the end of the current Json object or array. - - - - - Writes the current token. - - The to read the token from. - - - - Writes the specified end token. - - The end token to write. - - - - Writes indent characters. - - - - - Writes the JSON value delimiter. - - - - - Writes an indent space. - - - - - Writes a null value. - - - - - Writes an undefined value. - - - - - Writes raw JSON without changing the writer's state. - - The raw JSON to write. - - - - Writes raw JSON where a value is expected and updates the writer's state. - - The raw JSON to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - An error will raised if the value cannot be written as a single JSON token. - - The value to write. - - - - Writes out a comment /*...*/ containing the specified text. - - Text to place inside the comment. - - - - Writes out the given white space. - - The string of white space characters. - - - - Gets or sets a value indicating whether the underlying stream or - should be closed when the writer is closed. - - - true to close the underlying stream or when - the writer is closed; otherwise false. The default is true. - - - - - Gets the top. - - The top. - - - - Gets the state of the writer. - - - - - Gets the path of the writer. - - - - - Indicates how JSON text output is formatted. - - - - - Get or set how dates are written to JSON text. - - - - - Get or set how time zones are handling when writing JSON. - - - - - Initializes a new instance of the class. - - The stream. - - - - Initializes a new instance of the class. - - The writer. - - - - Flushes whatever is in the buffer to the underlying streams and also flushes the underlying stream. - - - - - Writes the end. - - The token. - - - - Writes out a comment /*...*/ containing the specified text. - - Text to place inside the comment. - - - - Writes the start of a constructor with the given name. - - The name of the constructor. - - - - Writes raw JSON. - - The raw JSON to write. - - - - Writes raw JSON where a value is expected and updates the writer's state. - - The raw JSON to write. - - - - Writes the beginning of a Json array. - - - - - Writes the beginning of a Json object. - - - - - Writes the property name of a name/value pair on a Json object. - - The name of the property. - - - - Closes this stream and the underlying stream. - - - - - Writes a null value. - - - - - Writes an undefined value. - - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value that represents a BSON object id. - - The Object ID value to write. - - - - Writes a BSON regex. - - The regex pattern. - The regex options. - - - - Gets or sets the used when writing values to BSON. - When set to no conversion will occur. - - The used when writing values to BSON. - - - - Represents a BSON Oid (object id). - - - - - Initializes a new instance of the class. - - The Oid value. - - - - Gets or sets the value of the Oid. - - The value of the Oid. - - - - Converts a binary value to and from a base 64 string value. - - - - - Converts an object to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Gets the of the JSON produced by the JsonConverter. - - The of the JSON produced by the JsonConverter. - - - - Gets a value indicating whether this can read JSON. - - true if this can read JSON; otherwise, false. - - - - Gets a value indicating whether this can write JSON. - - true if this can write JSON; otherwise, false. - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Converts a to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified value type. - - Type of the value. - - true if this instance can convert the specified value type; otherwise, false. - - - - - Converts a to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified value type. - - Type of the value. - - true if this instance can convert the specified value type; otherwise, false. - - - - - Create a custom object - - The object type to convert. - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Creates an object which will then be populated by the serializer. - - Type of the object. - The created object. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Gets a value indicating whether this can write JSON. - - - true if this can write JSON; otherwise, false. - - - - - Provides a base class for converting a to and from JSON. - - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Converts an Entity Framework EntityKey to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Converts an ExpandoObject to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Gets a value indicating whether this can write JSON. - - - true if this can write JSON; otherwise, false. - - - - - Converts a to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Converts a to and from JSON and BSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Converts a to and from JSON and BSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Converts an to and from its name string value. - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - A cached representation of the Enum string representation to respect per Enum field name. - - The type of the Enum. - A map of enum field name to either the field name, or the configured enum member name (). - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Gets or sets a value indicating whether the written enum text should be camel case. - - true if the written enum text will be camel case; otherwise, false. - - - - Specifies how constructors are used when initializing objects during deserialization by the . - - - - - First attempt to use the public default constructor, then fall back to single paramatized constructor, then the non-public default constructor. - - - - - Json.NET will use a non-public default constructor before falling back to a paramatized constructor. - - - - - Converts a to and from a string (e.g. "1.2.3.4"). - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing property value of the JSON that is being converted. - The calling serializer. - The object value. - - - - Determines whether this instance can convert the specified object type. - - Type of the object. - - true if this instance can convert the specified object type; otherwise, false. - - - - - Instructs the how to serialize the collection. - - - - - Instructs the how to serialize the object. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class with the specified container Id. - - The container Id. - - - - Gets or sets the id. - - The id. - - - - Gets or sets the title. - - The title. - - - - Gets or sets the description. - - The description. - - - - Gets the collection's items converter. - - The collection's items converter. - - - - Gets or sets a value that indicates whether to preserve object references. - - - true to keep object reference; otherwise, false. The default is false. - - - - - Gets or sets a value that indicates whether to preserve collection's items references. - - - true to keep collection's items object references; otherwise, false. The default is false. - - - - - Gets or sets the reference loop handling used when serializing the collection's items. - - The reference loop handling. - - - - Gets or sets the type name handling used when serializing the collection's items. - - The type name handling. - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class with the specified container Id. - - The container Id. - - - - The exception thrown when an error occurs during Json serialization or deserialization. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - with a specified error message. - - The error message that explains the reason for the exception. - - - - Initializes a new instance of the class - with a specified error message and a reference to the inner exception that is the cause of this exception. - - The error message that explains the reason for the exception. - The exception that is the cause of the current exception, or a null reference (Nothing in Visual Basic) if no inner exception is specified. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - The parameter is null. - The class name is null or is zero (0). - - - - Specifies how dates are formatted when writing JSON text. - - - - - Dates are written in the ISO 8601 format, e.g. "2012-03-21T05:40Z". - - - - - Dates are written in the Microsoft JSON format, e.g. "\/Date(1198908717056)\/". - - - - - Specifies how date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed when reading JSON text. - - - - - Date formatted strings are not parsed to a date type and are read as strings. - - - - - Date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed to . - - - - - Date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed to . - - - - - Specifies how to treat the time value when converting between string and . - - - - - Treat as local time. If the object represents a Coordinated Universal Time (UTC), it is converted to the local time. - - - - - Treat as a UTC. If the object represents a local time, it is converted to a UTC. - - - - - Treat as a local time if a is being converted to a string. - If a string is being converted to , convert to a local time if a time zone is specified. - - - - - Time zone information should be preserved when converting. - - - - - Specifies formatting options for the . - - - - - No special formatting is applied. This is the default. - - - - - Causes child objects to be indented according to the and settings. - - - - - Instructs the to use the specified constructor when deserializing that object. - - - - - Contract details for a used by the . - - - - - Contract details for a used by the . - - - - - Gets the underlying type for the contract. - - The underlying type for the contract. - - - - Gets or sets the type created during deserialization. - - The type created during deserialization. - - - - Gets or sets whether this type contract is serialized as a reference. - - Whether this type contract is serialized as a reference. - - - - Gets or sets the default for this contract. - - The converter. - - - - Gets or sets the method called immediately after deserialization of the object. - - The method called immediately after deserialization of the object. - - - - Gets or sets the method called during deserialization of the object. - - The method called during deserialization of the object. - - - - Gets or sets the method called after serialization of the object graph. - - The method called after serialization of the object graph. - - - - Gets or sets the method called before serialization of the object. - - The method called before serialization of the object. - - - - Gets or sets the default creator method used to create the object. - - The default creator method used to create the object. - - - - Gets or sets a value indicating whether the default creator is non public. - - true if the default object creator is non-public; otherwise, false. - - - - Gets or sets the method called when an error is thrown during the serialization of the object. - - The method called when an error is thrown during the serialization of the object. - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Gets or sets the default collection items . - - The converter. - - - - Gets or sets a value indicating whether the collection items preserve object references. - - true if collection items preserve object references; otherwise, false. - - - - Gets or sets the collection item reference loop handling. - - The reference loop handling. - - - - Gets or sets the collection item type name handling. - - The type name handling. - - - - Represents a raw JSON string. - - - - - Represents a value in JSON (string, integer, date, etc). - - - - - Represents an abstract JSON token. - - - - - Represents a collection of objects. - - The type of token - - - - Gets the with the specified key. - - - - - - Provides an interface to enable a class to return line and position information. - - - - - Gets a value indicating whether the class can return line information. - - - true if LineNumber and LinePosition can be provided; otherwise, false. - - - - - Gets the current line number. - - The current line number or 0 if no line information is available (for example, HasLineInfo returns false). - - - - Gets the current line position. - - The current line position or 0 if no line information is available (for example, HasLineInfo returns false). - - - - Compares the values of two tokens, including the values of all descendant tokens. - - The first to compare. - The second to compare. - true if the tokens are equal; otherwise false. - - - - Adds the specified content immediately after this token. - - A content object that contains simple content or a collection of content objects to be added after this token. - - - - Adds the specified content immediately before this token. - - A content object that contains simple content or a collection of content objects to be added before this token. - - - - Returns a collection of the ancestor tokens of this token. - - A collection of the ancestor tokens of this token. - - - - Returns a collection of the sibling tokens after this token, in document order. - - A collection of the sibling tokens after this tokens, in document order. - - - - Returns a collection of the sibling tokens before this token, in document order. - - A collection of the sibling tokens before this token, in document order. - - - - Gets the with the specified key converted to the specified type. - - The type to convert the token to. - The token key. - The converted token value. - - - - Returns a collection of the child tokens of this token, in document order. - - An of containing the child tokens of this , in document order. - - - - Returns a collection of the child tokens of this token, in document order, filtered by the specified type. - - The type to filter the child tokens on. - A containing the child tokens of this , in document order. - - - - Returns a collection of the child values of this token, in document order. - - The type to convert the values to. - A containing the child values of this , in document order. - - - - Removes this token from its parent. - - - - - Replaces this token with the specified token. - - The value. - - - - Writes this token to a . - - A into which this method will write. - A collection of which will be used when writing the token. - - - - Returns the indented JSON for this token. - - - The indented JSON for this token. - - - - - Returns the JSON for this token using the given formatting and converters. - - Indicates how the output is formatted. - A collection of which will be used when writing the token. - The JSON for this token using the given formatting and converters. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an explicit conversion from to . - - The value. - The result of the conversion. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Performs an implicit conversion from to . - - The value to create a from. - The initialized with the specified value. - - - - Creates an for this token. - - An that can be used to read this token and its descendants. - - - - Creates a from an object. - - The object that will be used to create . - A with the value of the specified object - - - - Creates a from an object using the specified . - - The object that will be used to create . - The that will be used when reading the object. - A with the value of the specified object - - - - Creates the specified .NET type from the . - - The object type that the token will be deserialized to. - The new object created from the JSON value. - - - - Creates the specified .NET type from the using the specified . - - The object type that the token will be deserialized to. - The that will be used when creating the object. - The new object created from the JSON value. - - - - Creates a from a . - - An positioned at the token to read into this . - - An that contains the token and its descendant tokens - that were read from the reader. The runtime type of the token is determined - by the token type of the first token encountered in the reader. - - - - - Load a from a string that contains JSON. - - A that contains JSON. - A populated from the string that contains JSON. - - - - Creates a from a . - - An positioned at the token to read into this . - - An that contains the token and its descendant tokens - that were read from the reader. The runtime type of the token is determined - by the token type of the first token encountered in the reader. - - - - - Selects the token that matches the object path. - - - The object path from the current to the - to be returned. This must be a string of property names or array indexes separated - by periods, such as Tables[0].DefaultView[0].Price in C# or - Tables(0).DefaultView(0).Price in Visual Basic. - - The that matches the object path or a null reference if no matching token is found. - - - - Selects the token that matches the object path. - - - The object path from the current to the - to be returned. This must be a string of property names or array indexes separated - by periods, such as Tables[0].DefaultView[0].Price in C# or - Tables(0).DefaultView(0).Price in Visual Basic. - - A flag to indicate whether an error should be thrown if no token is found. - The that matches the object path. - - - - Returns the responsible for binding operations performed on this object. - - The expression tree representation of the runtime value. - - The to bind this object. - - - - - Returns the responsible for binding operations performed on this object. - - The expression tree representation of the runtime value. - - The to bind this object. - - - - - Creates a new instance of the . All child tokens are recursively cloned. - - A new instance of the . - - - - Gets a comparer that can compare two tokens for value equality. - - A that can compare two nodes for value equality. - - - - Gets or sets the parent. - - The parent. - - - - Gets the root of this . - - The root of this . - - - - Gets the node type for this . - - The type. - - - - Gets a value indicating whether this token has childen tokens. - - - true if this token has child values; otherwise, false. - - - - - Gets the next sibling token of this node. - - The that contains the next sibling token. - - - - Gets the previous sibling token of this node. - - The that contains the previous sibling token. - - - - Gets the with the specified key. - - The with the specified key. - - - - Get the first child token of this token. - - A containing the first child token of the . - - - - Get the last child token of this token. - - A containing the last child token of the . - - - - Initializes a new instance of the class from another object. - - A object to copy from. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Initializes a new instance of the class with the given value. - - The value. - - - - Creates a comment with the given value. - - The value. - A comment with the given value. - - - - Creates a string with the given value. - - The value. - A string with the given value. - - - - Writes this token to a . - - A into which this method will write. - A collection of which will be used when writing the token. - - - - Indicates whether the current object is equal to another object of the same type. - - - true if the current object is equal to the parameter; otherwise, false. - - An object to compare with this object. - - - - Determines whether the specified is equal to the current . - - The to compare with the current . - - true if the specified is equal to the current ; otherwise, false. - - - The parameter is null. - - - - - Serves as a hash function for a particular type. - - - A hash code for the current . - - - - - Returns a that represents this instance. - - - A that represents this instance. - - - - - Returns a that represents this instance. - - The format. - - A that represents this instance. - - - - - Returns a that represents this instance. - - The format provider. - - A that represents this instance. - - - - - Returns a that represents this instance. - - The format. - The format provider. - - A that represents this instance. - - - - - Returns the responsible for binding operations performed on this object. - - The expression tree representation of the runtime value. - - The to bind this object. - - - - - Compares the current instance with another object of the same type and returns an integer that indicates whether the current instance precedes, follows, or occurs in the same position in the sort order as the other object. - - An object to compare with this instance. - - A 32-bit signed integer that indicates the relative order of the objects being compared. The return value has these meanings: - Value - Meaning - Less than zero - This instance is less than . - Zero - This instance is equal to . - Greater than zero - This instance is greater than . - - - is not the same type as this instance. - - - - - Gets a value indicating whether this token has childen tokens. - - - true if this token has child values; otherwise, false. - - - - - Gets the node type for this . - - The type. - - - - Gets or sets the underlying token value. - - The underlying token value. - - - - Initializes a new instance of the class from another object. - - A object to copy from. - - - - Initializes a new instance of the class. - - The raw json. - - - - Creates an instance of with the content of the reader's current token. - - The reader. - An instance of with the content of the reader's current token. - - - - Indicating whether a property is required. - - - - - The property is not required. The default state. - - - - - The property must be defined in JSON but can be a null value. - - - - - The property must be defined in JSON and cannot be a null value. - - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Gets the object's properties. - - The object's properties. - - - - Gets or sets the property name resolver. - - The property name resolver. - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Gets or sets the ISerializable object constructor. - - The ISerializable object constructor. - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Get and set values for a using dynamic methods. - - - - - Provides methods to get and set values. - - - - - Sets the value. - - The target to set the value on. - The value to set on the target. - - - - Gets the value. - - The target to get the value from. - The value. - - - - Initializes a new instance of the class. - - The member info. - - - - Sets the value. - - The target to set the value on. - The value to set on the target. - - - - Gets the value. - - The target to get the value from. - The value. - - - - Provides data for the Error event. - - - - - Initializes a new instance of the class. - - The current object. - The error context. - - - - Gets the current object the error event is being raised against. - - The current object the error event is being raised against. - - - - Gets the error context. - - The error context. - - - - Represents a view of a . - - - - - Initializes a new instance of the class. - - The name. - Type of the property. - - - - When overridden in a derived class, returns whether resetting an object changes its value. - - - true if resetting the component changes its value; otherwise, false. - - The component to test for reset capability. - - - - - When overridden in a derived class, gets the current value of the property on a component. - - - The value of a property for a given component. - - The component with the property for which to retrieve the value. - - - - - When overridden in a derived class, resets the value for this property of the component to the default value. - - The component with the property value that is to be reset to the default value. - - - - - When overridden in a derived class, sets the value of the component to a different value. - - The component with the property value that is to be set. - The new value. - - - - - When overridden in a derived class, determines a value indicating whether the value of this property needs to be persisted. - - - true if the property should be persisted; otherwise, false. - - The component with the property to be examined for persistence. - - - - - When overridden in a derived class, gets the type of the component this property is bound to. - - - A that represents the type of component this property is bound to. When the or methods are invoked, the object specified might be an instance of this type. - - - - - When overridden in a derived class, gets a value indicating whether this property is read-only. - - - true if the property is read-only; otherwise, false. - - - - - When overridden in a derived class, gets the type of the property. - - - A that represents the type of the property. - - - - - Gets the hash code for the name of the member. - - - - The hash code for the name of the member. - - - - - Used to resolve references when serializing and deserializing JSON by the . - - - - - Resolves a reference to its object. - - The serialization context. - The reference to resolve. - The object that - - - - Gets the reference for the sepecified object. - - The serialization context. - The object to get a reference for. - The reference to the object. - - - - Determines whether the specified object is referenced. - - The serialization context. - The object to test for a reference. - - true if the specified object is referenced; otherwise, false. - - - - - Adds a reference to the specified object. - - The serialization context. - The reference. - The object to reference. - - - - Specifies reference handling options for the . - - - - - - - - Do not preserve references when serializing types. - - - - - Preserve references when serializing into a JSON object structure. - - - - - Preserve references when serializing into a JSON array structure. - - - - - Preserve references when serializing. - - - - - Instructs the how to serialize the collection. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class with a flag indicating whether the array can contain null items - - A flag indicating whether the array can contain null items. - - - - Initializes a new instance of the class with the specified container Id. - - The container Id. - - - - Gets or sets a value indicating whether null items are allowed in the collection. - - true if null items are allowed in the collection; otherwise, false. - - - - Specifies default value handling options for the . - - - - - - - - - Include members where the member value is the same as the member's default value when serializing objects. - Included members are written to JSON. Has no effect when deserializing. - - - - - Ignore members where the member value is the same as the member's default value when serializing objects - so that is is not written to JSON, and ignores setting members when the JSON value equals the member's default value. - - - - - Members with a default value but no JSON will be set to their default value when deserializing. - - - - - Ignore members where the member value is the same as the member's default value when serializing objects - and sets members to their default value when deserializing. - - - - - Instructs the to use the specified when serializing the member or class. - - - - - Initializes a new instance of the class. - - Type of the converter. - - - - Gets the type of the converter. - - The type of the converter. - - - - Instructs the how to serialize the object. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class with the specified member serialization. - - The member serialization. - - - - Initializes a new instance of the class with the specified container Id. - - The container Id. - - - - Gets or sets the member serialization. - - The member serialization. - - - - Gets or sets a value that indicates whether the object's properties are required. - - - A value indicating whether the object's properties are required. - - - - - Specifies the settings on a object. - - - - - Initializes a new instance of the class. - - - - - Gets or sets how reference loops (e.g. a class referencing itself) is handled. - - Reference loop handling. - - - - Gets or sets how missing members (e.g. JSON contains a property that isn't a member on the object) are handled during deserialization. - - Missing member handling. - - - - Gets or sets how objects are created during deserialization. - - The object creation handling. - - - - Gets or sets how null values are handled during serialization and deserialization. - - Null value handling. - - - - Gets or sets how null default are handled during serialization and deserialization. - - The default value handling. - - - - Gets or sets a collection that will be used during serialization. - - The converters. - - - - Gets or sets how object references are preserved by the serializer. - - The preserve references handling. - - - - Gets or sets how type name writing and reading is handled by the serializer. - - The type name handling. - - - - Gets or sets how a type name assembly is written and resolved by the serializer. - - The type name assembly format. - - - - Gets or sets how constructors are used during deserialization. - - The constructor handling. - - - - Gets or sets the contract resolver used by the serializer when - serializing .NET objects to JSON and vice versa. - - The contract resolver. - - - - Gets or sets the used by the serializer when resolving references. - - The reference resolver. - - - - Gets or sets the used by the serializer when resolving type names. - - The binder. - - - - Gets or sets the error handler called during serialization and deserialization. - - The error handler called during serialization and deserialization. - - - - Gets or sets the used by the serializer when invoking serialization callback methods. - - The context. - - - - Gets or sets the maximum depth allowed when reading JSON. Reading past this depth will throw a . - - - - - Indicates how JSON text output is formatted. - - - - - Get or set how dates are written to JSON text. - - - - - Get or set how time zones are handling during serialization and deserialization. - - - - - Get or set how date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed when reading JSON. - - - - - Gets or sets the culture used when reading JSON. Defaults to . - - - - - Gets a value indicating whether there will be a check for additional content after deserializing an object. - - - true if there will be a check for additional content after deserializing an object; otherwise, false. - - - - - Represents a reader that provides validation. - - - - - Initializes a new instance of the class that - validates the content returned from the given . - - The to read from while validating. - - - - Reads the next JSON token from the stream as a . - - A . - - - - Reads the next JSON token from the stream as a . - - - A or a null reference if the next JSON token is null. - - - - - Reads the next JSON token from the stream as a . - - A . - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . - - - - Reads the next JSON token from the stream. - - - true if the next token was read successfully; false if there are no more tokens to read. - - - - - Sets an event handler for receiving schema validation errors. - - - - - Gets the text value of the current Json token. - - - - - - Gets the depth of the current token in the JSON document. - - The depth of the current token in the JSON document. - - - - Gets the path of the current JSON token. - - - - - Gets the quotation mark character used to enclose the value of a string. - - - - - - Gets the type of the current Json token. - - - - - - Gets the Common Language Runtime (CLR) type for the current Json token. - - - - - - Gets or sets the schema. - - The schema. - - - - Gets the used to construct this . - - The specified in the constructor. - - - - Compares tokens to determine whether they are equal. - - - - - Determines whether the specified objects are equal. - - The first object of type to compare. - The second object of type to compare. - - true if the specified objects are equal; otherwise, false. - - - - - Returns a hash code for the specified object. - - The for which a hash code is to be returned. - A hash code for the specified object. - The type of is a reference type and is null. - - - - Specifies the member serialization options for the . - - - - - All public members are serialized by default. Members can be excluded using or . - This is the default member serialization mode. - - - - - Only members must be marked with or are serialized. - This member serialization mode can also be set by marking the class with . - - - - - All public and private fields are serialized. Members can be excluded using or . - This member serialization mode can also be set by marking the class with - and setting IgnoreSerializableAttribute on to false. - - - - - Specifies how object creation is handled by the . - - - - - Reuse existing objects, create new objects when needed. - - - - - Only reuse existing objects. - - - - - Always create new objects. - - - - - Converts a to and from the ISO 8601 date format (e.g. 2008-04-12T12:53Z). - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Gets or sets the date time styles used when converting a date to and from JSON. - - The date time styles used when converting a date to and from JSON. - - - - Gets or sets the date time format used when converting a date to and from JSON. - - The date time format used when converting a date to and from JSON. - - - - Gets or sets the culture used when converting a date to and from JSON. - - The culture used when converting a date to and from JSON. - - - - Converts a to and from a JavaScript date constructor (e.g. new Date(52231943)). - - - - - Writes the JSON representation of the object. - - The to write to. - The value. - The calling serializer. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing property value of the JSON that is being converted. - The calling serializer. - The object value. - - - - Converts XML to and from JSON. - - - - - Writes the JSON representation of the object. - - The to write to. - The calling serializer. - The value. - - - - Reads the JSON representation of the object. - - The to read from. - Type of the object. - The existing value of object being read. - The calling serializer. - The object value. - - - - Checks if the attributeName is a namespace attribute. - - Attribute name to test. - The attribute name prefix if it has one, otherwise an empty string. - True if attribute name is for a namespace attribute, otherwise false. - - - - Determines whether this instance can convert the specified value type. - - Type of the value. - - true if this instance can convert the specified value type; otherwise, false. - - - - - Gets or sets the name of the root element to insert when deserializing to XML if the JSON structure has produces multiple root elements. - - The name of the deserialize root element. - - - - Gets or sets a flag to indicate whether to write the Json.NET array attribute. - This attribute helps preserve arrays when converting the written XML back to JSON. - - true if the array attibute is written to the XML; otherwise, false. - - - - Gets or sets a value indicating whether to write the root JSON object. - - true if the JSON root object is omitted; otherwise, false. - - - - Represents a reader that provides fast, non-cached, forward-only access to JSON text data. - - - - - Initializes a new instance of the class with the specified . - - The TextReader containing the XML data to read. - - - - Reads the next JSON token from the stream. - - - true if the next token was read successfully; false if there are no more tokens to read. - - - - - Reads the next JSON token from the stream as a . - - - A or a null reference if the next JSON token is null. This method will return null at the end of an array. - - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Changes the state to closed. - - - - - Gets a value indicating whether the class can return line information. - - - true if LineNumber and LinePosition can be provided; otherwise, false. - - - - - Gets the current line number. - - - The current line number or 0 if no line information is available (for example, HasLineInfo returns false). - - - - - Gets the current line position. - - - The current line position or 0 if no line information is available (for example, HasLineInfo returns false). - - - - - Instructs the to always serialize the member with the specified name. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class with the specified name. - - Name of the property. - - - - Gets or sets the converter used when serializing the property's collection items. - - The collection's items converter. - - - - Gets or sets the null value handling used when serializing this property. - - The null value handling. - - - - Gets or sets the default value handling used when serializing this property. - - The default value handling. - - - - Gets or sets the reference loop handling used when serializing this property. - - The reference loop handling. - - - - Gets or sets the object creation handling used when deserializing this property. - - The object creation handling. - - - - Gets or sets the type name handling used when serializing this property. - - The type name handling. - - - - Gets or sets whether this property's value is serialized as a reference. - - Whether this property's value is serialized as a reference. - - - - Gets or sets the order of serialization and deserialization of a member. - - The numeric order of serialization or deserialization. - - - - Gets or sets a value indicating whether this property is required. - - - A value indicating whether this property is required. - - - - - Gets or sets the name of the property. - - The name of the property. - - - - Gets or sets the the reference loop handling used when serializing the property's collection items. - - The collection's items reference loop handling. - - - - Gets or sets the the type name handling used when serializing the property's collection items. - - The collection's items type name handling. - - - - Gets or sets whether this property's collection items are serialized as a reference. - - Whether this property's collection items are serialized as a reference. - - - - Instructs the not to serialize the public field or public read/write property value. - - - - - Represents a writer that provides a fast, non-cached, forward-only way of generating Json data. - - - - - Creates an instance of the JsonWriter class using the specified . - - The TextWriter to write to. - - - - Flushes whatever is in the buffer to the underlying streams and also flushes the underlying stream. - - - - - Closes this stream and the underlying stream. - - - - - Writes the beginning of a Json object. - - - - - Writes the beginning of a Json array. - - - - - Writes the start of a constructor with the given name. - - The name of the constructor. - - - - Writes the specified end token. - - The end token to write. - - - - Writes the property name of a name/value pair on a Json object. - - The name of the property. - - - - Writes indent characters. - - - - - Writes the JSON value delimiter. - - - - - Writes an indent space. - - - - - Writes a null value. - - - - - Writes an undefined value. - - - - - Writes raw JSON. - - The raw JSON to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes out a comment /*...*/ containing the specified text. - - Text to place inside the comment. - - - - Writes out the given white space. - - The string of white space characters. - - - - Gets or sets how many IndentChars to write for each level in the hierarchy when is set to Formatting.Indented. - - - - - Gets or sets which character to use to quote attribute values. - - - - - Gets or sets which character to use for indenting when is set to Formatting.Indented. - - - - - Gets or sets a value indicating whether object names will be surrounded with quotes. - - - - - The exception thrown when an error occurs while reading Json text. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - with a specified error message. - - The error message that explains the reason for the exception. - - - - Initializes a new instance of the class - with a specified error message and a reference to the inner exception that is the cause of this exception. - - The error message that explains the reason for the exception. - The exception that is the cause of the current exception, or a null reference (Nothing in Visual Basic) if no inner exception is specified. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - The parameter is null. - The class name is null or is zero (0). - - - - Gets the path to the JSON where the error occurred. - - The path to the JSON where the error occurred. - - - - The exception thrown when an error occurs while reading Json text. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - with a specified error message. - - The error message that explains the reason for the exception. - - - - Initializes a new instance of the class - with a specified error message and a reference to the inner exception that is the cause of this exception. - - The error message that explains the reason for the exception. - The exception that is the cause of the current exception, or a null reference (Nothing in Visual Basic) if no inner exception is specified. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - The parameter is null. - The class name is null or is zero (0). - - - - Gets the line number indicating where the error occurred. - - The line number indicating where the error occurred. - - - - Gets the line position indicating where the error occurred. - - The line position indicating where the error occurred. - - - - Gets the path to the JSON where the error occurred. - - The path to the JSON where the error occurred. - - - - Represents a collection of . - - - - - Provides methods for converting between common language runtime types and JSON types. - - - - - - - - Represents JavaScript's boolean value true as a string. This field is read-only. - - - - - Represents JavaScript's boolean value false as a string. This field is read-only. - - - - - Represents JavaScript's null as a string. This field is read-only. - - - - - Represents JavaScript's undefined as a string. This field is read-only. - - - - - Represents JavaScript's positive infinity as a string. This field is read-only. - - - - - Represents JavaScript's negative infinity as a string. This field is read-only. - - - - - Represents JavaScript's NaN as a string. This field is read-only. - - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation using the specified. - - The value to convert. - The format the date will be converted to. - The time zone handling when the date is converted to a string. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation using the specified. - - The value to convert. - The format the date will be converted to. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - The string delimiter character. - A JSON string representation of the . - - - - Converts the to its JSON string representation. - - The value to convert. - A JSON string representation of the . - - - - Serializes the specified object to a JSON string. - - The object to serialize. - A JSON string representation of the object. - - - - Serializes the specified object to a JSON string. - - The object to serialize. - Indicates how the output is formatted. - - A JSON string representation of the object. - - - - - Serializes the specified object to a JSON string using a collection of . - - The object to serialize. - A collection converters used while serializing. - A JSON string representation of the object. - - - - Serializes the specified object to a JSON string using a collection of . - - The object to serialize. - Indicates how the output is formatted. - A collection converters used while serializing. - A JSON string representation of the object. - - - - Serializes the specified object to a JSON string using a collection of . - - The object to serialize. - The used to serialize the object. - If this is null, default serialization settings will be is used. - - A JSON string representation of the object. - - - - - Serializes the specified object to a JSON string using a collection of . - - The object to serialize. - Indicates how the output is formatted. - The used to serialize the object. - If this is null, default serialization settings will be is used. - - A JSON string representation of the object. - - - - - Asynchronously serializes the specified object to a JSON string using a collection of . - - The object to serialize. - - A task that represents the asynchronous serialize operation. The value of the TResult parameter contains a JSON string representation of the object. - - - - - Asynchronously serializes the specified object to a JSON string using a collection of . - - The object to serialize. - Indicates how the output is formatted. - - A task that represents the asynchronous serialize operation. The value of the TResult parameter contains a JSON string representation of the object. - - - - - Asynchronously serializes the specified object to a JSON string using a collection of . - - The object to serialize. - Indicates how the output is formatted. - The used to serialize the object. - If this is null, default serialization settings will be is used. - - A task that represents the asynchronous serialize operation. The value of the TResult parameter contains a JSON string representation of the object. - - - - - Deserializes the JSON to a .NET object. - - The JSON to deserialize. - The deserialized object from the Json string. - - - - Deserializes the JSON to a .NET object. - - The JSON to deserialize. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - The deserialized object from the JSON string. - - - - Deserializes the JSON to the specified .NET type. - - The JSON to deserialize. - The of object being deserialized. - The deserialized object from the Json string. - - - - Deserializes the JSON to the specified .NET type. - - The type of the object to deserialize to. - The JSON to deserialize. - The deserialized object from the Json string. - - - - Deserializes the JSON to the given anonymous type. - - - The anonymous type to deserialize to. This can't be specified - traditionally and must be infered from the anonymous type passed - as a parameter. - - The JSON to deserialize. - The anonymous type object. - The deserialized anonymous type from the JSON string. - - - - Deserializes the JSON to the specified .NET type. - - The type of the object to deserialize to. - The JSON to deserialize. - Converters to use while deserializing. - The deserialized object from the JSON string. - - - - Deserializes the JSON to the specified .NET type. - - The type of the object to deserialize to. - The object to deserialize. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - The deserialized object from the JSON string. - - - - Deserializes the JSON to the specified .NET type. - - The JSON to deserialize. - The type of the object to deserialize. - Converters to use while deserializing. - The deserialized object from the JSON string. - - - - Deserializes the JSON to the specified .NET type. - - The JSON to deserialize. - The type of the object to deserialize to. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - The deserialized object from the JSON string. - - - - Asynchronously deserializes the JSON to the specified .NET type. - - The type of the object to deserialize to. - The JSON to deserialize. - - A task that represents the asynchronous deserialize operation. The value of the TResult parameter contains the deserialized object from the JSON string. - - - - - Asynchronously deserializes the JSON to the specified .NET type. - - The type of the object to deserialize to. - The JSON to deserialize. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - - A task that represents the asynchronous deserialize operation. The value of the TResult parameter contains the deserialized object from the JSON string. - - - - - Asynchronously deserializes the JSON to the specified .NET type. - - The JSON to deserialize. - - A task that represents the asynchronous deserialize operation. The value of the TResult parameter contains the deserialized object from the JSON string. - - - - - Asynchronously deserializes the JSON to the specified .NET type. - - The JSON to deserialize. - The type of the object to deserialize to. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - - A task that represents the asynchronous deserialize operation. The value of the TResult parameter contains the deserialized object from the JSON string. - - - - - Populates the object with values from the JSON string. - - The JSON to populate values from. - The target object to populate values onto. - - - - Populates the object with values from the JSON string. - - The JSON to populate values from. - The target object to populate values onto. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - - - - Asynchronously populates the object with values from the JSON string. - - The JSON to populate values from. - The target object to populate values onto. - - The used to deserialize the object. - If this is null, default serialization settings will be is used. - - - A task that represents the asynchronous populate operation. - - - - - Serializes the XML node to a JSON string. - - The node to serialize. - A JSON string of the XmlNode. - - - - Serializes the XML node to a JSON string. - - The node to serialize. - Indicates how the output is formatted. - A JSON string of the XmlNode. - - - - Serializes the XML node to a JSON string. - - The node to serialize. - Indicates how the output is formatted. - Omits writing the root object. - A JSON string of the XmlNode. - - - - Deserializes the XmlNode from a JSON string. - - The JSON string. - The deserialized XmlNode - - - - Deserializes the XmlNode from a JSON string nested in a root elment. - - The JSON string. - The name of the root element to append when deserializing. - The deserialized XmlNode - - - - Deserializes the XmlNode from a JSON string nested in a root elment. - - The JSON string. - The name of the root element to append when deserializing. - - A flag to indicate whether to write the Json.NET array attribute. - This attribute helps preserve arrays when converting the written XML back to JSON. - - The deserialized XmlNode - - - - Serializes the to a JSON string. - - The node to convert to JSON. - A JSON string of the XNode. - - - - Serializes the to a JSON string. - - The node to convert to JSON. - Indicates how the output is formatted. - A JSON string of the XNode. - - - - Serializes the to a JSON string. - - The node to serialize. - Indicates how the output is formatted. - Omits writing the root object. - A JSON string of the XNode. - - - - Deserializes the from a JSON string. - - The JSON string. - The deserialized XNode - - - - Deserializes the from a JSON string nested in a root elment. - - The JSON string. - The name of the root element to append when deserializing. - The deserialized XNode - - - - Deserializes the from a JSON string nested in a root elment. - - The JSON string. - The name of the root element to append when deserializing. - - A flag to indicate whether to write the Json.NET array attribute. - This attribute helps preserve arrays when converting the written XML back to JSON. - - The deserialized XNode - - - - The exception thrown when an error occurs during Json serialization or deserialization. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - with a specified error message. - - The error message that explains the reason for the exception. - - - - Initializes a new instance of the class - with a specified error message and a reference to the inner exception that is the cause of this exception. - - The error message that explains the reason for the exception. - The exception that is the cause of the current exception, or a null reference (Nothing in Visual Basic) if no inner exception is specified. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - The parameter is null. - The class name is null or is zero (0). - - - - Serializes and deserializes objects into and from the JSON format. - The enables you to control how objects are encoded into JSON. - - - - - Initializes a new instance of the class. - - - - - Creates a new instance using the specified . - - The settings to be applied to the . - A new instance using the specified . - - - - Populates the JSON values onto the target object. - - The that contains the JSON structure to reader values from. - The target object to populate values onto. - - - - Populates the JSON values onto the target object. - - The that contains the JSON structure to reader values from. - The target object to populate values onto. - - - - Deserializes the Json structure contained by the specified . - - The that contains the JSON structure to deserialize. - The being deserialized. - - - - Deserializes the Json structure contained by the specified - into an instance of the specified type. - - The containing the object. - The of object being deserialized. - The instance of being deserialized. - - - - Deserializes the Json structure contained by the specified - into an instance of the specified type. - - The containing the object. - The type of the object to deserialize. - The instance of being deserialized. - - - - Deserializes the Json structure contained by the specified - into an instance of the specified type. - - The containing the object. - The of object being deserialized. - The instance of being deserialized. - - - - Serializes the specified and writes the Json structure - to a Stream using the specified . - - The used to write the Json structure. - The to serialize. - - - - Serializes the specified and writes the Json structure - to a Stream using the specified . - - The used to write the Json structure. - The to serialize. - - - - Occurs when the errors during serialization and deserialization. - - - - - Gets or sets the used by the serializer when resolving references. - - - - - Gets or sets the used by the serializer when resolving type names. - - - - - Gets or sets how type name writing and reading is handled by the serializer. - - - - - Gets or sets how a type name assembly is written and resolved by the serializer. - - The type name assembly format. - - - - Gets or sets how object references are preserved by the serializer. - - - - - Get or set how reference loops (e.g. a class referencing itself) is handled. - - - - - Get or set how missing members (e.g. JSON contains a property that isn't a member on the object) are handled during deserialization. - - - - - Get or set how null values are handled during serialization and deserialization. - - - - - Get or set how null default are handled during serialization and deserialization. - - - - - Gets or sets how objects are created during deserialization. - - The object creation handling. - - - - Gets or sets how constructors are used during deserialization. - - The constructor handling. - - - - Gets a collection that will be used during serialization. - - Collection that will be used during serialization. - - - - Gets or sets the contract resolver used by the serializer when - serializing .NET objects to JSON and vice versa. - - - - - Gets or sets the used by the serializer when invoking serialization callback methods. - - The context. - - - - Indicates how JSON text output is formatted. - - - - - Get or set how dates are written to JSON text. - - - - - Get or set how time zones are handling during serialization and deserialization. - - - - - Get or set how date formatted strings, e.g. "\/Date(1198908717056)\/" and "2012-03-21T05:40Z", are parsed when reading JSON. - - - - - Gets or sets the culture used when reading JSON. Defaults to . - - - - - Gets or sets the maximum depth allowed when reading JSON. Reading past this depth will throw a . - - - - - Gets a value indicating whether there will be a check for additional JSON content after deserializing an object. - - - true if there will be a check for additional JSON content after deserializing an object; otherwise, false. - - - - - Contains the LINQ to JSON extension methods. - - - - - Returns a collection of tokens that contains the ancestors of every token in the source collection. - - The type of the objects in source, constrained to . - An of that contains the source collection. - An of that contains the ancestors of every node in the source collection. - - - - Returns a collection of tokens that contains the descendants of every token in the source collection. - - The type of the objects in source, constrained to . - An of that contains the source collection. - An of that contains the descendants of every node in the source collection. - - - - Returns a collection of child properties of every object in the source collection. - - An of that contains the source collection. - An of that contains the properties of every object in the source collection. - - - - Returns a collection of child values of every object in the source collection with the given key. - - An of that contains the source collection. - The token key. - An of that contains the values of every node in the source collection with the given key. - - - - Returns a collection of child values of every object in the source collection. - - An of that contains the source collection. - An of that contains the values of every node in the source collection. - - - - Returns a collection of converted child values of every object in the source collection with the given key. - - The type to convert the values to. - An of that contains the source collection. - The token key. - An that contains the converted values of every node in the source collection with the given key. - - - - Returns a collection of converted child values of every object in the source collection. - - The type to convert the values to. - An of that contains the source collection. - An that contains the converted values of every node in the source collection. - - - - Converts the value. - - The type to convert the value to. - A cast as a of . - A converted value. - - - - Converts the value. - - The source collection type. - The type to convert the value to. - A cast as a of . - A converted value. - - - - Returns a collection of child tokens of every array in the source collection. - - The source collection type. - An of that contains the source collection. - An of that contains the values of every node in the source collection. - - - - Returns a collection of converted child tokens of every array in the source collection. - - An of that contains the source collection. - The type to convert the values to. - The source collection type. - An that contains the converted values of every node in the source collection. - - - - Returns the input typed as . - - An of that contains the source collection. - The input typed as . - - - - Returns the input typed as . - - The source collection type. - An of that contains the source collection. - The input typed as . - - - - Represents a JSON constructor. - - - - - Represents a token that can contain other tokens. - - - - - Raises the event. - - The instance containing the event data. - - - - Raises the event. - - The instance containing the event data. - - - - Raises the event. - - The instance containing the event data. - - - - Returns a collection of the child tokens of this token, in document order. - - - An of containing the child tokens of this , in document order. - - - - - Returns a collection of the child values of this token, in document order. - - The type to convert the values to. - - A containing the child values of this , in document order. - - - - - Returns a collection of the descendant tokens for this token in document order. - - An containing the descendant tokens of the . - - - - Adds the specified content as children of this . - - The content to be added. - - - - Adds the specified content as the first children of this . - - The content to be added. - - - - Creates an that can be used to add tokens to the . - - An that is ready to have content written to it. - - - - Replaces the children nodes of this token with the specified content. - - The content. - - - - Removes the child nodes from this token. - - - - - Occurs when the list changes or an item in the list changes. - - - - - Occurs before an item is added to the collection. - - - - - Occurs when the items list of the collection has changed, or the collection is reset. - - - - - Gets the container's children tokens. - - The container's children tokens. - - - - Gets a value indicating whether this token has childen tokens. - - - true if this token has child values; otherwise, false. - - - - - Get the first child token of this token. - - - A containing the first child token of the . - - - - - Get the last child token of this token. - - - A containing the last child token of the . - - - - - Gets the count of child JSON tokens. - - The count of child JSON tokens - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class from another object. - - A object to copy from. - - - - Initializes a new instance of the class with the specified name and content. - - The constructor name. - The contents of the constructor. - - - - Initializes a new instance of the class with the specified name and content. - - The constructor name. - The contents of the constructor. - - - - Initializes a new instance of the class with the specified name. - - The constructor name. - - - - Writes this token to a . - - A into which this method will write. - A collection of which will be used when writing the token. - - - - Loads an from a . - - A that will be read for the content of the . - A that contains the JSON that was read from the specified . - - - - Gets the container's children tokens. - - The container's children tokens. - - - - Gets or sets the name of this constructor. - - The constructor name. - - - - Gets the node type for this . - - The type. - - - - Gets the with the specified key. - - The with the specified key. - - - - Represents a collection of objects. - - The type of token - - - - An empty collection of objects. - - - - - Initializes a new instance of the struct. - - The enumerable. - - - - Returns an enumerator that iterates through the collection. - - - A that can be used to iterate through the collection. - - - - - Returns an enumerator that iterates through a collection. - - - An object that can be used to iterate through the collection. - - - - - Determines whether the specified is equal to this instance. - - The to compare with this instance. - - true if the specified is equal to this instance; otherwise, false. - - - - - Returns a hash code for this instance. - - - A hash code for this instance, suitable for use in hashing algorithms and data structures like a hash table. - - - - - Gets the with the specified key. - - - - - - Represents a JSON object. - - - - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class from another object. - - A object to copy from. - - - - Initializes a new instance of the class with the specified content. - - The contents of the object. - - - - Initializes a new instance of the class with the specified content. - - The contents of the object. - - - - Gets an of this object's properties. - - An of this object's properties. - - - - Gets a the specified name. - - The property name. - A with the specified name or null. - - - - Gets an of this object's property values. - - An of this object's property values. - - - - Loads an from a . - - A that will be read for the content of the . - A that contains the JSON that was read from the specified . - - - - Load a from a string that contains JSON. - - A that contains JSON. - A populated from the string that contains JSON. - - - - - - - Creates a from an object. - - The object that will be used to create . - A with the values of the specified object - - - - Creates a from an object. - - The object that will be used to create . - The that will be used to read the object. - A with the values of the specified object - - - - Writes this token to a . - - A into which this method will write. - A collection of which will be used when writing the token. - - - - Adds the specified property name. - - Name of the property. - The value. - - - - Removes the property with the specified name. - - Name of the property. - true if item was successfully removed; otherwise, false. - - - - Tries the get value. - - Name of the property. - The value. - true if a value was successfully retrieved; otherwise, false. - - - - Returns an enumerator that iterates through the collection. - - - A that can be used to iterate through the collection. - - - - - Raises the event with the provided arguments. - - Name of the property. - - - - Raises the event with the provided arguments. - - Name of the property. - - - - Returns the properties for this instance of a component. - - - A that represents the properties for this component instance. - - - - - Returns the properties for this instance of a component using the attribute array as a filter. - - An array of type that is used as a filter. - - A that represents the filtered properties for this component instance. - - - - - Returns a collection of custom attributes for this instance of a component. - - - An containing the attributes for this object. - - - - - Returns the class name of this instance of a component. - - - The class name of the object, or null if the class does not have a name. - - - - - Returns the name of this instance of a component. - - - The name of the object, or null if the object does not have a name. - - - - - Returns a type converter for this instance of a component. - - - A that is the converter for this object, or null if there is no for this object. - - - - - Returns the default event for this instance of a component. - - - An that represents the default event for this object, or null if this object does not have events. - - - - - Returns the default property for this instance of a component. - - - A that represents the default property for this object, or null if this object does not have properties. - - - - - Returns an editor of the specified type for this instance of a component. - - A that represents the editor for this object. - - An of the specified type that is the editor for this object, or null if the editor cannot be found. - - - - - Returns the events for this instance of a component using the specified attribute array as a filter. - - An array of type that is used as a filter. - - An that represents the filtered events for this component instance. - - - - - Returns the events for this instance of a component. - - - An that represents the events for this component instance. - - - - - Returns an object that contains the property described by the specified property descriptor. - - A that represents the property whose owner is to be found. - - An that represents the owner of the specified property. - - - - - Returns the responsible for binding operations performed on this object. - - The expression tree representation of the runtime value. - - The to bind this object. - - - - - Gets the container's children tokens. - - The container's children tokens. - - - - Occurs when a property value changes. - - - - - Occurs when a property value is changing. - - - - - Gets the node type for this . - - The type. - - - - Gets the with the specified key. - - The with the specified key. - - - - Gets or sets the with the specified property name. - - - - - - Represents a JSON array. - - - - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class from another object. - - A object to copy from. - - - - Initializes a new instance of the class with the specified content. - - The contents of the array. - - - - Initializes a new instance of the class with the specified content. - - The contents of the array. - - - - Loads an from a . - - A that will be read for the content of the . - A that contains the JSON that was read from the specified . - - - - Load a from a string that contains JSON. - - A that contains JSON. - A populated from the string that contains JSON. - - - - - - - Creates a from an object. - - The object that will be used to create . - A with the values of the specified object - - - - Creates a from an object. - - The object that will be used to create . - The that will be used to read the object. - A with the values of the specified object - - - - Writes this token to a . - - A into which this method will write. - A collection of which will be used when writing the token. - - - - Determines the index of a specific item in the . - - The object to locate in the . - - The index of if found in the list; otherwise, -1. - - - - - Inserts an item to the at the specified index. - - The zero-based index at which should be inserted. - The object to insert into the . - - is not a valid index in the . - The is read-only. - - - - Removes the item at the specified index. - - The zero-based index of the item to remove. - - is not a valid index in the . - The is read-only. - - - - Adds an item to the . - - The object to add to the . - The is read-only. - - - - Removes all items from the . - - The is read-only. - - - - Determines whether the contains a specific value. - - The object to locate in the . - - true if is found in the ; otherwise, false. - - - - - Removes the first occurrence of a specific object from the . - - The object to remove from the . - - true if was successfully removed from the ; otherwise, false. This method also returns false if is not found in the original . - - The is read-only. - - - - Gets the container's children tokens. - - The container's children tokens. - - - - Gets the node type for this . - - The type. - - - - Gets the with the specified key. - - The with the specified key. - - - - Gets or sets the at the specified index. - - - - - - Represents a reader that provides fast, non-cached, forward-only access to serialized Json data. - - - - - Initializes a new instance of the class. - - The token to read from. - - - - Reads the next JSON token from the stream as a . - - - A or a null reference if the next JSON token is null. This method will return null at the end of an array. - - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream as a . - - A . This method will return null at the end of an array. - - - - Reads the next JSON token from the stream. - - - true if the next token was read successfully; false if there are no more tokens to read. - - - - - Represents a writer that provides a fast, non-cached, forward-only way of generating Json data. - - - - - Initializes a new instance of the class writing to the given . - - The container being written to. - - - - Initializes a new instance of the class. - - - - - Flushes whatever is in the buffer to the underlying streams and also flushes the underlying stream. - - - - - Closes this stream and the underlying stream. - - - - - Writes the beginning of a Json object. - - - - - Writes the beginning of a Json array. - - - - - Writes the start of a constructor with the given name. - - The name of the constructor. - - - - Writes the end. - - The token. - - - - Writes the property name of a name/value pair on a Json object. - - The name of the property. - - - - Writes a null value. - - - - - Writes an undefined value. - - - - - Writes raw JSON. - - The raw JSON to write. - - - - Writes out a comment /*...*/ containing the specified text. - - Text to place inside the comment. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Writes a value. - - The value to write. - - - - Gets the token being writen. - - The token being writen. - - - - Represents a JSON property. - - - - - Initializes a new instance of the class from another object. - - A object to copy from. - - - - Initializes a new instance of the class. - - The property name. - The property content. - - - - Initializes a new instance of the class. - - The property name. - The property content. - - - - Writes this token to a . - - A into which this method will write. - A collection of which will be used when writing the token. - - - - Loads an from a . - - A that will be read for the content of the . - A that contains the JSON that was read from the specified . - - - - Gets the container's children tokens. - - The container's children tokens. - - - - Gets the property name. - - The property name. - - - - Gets or sets the property value. - - The property value. - - - - Gets the node type for this . - - The type. - - - - Specifies the type of token. - - - - - No token type has been set. - - - - - A JSON object. - - - - - A JSON array. - - - - - A JSON constructor. - - - - - A JSON object property. - - - - - A comment. - - - - - An integer value. - - - - - A float value. - - - - - A string value. - - - - - A boolean value. - - - - - A null value. - - - - - An undefined value. - - - - - A date value. - - - - - A raw JSON value. - - - - - A collection of bytes value. - - - - - A Guid value. - - - - - A Uri value. - - - - - A TimeSpan value. - - - - - Contains the JSON schema extension methods. - - - - - Determines whether the is valid. - - The source to test. - The schema to test with. - - true if the specified is valid; otherwise, false. - - - - - Determines whether the is valid. - - The source to test. - The schema to test with. - When this method returns, contains any error messages generated while validating. - - true if the specified is valid; otherwise, false. - - - - - Validates the specified . - - The source to test. - The schema to test with. - - - - Validates the specified . - - The source to test. - The schema to test with. - The validation event handler. - - - - Returns detailed information about the schema exception. - - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class - with a specified error message. - - The error message that explains the reason for the exception. - - - - Initializes a new instance of the class - with a specified error message and a reference to the inner exception that is the cause of this exception. - - The error message that explains the reason for the exception. - The exception that is the cause of the current exception, or a null reference (Nothing in Visual Basic) if no inner exception is specified. - - - - Initializes a new instance of the class. - - The that holds the serialized object data about the exception being thrown. - The that contains contextual information about the source or destination. - The parameter is null. - The class name is null or is zero (0). - - - - Gets the line number indicating where the error occurred. - - The line number indicating where the error occurred. - - - - Gets the line position indicating where the error occurred. - - The line position indicating where the error occurred. - - - - Gets the path to the JSON where the error occurred. - - The path to the JSON where the error occurred. - - - - Resolves from an id. - - - - - Initializes a new instance of the class. - - - - - Gets a for the specified id. - - The id. - A for the specified id. - - - - Gets or sets the loaded schemas. - - The loaded schemas. - - - - Specifies undefined schema Id handling options for the . - - - - - Do not infer a schema Id. - - - - - Use the .NET type name as the schema Id. - - - - - Use the assembly qualified .NET type name as the schema Id. - - - - - Returns detailed information related to the . - - - - - Gets the associated with the validation error. - - The JsonSchemaException associated with the validation error. - - - - Gets the path of the JSON location where the validation error occurred. - - The path of the JSON location where the validation error occurred. - - - - Gets the text description corresponding to the validation error. - - The text description. - - - - Represents the callback method that will handle JSON schema validation events and the . - - - - - Resolves member mappings for a type, camel casing property names. - - - - - Used by to resolves a for a given . - - - - - Used by to resolves a for a given . - - - - - - - - - Resolves the contract for a given type. - - The type to resolve a contract for. - The contract for a given type. - - - - Initializes a new instance of the class. - - - - - Initializes a new instance of the class. - - - If set to true the will use a cached shared with other resolvers of the same type. - Sharing the cache will significantly performance because expensive reflection will only happen once but could cause unexpected - behavior if different instances of the resolver are suppose to produce different results. When set to false it is highly - recommended to reuse instances with the . - - - - - Resolves the contract for a given type. - - The type to resolve a contract for. - The contract for a given type. - - - - Gets the serializable members for the type. - - The type to get serializable members for. - The serializable members for the type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates the constructor parameters. - - The constructor to create properties for. - The type's member properties. - Properties for the given . - - - - Creates a for the given . - - The matching member property. - The constructor parameter. - A created for the given . - - - - Resolves the default for the contract. - - Type of the object. - The contract's default . - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Creates a for the given type. - - Type of the object. - A for the given type. - - - - Determines which contract type is created for the given type. - - Type of the object. - A for the given type. - - - - Creates properties for the given . - - The type to create properties for. - /// The member serialization mode for the type. - Properties for the given . - - - - Creates the used by the serializer to get and set values from a member. - - The member. - The used by the serializer to get and set values from a member. - - - - Creates a for the given . - - The member's parent . - The member to create a for. - A created for the given . - - - - Resolves the name of the property. - - Name of the property. - Name of the property. - - - - Gets the resolved name of the property. - - Name of the property. - Name of the property. - - - - Gets a value indicating whether members are being get and set using dynamic code generation. - This value is determined by the runtime permissions available. - - - true if using dynamic code generation; otherwise, false. - - - - - Gets or sets the default members search flags. - - The default members search flags. - - - - Gets or sets a value indicating whether compiler generated members should be serialized. - - - true if serialized compiler generated members; otherwise, false. - - - - - Gets or sets a value indicating whether to ignore the interface when serializing and deserializing types. - - - true if the interface will be ignored when serializing and deserializing types; otherwise, false. - - - - - Gets or sets a value indicating whether to ignore the attribute when serializing and deserializing types. - - - true if the attribute will be ignored when serializing and deserializing types; otherwise, false. - - - - - Initializes a new instance of the class. - - - - - Resolves the name of the property. - - Name of the property. - The property name camel cased. - - - - The default serialization binder used when resolving and loading classes from type names. - - - - - When overridden in a derived class, controls the binding of a serialized object to a type. - - Specifies the name of the serialized object. - Specifies the name of the serialized object. - - The type of the object the formatter creates a new instance of. - - - - - When overridden in a derived class, controls the binding of a serialized object to a type. - - The type of the object the formatter creates a new instance of. - Specifies the name of the serialized object. - Specifies the name of the serialized object. - - - - Provides information surrounding an error. - - - - - Gets or sets the error. - - The error. - - - - Gets the original object that caused the error. - - The original object that caused the error. - - - - Gets the member that caused the error. - - The member that caused the error. - - - - Gets the path of the JSON location where the error occurred. - - The path of the JSON location where the error occurred. - - - - Gets or sets a value indicating whether this is handled. - - true if handled; otherwise, false. - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Gets the of the collection items. - - The of the collection items. - - - - Gets a value indicating whether the collection type is a multidimensional array. - - true if the collection type is a multidimensional array; otherwise, false. - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Gets or sets the property name resolver. - - The property name resolver. - - - - Gets the of the dictionary keys. - - The of the dictionary keys. - - - - Gets the of the dictionary values. - - The of the dictionary values. - - - - Maps a JSON property to a .NET member or constructor parameter. - - - - - Returns a that represents this instance. - - - A that represents this instance. - - - - - Gets or sets the name of the property. - - The name of the property. - - - - Gets or sets the type that declared this property. - - The type that declared this property. - - - - Gets or sets the order of serialization and deserialization of a member. - - The numeric order of serialization or deserialization. - - - - Gets or sets the name of the underlying member or parameter. - - The name of the underlying member or parameter. - - - - Gets the that will get and set the during serialization. - - The that will get and set the during serialization. - - - - Gets or sets the type of the property. - - The type of the property. - - - - Gets or sets the for the property. - If set this converter takes presidence over the contract converter for the property type. - - The converter. - - - - Gets the member converter. - - The member converter. - - - - Gets a value indicating whether this is ignored. - - true if ignored; otherwise, false. - - - - Gets a value indicating whether this is readable. - - true if readable; otherwise, false. - - - - Gets a value indicating whether this is writable. - - true if writable; otherwise, false. - - - - Gets a value indicating whether this has a member attribute. - - true if has a member attribute; otherwise, false. - - - - Gets the default value. - - The default value. - - - - Gets a value indicating whether this is required. - - A value indicating whether this is required. - - - - Gets a value indicating whether this property preserves object references. - - - true if this instance is reference; otherwise, false. - - - - - Gets the property null value handling. - - The null value handling. - - - - Gets the property default value handling. - - The default value handling. - - - - Gets the property reference loop handling. - - The reference loop handling. - - - - Gets the property object creation handling. - - The object creation handling. - - - - Gets or sets the type name handling. - - The type name handling. - - - - Gets or sets a predicate used to determine whether the property should be serialize. - - A predicate used to determine whether the property should be serialize. - - - - Gets or sets a predicate used to determine whether the property should be serialized. - - A predicate used to determine whether the property should be serialized. - - - - Gets or sets an action used to set whether the property has been deserialized. - - An action used to set whether the property has been deserialized. - - - - Gets or sets the converter used when serializing the property's collection items. - - The collection's items converter. - - - - Gets or sets whether this property's collection items are serialized as a reference. - - Whether this property's collection items are serialized as a reference. - - - - Gets or sets the the type name handling used when serializing the property's collection items. - - The collection's items type name handling. - - - - Gets or sets the the reference loop handling used when serializing the property's collection items. - - The collection's items reference loop handling. - - - - A collection of objects. - - - - - Initializes a new instance of the class. - - The type. - - - - When implemented in a derived class, extracts the key from the specified element. - - The element from which to extract the key. - The key for the specified element. - - - - Adds a object. - - The property to add to the collection. - - - - Gets the closest matching object. - First attempts to get an exact case match of propertyName and then - a case insensitive match. - - Name of the property. - A matching property if found. - - - - Gets a property by property name. - - The name of the property to get. - Type property name string comparison. - A matching property if found. - - - - Specifies missing member handling options for the . - - - - - Ignore a missing member and do not attempt to deserialize it. - - - - - Throw a when a missing member is encountered during deserialization. - - - - - Specifies null value handling options for the . - - - - - - - - - Include null values when serializing and deserializing objects. - - - - - Ignore null values when serializing and deserializing objects. - - - - - Specifies reference loop handling options for the . - - - - - Throw a when a loop is encountered. - - - - - Ignore loop references and do not serialize. - - - - - Serialize loop references. - - - - - An in-memory representation of a JSON Schema. - - - - - Initializes a new instance of the class. - - - - - Reads a from the specified . - - The containing the JSON Schema to read. - The object representing the JSON Schema. - - - - Reads a from the specified . - - The containing the JSON Schema to read. - The to use when resolving schema references. - The object representing the JSON Schema. - - - - Load a from a string that contains schema JSON. - - A that contains JSON. - A populated from the string that contains JSON. - - - - Parses the specified json. - - The json. - The resolver. - A populated from the string that contains JSON. - - - - Writes this schema to a . - - A into which this method will write. - - - - Writes this schema to a using the specified . - - A into which this method will write. - The resolver used. - - - - Returns a that represents the current . - - - A that represents the current . - - - - - Gets or sets the id. - - - - - Gets or sets the title. - - - - - Gets or sets whether the object is required. - - - - - Gets or sets whether the object is read only. - - - - - Gets or sets whether the object is visible to users. - - - - - Gets or sets whether the object is transient. - - - - - Gets or sets the description of the object. - - - - - Gets or sets the types of values allowed by the object. - - The type. - - - - Gets or sets the pattern. - - The pattern. - - - - Gets or sets the minimum length. - - The minimum length. - - - - Gets or sets the maximum length. - - The maximum length. - - - - Gets or sets a number that the value should be divisble by. - - A number that the value should be divisble by. - - - - Gets or sets the minimum. - - The minimum. - - - - Gets or sets the maximum. - - The maximum. - - - - Gets or sets a flag indicating whether the value can not equal the number defined by the "minimum" attribute. - - A flag indicating whether the value can not equal the number defined by the "minimum" attribute. - - - - Gets or sets a flag indicating whether the value can not equal the number defined by the "maximum" attribute. - - A flag indicating whether the value can not equal the number defined by the "maximum" attribute. - - - - Gets or sets the minimum number of items. - - The minimum number of items. - - - - Gets or sets the maximum number of items. - - The maximum number of items. - - - - Gets or sets the of items. - - The of items. - - - - Gets or sets the of properties. - - The of properties. - - - - Gets or sets the of additional properties. - - The of additional properties. - - - - Gets or sets the pattern properties. - - The pattern properties. - - - - Gets or sets a value indicating whether additional properties are allowed. - - - true if additional properties are allowed; otherwise, false. - - - - - Gets or sets the required property if this property is present. - - The required property if this property is present. - - - - Gets or sets the identity. - - The identity. - - - - Gets or sets the a collection of valid enum values allowed. - - A collection of valid enum values allowed. - - - - Gets or sets a collection of options. - - A collection of options. - - - - Gets or sets disallowed types. - - The disallow types. - - - - Gets or sets the default value. - - The default value. - - - - Gets or sets the extend . - - The extended . - - - - Gets or sets the format. - - The format. - - - - Generates a from a specified . - - - - - Generate a from the specified type. - - The type to generate a from. - A generated from the specified type. - - - - Generate a from the specified type. - - The type to generate a from. - The used to resolve schema references. - A generated from the specified type. - - - - Generate a from the specified type. - - The type to generate a from. - Specify whether the generated root will be nullable. - A generated from the specified type. - - - - Generate a from the specified type. - - The type to generate a from. - The used to resolve schema references. - Specify whether the generated root will be nullable. - A generated from the specified type. - - - - Gets or sets how undefined schemas are handled by the serializer. - - - - - Gets or sets the contract resolver. - - The contract resolver. - - - - The value types allowed by the . - - - - - No type specified. - - - - - String type. - - - - - Float type. - - - - - Integer type. - - - - - Boolean type. - - - - - Object type. - - - - - Array type. - - - - - Null type. - - - - - Any type. - - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Gets or sets the object member serialization. - - The member object serialization. - - - - Gets or sets a value that indicates whether the object's properties are required. - - - A value indicating whether the object's properties are required. - - - - - Gets the object's properties. - - The object's properties. - - - - Gets the constructor parameters required for any non-default constructor - - - - - Gets or sets the override constructor used to create the object. - This is set when a constructor is marked up using the - JsonConstructor attribute. - - The override constructor. - - - - Gets or sets the parametrized constructor used to create the object. - - The parametrized constructor. - - - - Contract details for a used by the . - - - - - Initializes a new instance of the class. - - The underlying type for the contract. - - - - Get and set values for a using reflection. - - - - - Initializes a new instance of the class. - - The member info. - - - - Sets the value. - - The target to set the value on. - The value to set on the target. - - - - Gets the value. - - The target to get the value from. - The value. - - - - When applied to a method, specifies that the method is called when an error occurs serializing an object. - - - - - Helper method for generating a MetaObject which calls a - specific method on Dynamic that returns a result - - - - - Helper method for generating a MetaObject which calls a - specific method on Dynamic, but uses one of the arguments for - the result. - - - - - Helper method for generating a MetaObject which calls a - specific method on Dynamic, but uses one of the arguments for - the result. - - - - - Returns a Restrictions object which includes our current restrictions merged - with a restriction limiting our type - - - - - Represents a method that constructs an object. - - The object type to create. - - - - Specifies type name handling options for the . - - - - - Do not include the .NET type name when serializing types. - - - - - Include the .NET type name when serializing into a JSON object structure. - - - - - Include the .NET type name when serializing into a JSON array structure. - - - - - Always include the .NET type name when serializing. - - - - - Include the .NET type name when the type of the object being serialized is not the same as its declared type. - - - - - Converts the value to the specified type. - - The value to convert. - The culture to use when converting. - The type to convert the value to. - The converted type. - - - - Converts the value to the specified type. - - The value to convert. - The culture to use when converting. - The type to convert the value to. - The converted value if the conversion was successful or the default value of T if it failed. - - true if initialValue was converted successfully; otherwise, false. - - - - - Converts the value to the specified type. If the value is unable to be converted, the - value is checked whether it assignable to the specified type. - - The value to convert. - The culture to use when converting. - The type to convert or cast the value to. - - The converted type. If conversion was unsuccessful, the initial value - is returned if assignable to the target type. - - - - - Gets a dictionary of the names and values of an Enum type. - - - - - - Gets a dictionary of the names and values of an Enum type. - - The enum type to get names and values for. - - - - - Specifies the type of Json token. - - - - - This is returned by the if a method has not been called. - - - - - An object start token. - - - - - An array start token. - - - - - A constructor start token. - - - - - An object property name. - - - - - A comment. - - - - - Raw JSON. - - - - - An integer. - - - - - A float. - - - - - A string. - - - - - A boolean. - - - - - A null token. - - - - - An undefined token. - - - - - An object end token. - - - - - An array end token. - - - - - A constructor end token. - - - - - A Date. - - - - - Byte data. - - - - - Builds a string. Unlike StringBuilder this class lets you reuse it's internal buffer. - - - - - Determines whether the collection is null or empty. - - The collection. - - true if the collection is null or empty; otherwise, false. - - - - - Adds the elements of the specified collection to the specified generic IList. - - The list to add to. - The collection of elements to add. - - - - Returns the index of the first occurrence in a sequence by using a specified IEqualityComparer. - - The type of the elements of source. - A sequence in which to locate a value. - The object to locate in the sequence - An equality comparer to compare values. - The zero-based index of the first occurrence of value within the entire sequence, if found; otherwise, –1. - - - - Gets the type of the typed collection's items. - - The type. - The type of the typed collection's items. - - - - Gets the member's underlying type. - - The member. - The underlying type of the member. - - - - Determines whether the member is an indexed property. - - The member. - - true if the member is an indexed property; otherwise, false. - - - - - Determines whether the property is an indexed property. - - The property. - - true if the property is an indexed property; otherwise, false. - - - - - Gets the member's value on the object. - - The member. - The target object. - The member's value on the object. - - - - Sets the member's value on the target object. - - The member. - The target. - The value. - - - - Determines whether the specified MemberInfo can be read. - - The MemberInfo to determine whether can be read. - /// if set to true then allow the member to be gotten non-publicly. - - true if the specified MemberInfo can be read; otherwise, false. - - - - - Determines whether the specified MemberInfo can be set. - - The MemberInfo to determine whether can be set. - if set to true then allow the member to be set non-publicly. - if set to true then allow the member to be set if read-only. - - true if the specified MemberInfo can be set; otherwise, false. - - - - - Determines whether the string is all white space. Empty string will return false. - - The string to test whether it is all white space. - - true if the string is all white space; otherwise, false. - - - - - Nulls an empty string. - - The string. - Null if the string was null, otherwise the string unchanged. - - - - Specifies the state of the . - - - - - An exception has been thrown, which has left the in an invalid state. - You may call the method to put the in the Closed state. - Any other method calls results in an being thrown. - - - - - The method has been called. - - - - - An object is being written. - - - - - A array is being written. - - - - - A constructor is being written. - - - - - A property is being written. - - - - - A write method has not been called. - - - - diff --git a/src/SimpleSocialAuth.Mvc4/bin/Debug/SimpleSocialAuth.Core.dll b/src/SimpleSocialAuth.Mvc4/bin/Debug/SimpleSocialAuth.Core.dll deleted file mode 100644 index 77afba7ea0849eb2f9d59f87ca2937402126e8c0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17920 zcmeHu4|rTxb?141=FMm%jWi=!jvU(=$8tQjEJd>A#7dOJvLxGbEdP<@IKd9`Xy!?p zcrE`|a-cZO5MT?mg$+bI(2ZoO926^EC3d_mDwECcdw~PV^YA{Mjk+ z&A|f5kt_Z@MZ1dxadl6v_yZt z(nI(H&mV(!zJsVy{+F+QSFz9z$Q|SM38EP`#L~|KQ5|p}I7YO3DecYraiUNKJ%s+= zihgIoK2t#deSH9+$y$BA(UVUcT6Mafn?g@?JAnpo)J}XWK0ATwbnUDIM%I-U@MT$p z_*Q&&678z!N;A)P#fNp%DL`Evn5&aW6YN_DyY)njC=6l7-B8t}%|uOII$Z-%kQt>! z6UZ)_d8Zkz#0r3pR)yVIg>89FYu8%B?PNj5nnP4vRCJU(>)*7wR}bE#Y(6 zI&(vPj1ny}do{;OI)@2OJpqj@ZzVVuSOU@a8!aUxSd+Mn2R=hecx^icH*0Vmotmh3 zKRXex!yq^m{0chgck%LE_)gwwhuA_C%wbDu)nrD^j$=#LTDxSGb$SA7um-}vmVzPg zdLY6TvMpx|FhuQjItZDt zb2WhbO%TMj>)Orcx^@a}X5VG!4=tVFa=I|WcbS@KO-BtiH-&b58@jsRg&0Lobc0DW zOKe4}Hpp6s>p~6|AFi+Qw&T)d5|luYg;~1<))H>AJeb333Pyub%N;eK)efMYUIs9< zMMAi>ngCP#gvn|GEX;(a(D!#lIrf@Z-w-Cf4)W-knj$J#<6}Z4OvuMjG_+a6&gpa; zo%|DO#xl`9Oz->)!e()MA3gLV)#g}(rc}c|f(^04mWm#i)xyxQgHXX{E9`wGEb=M4 z0PphVwJI5@IME5I0W|nPvv&hpVQe~17;uYUmYF$U4T2XZ5Mt_$eFXjk+gl#C)~XF! z4(7C$`2hBx{qHE`Avd!;sG-Kxg<=%b9E5?@VKle*$bQw=#I(dsP%E($Ky6fw<;cF& zxSzs0twcXlWJ7A2%y#U2X{C3R(=TUMi*z%Ae1|Dugr+Wy*F^QuL%$0+QCP~&9ksf%4_D;6(jme6W6_+fu|6!@ zOxz5X0*mmE5u76d`V@GOt#KCZ2iX|`I0rv7JDQqbvycWY?*LE>jA|#LB(TNpa1`ed z2r&6R`2ArtYdx&Xs;8iXd>M9d7=+!`ShTwZz!^ukt|oXlYjTd)8mf8Cf(8 z04+=hz9C`T@yPd)N;qr~!xgc`d#BE#UOM(Z6*s&W2mrAW=@4krDVJ8v^#-~0Y3Sv?7yAF-%cbs*FnwhTu880N z{e;Rskl@^T8|A-M&Z+PIUOA_J{BNprDzazP!&z0zsn-N9l~YGcSU;z-wJXB3lurDESmb7ihO9RhjWrsyRQBy9QNHZQO9)>!%iR3g zid@_Sg*g{rBiBFzCo%dFGlA2Sliz*6ig$VbMwTnvi#sKIVrAG5WVkY&J0-f>4@7*K z&Ycn+`3mC^&1E`wK-c9QL-<8?ZxUv_8?J=18l$ljhSc&Z520FZ2o@8OSxwkjBIrf} z2eB9iCm!2jiBCb(vJTuS>8RF#9WT?lBRWDIJ_oo)XZ;MmFH+~u9X`r*(mmn=3)gEa~ANE*nsut zh??OB=b_B{v4We)O?%Ao>^j_Q;WS-;WQ-Cx!m)9*e$SC%t~Yj|kK>8f@5(x`u6%HV zpdG#9qct@!F#U4FHgqx%-&KL zsIzEO9qW0puGeVsSMkBRncym4=RdFGmHq(KF#Vmt=K7hSMPv0mYNDR;X9WJGKs~}% zx*^hQtfKMAOJ)nrMkXVcv?KIcv?KJmVE!_45%`}8)EX{E*3$J2S2e7q0YJ!aVENMx zZ2u1cTJ%)IW5B-*yhVXVUf2FcZr>yD^8y1=#;lFb)m%xpM-N9W%0+oE9t6gsi_!lC z%=5w%jj{as7_a3~wBZK+-Ybu8q&E0b062{v25p>90tRs3qQOt^Loa}T?1+u@0pYYL zBDBv4%>te|zwGy#Xc1-0)AR$8ahb^cIeL62)Cx{ya!t`z$+#67&k&}#^fpMZ7CNym z+rWvZP1Fw9NCR3As@Mp1NN-en4an0xdrHPNQn%0+Kto}QTFHPey$H7e;$jfbBTnf} zND-gVSAz3D=$F$vI6s3DFdq%$!__XvE zLqF6LIMYAr_jF?mdRx{p=VGWCdg%0o^zNlQjBC(q#*H_m(4uhzo=+5{_rPUsfj`1} z)#n?57mTrr-Y<>YpuztT&gV6z1u4Crd7syq7NYO9agQ}i<38*I(o-^P=&z;syw+vT zfEM0R=B%Y==_#4Dl=gcpvyT3>g0r6fOR1N~e*ReXLc7f~$XUi!EORk5YTk`ro%HSv zz1_SAd%WJK-DzHl-WKUSNZ&Re#6GFdH|l?2ei#|@l+cvcG5V?MQ9JAsqsKNf?}K!0 z;ES9~QAKfYSKzDgm+Pdb*1m$?=Z|w5yNneyC^WUc7W$mu&RCb{YK`8J$SY zei`*CTIg+o^K==F`8_*u0lnjXFArKP@tq)~gzg5dm43tT-3Qt#`W?UbLC{vwhgDDZ z2#iv?g zq))4!?AQkSn)K9;ZJ_f$jd$!S`tLrCckC+qu}^cX^R$uR-1sbp7OV^C)k*K(&;ypC zC1|}*d&sIoZ;PTqm#ei+^d9LwU(*ykkG${)KIi)21@u1W)3$-Oh5pp1?FMZNT~IXb zw%~THgI@M~UkP5Pby5wd6hy$E2X|>*l<<3j&_3jm`@{>BPi&|2szTJTZ-3cxip1|gCAK*Mpg1$Um>So+KO`@+6Em3G$|$c>uXHp zgaDRd;aZDtRQ|1?2Z*!I2LUf2|1*3<;O7NCF7Qc#-x7FH;M0IdwCAM#qQF-K{z9Op zJ)^%(ivlLKRzS{b4A*J@t=7>tX)n}n*SfX;Sv#loYHRDxX}zGn1MRlD`?Y@XU!Y+c zsQZ{UtWDN^8t|^VN5S)G-IukD_Cno%)$Y{H`lo@}QvV}uQ5&lNsa8iX)N1;>wA<=K zdbiB=0OYJd``z_x06#A9Yk-f4KHU_LwCSyouwC!gMj|)p!=iaBW*N}?X)!XYAEx^w z=b_2(MNaA$wOxTc;MXIk^{2HTM();Mgq(ZySG2l@^YjbM`#btCu&xj3HM9?y8hxT6 zjpE&HxB&Q0z*hYk{RzEQ|HFnq)7R-wH#`Sz_cgqL*lljk)5DJYzc`YZWn? zWi7q>*BW;jz4~_=Zw7q6F+sih&jAnX4bf5KHhp9C?SOsJw6Pleb4F61iQZ+j(QiaQ zhLFE6`bFbT{oyFf{FJ~)qhB_9gtM9cIQlJPUjJS+L5tAg0y6SH0@F-^*h|K{fcY6X zJ7QlnTETz0*-AaJ^=3x2%Fsyc&-4sU0QL!{Pj=w}{ejqdTBP3v>=S8y^oOw<%@4{N zWAKGTh<}g1V0O}7^pAk|P$1BWN_ztBV{|v*N%{l80m1xhih#Oa+Sii}{N>VaqCvFV zrM(U9C#gw)U4KsCI*r>&fr|nk7O3frUnj6%;DErSzy*O134B=K69S(U_^g5kOIR=& zJ|yr7fzJx00OR8VPgue!@F9Uu2z*u`1%*@KPJs&o9}@V4z-I-X)!wUpNPAAJ*SF}m z>JRH*(l6>y>p#;?qsCZa+-6)f{=o>EF>|H4$?P;aCk7GsD$;{EwZn*X+$hn9jUm9t zjA6iU7zY5qV!j*j>*fQ1FPL2Y{e9ps0ACeoS=_GVc~LNbZ>`mc4u+U|43P7$A>RO? ziP=#lVSau_Sc7&8@{NWQyB6(MR3AFEq0Z1~1E7vGDvI_-Kplla6WW^u_F%M5+XQaM zXbqJl!yS;J)3pM7;RzaD2dKl-)}Va@ppIv!SD<|p;4igR#!2IMjn5iiHLf+y1w*Wtofc-u#xN1IC)mP%Cw6nF$k2}fIMClg#$d6=pgI9M|qlXR|bZI#Vdv z?tqi?=4Ng84LFNrkA``;ohxKg$wJ1-?M>#=**6^KQ$5<_IMZ3X$jl-fH*;1bjJwIy zNl5S&De@e0os{i))w4kj`FZw8A(Qnkttt)gEfn&j_MLOKS0EnlOWd7I6&!b-aJ45L z=VWoBT}dyKI^x;xV6u>;;W12#b&Y{HIc@uj7nffeTtXaj?R?U;FRkWqZp5C&oa4?( zJ2#TdL7+>sUdnN^nMoR(_X_qb9h|(wP8Dd-DIBm12lIB0Wi9D;9%STJ8Xm}IV0-Q? zv)@sBa?Ey5VJn5_k`g)xX7Jm;ogK>Bvyg+`EH0!<#o?-6wPs2c;;Awz8@qHWlZNeV zFXd+P>=D?O>D+McXr?gZZ>i5)$pdAJGm|I$Z_pjiWeWS9)JdA~syC*Scax^=!o;w* z#D^hjDltzO%OhxP zI^t$%tdMjI%N9=K?)>gdF5}HCC%u{0)f)dwZ7Y1R==T-TQ$$Tm2$sw&aa?jD=wE=d z+tse6ux#U^5U--m_$AT8uEH;bUP zWh>Ff24wwULR!ma5lwJIuXB%`v)xRJ1~Y<4y7MQt((buj>O?n9APzWhdDNK_M;b}y z{e<9Ae>z=E4g;>uhMDqnM#*}-c6OfOH1V4KW)XWJIct~j(qYOW=mDo>ZFx*Zw@-~< zW&*+U_~n%H=w&ot8NSHeWmeknB-8L!{rs&m?{<@wZ|?kDn^0h^LYvCa;L9it;?)fA}W=Z z(JRJMvF%&Ht4_|TWHvjAU?-dkww)6C%Nn7{j7HCJZeT9UxvNYV zaAt4Gc$vw{1?`#3q{|$|32#B9BOfm(?9OEEWyGTOd@u3oeDsbdT?FTD-n`RJrH=lP z!Ax>G=XfYgJsPwp=ccEVRoW>W2N>RTMDZxqSIHf*o;>tHH6V432M1?_n0?gFCeKLA zE3d-$V`c+sGLy{|Dz?FwUbTB1Gv&Q3mV+hE^1(Hhx4BNwoJ9e{p>qqncll(K9M+#l z=oAWAj>>7nTuQ2+vuM~mFqh39bcbg1h56z_$7gVqrP+`p4r(gYPD31l$S9ct4d)O- znKY_TSJpXnCS|K)&dE;<-8ly$B$dh_F26H{46KMm=qDq@=5E)S#TunTXI1it=WKVr z-<`&d1&U3s2vMp`WzG!ne{0pX%|`XzR%&W>+g4d#i;MZ21tflFs?fR5!~M#Ve&_y7?oQh0-BC57p9c98(JT?7g?!m9koCd@r$WOtt7f6H?9J6jF znJf4N8s6==v&jNnLT<@Ob^SzUyHXCLn5{_BEM_bXs zvPsX|Mp8@o2dcFDDoW-XCnqMl@wA~_L^Gy~&Zv5OD-Ddb_1)MzF)@(Dbm{(_lbfG) z<~(&yBUJ2ZXttI7q{{MD1?&2ZkIH035Hi*T@z*L9~ z7OEnJr)H%F=3Ey(fwVC@i8}|5DMm|iH16zoPQz73ZJ3;OOQTL#Csa9{aJyb1a>O}> zq7Uz?7ZWTe{c_@Fhmu19_n^>4&X5u-imiiFqsiQ~T^;~`Ld_%2TIHX`=QAvDdFHBO zt;kMXKJi&lUDNVcwe|cHeoZ# zp&XtH&(W;(Zw8#l%YbjrH3qH}M%$1=2gj=LF$K^1&EJh@@lo?B5EEK7L~@8r!1`uI8>R>LV&jj8@@%-6% zK@<2U#h}zMCz`mxWiUI9%!r&k9-m%~f7NDIbI$@_mVLFD`A*El#w$Qh0aRr;y7{e3 zE9%U8@_JIxlwIN1la<1FwW(ElC5w7_{yI;?x~E~aY3Po4#ZK6mH;?(*mb{z1>Y{E} zW3|d<*xtNTo#1tG=43O1dSouieNYgXPg%&%Wxu^i7{R`glQ6xX9XMOmv8ax0^vY`aRmJ*=VHUhI9d zSOtgJ)%f|Ri|!VivNuyu%|Hz^;Na+C3%mTxKFEHCba45USb#mxMSlcXjzfn%`lcfo za}r+%nsFQzcd^>T)Goy_s&Wp*(b3{Mi@q|AIe4`*&`{0Gamjvjvcgw5UA^hPEQyVO znp9;OwqDg9`s*+2QL&Hfm+Gi!ReQPcz|uu3hf*o1AVE;+4&`liuwB(IS`Po4uz74M z4rC6$d8lpUx0vDv@MdM`EczVioG>TgUc6}tps{~Gjf(Tpv86KqX+|%vk5j;<1C5US zbI4Zdx@Z?zVdc_;#6SPmEX7xCCyvqN`)|DcKR$MG|2sasQXl&5#2AIXc=q@$tv%1a zE3|Rp{KfjCkM1_CSS!A3bZa#(J%PBU#d?f5UXzVeYz>1!E3U=X#Wn=vy51OR3>kPQ z%1kg3U=RZ$v7OA)6=MlIFjfO=Y*TDQ1XnHA7VBX#Z6dmjn?2xbZosSRH=Z!s~Ln=6AsxtBYWKALfae&^Dr55vauN)sX-ujIbKpBXLuv z#<*TR5(&i()eXf-VQMf|wSt&WcoIH|5l}!$W5E%%k{e?EL5PjugT+LLBJv9#E1|;x zT6EzZ+zy34chkggM!yrjESC1ESQL0|bufrm{nzNLYl4B; zU?dV7)bR_c9@`MxAcG&lZ=|t>NAN$=5;tNCpFwLyY~k}z&c6g;wuQ%ovPBDD2?d2| zoi6AnYk0B3?Jp5(Hfc@xB~c4Sg3SA*F8V~G3s3P9Vhi7bC~Zw_;bJJL$6C3;vNy#R zp2iQjymF|q4nn^NGe8-c=ebxgDEke?*RW!LrNJ~{u&`STFTz;R@h1XbQM0@f>iW#V z=O6vVXMZ9ruSS55Eozb0V3_B65$v&rS7Hl4#~iQ1v$}LMsKs`uJ>$8Rm`8$8aHPOWln1d1ESd9zItCPt)tT?R!rlvH6eRB0>t&N&4mRZYN z@>d#PAagD0fiQ~<36=-)o-J<2E&+urOONAMZ-{}i(1fFceW;0=v{rUiNCOl8M`C-6 zL-Y`$wTT*=Gz*>|Sskej8fs{)PKQZ~+r^6a!8zgJ2$1dK*jlWH(c42oKR_^t3I`1$ zSK+7oOa8))B7^NqEAe(^>A_?CtB=IvTf4gPCiEta+Io9>uh}};lj`W%-rLjBleVwv z=i@=*B;yJsPd*JTNp~dKkFHe@=J+Pso9R>uZou;<=6V-&g31(7DuXB<4DSzXK|M&T%_l>{VZje_ve2 z;&%~uFq<90Et~q0+E#A}Fvsf~D894I`Y)~j!xrH8rwMPP(n9sb>iuwp#4G1ozVX@8vGXtx8TNb0&s{%(Hh1r>H+kJ0e7R#pRbsI^O}15rReqQdXrGqnKAT=PD`O78k z7oINM45)uSD6?S$NN&N{BL5&}S2wpA)R)CdlIIzNZnMC#eq+!rg?#4&Q}FFo7IyV-tKY)hopM8y#T4zhQ4@~AsScX;&?MNj(=OBU$^|-$#K!`pg)dpQCYX5y-GKN zzm|^s#rB6Fo9pyB*tAfw>bGX|9zcBq6_u5f z&%Cg4YXFQh|AST@pNq&N2zFX$?C<-51OM-w($v4dGX@_}4%AMneBm?2R*>KPfb!sj zT|swz^e=AYsaXKwJ$J4Lu>r1&!i?`sa^YyV5e+W&ps=Hbe9RJ8WQV=d9W$&QX_ zcUxC1-X3jD_QdyBv?hXuiFoV6_Rg+YVqx3zmfm>J&9T;GqNO#_5smk@?27JfZ}04G zNp$Y%g`}soGuoweT8P!h(`K_b+1ZsCk(6EG6O=O68;!?QkXU!Jvo)IR?CEap=}yM> zB}Y2vp4M0*(QnS@!1o!TX3;OM`iN=cf294Yza+xPuyeza-k z9rr!;*<||$wAD5=O%la31tm2Dyax@pNs5Z+4z!$mHOxCpEP7lTW{rJ&~3%fRKJ)cuv<3UDR3 z3S14=f%RYm*a$X(YrwVOI&eLB6?iqc0o({~0=IyhLG95rgV%wVf~N|FYX7z4A1Hpj z=@;LsSyS`-Yo9uzqL0BS;DBWR=?MLe&Lw$Ozmsc#8ABU=bsI0If|_vT_Sr)BNn60N zzwed{3#zo1yUjMg;x4b$1rJ2De-)*_Z;=eZ>D3t#H!rwG6o%!Xp#~%6k z%V+=a=X-wi-jseUmv_s7Lbd--$NzLe;~78u>v2av@%>oY^P1v}!6@KBq1ylMsyQ1D zUj7%yKk}dd=YL=Q$d*4C1yvs_A{;1G`~Sly<}@As(@*`*xqtQ8r&}H#uRWhhe4zY|?`iLG3`PM53f2BA_r2T_|MLC!y%D*wWz|)KB*180G=LG8n9pI!U#+GqEB^!fJN z3%S=WdxC5UvJ=P-puKay|E_)g4+<2j{m1tIN2kQR{p#DVvi%=y(2TvY?;(%1?vTe; zbI4<>Ipk624|(KzRy61=NkdO}V(*?%#dPlZUUJ@+fpY*7o%5>WYnIEq0k4MzRj; zyEn%6a8RkaXLqc7W3)TE%L-Sa+oQ94kI5&geD-AWDRi4O-`bf>#^NK{C`p?|;ag>$ zJvx?X@g2l@6s~`y&v*Im;XDf0JJNNqonz!`V7tc1mEQ@{$W_3JQNe4V;lh;~Ir4`P z3)7!9Lbw7WK|bxm^x^CLsm8(-HGN33Fr{-GO|)#XCnLq>%*ja9jXxP#n9@5Y4}K7{ z;I%WSFW`@dHIrRx9TzpsqEG4*#Y)!7m8LFExIVz?euH&1*2H$VML(TWeERalr-b@#Mu zI_hSLR=g0c!oswwr>DLA>gQe(t?DmYg@tLwOHbRms(FHF#cR*P^k9LJ^yi0P(Jm#t@{(n*dA7e zU0qxp;2eIUVr{HD7Vm83@OmbELudCbV$XRYzb&zL7f1U}$j*+=Xcp0r=yv9yJlzBsk6)=dFi+PlRvOEL z`BN405FP^ULwRU|=F{i{6LjUqXs^$G<<9Nf*)%#YIAiJ*0uOnr%1oN%Xo!fC^J8tqEd7=DZAL+87_RN?tv?fCwj6b0T8uQ3L%wpy)kKKeAEtZe^pwmGJ=yJfJhn9xkJd-*ROvRQu$WU#o ze9sNFt($oAjp4;xqMsUO<@8cFwg$yYfjU>`dL--1_OeLHnw&|~}*?>K1tStQ;6rr_rf zz?BkD^2%K6pz>fZJSD!!U52alBoBITaPRAJ*)LCBh0C6KN@FSe=BX~+GTcMBvv3dN zD&CiHmCpUn{SNMI{B0d?p`O#&W7o-b^&4UWletDTmDA;gYX98xALzf7&fhP<)tIE*`mb<&=d$^=+bTXfI$MT4FLWR1fib2WaIsl9p$ti01q|j?Ud1Uf1I4 z@|5!Y5H5U9&B2AwDas=mae3NfYEy%5^0~<5bCPhnhM9xnn7NZ&+R@0!Cfp8CZSZyQ zA@FJNMQ}7iq1r$9{KsJ9|9p+ ze_q;+x^K5D2GLOTX#HSgEFE4tL}%jV3gqU_5&XD&Tpb&bjCnxk6pzQ>1g(uF&F3rGA%jinw`flb2<0*s2wv}!S*dRp)=njkrbYk)Ol%r7XpL_n} zIhUtwejX-~XBBz!pNlU0dOPE>EwNkn#uAoGb=_@S*_er46T7vpRW~UO?;t&uxsk8C zZ==*d!=WGlb3YUG4M~o2>-6f6`Tz|Xr9dFOEV6^1EZ5D zLrUWoG%0C5>8dhZ^j2yXE@Oz%RT{r^pGe^vFEoxxZ)zNC!qxb)5ts2Lr8_{hF}m$$ zblJ5=pG`J5lf1rPjh<6#{=K1K?Vo%8L$W1ac$rf(X#5k*ql^U0)|;Z-x|2njH6E`q zWfnizfmT)`8UqceFQU5*Xxva53vtC~(l&f#Y;|eXklyNaddl0jc_b|h647!{P~*~D zoQ_{*?xam5OzUs~Xi{Hk=8{VW)9)l884BxnHI;OwWX{W$ zm6TV15}J+W27CE6AD| zhrK@AY045YXJL3WvglprcQG`4H}mmJRk{TZ+_o@arxL5;t2LDu$W)u%C* zd4aj7%^FhcMYD2MU#$YG!9`#V$XGq>yVjZyG6zea`MQ|rIiUKC`c}Vth%n3V!(9>T z-(AEx2WDyPP`L%lV}~99`r`q;!^@P$1&t-*Av{fqSDFu&;i3b~J_9^vY-x7={$j$f z051dQ8b9fj9pG}8r+6s{uZN{elqYRu^3+^XdD2!UPueTRtAS6bp#ksOx6EJJLj;O{ z6k&N9d=bpD#QEH{&&+)ci*hKh3$Va-aXXO$9=mUOV#fat!&Vp zxC#r?$}a6`=e_k!V}q2A*)kS(d zTo;91yHnravV4*{4u|Jk4{4qq#(Z;E-~WHG;P(0I|Ki1|z*zquJ@)_KRR8CratXB+?Ua>i}Tt4n2#47 zyeB}>`tb06&tUuir;q*L@{OtwYX7f?=07|yhG75qwEeX4Fzo-?ZS42B^V$DddlfJD zayWqf|GTuGr&BrAu9?1LWO1>#MJt>nbHk0SR^jjKnTemar|{%B69_mQywTe&Kj~b56LG>&empw=D z<8D6t|8n>>myTdq>21sX*#AA9A2->L3zt2uW3`6Mw|1jwnX`>#SQN44RGTTzK=%KS zK(o}B)0^GH)_Bq$PM%x***Garz}s&1jIE=1v(K~O_W$g<`!-tb7PM~rQpM0WIE#CH zIeZ(PlKnqBFO37oz|q+Mb=FFI%U<8h9%bb+qA}ZmSXk+v=Qw>|j;p=kxkm5HcAuSw zm92MY|F^PIIQzeC^Y_O7uQBj4*AM-CX;r6o^WwJeRw<=$R6zHnAk@0>Oa4C zm-xpN&M#^sch$(ws`@awOGKTCs8O$$ZLmLyV z{eLv{{~dIIBzPxyFBrD#S=p;MvNxHpPfzBgfgdOCho#RzFFD*IW&_fBUpG$}JCQFn z$w6Gn*zLF)gAd~+`TIQYvI|QdHAna@-erUR0xn}r@FkL99uwS!y8-tr_;14fDy}^X zA)9C^SOv}|#Gh%qi1$U{a`1w5dDWli7(EsV+6;Ae-(xTRD>vXzN~u;{l}qO)N`h+) z^-2DsQ_VdqdCbpL%IW`IP>I%u54Ptw+$i4Z zr#h>w(zmLktzTweKythT6!2{9`X$JX-ye!y-f$d^FVfeolpKF zG8T(9Myr0H(~sF_lobvSa>LX6KwiIQ;`43)@LYnpqETL9n!)UUuY}5nI?9SWkp1sp zT|DK9TF4u(Kl|TXp}6Wl;qne<|0^Q) zz)jXMf0+vuZ*=tyLO000Nme!;rJ*yhisxzj%mvbS0lV8fckPXvPr^WdcIJ#|#rkWr z-?{#~N;c>p{mQOnASXO6yNa(m z=7d*jU%VQBFWZ^$zOt<}#NIFs2Uojx@=+YTjh%Klb0V6ik8bqsIYWg8)Q>$d))xCd zO?#&A%!k|aIp|-6A!GeNzy1IH)c++H>HD#?dlAT(rFp#>1N}IA%*hh#h%_`n^MKQ5 zVcTFCw0DA{_2IscFgCe9m^;6&GJRlZC5j`Z;F>@0q#g z3H)szi=_LWDt%lL0P;0uneWP?b)TOLYYxo%FI9%iS|&9Q7aemuyw-2Zm^*>BxSM&` znoe_8t>r$3%buQ@yE4}`cLi4l!5vTHuewEOSGnVG*ASkm%OWUzJ!VpmYp@oq0Gq(I zyz8FeVsHtlQd&@a@x2nXZ5%P}tx)OOayO>zKc1 z)5q0LCTM{1e1X_HhL^fCqIjOx&q3%<1J*wi9s~()9mcw^ ziSCJI&e(**_a?{=?*-zRf(>FIdN|2`MK*U|sl#jhev;VT^den+?2`G3Q? zSGaVZgkhqe<;LU5E?(5d`=U$#i!Oc93JFfH|Bv!4kdF0$9xPtWLPNCu?f?1kK7Bsl zom~dA;r2DjXn*?vJ4^xXogQEICd$4gQ}(?3e?HvLPYSvJC*FA(mn>U84QKy*f)JHUP5`fj_QFWcsiV0Z^KYeBKs>rlM=)j?{bobar5 zl=MhWc(q?gX)QU8z$d_Kpp*VnzP@cT@icc#Y~Rk^zunDIKFetD|B2T_(?NEQOWLM= zu5mWYHtH`pY#s9#uj23Vq;dqiV#)1WF@GeRWAQ!Lp*^>9OPSBwgg-$EnOPH4(MlpK zEgxU}Q~kky`KKb}gs1uE`H%@`t`z$EB~eY@%@8agp^x+aEEsOPa9rtl<>%-4elN`x zjt~yg0`+4Lcoq9TZDiV&d~4^f?y>&=!Rr6|Q1jL9yGh7&NcS**cJpI* ze8u#Mq08eV=P+NCTpJzhZOoh0xd6$Z2fT`FAml$kXqt@1lU5S1?@V?$(KP+117$S> zV#W3JeoP`LZ~sxa>Xj3o)~Wt{VkSHY;`XByroKZPPwak#uWP;28;wSD+TUtb)dYAI z{}*4^=J@_K++k02QTu)aCr>H2zolL=RSGxubM-oDv&_G8Gz z38tE98=KzPhbaEBuXE@O`8w+M9M}ep5BK%MJ6u1r*Qz;>9|JSt?|vW2x0~NDP?@z~ z;0j>o$n2>Ym>XEz%O$u>Ewu||?rYD(E#X&v?Y>Hdah0CpDIKLJy)TeTR$Tc`w396)TN<)A?;ykpGR{$?GGt$y|eFZ_K9ZWYM*EhE@exx$7I5* zaaZuJ-5}cQ_I0@RysyV?z`Y7r>9jcaM%+gHZ^B)J+m1^a$zS_L3wTq#RZ7{Rs=@Qv zA*(U(7cj!lgj%lrJ&1lP990_P-CLlYJ4MoSGS%ZX7hxm$iFeEu51fy?nfEeWm9rdo z3-7d-ek1vS_VhlA+l0%WnXx5{PHRv0&dj${m@gery{J>F2X{MeFRtj~xKZ8{xI3Zy zG;WOd&*1Lj{dU|=-fjK6s0XuuKy{kVFE&r76w}R(W${D2*a~)-XVF=|grT2`lzSc= zBFyT#NLpu>;I~hafIZ|X9x!cBN#Clh=ipL)BLkHG_F23qc~{$i0y(R~{UrY41@%B~ zb$&~sejl)Zo4?gVqsQiN^~!JF=KnQ#t9DxV#@sR-1NlE`$-L42szF8eSNek`)%8p3 ztC!Ksfp^|9j`_Xj@VoUrKWLPa0bV3i<@>q+$e(W!VScXo$BF>3ubPHBboboxHjNmx-+@Rn6mVAdx_DQ8lqCQRRy|JrJFeOn%3jk;PP)?NilplV|AHN$fHp~~Ecm5VSjo#YTx269Sw_#M zF2F^v9@IEanVqhj%bVAgvYA|J#(OVgx-%`1j3s$K0?tFgWFPn}e*Z>Um9N@e{D;o* ziapyr_lMhvTMD5J#c#W~{{C<{?r_czD1YDor>GMFN$Z%u@SwQLtAjI%b9hnL5t0P6DqK0Ymogdmn`N}EZ!_ewpzv8HTJZ8lWuZyJbUW1^F zc=tf}s*9&QB|G6feZ27bq0_bhQ*;CQ>^aiKVI108*y>^F4aN2ALi14}a$-%AhEo~@1bAAB+oAU#!adm#64!0Gz9#>;$ zBj*Pm!&Tk17L)sH+zo_h>Y^D=cq}~i^8>bx^PeAJ{@CyNfrpS00dvFPeiYe{z!RYM zAj-g6(A(Eacor*T&Q;&n`+CxlyOBR~y?yRq-JI9k@9rX9h5yRYEpzFNcXYQn*W3NP z9nkB)|LVg3&dIyC_epk?uDA1fyWm`xpSSyc!_i&g@*l3f?@?FZ3tW0)q3@$1S;yA` zovrxGE{?bV4QHOI)bh>In(?>kXYLBYsi1#K?E;?Olhan;cDROWun3yL#O}je%l=UEQC1D`_ zptsD6DTAfR{Tm@mBOj&+xuGsBk9S|MelmFnxUgj5uPVvt1@M;?OQb8DyuRe}h~X*! zXP}Y$dH25Ag@4n%f5*w~qfXAJJJ+uZ*Sq-M&iykN?;l;fe|Pkoo$K}gX4l{Da^+j> z+?QN>k2*K%T%C8~|5*R`{BZ4*+y9?&{y%p7KkVN3x_F;=axmAu?{##Yjt(BLR{tmy zv!My~pGcW#yqMc?vnPdj|3DgHQ2cQc{=VrOG868z&50XMN6-0!mFx$(|Eu~r(4VR? zWMw(T{*^Vd8HdYpD?zQ7*MZXSJHSKW5%BBa{osS3<})Y2S{k7d)cLa(umenjDezA4 zYv8@$1E7AlL~G6Gz!$)m!8bvTEn2_M0Ox@<;A&9cKHmnmfxV#4WPJ{N8hjqq{Qo4V zP5DV+DOe8bn<`g=ozX5`Q)o%VTU!$5sCmNt2C6(OTJ>|M?n_1b!LxyX5{&Hw^BGJ^ z8@#xRO?coL#9LccEUPrc1-B5$5w&1GS&RPHxD3GtHFEtqMLiq$dg6TucMI>@^1mB8 zb-feBS5tfyWN6fM)JS&`{>no@k2X+uSGDdo&QC8Tp6}?saGQ!YUz>XR8gy(}Uiiw7JF}S?iz2=bRa&>&{y2j=M9e{^ zfe&H%Hna4uK8#IXuOCmRlYJn{$Ft!s9{jKNV+Ui6&42L2fj+Gw6UU{6EMMZ%(ixXX ze}`Z~vSaC7eE2rs#n+jUNHD;`l296!)}^r|(^fi{A>QY;m^Rf=$XMJx91}LMHdT7|L1o#cQr7W4Ls*iWl&kaY*Agqq6Qy- z;JnL%B3Jffrf>6mUG;x5&&SQ5xBJCDeyY;^guQzW7B6k6Y^trcyPbp8`TSs-Dhg=* zqsJqE`Q#w^X6*i1!)tS#8=`zmxMoRxU0uTv^Z#&=Le>RGLFIqX9dDHCT`)+!9m{>i zYa6Q9EU9m7vT+CI_pIPHOJ;1Z%C~m>a;--U43clCWA^!d>Y!n9bzS9<+x_D7UAsf% zta3~ov>fJFyo2ics`_QMm1qqM1J`$Y@SqeD&;`Gh&;5hSms;2H*8R$P&`{sh*wDCW zXtH%t@PNtDuCJBnYj6JTAhOjr&x$Kowr=0v*qP|o`2MWx63Z4<*VR^5O1)h1 z-z#KZF<>?y+_QHSCV!>_eL!Jr!Hzy5mS5k)|8PHHHAGh2Tu_=i@3tj3fOm!IY*|}B zVX`GAU6^P+=vg))lR(BX!6u9`*DIggc={fd#$SO`@8(%_xJ+zSJ*!jcCMpls*nbS={u^IJD=Pz*#V}zFgGnQZ;Gey zsD8Jfcqa(6TV{5n%#oS;>6@Sx{lwFq@S9xNL>~!P`RR_f|29HynC>+DcE}CW_pWBT zw6w|QL22rHQrKq=F3mbKBn?d_f2ExGF4?EmI^nx7zV@ftnRk~3GWXiXF- z3$MysvZkbkOFvVEd{fWD<&&;Q_7rmjG8kwsS-9-Xl(BHh<(Z`wUWEKa#I;4?N}my; z>^as*OFcd<7CM`6fro2YCC{w_la|6xu&}0HiQ2OydZuf3{&m z{QH%Ps>pYKP@~Uo1Xs*!d}%{!d(%UI|9>~W-X4GDYR24!d~0d<`tJ6gU|}~O5=aCK zv4kz`Fu!lJvy1z;)}y_%E0$Q;)>onKatbw(V>=tbpw{XSz_&!h9|%j@g|K*H$}lon zw!4LiFT@CEx6AA?yhoXJcJDFsZ*ymOPqaI_D;6K&`Xz7eOeSOT5v^cHw7X3|G1KDP z&UuVT)zX>SmU~aKa!ee_ywuZN`f!mSO5Hyq+}oS%>`IJC%IS9LjmLVUe7B1VWmdb$ zUoy5YInp_gLi_(b^uFw0@1W~zai8VXfm{PDM09Rq8!xAVN^=7Xfo-IjWYC&I8akJ8 z59=)rGI_vQQ{wIl32K@ru+lcE2vr@vf9?}|aJGcXcTzC1*+D7HN0o3_b z?(YRH;EkZxAzCY+50-)#fLhaN9i=?9KGFJBYoHk*OC__nz_P@wKx7w(73PaqI&h&n zT>)yHsdZW>{e85|;o zMr1`t5P(XCDLLok_fellvjYu}CVLMFC(NK(JAV#8AO&f_6hoXWwUWOu~^S7}= zYJhJk5)T*vq|4z|lwdv=14ds!MHwj>jo7r0svr+9QlAC6&>LI%jFN~--51vOu4X`dl!n79&zb*P&-Xccko146M-cm8+T#YZ4&tWmLDDmN-g2@05ljQIGYY1r z(Z8DTMkE(Sw<5W_XHjL?E_gr(^oIcAH`ZR5F~|1@AUf^)W|-Ox+s<@6@kl&1p->V+ zg7HLd3@xPey9guf5Yvose4b%MNRSb^&0&NcZ<=x5Z$^X!8Iju@M($Zgk>8962{Ix# zlo4$e0ywl$pwYIQ9j3Ur6JV3Z!qEzeKL%D5AY&FBQ#K-WbYPk7127BhQvqPByQ{sh zfDCjC5O#F1Sq1Mwus^u-!Kwn6Y(a8$ z!-jL{b>xd_VH^#FL>Z2)H^+k!#MwY*(SSQSG?Js~YU@di(bd$~Bx!4pvJL>CBIIae z=^4BJeF8s6qGzw>PQ#IX?Iy2t*~+>#U+$>iEGcL=(%s3wbxF;chqxEH*vE}I(lyH0 zP6*+eWa#v-E`=`iJr6ZRPhjM01lpB}ME+#a9i7)S<>mS1YtM}~{Hj0cdpvUWhBc1& z`z2W;#^Xop-)jDvypmXd&i8)5fS{n`>eu8>;loFtt7ETjRk-0(!WSw*5>c|nzi?kA zLCPZVDh{~c^~_n>WF&#f$SPO2gBjQbOZS{6*ydQ{nMb|bD3IUw>H&&s_CJ}tD%6kE z)$QJNzqVv;R{!SgbgkBk4Z$S`#$UbataKTy{pl&(uYPL$QODE5XBXEza(5gSFz9S5 zxp{9SF!4uF`#Duo1iRotfY&^_V$kEQGV$ii_N|wR%0Hs{#QIjx#bJArl&Xyd4cjM1& z#$9plb9@Th7MLq+SzZveO>^BPrK#s;9}e8UuJ!In#v*?k!RKFN;-mKQl%JX0^HS?j zgYW40=%oBp@$jK{MsI@8a&A&A+I&mb9r~c9b@+bxxz4-XylZ#qEgGXh@08kr_xt*{Z`WG3=P4wrNZbxfO!%2Es!Q%)_v1!l z_8Re}meZXd-W%kJ;aPAZp}cuQ?`_4pJtl9O7PN-FEZkwcJT8jseeac>kp;Vox|H&H zPn;HTHF`X}HF@KQEOpBzK~B%j;?MWk#cRb!7SuUt-dpYODmh%>@xO zKKgRsX3si>^srl-#Pc?fYq}k}rr3ZV`|)gKW&efJ%<%KC1zS^O>uRSg7B|1EET^gJ zAKZNDigVzO7q3f+efIv?#Pd4dIfkV8z49aPGhZKNO+5CDGxr!xQ?QD9_G;zrJ+93J zzMQ0AhRcgxzDTPZMrcgw2@5t}+vd8@LE5!c>Jy)!qs%vf@?W>C54JVGZ3(@UXeYXT z&$|y91m^SB^-hm}aP{|g=V~fXCUxG}7*sh6Eb@~S$m^IW7Ym%G#X z1AllE)fLGhiI%upF~P?3u?atNrB&bm+MH`(_9HVx7CW$d$iHIC;#AWg2ef`9?-DG& zcy~(j*8n-HTIldc;2)G1J9&z+U&7}__V%cQ4SqfMN{)@Xx1Tf3OfJ8wQ)ZNTYE@8D zV$^fK-tpF+kXOHc?m5s^Bwyjt6wvYc#W}VfCFgXtMc|u}>#G-=O(kR%o1IBLVPWFU zrH;$yiCg>_P0M(s|*@B*l>7qD`~bu^PlctZ56zkXZsoIy%e%Z?QRE-)-`Qa*Yg6UpP;osGN4A-)=87EE}-CgH>JInE@ z)MS~bTW%}9DYiv0AD5Pzycs#-5yCa=R{3cXj~( zowAEFG0B-`?n|3?j4U^)=ME{9eK6`i?uI2z`OWY1Zd?9K?#D!bBPa4s1&91ViTp^% z+=_qGg>Pl})ZB7n`XuQqsX#FDn~VJRwN%BdETIt3zJ>9T-}s+tmW9$znSM|XYBarm zTa|B56?fBBtGA3B0){-47)IuoM{Z|}wMS3!9B^NH{zOAUykx|~_*Uyk(Nv{@yNeE` zo&BkJB>ts^Aqk(r(|Ee*kpZk6NYm9)7xhX#L-K!++`Ql1U*UA=`}#b=T$}uacjZIZ z46jqF%%QO1D$fe{b4rdy^ zd|qEevUSRNhf7kdrf$DtP%3OPi9G=wKV@8G zCbOh6NxXjAee=7hhwoHV0>k`2I1J@W5b*4cx8f~@B*Hqr;rAHqvs{cDNWAoIOEIAe z=_>AijW|~^MQ-Y|JGWB^>S7zY4w3R*6+fQxyJ(|0()&F+g#b#=1|K0e$cE;1?Hd2J z{XtdEIC0_2t98#}LppQ($j#j8S|n350|i_gE{)4L-)wnIi#>Hqx7%y=Q#JlSdSqf~s#Fd_Km25i)~ z61yXx9{MH|JOcxbE+jopvrSe%B%WO+u9&xgd3fH_oC!H4%b(0jOlj`CR`;mU5{c|V!2`rayU@A{Mqyx&8zVyt{~F8Fm=R%v&(LHmS3dDVB) zI)}Kl(>shW2dP;t_vfv2pj7)TI%8yiW|PXpE|*6|ezy0UM}Ll4AM42swn>PNT;3ZM zR1o7I7+(Ue7Hz*;mQty8=uoXo#W`L+eiCcd`Nbt%Hg;Ol8@B}GH1Q^H4DBNEUTIiN zqa0EG1t#Fhd?9twz?(liUH5K&yWzPVNoZ1A`S^q>Ut;c$3(N1_I=IGOuI%QDZJCON z{N08EgFC8x+(h~o?XudDLmFF;8IjlRTfFqNU0e$JrJ0pe4t51D{=58MXT`xd{0H7; z*BTS@mGfxr`_^@=COwrLa~Y4IyaBZ8?#s-F;pXO-y9{LDUg0Ci*QOSm#AU)H8XGNM1t~`!c^+~ z{NM*`Pl_JR{G@<;RA6fM_4SdDQAwsRYq`!pI-5n%qA(XI8a9EaKZiZ5MK+BcZyBhg zBzE6-Q(K+$>5G}6nGslj$M}K0o@=>Cx7?$&rBL5z z$yw`H>AMzIv^Z@4blLFmXQNJ=`1fkfXW1HA1i3v*8zywh3rZqU?7D1Q9U&b*ecm-02cE)FW`8|cO57>=jLo_zmp z&Fi8f!CYtY7iJ0$geR{(lxe#P30|JDLtz5KKnD_UYo%RhISEDXH1vg`K2$DYh*$B*_1I(ZxCPwk@P_4xKqJ&JRwG3V69 z8&pWjf0w}Ux~()`)utAUXeR*hM|W##CDorz_()Sj)w zI|z@K8y<3~T~X3de?9*^@AEQZ*JYt^Zs+d5kf9`PHdPU{kdF8jp%k&U@cA?0QSn^` zo?SWT3bM{t3k~T@<*q+*J9^omUr1)7dd0RQ-DPsQ_&wdfp0;%M)vOR+qSdh4QqjLe zx$kP#?qh3Z7sLmZwpZMGeJZo4c)i2xZR-@yTa4)Z81$iR_ucd1(}kbW4go6bosu|ntoCVZtq+- z)Q819IuXRXt$6%V|8?%NJkEid7gv~hjbEOqs0%M76{@O6l@fWl21X9NUt)%By`?VU zc)i}tTb;-P)x^%OrQ$WKC_V>?i25-payVNA(@Oi`rSX z+22pS>K}bH9`ZTV@*1z!rlpm!uQ~@QmC5}r?(=!$ba|qLA1r=dP^Evd!;YeOBy#)5@QCS6P1o^CpI zJRLU?qSVL}F_3Z5lG?H0LO^D+Qc!DRuJ|#NRqUpvfz;N`10CgK&-4Y|q`{5GcCDF>TX-%sul>sP%>9{&MbW90 zq^y8#T#0$M#Bsx=-g*{Ku52pp7?l|^?G3QbSXCIkS`p_{)R5x6rBZNmJBRpX*CTJ| zdro0@FDM*}$|q57uheqx+ClUddA=g*PVPtVoD#_@p1nKoty1q?b74b;-TC?F1>P-p ze}>C<-nIVyo9=Rh#0%HPPrX=Yv~S6)8{R5ob-4=q8O00x8On`T3A5KQaho&!mG5`mP(ftDIjqTECw8 z*gELl2kE?ZYI<^6+$U0mj>?(7UL@U?#*y_oqE6)5!+Pztn<%=UTke7(n}TOistva{ z1$3`oy}2X5u$ZS@Z(zAycJmv-K3=}Gjn}z!@?K>Mt0pbHyKz}=;DD$&QzXJm=MMXlnU+ zzi#0Jeun(G!@~~R!UiRs2PN&d4lKdd2Ts1a{g_gAfT_zjuqySOX8&-FN{HF%qY1^2 z&!~hHS2A^v#>zQ-$*JX%0tE$|jeL{R9!jZf{-(Eaxgj%$+twn6H~XfshsBUTO;Alh z>72%pPVEBw1%-rQyViCk2)@BnwY7{GM?R|I_q3T-qrY$^QukKv7qwx6g_$;?O2aZ0}duyVxTY<7lb(wjt*sAQK$EP}8oa>zd!c zR7qZfv$|FIS;bc%b8n&4Ez2ue(yQJ0jVCra?`uvf45`A?jm0ER^gfhS$j$uZwe8@J z_^g*(cs|QVC2#Vskn9QHN+89`3TO}3mWbuuWXkn0=h=$40%N|dUt6zisk6ColBe$I z@x%SX+Quu7Z7)*W*<@4k_3((@1**u^6hGFpZ-T};tcU%C_S_Z5mG5uPUyKzU)8y50 z?BUK94ZoL5PA3@eSK>{mlv>er)w!Z3&Pwpg-97q^Ir65fdF7Vo>Ob;e0-?42x!cnX)Sp?V6RG(5-w+MZ!6=qyrZR~T=m2$TW_3w@dRiQRcItk1|&l*{^uN*Chz>9E?+?{b5?U4ws0PK z=wPXR!|D@_q_Z$1?OMb&olWIEG2)8UlTV5*yzI~G98(n)({$M%J*3Ykv-I?ZOz$km zVF#hUy-z58HH*F2T001P4-B>JDPD7)I24l*G5Ssc=Ow7N#q`O8=SGyn47*hW3wep^ zdTWEcpIi|tc6Q7$v5ncuC9RsBvs&k@{No)mYTeP^SMxSs9PlY#TU!;hT)Si##`O8&?EE1#uyb6BP)6P~VwRV=^5%k)@8F9p zeI-R#U={OPrL4_G9iZMv^F6{df3!+)D}Ploac{0=J^q(_jnw27UXK9Tq+!-|)vZlM zpJbZKD9#rm%@#cguj}7EzlQO(=w68W6Mxd${Ck`76)Zn3y1wS4p_;$SW8)M;$cgs0 zfVcZptDOQFQ?>4RD&8mVWlF=9)AHHYG6vF3)r@m2_mGxL`{rNAODWcwJuEH0S|sY9 z;dxfR;_t^ru}_Y>UnD%L(sOH#O@sT8ru9#7RRixIBKtPyl9Zduv%Q0VBo z>#CG@R$Z^6BuEC_VLi+&LVbR1+ydL2+ey9pCI7F8;ZvoLFB9Y*3nz%Ic7ibGyPRyx zO41EG?e`0u@YE$m2HVOrYw*q{8LOHeZatDqRi)6e-FFU1kYWyozVOZ>$TrrpRcv$i zh4dQjQTX4AIpe=%8y0Lo-q?6mdN14rtL;-zZpVK6Yy>AlXXd6)sWLBiHLGN=l%h6Y zv<@O^H8gC)+7&biU?xO>Pr)wNx^UdN;zzm&2+&#(OUy7fMfL-Q-o zm-T08g|c1Oa>}~dxP65=CB?l9h@tHz5^qi3WxEQ}d6aB(Kf!QAUTp3~`U};Rjk0<%Y~JTjesXwEKHBeE zFEZG9HsMii;B`ltA9oE-_WMr6-#>e%Hd~J8QuI@vqOtF5M*UtoMftn6_ZP(%HM}B3 zJT7%Hx$ypTQ#W@0*vkg9P?Nl9yS}HFUYp+biz?jz^YTV@AAiC{r`C(K5uV;vVyUlJ<)fv8OQ%>I}RM&U?&ga?Bi*#s{AWrB| zj29=~|8Qz7H*ccGq1NZjWaTsK!;CXJmkbmdQwfUX5B-dQa~Id=@Ra!q%j{nLq$2Z; z&E24n=Wlz)oqOQ^K`VxqX<*ls6zKC+uETIpKgG`Z-mZQ39=`kxs*XKcTxILp=OiuY z)I6+QrJ?aYf1rgoe{EuIK!dWcpg692#jTN*)>Pf(!pt|hTZUE6#|$*l+SD|=e=KmW z?@K1sUN`y?>~=%>~CIBA>Ge4oM$wfZ$3BmI$%rK*umH^ufW zSwUg#3F#hB9kYsZmnkmd*L2>t&iCnIjF9xwTV28xrkQ(BE8VyD8IZYs<93-(j>J{n zZ|7R__ou$#Gf!yBQIavH8q(gLHVllcxU;T1FuUl|nd>Q1RVG#a8Ipm6dpdbs^$zRz zor)MG9w|9#(WYneA(Qu5rpak%|IH2_DQ$0;Ma`$$<+$GK_0zh1B3D1rrGCM1Oi-*S zdu7G0R@VcS+mv7RyInb4U)gviiKk|DIQuHw}vH3miW00b7M-j=3?xpzcuf8-2;hk%h{> z{!f3z78f+vitBC|Tp2OtqWap_V970^ef7t}JQkg=HnfYl*V}h~-O1!j0TK1hmHpd4 zkV(w#w{L&=#x*|vSY^XO@{#nk!soKPdoOj`6n@*9qt>f0dM3>y+y|K6d4!Adk}xyb zYuDk5mtE~6Q1t|VIH2+=d%<-x&xD-huj8^)Jb5)+@2m@(_uRpMJ7{ISx)v>?Ll$)L zk8xmUJJjJHzm@HiN(wL!eYTk-?RQk2*k_`)!r8o{-`>*=Yy!>r=`YEFMwB!fY`53Cf%CtMt$w`~mdEqFX zAE*!71X2^M-`?bkl9SruyM^ww$!w-3ir=gc+56z2h9BQot{0TAokxA@ZDY1b_-;$RC%aK5-+2Gy z0Ouxd^+gf;=Zh^d$n5mYArGwao7S+)mb4>_gn@3ANbYh zarf{e9&qp^>+QoeXYPruv#3g!8nK$*d!cFwAvU_g4m7CRjs-gI`Z)l{!j^Tp&AN0$r)S|~XtgW#T3J*Q8XjhhUn7~+y zcenmvlDhw{RUWz7Z^u~AqN#%VGB?jwTw@E5yiD6H9Hf25CTINlt?L%fp^9}^HYKkm z-jbER8J*X!R)6m2lhZXO?B!)$Ck}ho`U?KIwEILR>5$5i-s*V~m+w2omQ{T`l2vHX zpkBxRB+NSbyy8iG&t=I8qbY;T?va&(KPPTDHs8C3={-~?yhN<(KxN(5bH}V(?Mw+C z4!5ssdQjzg=^VQN-}s$=4ISlnF;oQ%Ng@5Q-q6c1vo$XkJ$+31Q8Mnw-BKcT)+w(E zm&GjG;a4i*As)Dpv-Pb#`+3dTU4Ar|shwqgYgrL5>xM|Zo^~2_5sukfF7I}zeTk9# zF%C*R_CKi5?T_S**4cSTdduWxdtyfjx7*pfOJq+4)u-z5-Rs!7)>c!Ia*1ZWsr}`r z%UelnuM7IzTlEyTz&B`k_?=F|$+4|MVLTt7fTuw$x#)$#lD` z#-&7(ZF{2sVW|fxd$6wMV@Xr5OzYk~zud8RBV~EdHENj8TP>ZV<)?D|U4F=!Y z%cgcMeIB_|O?;S4+j)wUvpi^(+lnUB{U20SeAE4x54i}HO2yKD#GZLW{#04r&meU0WQxZdHh-?$f7xF1tY@Ct z{q)EC9xw4xNO$SsZoTs89;+zr!df?%A8o3Kjqq2^U#!{t-r{Oy!*g|k@kl*)HLX5w zr9~ah$sT>dhK~;W8$A^_f0Rk^`*m_nzMXQKx?5Xw1vjPdgz&;toh1^Q+m;{HsJ~2PYo;XH_<|9IGMn{*)duf2UA%fNV#VFZ-&;lwT3s z@iMP)_onl2-3-oteGn+pM@SvF*!=jbx!XzSRf4B_u4{}L*=szse*Z%67gKV3rM*#* z_NQwbAKD6SzJ5}+{f4vURhf4*{i&-1E@VaD^z4&2^bTD4DrvO(tG$rxUjG;Lwo=n~ zGCZV*qw*`h^u+vF9hN-E%wjBEw|S?=u4kcj*@V{6B7)wlUDfv=mw)#TP}`}HG%(sV z=6R$hjcK0uWoc=4@P?jipRClbxE9<6^~@NuIp(#lfkt}yYL9HKz192Udit`i^44i= zVnw7c*nWHA@q>0|i@t?4=5)!{!BGTvHG{x+PxM>xdVb87AI7goH({U2i*~gRl^n1L z#~&?y`A|3O%VgzQY>J12v|RuB*d@ZEYvVdPO-pxjPxZAZYXAIUYNuJby{;tBsVM5| z%@3;-x4w>!G97jBViMbqRSx%TQa|LjD7|_&v$DJQ8Y_0g)Ar$rXC#ySEw>eJEp@Pe zOyZ&BRy~^#*ZchC;GKNx-oiW12Y-0m!zpCpnfy_BID`!v-U*MZs8XYgHjF%}+q0Wz zoq~R{#nrAm{$#0T@PBa!uJ?91XAxE~)2eC|lsVqMMUHqXe^sZxSJM`e@D;kM6!k{Q zi#M_gJIN8D%Cn(3x@@9a7Dyz58A8RGFp2P4^z$Um17bEUd6m zs=Gl}ziITy=X!n5HEZOUUbfB_nalJ(4!5l}K3`B!;IV%FqJ7H~_qz^Cc#Q4x$6tPu zdpv0LphrPg^VqEdEe~5;p8GvL-R~ctGjTqcS+l(`Jsr1HQ}alByYsS*U)2Ytr92#? z%=PbVN-yoZA@$`E<7ll>o`68MilSob>C>lG3=IqJ>@$Je(>tlg*`bkhA0VFW8;73%o!e%t*!0C;JuH#UD{L356+uf(qG>& zzEP4|xs&D~^c?>J9nwuiS$55d&oB(baIKkfpm`t> z&*n?A2)7z1Q~m<$Ve_mIcWV9k}vQ8p-?o3v;(eiSEAjlNEe=5IEYp+EiHuq#$W{ zG2s)mBlQiMbTTWLX2pplZWJKGYeQ%tCuA8BK2FGtH9;v6kRdd38Bu?h5JC$L4&f{# z8vJGnqBF>lK&J(9re!D$Rv?X~F{^A=a)!+2#L;QXh-?NuH1KcyR0f^FT1Hf~L9gj7 zw}$y)?ax^F8cV*b2!I4PA35t%SB2gf!%vRVHR!VhFCFeQ=iqEpK zeP>gMz&cn4Qgh@A4I-+@&t}fmgk-X4oM=|$bn8KI*jA7maw(}OC?Ym`LhmW4YQ~W1 zzirY)JgPdUj9Feg1}g&cvZE;xp&S*+fhbCVRfaE3csN;MX5NSpg0YR!)6~|~)z&2; z4~fHfCg>0v!DoIIHv@1O-ih!5b43phD>O0~KHUpI6MP`~A$(X_akU31fp15^C!T?# z{c1-Wc&~)GAAI6n(TdKXAk6TBC}xfHL4JPt06O@wSQmLo0yZZAA2~*z%}1WS2T%;v z19<^_s2acrx6yYj5Pa?zk%Q)-@Ax2Ta73I4@Wr`67yuy-RN~42a!uEKI+mh936Nm) z5DWu-X+MK;fnvx zpxAaoJ$4&>R{iR<9MHgMLrh2>z-tc(z$}NB2h3nm5W@j&h3UL>i1C7VD7GE!$JoId zDJf0o9fx@WKxihw)uxVfj9K%XOcpAF^$OEM2mf#w82ZVR9MG!uM@Duoe z-4DJ)2{JGS1fJtCy_DxPgjzgBKozBb2c|q%AjOiW3E(lqJkP;=%rWd6DEkveNC@(L z2l5z4+%G`FAXbqu9GoJ?7?Xxm#e4@Dymk=o;JpGQP|ojQH}6`ECP)RQT$&&o!~jjO z5$M9SF1QHkY_Jrj#nH4ZxDP3cC{#nCAYeg?33v>lHA?Y7p)dFXDdAutmnGNV@&T7`jufn0Mh5=5|b2pCX+Vt?nVLTPjP zmH;u7WiHJC82v%Rz|j@C=JH{H0*X$LKx8x@fH9Odmv0H!#xs+NT3rH%{G)LAM+#|$ zX(D`01xbH_>6JhnNt(Ja0;B0PbKnsg!KBkX7}QWQ-4afMnl3R^J|>nkp-Ctjm?HLI#|sKrL+G8@ zFD}GS0Dh4QO;6rv-5h9iCalOR8eE&Q5Py15S)okMTmrJrWrxscbBSxnEVwEPW&>mm z0-zDAXlzC_3mT5-u!`nz5O4XjrriZrvqI4tL9<|*4#H`104`giX<(Kk1e!Ht3$lcP z^l5$WWKPJ8cQscqvdeB%gp;Q_h zSTiELLfN5|x%IV=4h{UX&>5HhnPC@7r~Q#RQ>;xWIXIHR=7dt&z=lSN4h|;&t*B`l z3={0T(3*c33yot!<*d2ZLIUdIRWv#|7EQ7LGHIrkh#btKgwjJfb6h^79qnnqJM3S= zv!&V7B55#;v^hRNy3fprfHu;ZL1NZk*tj)+_gpB6cDKI~kiI%QmZ1F>84B1)2SyT_ zRJ3a|nEtj=(PYGEv=k3&2rXi|pCes{!9p@-IwrJ+O6H*b(~}H48PaEA0?c>->2nU` z$Ur*U)e+2&#fX@pAXNsQj5*!h6ApF2G6)&3O#kZVvpv|H;_t5w?BMPuKnGZRD4CiY z`}=_lk&MW=2u3v9g$4}_w4u>y!O#JuS73CHaik6ifv!f!8(7wViuVeMt=zE|7U{6z%nq< znofoTDH}Kj0vIJYZTvagp);~$1oSIglMLIoKb;ZGU~4krc>S-_vZlxHDP~$glgj?L z`52k#r$fZn41@D9D-Kn!83wnZyvyJ|5$+U)*>Ly50-=Bj;O`IcvSFGEfR6{HL_iuH zz_tPykQNG8rF6JbjfQ+7aGmG^yx_`C7p6SsXkbG;46cczp&SeDlQf~!tV9@GPXc}p zq%vVHkmEoY3$Mv=;Lc~raqL$E3CfpI(z$pAl_kbKo98kMtgHV6cpkERB@VT;z z|DN|Z`NbTt0oI2DKS+zPhB_jlMbXfg2)+WsIQUZkf6w(djTpeq1VEY!H6fm70VJZU zpq@bJbFje`(m0TUv{pL2hodDRIMNb`u(ni8SsLs1Dt4-t(SB143pKrBXb zgVA+N=x>#vNGxTN_>mHO#htHmV^K)vN-Rpe<%L9!ucv4uk(^dj`UDV*_me zrzQL|I@6{6lM1Z=r+WV$D^%;eztaGIw%(qzy`4W2`T~hL5DtMp2!tOR^eYfV`aK0)8>mDa4flO zk@3D}*N+>=Vo7^NcmS+r0$Roam_RL9 z2<^ly6hR6=XhNu+GYAi?0W=KSEN_niGRO}U{N7`z&n$<{kaJQD@D!2won;fsX41)V z$VOBY{ZWJ8IYd1f43PZS*$*DEBJPD7ejxUHTR^;aj7ZecCg}j6iUCS`Izd#j9*Lr1 zsIOzFp=S_8(V!U8j5R36`azT+8kMSJ2-}Mg2Jn*L*)9CQQ&EVZdSL=NAq8L&vMu-I zl3K$eGhG>xwy{(i6WPyrhOihL;Loif*X-{UA*T%~@aq5ve+NeZR(aTXJgM5b#W29h zHTnI4aod|t^AH}JWq$Ag8`<=-{iy5^GK=YFPmT@>3XSypXJ!51Fa7*MM0f9g3`&?E zx>@-5d`)H`1(r1mZJE79LSTwGi~Zw{whr_s>U0)*k$VnDR` z&G~;5|9|%Yat;mv{1K(3zt?p7yb5-jKj;Xb1N?f!98oyj&0eD1dNAn)*NXlS+QRwT z1Fk>ZfGfluA+($R)h%!tJ2EwWmNnhKrqci{pHT!yZ}enuRxfh5fnN;NimV3h;Ov2{ za2(M&n}M<^p=WNMFc(<^uwnjRb2!QXsC4&*{+mEeETb?o$70V(G{S=YtD^#q5$p0UlVcEf`He~I_g!4J#p77WI~sbAGpE-7 zGoS0BKL5L}e|r9(em6p8EMdfvb!7x>5p?JwB5aMw+U2i^{ZkIQ<^RkpVEQ-Xh(`Zs Nn)iRL`v2Ag{|hEqelGw3 diff --git a/src/SimpleSocialAuth.Mvc4/bin/Debug/SimpleSocialAuth.Mvc4.pdb b/src/SimpleSocialAuth.Mvc4/bin/Debug/SimpleSocialAuth.Mvc4.pdb deleted file mode 100644 index f0139e685b1b71b1e8a358f5dbcd164f041d13c2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24064 zcmeHP3yhT26~6!OIxZ-W#T5}>11$1%c6M1l^y1{CcUc9{KlcXXLqW@Z&q zZ3eqF_-KNuO*BypLT%G3AuTn1K(kG#@fn{nHnoN}#;9pUtx-%6`hE8?|Nqa-!h*A{ zz#Kh$|9j85=Rfy#&bjyg!}4e(5l_b3Q~t*4#%a_1%R`I&^?_h;*wC>}Aps~6!a`CF ze3yAZKqbY$XFv~(8DWXm^syqGr9I#e9zFKcv$XBSW*<9t-t#rqY}&Dr8j)0rW5>#n zmZtHi2xoK;^QJ+>BAqq_gcla`6_?j zqj%q2(f)eH{;5J7E^pr7`b6y8FSp&b?CFmi-q@1(`NK3DgpT0{XSTia!g8_i%5jtK zd*OSNP*w`09q|Fj11A8hfad~-14jT^zZ^IOI23pu@O9%nftLU;1zrZc9OwsL0UQS`!tr|`-}sbf*r;PpVE#=mI) z2XBl9Q*xokzi9slbCd>8_R&K}5AlBQPq^n3O;@*cC*rr*kyNrJlI#p8x?2{9d)nKh zv6fJDLwA=Qibta1t_3}*&X!~%l2aI1ep{rjrLiZGuw$vlcr0aaN`>rXG8&HsB1s|I za^-hu`AI21DdmTa{OrQO2Fi~p`4J^Q>BujP`m0mXt|ZkhjJ7>STw%0ZlG@O|&4dhAW*#npSGia5e)n842|BCOVU$XLa%yB!zobR$8&vOav#mPu1yYu@W z{(TLe*}JWpW+OEa#)IK~{;Ba}$xB(SK+@d295utcW5LoYOO()=l0W`xZz~67xo8r#NXsy0oNK%r^9(r8gy@gmaMAduhiTrT{wI_@L1m@?5As;a390>H=j z1x}2Sz4_&AXqRO8-wg za5BJoKwH3eoUZ<#_SD!>H76`NKiCg$JBl$$vz<(77nv$MS|uimD>E|GxLI-xvt{6( zTFSs(b((kDxUYsR+Vhzndp->``Umn5+(b+M^vk ziEs-0SMZH;=1gE&G`0~%o-)LaJXOdkTivYv4L8KA!W}qW=qJWpenaC7t~0-!*3eZ? z@7#Fq}02HoBmt@hLNbh9lVC0`coug zv%LC`*X?uYLPTR-(U={Q;!zdf;P@-}ZZ{9d&aD4EWCGAG7{EJe-j&W->%Zv#UHcPs zEcel{m$b7o);In7P4@pB+ZIkN0N1+#%n_gRK`03!?6WyfPOwLleUKYtP-dTghw()$ z!`{KCd=xT)h;%Ne@($y>DU<%r%wM<9giVusDl8tkr@}r4es{9;muIv8|LD+B^us!K zUB(a4Mi3?gTY%j_+Vx$)eZW_M?*oqjE5SS+n6qDZ%?0cw<$AbU+r~<6E&+2?BL8AM zeETs+GZ!_A>>ljV;#fCejz{Bg1cWb z=NHCb(EgioStehg{5XmwP(O~nBo+O?jF(|cWIWDOlI%06)6M@!W09_&HoMJ42?IaZ z+O&ec&dlEiv)9#jo_inzBQS^Jm_Tw4&2=Wxjp0Nr8taftJP2ma$>^M!_gn;k-71lPVNZO$M(13WrLISy=NQywJ;O^~>38ssytF~YT^g7zJT9li0>(s|Nd3SfnPNmqDOYO}`>_pYtck{&JH-x)->_zc}W`(S= z;Nx()`8MD>E!<(tbC!YmV(&aKc5EaY0pK^<24IVPwRoYN2MFv}+R1oNLLSY?{#=2M zc^k+&hL8P0eweqs{mC{^zC(w4e~jMBY66)*Jl_NOcMMAWqpde&*5YIp}**P{P-?gg;+WNc*C&Hvi} zJMjVR2%;|D+J~`gOni;?^C{}i1**8glIH@*dd{#A`=`0C;TwLq5Gm|E;!vK0O_eb@ zWvl`+reRFK9Vr3RRo0sd4lorI2i>CdA|1u%9O3QGX8>lnr%SBRa&Qj5O+5qKTC+aI*}rNOvjL- zU((#?Q!e+<-$H&f(s>a3I8wADy%Q<=WXqFC7bCCwI4!8o?3ET?Y4(tQI1w0HKS*r9~g0zj#=&CElMCnf$FO`b^ zgR0SDii5 zPE%RVlS-sRk!L)Lb)JT;;km_KTub25YZDd+pw{DMNGHj)W9CAiq^fyw2O9bi@S6hs zP1o2V)t~q=2-`51HbOCuhYcN>eu*-sKhx#x2j*)u{rAW)e~;$-uBNk$c)c$FvrZq@ z_5PvjF<2(wUp0M)PNO=tHQz#=zN+QIKFWH{x<2f#%=3o_ly{Zp->>uc=yax*d!eT9 z(CL>ty-d^Z)cFr|y*u@LEKGW^^b04Tr&-Zc-;)7x0P?|QOgY7Q0BUDL+Ff9k`Q2G* ztK0?DKXU;<0`e?6CCF3J)7+7{QayB%6;DoaZp~9Jp}9V3;NEu(unI^&#{r=qSp{qb zZUXiKw*emk{sOoc*av(O_!jV8;K#rtK;ED5EX@z(dD?6s{RZy>cqiNmOaart`+*Mu zcLDLgm^^cqABlvVPi%Po5%7M6C+cQ5F08E&)}h8Immet87ktKNaQMoE_8AfG7nIMS z{$;}Xh{o`%a?Ri7m2KsbZ5i3M+>0vN>?2Fcb}sIXd_~jpv41hTvwtk1F3}CID$~4Z zsNp>#dDVfo;ZajmdO`8$67$3|r z_SAD-2${NyN58Xx{$DLGD3%9|Z^%QEMVx!|2e=2QFi+GIWvaN>p&5#zF}8JR^4d=_upZ-AckF6vTB0q)7?o`# zl!*AP>PgAu9Xw+eLaDHm>WQ=|75p~Lp~=tJB$;2+(2gAh`te>&EBPC5ri9UuSq7!n z;MtAmAPYqMs!njdQ-^UuiF&j_)K1{QEWoFd<|t>x8GvH*Ybx6k`49ucgc(^%U$2VtrN(~kV@8Ya5=62LAX zANPE2jbWaU`@ZAH|5yDX@QD^D{eY6<{3Xr!ai>&0k>-v691hZ^0S6ZUdFvG>{`1Q8 z#(!Q~|M8zXM^*FvMDbsiOe`oT#`Ds=@t>F0fBdJ;0G;^HThAN+d1>DG&!I8?8zu+e z%KY0t<6v;gX$%0){Nuj|L`!6$Mk)TP|H#8HM;JT%Ag3_D7|Xl%`NOfoh|m1IuQ1}g zE4grLdUx!UD}?#2rXDhsXy8C8I3EkrJR9n9(+2}JR{Ae>Jbo7M?EZ0Yed{&XZu$3) zFBU#`&4?%QqH27Ud24g5Jua$aVO$Oi8OL_oVSEU>zAGNNRTUI6D)0CAodpk}Gr!F& zxa89&{(leSUX1^byF|`tBICI>pxOWb4RQ8~_WumtCc|JXflJtn&Eh85i9W~&<~FVX8(JCxc3!) e;5guTU=?rza1t;Rh~c>ixjn#plOmkGJ@8+w9fT?X diff --git a/src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.csproj.FileListAbsolute.txt b/src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.csproj.FileListAbsolute.txt deleted file mode 100644 index 4064ecd..0000000 --- a/src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.csproj.FileListAbsolute.txt +++ /dev/null @@ -1,14 +0,0 @@ -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\bin\Debug\SimpleSocialAuth.Mvc4.dll -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\bin\Debug\SimpleSocialAuth.Mvc4.pdb -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\bin\Debug\HtmlTags.dll -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\bin\Debug\SimpleSocialAuth.Core.dll -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\bin\Debug\DotNetOpenAuth.dll -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\bin\Debug\Newtonsoft.Json.dll -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\bin\Debug\SimpleSocialAuth.Core.pdb -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\bin\Debug\HtmlTags.pdb -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\bin\Debug\HtmlTags.xml -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\bin\Debug\DotNetOpenAuth.xml -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\bin\Debug\Newtonsoft.Json.xml -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\obj\Debug\SimpleSocialAuth.Mvc4.csprojResolveAssemblyReference.cache -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\obj\Debug\SimpleSocialAuth.Mvc4.dll -D:\projects\csharp\Gauffin\SimpleSocialAuth\src\SimpleSocialAuth.Mvc4\obj\Debug\SimpleSocialAuth.Mvc4.pdb diff --git a/src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.csprojResolveAssemblyReference.cache b/src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.csprojResolveAssemblyReference.cache deleted file mode 100644 index e13a4fcb02bdc1b4adda05fb2b49c4c6c4906901..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 74413 zcmeI5349bqzQNBNdmy&KJ zc_p1X6?f|x=n_byv|8CGF?Loo7OWT>3&eutWt5ba2W6677ck%km$ez-U|Iuf2< zRve6Ek}$UHnxGF?6ipu=D6a}eQ&Q^GNl8nqn`xKUFcnv8n>-IoivP&vJ^FQ^T$w+I zHGE{!U>ed{Yy3}7hbhhPRe&s&MgkStgHbBc>~=GIbZ=iUCRh@T1Vcr^>;cheumU9? zj27s^Ef@^{;EZr&T0zdpLE~ydRF?(u> z78FIN1|pROLjqMLC1s(4v1JvNsFZL~S)hDCRcvZOG*Xl#qM9PXf+=tx7@Sg7S}-y= zBZe9yqArVuLo%UEBs8TKu4+PAs5m?$dTAgUl<62qr?3{%sfZSZBjsgNWFjUK8GkCJ zhF>fg8mlND7buP9bi%)mIX&|VNTr(5pHPj|t)+s}bVjNRsvgoA=TK0ZsO$k_M-xf~ z@t@fv#^+~uDPZu$qn!|(k~3m@ku071h`GWc<{tszF;$^hSw%1>KTtHaEL19!Y=9)M zti2?uUi?U+r1p}SSW#ZnDjOoLDW}5M$+XIW;n>JvY*b}1L=9OMTNctO`?1qW>@sBU zAd_o^O3`Oe?~HbD z-;CfSeR2i{E6c;PDuSVyyqG3PGEjS^M*tG%O_5Br_L5PpcWf|%TT0nAHI>y2376Gg z!qh{J30K8bm(d)_)y8dB*M3g^Sh|(ULOr{7uT9?52ccVx&63HTgXE?<6s68zQr~`R zbdCvJ6OPE#euC6$5lpH$0`puXQ;WUFuwpbc6yOLv4OX{=^N`@_^&VXvnzp(_wm{6~ z4)yaR+##vN2F;8GL-gn#m4(-`mQoxY2}V(FvK8y+O_^dgQoO46t`Ysm^s=I0O>MP8 zdcoRDZ(t-aLvKKNumMhBRg-N{x%iTug?B z)y992$sv zPi7#QL1YG#8A4_#nPFruBlA--!^w<*NuxYptV_c(?NVKyau(!b8u`mJni8m24s1Ye zSxH&2xL%-o_&;kT2K@DkgLtUN?W+j00rjFqfmkdUk+TL3BGqH1__RlTpjSOVK);rf znwlz7>(gvX%EPmc@40iwP}4NiM83U6(7KYV}F%Drt$P-Mw0)K`eb2J4t ziA1OI2~KI$WV~t#IabTx{`_QXSuGP#P{u?uG=Z1?pD?VnjVllq)b%8mc!AZ?Orx&p z3@CB*0;#9o5M;0MbZLJ2wJ#4fuB1!DA*iEGyzWT}*Da_cPIM|vbfS(r(P?smQyO*T zXFv&}D>;o4JdLh|3jL7}R=1NJ1`sf&kST&mFNQH`Rw1Wb$GpyYW*Xh#&Wyr2GyB0CVeUlZ_s533wlsU#PKStqnSnz5@$e(|9}Sl&bSFrT(@JWF^w(_ zM;bjAodK70#@?(`F1U5ekq)?7m!qJJ3Nj&>^e_yEs1jj8kC%xMU2SzV1wDQyIzE=Vt>=!E_XqF@wxZnDkjNoPui*7Bq}V zEb(itj;82u<1{6eL4G@MLynwRKA!_7pe`H4<698Gjukmy9i)kLS8 z6P(g6gWy5;9ngL9c*a?O+Bwv?1qEf?O6E40^k2bn=x#?ijiv>>!u*cHRJYfKC@5nQ znP0=C{|1H^<{bzNnqEo7_fD&$nMTtuUWuPXiQk2SG8U6r0+YTJhL`x=2-mv@W@LPN zgO-5&7}G;E>v2lcGBh{VAQ0tKHkpCw*jNNZ`Fds1>TjcIf~ED;Koo0gih|K-I5HrD z#RD;{c)=v>u+ZQt`lf`OjIxS~D!Iz2UL;r%sH_YY4~~Q@>IkIbYoVrcf+g`)NtT%+ zA;cerE{>XoOGAPoeA!tf7cgPMdvd2Mt~ixxqz>7M-aqOBtt+pjYD~p{nVBk+I!}Uo)1GSx#mJnfu8+K<0NaSv0XlM;c9Lo$N%J55Dy(3b9%X z-`8O>G-6Z~POo03hBGW=qGe=eMPW%*c{x?7s3Sy!c(ueQ-)OEa{Xv-emUU9b?@3=t zCLb%SLNQa&Y!4x6tRi(aOn*z>!z^D2acBxjbHA^pyp^wXC_; zF0>5rWEKK;=`^LJOOI~d1I1mscMW!-=?LR77!iPxi9L=JiQ5L8WK4mPrO^mKPop$8 z;@6B#WS$`NB$=nkJWb{qGMmY4A+wdtvt<68%yVR(C-VZC7s+fRvmGX@2!;+3gpoOa z2`B0Q12f!qu}e*9(L%42DlG-ZpAczA35+a?O#D2JqS%37GhQaMlgutMyUDyl=2bGU z!DN-f&>_lTBqy)qB!QDRAQ{AoDW<{7>)(Tu^t~{Sn9xMjNnN-dCVxiEg4&5p>@PTx zn7oCPj0zZ8Hq`H*M%lcLUo-wnW*?dTWDbz|8%$ORh7M5)BTMA(I7ujxcOb<}ga&*v zlked~X7V6TGG@TYOrB=fc?iF5947M*GVhc5fXopxAHrnKgrP%R10!?#5l#|vdK6MT zr`O?B=JXSsq<;$ISa&DA*4M7?{)w0~Xsji#-;bZCQAwZS*No4}d_m?Ind4->B=ava zUy=Em%r|7dC3AudrE3T>sW4e{pwS_2fRW`y_ws~t@{xNrBB~uS3>o$rQhqxU^=C3~Fg#0xi_v-vDgqzG?LufL8Svbj9B;$ao zga4;d;*BVUv&b}t$@(=#heOblwair$$O*Y>O77LUx(jYHSIwcxT%C=R40?W)9Mr|n z)5z61l)_KQoJ;0BGA+ooB$G|16`AwNTtKEZOx6-g7KgYSM&|xP$O*Y`L+zTd*_ zd!Fs;!6mJb9w*E~z2enh$VWW`NmD9T9%)=WsxQ-4!PPqR)&=tSgVv?IJg`uiv2R8 zn%@^087ZQUJTg*KGZP+uy6Hz$zFe|qEuwy=wPg16e(QpGT3Df?o|uy^t@p|1Ctiw{ z60k{tj|61#q^7q+UHcPOr5o)DfQw+Li%7p1C)4Q3u~%+x?!aETYC(K%^@8}^_=5P{ z#2bDtmfj|ba>;8h7R2Yu1@XBFNzGXO+VPQ(9Z!Tzm z6_HVd_$0;jy@InJRJ7IK zN@mi8g3U4lNiE(uNkwd#_rTC$bfS{NA?|~b9cX7LvIFgc6R}LmU6tI8{9&$oQLIbh%!V!V1!V&x^3(*hx z29Z%XCOEx}hScy#$;3gfbkNI3bcj_5P`8`jACYIOA(d$iKv1^FOK~#kblM|cs>oIG z=~pdsNyT$b%_r0Z^O1&lI^Jr0a}jtd9zf3Uy!#|V)QsSkBA&nr@!wE>L<2Y?nvR-U zd~i^K3MvKB9+Bpz1sPnA5JuU|h zmC%eyF!JgOadMTqx*xk&x27zwbu!Wu%j1{ln~T7*cmR3Ewcdx2zSesYsJT`e1nXmC}Ao(dJhm;&9`DrCrD*0-X zpHXr|$x)IwD>R!^zdP1*2`^lF46DP9vPjt1V1cawfxZCL7|)Oz|gJ&E#(o4;^9$ zj4X^hphza~q$FselJ6mTw~~LWzpxTb2AQ$?rh6W$-zqq>mfT5jVxd~7@qBP;0zoK*fFRgzvyZoG(8MNeKoJuLN;$LpuNrG997Ok=9+ zhvvIv{p>)@vVLBsBxnXq$~%?3i)5M;lk#pQze4i+N`6(zuaW$Ll3!Qy8zdi5@|#ND zLo&^+$+-6_`OhTNM4D~2eS!~UwfzNdiCxEA(2TcXWL^CgCqJzF=<3jp;;$7M`;dZY z#p@;8QZFrey|l2@3r*W4*UM+BG~PwbvR>Y!Bxq(%7Scf_A0nCN>ZE*F$^RgkX78l@ zzLGy6ndbAPd_>6~l1wvvQvOKEM@gnRKPi8#n*?{5i=qQz#?( zLdnNSrny5YA6N31B%e_7zm)tH$@o|8{k4+6Az3K-TP2?$IaSH@4Vx@MffM0_Y|B$R zK9D@6!tGrB;BE8jh*1X~h7U&4m4=gOE%XH6l?B;Zrz2tU}K&bS#=qdAPMg0pc_S_@T>n5-=JbC8&Lj~Dy9mSTU07yI8W z#h!(WN-p+Bs%Wwivn=*jl*Cy|K3~Zfkla|wt(ANs$xR{K7G!gLAPce$+|FWGq;79U zTYO-&gOO#~9w&O>R?ANxG!<|W(i3m+;(XmwoUifXeAQB%XXDb6i}M^+KphdYEY41p z#7~smS;<{UK3BVK(~-e?{4|#rlj170QDdg9y4}8 zCz{8gF81@l{khka%A(GXHGFwjyU^I#X+v5cJF%i^{-7@|?pvJQe$VQ9&t3lO zn}62%w#(kW#kb&sql?z>>hb<{>-V((pHDY*dG5*0nd>`=rO#%beb=*#+CN=-`5m#5 z58oFZv}t8z;*n;rG}`&hQ;$Ay!_ez?zW>#IH$HTSzjMQWo6l>Xb?Fr^#QLXh^IwFV zW+Gpy9oLLH_~^>DABqm_qSEk*I@0Jd=2WHt;hxgG2yf=nhBIS=u|T901{>SZY&C8f z_*nQl!%ID|v)OY#x&3eVokXhlodmwoiGL?C81XBtCsCN{F(M{HmL zQ#{VQqQ~N05y5DRE`TPfEAn;qP*UG%;RQ)`I?Fv@Z;b>ob>sI`T8C#EqclyUiKcZ7 zAhDJOOtFU3^oWI~ZniXa_h?cGxs#^xASS(2w1AXn z3sMgcBzJ=}3B;K3ZV9^!nMR?8X)?jIobe-;u>ig&;V|86fvKl0Ouamq+znF+i1F9J zB=<@)jZ#h2R3d5#gGel90aM(?iMrE5)Frk=_4bHzH&G!Fqc-$Zn=@E;B{Pk%#;cO> zTF8hJx3hpLe#P;+&4O1STfF*uc)1&|=^#cul+!jtrZGd)G?QqW&j1qhSils&Sk%;>dn-_1R?pZ9v|lffsl&zt=7 zzKfs#O|Zp+d!OysxXA~P_j@F()7rYPb$Q{V$*oHNV@dP(JFQ;(O#KxZxfkxe?#b{= z{%?MM`|E${_U`bWw++hAIQ-5fH??WpXYEU$FTOFnWc#rpqu*OnQ2h7i%LncIY}!Q^ zHyX0$x!}d0KbM(y9>f)~!dd6j7J%YGeZ z$69`wyZVs>71#b^TxEwf1z-N!H*ikT!)eE#3SYjn{teq->XWrc?ThNaP%`K4$IbiJ9BKX5-cMg@(f5|uQjQjX^4Jq&%RgxP)j;#h zo}W)|{fEcq9WR|byZD}WZ*1`Jf)}^;TUtd}- z21+IPz#AyJc%ZbBH}zGzsjsG{K7qAvF`flX@iX4k$611xzuB z(=^aR(==O}$~~IgP19x&(>Ollw)|ZS)7YZ1+DcgUV<%?R@kbb=8r9z#x{-BcET!;ktDjafGN6hth!pT3fp2;>0#w=tagGJ%WU&54byId zDVOmha##Rc+jE#YSYW!^7N&>?le=Mh6T~#J{i{T#u}5>Ym$+)nP!erez!Vp9u3B5T zirR7&^SE+1SNlMW>ZIgiw*4BW0|Zk`#*b*h0;V{R!*s3%rYc*Qrh72C8>WLGM!f{Z z|Js*n9MV)BCaRh-kVI1!FhvtiRbvZPGi<4v=~3lwsy+fS-?O0YsK)DK!pqNy5)D|u z6!ke?^(=VJvc>Bf4=;D)^#zD&7N1n$off^DY#PTjS;vX23YYhQ1lI?IPrDO=62#+7BIy(2zea%GFsEonMBet29NlH1x)cdC+RZ_NpoyTn(L9|Zju^+n7R|n zLdD@3QQFJZH2j*ThD6g*29WrO1x)cFr|F1=rW0)V$_W;{s*N^qnQS( zIRSNuF(eMMfGOVNK)q`L>PB0jZt{R~H&87=jMLiMmYS<<;%YxbN$g_*Q~Z^4^|pm8 z+7vN)Wy?H|D|d6%2E;UCYqrOPt77!Z?b?X-r!KZZh?xn)J%qo zw$}8POSyQtR1S#AVo;3;V;6foQRQl;IucX67)D|z3z*_%&eRSIQ#ac&<-Zjw9jW41 zIHTpBaY3qN#BZR;)vUfdaOMH%VgS1XFScGUPjlCUxZB216ECuWDPG{*J#XRePC%pk zGGd7i-(4O`?!H0x1u+R*kDEq64OD*uY71jXY-RydJi~!{+5*&KTcDPBK)D;J!5~Jz ze=HI;~3!XOfh zSpa*2aiZ?D5VgXVsQW#l+)Y#n#8_X$3Tv7wiKc}NAaOejU<)u#(`^=-9WowoECzoz@hZeqQ|Mfo=118*MC#q)sE z(URFC$PC@YXHpZN&sw#Z#{$@wjW_X|EKPhPpwaVyG@nd|Z71X)%cT&Ob$F z8cQ@@O9`)1MwBRF0qnfS@hZ09wZ#^%tsY+P#%mdfarnYwxyEV*VO7XT5|dZ}`>=7W z3M^PXYloHpIjAe}hjT)v+1k(`4j~L7X*vE{+G|&RmE4DDb>cQl0m^Oo$q`$h0 zJhAl{MdLX$Qq@5tfI>)w4)3lpt%4GnF92UT~Wt^rC7Mk|h(zMs3$=x))31ZZa zK=em4@PBlmG#JIEWtytJL{(b`l4!#M*tCpO)!IVUpY5pfzXkQ*V-DnP`TCye~TCf22VdL%NTub|S56~nJRu6h8 zxx3dr2x2abzmb?9uBZ%$f}z-maB;9ahyG;WfKVtL3&hI8A@swCG-rp2vt|q}(Ub+S zGaKiuv4yikwwxXIICD2=AAuN~aqLlz)W?LBpHUI(m{;<&^7~~#5ZOms*W*`#1|}p zjoCO=pIN9nYD?9}9#!t9ssV_xe9z?9Ff}BYjxv74M=XGS**Hu`EHHgy3)80_OzwuM zDTvWu3N+IoH7Ae`F?Pg37QlXN9He(GApO%8q|ZE%+znC-5YsgN95tpY6f3I;=Hv&8 zrpmpuT57Pe39S8$C9#hMupt`<>un2IpWA}|_CK&&IjhVd3gaTdw})api8V zx`P;pMTU7As~&{aHb#dP7W)-PvxS?Frh7^0CHN=R*F6p0NifIZka zQjb}XI$?_x?W5o=QE>4Rg^?geZJ#WW8ib)>Y?f(^(ol^isMax##99`>4s0B%M=VeY z;FGji!CwdJ3M_>=^IvH4A*a^GJn2wqF%Mdc8$J(mv_~nxyvOYv7^e?)&&85Thq?3pGfS38dwW9kGlBu&o>i>0S#+ zep`?ldLX$Qq!JLLMi+7`j#3TNRDx*<<3}uJ0qiKpVY<@-Qzc z3r$VzX!19Mx&ja8Xa3NlIdW6Q5({8IISx~S1*R^xFm?4{ayLvXL5%g*y-L%xnrNE9021R_ z0K2bon#NgZ>Sjw*caJ7_)3g@Eoa~#&>ojNUiL+4*EisY>upJxcY`BH9JX_9sc$~SL zvkf3dk6brukTwxWLl`?^FbiNSHV)E23rIa}LF(m!Zf@8i-Vy#x9N2ZbB-TQ6zF$0GqUNq&irT>Sv2o ze-9~lBlRXB#db-EZ;r4>Bej>1YRf1RZCC(1v~i?bTaX%Hi`1naQtn1-A47^QKHsmA zIzULZWE6=OEPzeTI8x_Ykjl43YM_UdyOBBwV$?Szd@ISEfx*i1@T>}KafaQ@G+>7b zux5-Y(Ub+Sn;8eJu?4U}c7XYZK$TzSY`msm{MlU(+$@Gdp)YfglI8G^N^%|T*Qrjf;Uw2eC)XKCt}~rn=Onq#b#k4rT-Wz2oRjs2*-I>Na$Trg z^&h)jg2jS$#sR3>#8Kz)p1w+upIt%Nv`XiTsJ1UZi>5Nd!m#y7O#Ix zlIvFH$~;s2+mx#=*X?mv{IDGUT}iIHom}@QS6u~r(0aVNgJ;m^PavLE=#z`woTCTn6Vk;z;UPl_2Y z2ESjq>I^iDyW)rC@HbPgy0)6fT`5L>_**Jh9cy;n6+f)Fv`unt=j58JTy+LI#$A&# zkf&UA#rBB1CiR5%_Qg(q$DUxlVR+Emf`^*Ni&&=*qPpim7o|%BzK}uyWNIsAR5|ik*?y)dG zb-k18#w6EGPOe*&tG=wQan~eVwkcPg*X>TR?n-jq?c};gx#|q;jk_jgV83$J893k+ z>mlW;V?FHTdNj%P5297CLoq^*{v7S(_Is^37MEz@0tQq*gx@acT$B|keOdjT zT!$pN4s~)JmE=0w$#p`K>qIBl!X($pPOhcORhPh2C)aS2Yo(Lx4CSf|Yo?RyoFvz| zPOkHlTo*XGE=+P=}$#tod>vH9)3u}dw>ni1{OJKE=>pJDC(O&Q5x>336ST{Mj zZc(l})~#{Zqz1E1x$0QAJH@(7x#|+w?c};gx#|q;jk_jwMEjMi&cFeuSPv;z9qVC- HSnK{TlF(-| diff --git a/src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.dll b/src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.dll deleted file mode 100644 index dc4e044db02a36a0e55f0cf6b7cda936d237495b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20992 zcmeIa2{@GP_c(qJW9%~4iON_KS;sC*_AOhHh+<}pb(k?Tgpw^wmS`muEz%-Uw5g>{e85|;o zMr1`t5P(XCDLLok_fellvjYu}CVLMFC(NK(JAV#8AO&f_6hoXWwUWOu~^S7}= zYJhJk5)T*vq|4z|lwdv=14ds!MHwj>jo7r0svr+9QlAC6&>LI%jFN~--51vOu4X`dl!n79&zb*P&-Xccko146M-cm8+T#YZ4&tWmLDDmN-g2@05ljQIGYY1r z(Z8DTMkE(Sw<5W_XHjL?E_gr(^oIcAH`ZR5F~|1@AUf^)W|-Ox+s<@6@kl&1p->V+ zg7HLd3@xPey9guf5Yvose4b%MNRSb^&0&NcZ<=x5Z$^X!8Iju@M($Zgk>8962{Ix# zlo4$e0ywl$pwYIQ9j3Ur6JV3Z!qEzeKL%D5AY&FBQ#K-WbYPk7127BhQvqPByQ{sh zfDCjC5O#F1Sq1Mwus^u-!Kwn6Y(a8$ z!-jL{b>xd_VH^#FL>Z2)H^+k!#MwY*(SSQSG?Js~YU@di(bd$~Bx!4pvJL>CBIIae z=^4BJeF8s6qGzw>PQ#IX?Iy2t*~+>#U+$>iEGcL=(%s3wbxF;chqxEH*vE}I(lyH0 zP6*+eWa#v-E`=`iJr6ZRPhjM01lpB}ME+#a9i7)S<>mS1YtM}~{Hj0cdpvUWhBc1& z`z2W;#^Xop-)jDvypmXd&i8)5fS{n`>eu8>;loFtt7ETjRk-0(!WSw*5>c|nzi?kA zLCPZVDh{~c^~_n>WF&#f$SPO2gBjQbOZS{6*ydQ{nMb|bD3IUw>H&&s_CJ}tD%6kE z)$QJNzqVv;R{!SgbgkBk4Z$S`#$UbataKTy{pl&(uYPL$QODE5XBXEza(5gSFz9S5 zxp{9SF!4uF`#Duo1iRotfY&^_V$kEQGV$ii_N|wR%0Hs{#QIjx#bJArl&Xyd4cjM1& z#$9plb9@Th7MLq+SzZveO>^BPrK#s;9}e8UuJ!In#v*?k!RKFN;-mKQl%JX0^HS?j zgYW40=%oBp@$jK{MsI@8a&A&A+I&mb9r~c9b@+bxxz4-XylZ#qEgGXh@08kr_xt*{Z`WG3=P4wrNZbxfO!%2Es!Q%)_v1!l z_8Re}meZXd-W%kJ;aPAZp}cuQ?`_4pJtl9O7PN-FEZkwcJT8jseeac>kp;Vox|H&H zPn;HTHF`X}HF@KQEOpBzK~B%j;?MWk#cRb!7SuUt-dpYODmh%>@xO zKKgRsX3si>^srl-#Pc?fYq}k}rr3ZV`|)gKW&efJ%<%KC1zS^O>uRSg7B|1EET^gJ zAKZNDigVzO7q3f+efIv?#Pd4dIfkV8z49aPGhZKNO+5CDGxr!xQ?QD9_G;zrJ+93J zzMQ0AhRcgxzDTPZMrcgw2@5t}+vd8@LE5!c>Jy)!qs%vf@?W>C54JVGZ3(@UXeYXT z&$|y91m^SB^-hm}aP{|g=V~fXCUxG}7*sh6Eb@~S$m^IW7Ym%G#X z1AllE)fLGhiI%upF~P?3u?atNrB&bm+MH`(_9HVx7CW$d$iHIC;#AWg2ef`9?-DG& zcy~(j*8n-HTIldc;2)G1J9&z+U&7}__V%cQ4SqfMN{)@Xx1Tf3OfJ8wQ)ZNTYE@8D zV$^fK-tpF+kXOHc?m5s^Bwyjt6wvYc#W}VfCFgXtMc|u}>#G-=O(kR%o1IBLVPWFU zrH;$yiCg>_P0M(s|*@B*l>7qD`~bu^PlctZ56zkXZsoIy%e%Z?QRE-)-`Qa*Yg6UpP;osGN4A-)=87EE}-CgH>JInE@ z)MS~bTW%}9DYiv0AD5Pzycs#-5yCa=R{3cXj~( zowAEFG0B-`?n|3?j4U^)=ME{9eK6`i?uI2z`OWY1Zd?9K?#D!bBPa4s1&91ViTp^% z+=_qGg>Pl})ZB7n`XuQqsX#FDn~VJRwN%BdETIt3zJ>9T-}s+tmW9$znSM|XYBarm zTa|B56?fBBtGA3B0){-47)IuoM{Z|}wMS3!9B^NH{zOAUykx|~_*Uyk(Nv{@yNeE` zo&BkJB>ts^Aqk(r(|Ee*kpZk6NYm9)7xhX#L-K!++`Ql1U*UA=`}#b=T$}uacjZIZ z46jqF%%QO1D$fe{b4rdy^ zd|qEevUSRNhf7kdrf$DtP%3OPi9G=wKV@8G zCbOh6NxXjAee=7hhwoHV0>k`2I1J@W5b*4cx8f~@B*Hqr;rAHqvs{cDNWAoIOEIAe z=_>AijW|~^MQ-Y|JGWB^>S7zY4w3R*6+fQxyJ(|0()&F+g#b#=1|K0e$cE;1?Hd2J z{XtdEIC0_2t98#}LppQ($j#j8S|n350|i_gE{)4L-)wnIi#>Hqx7%y=Q#JlSdSqf~s#Fd_Km25i)~ z61yXx9{MH|JOcxbE+jopvrSe%B%WO+u9&xgd3fH_oC!H4%b(0jOlj`CR`;mU5{c|V!2`rayU@A{Mqyx&8zVyt{~F8Fm=R%v&(LHmS3dDVB) zI)}Kl(>shW2dP;t_vfv2pj7)TI%8yiW|PXpE|*6|ezy0UM}Ll4AM42swn>PNT;3ZM zR1o7I7+(Ue7Hz*;mQty8=uoXo#W`L+eiCcd`Nbt%Hg;Ol8@B}GH1Q^H4DBNEUTIiN zqa0EG1t#Fhd?9twz?(liUH5K&yWzPVNoZ1A`S^q>Ut;c$3(N1_I=IGOuI%QDZJCON z{N08EgFC8x+(h~o?XudDLmFF;8IjlRTfFqNU0e$JrJ0pe4t51D{=58MXT`xd{0H7; z*BTS@mGfxr`_^@=COwrLa~Y4IyaBZ8?#s-F;pXO-y9{LDUg0Ci*QOSm#AU)H8XGNM1t~`!c^+~ z{NM*`Pl_JR{G@<;RA6fM_4SdDQAwsRYq`!pI-5n%qA(XI8a9EaKZiZ5MK+BcZyBhg zBzE6-Q(K+$>5G}6nGslj$M}K0o@=>Cx7?$&rBL5z z$yw`H>AMzIv^Z@4blLFmXQNJ=`1fkfXW1HA1i3v*8zywh3rZqU?7D1Q9U&b*ecm-02cE)FW`8|cO57>=jLo_zmp z&Fi8f!CYtY7iJ0$geR{(lxe#P30|JDLtz5KKnD_UYo%RhISEDXH1vg`K2$DYh*$B*_1I(ZxCPwk@P_4xKqJ&JRwG3V69 z8&pWjf0w}Ux~()`)utAUXeR*hM|W##CDorz_()Sj)w zI|z@K8y<3~T~X3de?9*^@AEQZ*JYt^Zs+d5kf9`PHdPU{kdF8jp%k&U@cA?0QSn^` zo?SWT3bM{t3k~T@<*q+*J9^omUr1)7dd0RQ-DPsQ_&wdfp0;%M)vOR+qSdh4QqjLe zx$kP#?qh3Z7sLmZwpZMGeJZo4c)i2xZR-@yTa4)Z81$iR_ucd1(}kbW4go6bosu|ntoCVZtq+- z)Q819IuXRXt$6%V|8?%NJkEid7gv~hjbEOqs0%M76{@O6l@fWl21X9NUt)%By`?VU zc)i}tTb;-P)x^%OrQ$WKC_V>?i25-payVNA(@Oi`rSX z+22pS>K}bH9`ZTV@*1z!rlpm!uQ~@QmC5}r?(=!$ba|qLA1r=dP^Evd!;YeOBy#)5@QCS6P1o^CpI zJRLU?qSVL}F_3Z5lG?H0LO^D+Qc!DRuJ|#NRqUpvfz;N`10CgK&-4Y|q`{5GcCDF>TX-%sul>sP%>9{&MbW90 zq^y8#T#0$M#Bsx=-g*{Ku52pp7?l|^?G3QbSXCIkS`p_{)R5x6rBZNmJBRpX*CTJ| zdro0@FDM*}$|q57uheqx+ClUddA=g*PVPtVoD#_@p1nKoty1q?b74b;-TC?F1>P-p ze}>C<-nIVyo9=Rh#0%HPPrX=Yv~S6)8{R5ob-4=q8O00x8On`T3A5KQaho&!mG5`mP(ftDIjqTECw8 z*gELl2kE?ZYI<^6+$U0mj>?(7UL@U?#*y_oqE6)5!+Pztn<%=UTke7(n}TOistva{ z1$3`oy}2X5u$ZS@Z(zAycJmv-K3=}Gjn}z!@?K>Mt0pbHyKz}=;DD$&QzXJm=MMXlnU+ zzi#0Jeun(G!@~~R!UiRs2PN&d4lKdd2Ts1a{g_gAfT_zjuqySOX8&-FN{HF%qY1^2 z&!~hHS2A^v#>zQ-$*JX%0tE$|jeL{R9!jZf{-(Eaxgj%$+twn6H~XfshsBUTO;Alh z>72%pPVEBw1%-rQyViCk2)@BnwY7{GM?R|I_q3T-qrY$^QukKv7qwx6g_$;?O2aZ0}duyVxTY<7lb(wjt*sAQK$EP}8oa>zd!c zR7qZfv$|FIS;bc%b8n&4Ez2ue(yQJ0jVCra?`uvf45`A?jm0ER^gfhS$j$uZwe8@J z_^g*(cs|QVC2#Vskn9QHN+89`3TO}3mWbuuWXkn0=h=$40%N|dUt6zisk6ColBe$I z@x%SX+Quu7Z7)*W*<@4k_3((@1**u^6hGFpZ-T};tcU%C_S_Z5mG5uPUyKzU)8y50 z?BUK94ZoL5PA3@eSK>{mlv>er)w!Z3&Pwpg-97q^Ir65fdF7Vo>Ob;e0-?42x!cnX)Sp?V6RG(5-w+MZ!6=qyrZR~T=m2$TW_3w@dRiQRcItk1|&l*{^uN*Chz>9E?+?{b5?U4ws0PK z=wPXR!|D@_q_Z$1?OMb&olWIEG2)8UlTV5*yzI~G98(n)({$M%J*3Ykv-I?ZOz$km zVF#hUy-z58HH*F2T001P4-B>JDPD7)I24l*G5Ssc=Ow7N#q`O8=SGyn47*hW3wep^ zdTWEcpIi|tc6Q7$v5ncuC9RsBvs&k@{No)mYTeP^SMxSs9PlY#TU!;hT)Si##`O8&?EE1#uyb6BP)6P~VwRV=^5%k)@8F9p zeI-R#U={OPrL4_G9iZMv^F6{df3!+)D}Ploac{0=J^q(_jnw27UXK9Tq+!-|)vZlM zpJbZKD9#rm%@#cguj}7EzlQO(=w68W6Mxd${Ck`76)Zn3y1wS4p_;$SW8)M;$cgs0 zfVcZptDOQFQ?>4RD&8mVWlF=9)AHHYG6vF3)r@m2_mGxL`{rNAODWcwJuEH0S|sY9 z;dxfR;_t^ru}_Y>UnD%L(sOH#O@sT8ru9#7RRixIBKtPyl9Zduv%Q0VBo z>#CG@R$Z^6BuEC_VLi+&LVbR1+ydL2+ey9pCI7F8;ZvoLFB9Y*3nz%Ic7ibGyPRyx zO41EG?e`0u@YE$m2HVOrYw*q{8LOHeZatDqRi)6e-FFU1kYWyozVOZ>$TrrpRcv$i zh4dQjQTX4AIpe=%8y0Lo-q?6mdN14rtL;-zZpVK6Yy>AlXXd6)sWLBiHLGN=l%h6Y zv<@O^H8gC)+7&biU?xO>Pr)wNx^UdN;zzm&2+&#(OUy7fMfL-Q-o zm-T08g|c1Oa>}~dxP65=CB?l9h@tHz5^qi3WxEQ}d6aB(Kf!QAUTp3~`U};Rjk0<%Y~JTjesXwEKHBeE zFEZG9HsMii;B`ltA9oE-_WMr6-#>e%Hd~J8QuI@vqOtF5M*UtoMftn6_ZP(%HM}B3 zJT7%Hx$ypTQ#W@0*vkg9P?Nl9yS}HFUYp+biz?jz^YTV@AAiC{r`C(K5uV;vVyUlJ<)fv8OQ%>I}RM&U?&ga?Bi*#s{AWrB| zj29=~|8Qz7H*ccGq1NZjWaTsK!;CXJmkbmdQwfUX5B-dQa~Id=@Ra!q%j{nLq$2Z; z&E24n=Wlz)oqOQ^K`VxqX<*ls6zKC+uETIpKgG`Z-mZQ39=`kxs*XKcTxILp=OiuY z)I6+QrJ?aYf1rgoe{EuIK!dWcpg692#jTN*)>Pf(!pt|hTZUE6#|$*l+SD|=e=KmW z?@K1sUN`y?>~=%>~CIBA>Ge4oM$wfZ$3BmI$%rK*umH^ufW zSwUg#3F#hB9kYsZmnkmd*L2>t&iCnIjF9xwTV28xrkQ(BE8VyD8IZYs<93-(j>J{n zZ|7R__ou$#Gf!yBQIavH8q(gLHVllcxU;T1FuUl|nd>Q1RVG#a8Ipm6dpdbs^$zRz zor)MG9w|9#(WYneA(Qu5rpak%|IH2_DQ$0;Ma`$$<+$GK_0zh1B3D1rrGCM1Oi-*S zdu7G0R@VcS+mv7RyInb4U)gviiKk|DIQuHw}vH3miW00b7M-j=3?xpzcuf8-2;hk%h{> z{!f3z78f+vitBC|Tp2OtqWap_V970^ef7t}JQkg=HnfYl*V}h~-O1!j0TK1hmHpd4 zkV(w#w{L&=#x*|vSY^XO@{#nk!soKPdoOj`6n@*9qt>f0dM3>y+y|K6d4!Adk}xyb zYuDk5mtE~6Q1t|VIH2+=d%<-x&xD-huj8^)Jb5)+@2m@(_uRpMJ7{ISx)v>?Ll$)L zk8xmUJJjJHzm@HiN(wL!eYTk-?RQk2*k_`)!r8o{-`>*=Yy!>r=`YEFMwB!fY`53Cf%CtMt$w`~mdEqFX zAE*!71X2^M-`?bkl9SruyM^ww$!w-3ir=gc+56z2h9BQot{0TAokxA@ZDY1b_-;$RC%aK5-+2Gy z0Ouxd^+gf;=Zh^d$n5mYArGwao7S+)mb4>_gn@3ANbYh zarf{e9&qp^>+QoeXYPruv#3g!8nK$*d!cFwAvU_g4m7CRjs-gI`Z)l{!j^Tp&AN0$r)S|~XtgW#T3J*Q8XjhhUn7~+y zcenmvlDhw{RUWz7Z^u~AqN#%VGB?jwTw@E5yiD6H9Hf25CTINlt?L%fp^9}^HYKkm z-jbER8J*X!R)6m2lhZXO?B!)$Ck}ho`U?KIwEILR>5$5i-s*V~m+w2omQ{T`l2vHX zpkBxRB+NSbyy8iG&t=I8qbY;T?va&(KPPTDHs8C3={-~?yhN<(KxN(5bH}V(?Mw+C z4!5ssdQjzg=^VQN-}s$=4ISlnF;oQ%Ng@5Q-q6c1vo$XkJ$+31Q8Mnw-BKcT)+w(E zm&GjG;a4i*As)Dpv-Pb#`+3dTU4Ar|shwqgYgrL5>xM|Zo^~2_5sukfF7I}zeTk9# zF%C*R_CKi5?T_S**4cSTdduWxdtyfjx7*pfOJq+4)u-z5-Rs!7)>c!Ia*1ZWsr}`r z%UelnuM7IzTlEyTz&B`k_?=F|$+4|MVLTt7fTuw$x#)$#lD` z#-&7(ZF{2sVW|fxd$6wMV@Xr5OzYk~zud8RBV~EdHENj8TP>ZV<)?D|U4F=!Y z%cgcMeIB_|O?;S4+j)wUvpi^(+lnUB{U20SeAE4x54i}HO2yKD#GZLW{#04r&meU0WQxZdHh-?$f7xF1tY@Ct z{q)EC9xw4xNO$SsZoTs89;+zr!df?%A8o3Kjqq2^U#!{t-r{Oy!*g|k@kl*)HLX5w zr9~ah$sT>dhK~;W8$A^_f0Rk^`*m_nzMXQKx?5Xw1vjPdgz&;toh1^Q+m;{HsJ~2PYo;XH_<|9IGMn{*)duf2UA%fNV#VFZ-&;lwT3s z@iMP)_onl2-3-oteGn+pM@SvF*!=jbx!XzSRf4B_u4{}L*=szse*Z%67gKV3rM*#* z_NQwbAKD6SzJ5}+{f4vURhf4*{i&-1E@VaD^z4&2^bTD4DrvO(tG$rxUjG;Lwo=n~ zGCZV*qw*`h^u+vF9hN-E%wjBEw|S?=u4kcj*@V{6B7)wlUDfv=mw)#TP}`}HG%(sV z=6R$hjcK0uWoc=4@P?jipRClbxE9<6^~@NuIp(#lfkt}yYL9HKz192Udit`i^44i= zVnw7c*nWHA@q>0|i@t?4=5)!{!BGTvHG{x+PxM>xdVb87AI7goH({U2i*~gRl^n1L z#~&?y`A|3O%VgzQY>J12v|RuB*d@ZEYvVdPO-pxjPxZAZYXAIUYNuJby{;tBsVM5| z%@3;-x4w>!G97jBViMbqRSx%TQa|LjD7|_&v$DJQ8Y_0g)Ar$rXC#ySEw>eJEp@Pe zOyZ&BRy~^#*ZchC;GKNx-oiW12Y-0m!zpCpnfy_BID`!v-U*MZs8XYgHjF%}+q0Wz zoq~R{#nrAm{$#0T@PBa!uJ?91XAxE~)2eC|lsVqMMUHqXe^sZxSJM`e@D;kM6!k{Q zi#M_gJIN8D%Cn(3x@@9a7Dyz58A8RGFp2P4^z$Um17bEUd6m zs=Gl}ziITy=X!n5HEZOUUbfB_nalJ(4!5l}K3`B!;IV%FqJ7H~_qz^Cc#Q4x$6tPu zdpv0LphrPg^VqEdEe~5;p8GvL-R~ctGjTqcS+l(`Jsr1HQ}alByYsS*U)2Ytr92#? z%=PbVN-yoZA@$`E<7ll>o`68MilSob>C>lG3=IqJ>@$Je(>tlg*`bkhA0VFW8;73%o!e%t*!0C;JuH#UD{L356+uf(qG>& zzEP4|xs&D~^c?>J9nwuiS$55d&oB(baIKkfpm`t> z&*n?A2)7z1Q~m<$Ve_mIcWV9k}vQ8p-?o3v;(eiSEAjlNEe=5IEYp+EiHuq#$W{ zG2s)mBlQiMbTTWLX2pplZWJKGYeQ%tCuA8BK2FGtH9;v6kRdd38Bu?h5JC$L4&f{# z8vJGnqBF>lK&J(9re!D$Rv?X~F{^A=a)!+2#L;QXh-?NuH1KcyR0f^FT1Hf~L9gj7 zw}$y)?ax^F8cV*b2!I4PA35t%SB2gf!%vRVHR!VhFCFeQ=iqEpK zeP>gMz&cn4Qgh@A4I-+@&t}fmgk-X4oM=|$bn8KI*jA7maw(}OC?Ym`LhmW4YQ~W1 zzirY)JgPdUj9Feg1}g&cvZE;xp&S*+fhbCVRfaE3csN;MX5NSpg0YR!)6~|~)z&2; z4~fHfCg>0v!DoIIHv@1O-ih!5b43phD>O0~KHUpI6MP`~A$(X_akU31fp15^C!T?# z{c1-Wc&~)GAAI6n(TdKXAk6TBC}xfHL4JPt06O@wSQmLo0yZZAA2~*z%}1WS2T%;v z19<^_s2acrx6yYj5Pa?zk%Q)-@Ax2Ta73I4@Wr`67yuy-RN~42a!uEKI+mh936Nm) z5DWu-X+MK;fnvx zpxAaoJ$4&>R{iR<9MHgMLrh2>z-tc(z$}NB2h3nm5W@j&h3UL>i1C7VD7GE!$JoId zDJf0o9fx@WKxihw)uxVfj9K%XOcpAF^$OEM2mf#w82ZVR9MG!uM@Duoe z-4DJ)2{JGS1fJtCy_DxPgjzgBKozBb2c|q%AjOiW3E(lqJkP;=%rWd6DEkveNC@(L z2l5z4+%G`FAXbqu9GoJ?7?Xxm#e4@Dymk=o;JpGQP|ojQH}6`ECP)RQT$&&o!~jjO z5$M9SF1QHkY_Jrj#nH4ZxDP3cC{#nCAYeg?33v>lHA?Y7p)dFXDdAutmnGNV@&T7`jufn0Mh5=5|b2pCX+Vt?nVLTPjP zmH;u7WiHJC82v%Rz|j@C=JH{H0*X$LKx8x@fH9Odmv0H!#xs+NT3rH%{G)LAM+#|$ zX(D`01xbH_>6JhnNt(Ja0;B0PbKnsg!KBkX7}QWQ-4afMnl3R^J|>nkp-Ctjm?HLI#|sKrL+G8@ zFD}GS0Dh4QO;6rv-5h9iCalOR8eE&Q5Py15S)okMTmrJrWrxscbBSxnEVwEPW&>mm z0-zDAXlzC_3mT5-u!`nz5O4XjrriZrvqI4tL9<|*4#H`104`giX<(Kk1e!Ht3$lcP z^l5$WWKPJ8cQscqvdeB%gp;Q_h zSTiELLfN5|x%IV=4h{UX&>5HhnPC@7r~Q#RQ>;xWIXIHR=7dt&z=lSN4h|;&t*B`l z3={0T(3*c33yot!<*d2ZLIUdIRWv#|7EQ7LGHIrkh#btKgwjJfb6h^79qnnqJM3S= zv!&V7B55#;v^hRNy3fprfHu;ZL1NZk*tj)+_gpB6cDKI~kiI%QmZ1F>84B1)2SyT_ zRJ3a|nEtj=(PYGEv=k3&2rXi|pCes{!9p@-IwrJ+O6H*b(~}H48PaEA0?c>->2nU` z$Ur*U)e+2&#fX@pAXNsQj5*!h6ApF2G6)&3O#kZVvpv|H;_t5w?BMPuKnGZRD4CiY z`}=_lk&MW=2u3v9g$4}_w4u>y!O#JuS73CHaik6ifv!f!8(7wViuVeMt=zE|7U{6z%nq< znofoTDH}Kj0vIJYZTvagp);~$1oSIglMLIoKb;ZGU~4krc>S-_vZlxHDP~$glgj?L z`52k#r$fZn41@D9D-Kn!83wnZyvyJ|5$+U)*>Ly50-=Bj;O`IcvSFGEfR6{HL_iuH zz_tPykQNG8rF6JbjfQ+7aGmG^yx_`C7p6SsXkbG;46cczp&SeDlQf~!tV9@GPXc}p zq%vVHkmEoY3$Mv=;Lc~raqL$E3CfpI(z$pAl_kbKo98kMtgHV6cpkERB@VT;z z|DN|Z`NbTt0oI2DKS+zPhB_jlMbXfg2)+WsIQUZkf6w(djTpeq1VEY!H6fm70VJZU zpq@bJbFje`(m0TUv{pL2hodDRIMNb`u(ni8SsLs1Dt4-t(SB143pKrBXb zgVA+N=x>#vNGxTN_>mHO#htHmV^K)vN-Rpe<%L9!ucv4uk(^dj`UDV*_me zrzQL|I@6{6lM1Z=r+WV$D^%;eztaGIw%(qzy`4W2`T~hL5DtMp2!tOR^eYfV`aK0)8>mDa4flO zk@3D}*N+>=Vo7^NcmS+r0$Roam_RL9 z2<^ly6hR6=XhNu+GYAi?0W=KSEN_niGRO}U{N7`z&n$<{kaJQD@D!2won;fsX41)V z$VOBY{ZWJ8IYd1f43PZS*$*DEBJPD7ejxUHTR^;aj7ZecCg}j6iUCS`Izd#j9*Lr1 zsIOzFp=S_8(V!U8j5R36`azT+8kMSJ2-}Mg2Jn*L*)9CQQ&EVZdSL=NAq8L&vMu-I zl3K$eGhG>xwy{(i6WPyrhOihL;Loif*X-{UA*T%~@aq5ve+NeZR(aTXJgM5b#W29h zHTnI4aod|t^AH}JWq$Ag8`<=-{iy5^GK=YFPmT@>3XSypXJ!51Fa7*MM0f9g3`&?E zx>@-5d`)H`1(r1mZJE79LSTwGi~Zw{whr_s>U0)*k$VnDR` z&G~;5|9|%Yat;mv{1K(3zt?p7yb5-jKj;Xb1N?f!98oyj&0eD1dNAn)*NXlS+QRwT z1Fk>ZfGfluA+($R)h%!tJ2EwWmNnhKrqci{pHT!yZ}enuRxfh5fnN;NimV3h;Ov2{ za2(M&n}M<^p=WNMFc(<^uwnjRb2!QXsC4&*{+mEeETb?o$70V(G{S=YtD^#q5$p0UlVcEf`He~I_g!4J#p77WI~sbAGpE-7 zGoS0BKL5L}e|r9(em6p8EMdfvb!7x>5p?JwB5aMw+U2i^{ZkIQ<^RkpVEQ-Xh(`Zs Nn)iRL`v2Ag{|hEqelGw3 diff --git a/src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.pdb b/src/SimpleSocialAuth.Mvc4/obj/Debug/SimpleSocialAuth.Mvc4.pdb deleted file mode 100644 index f0139e685b1b71b1e8a358f5dbcd164f041d13c2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24064 zcmeHP3yhT26~6!OIxZ-W#T5}>11$1%c6M1l^y1{CcUc9{KlcXXLqW@Z&q zZ3eqF_-KNuO*BypLT%G3AuTn1K(kG#@fn{nHnoN}#;9pUtx-%6`hE8?|Nqa-!h*A{ zz#Kh$|9j85=Rfy#&bjyg!}4e(5l_b3Q~t*4#%a_1%R`I&^?_h;*wC>}Aps~6!a`CF ze3yAZKqbY$XFv~(8DWXm^syqGr9I#e9zFKcv$XBSW*<9t-t#rqY}&Dr8j)0rW5>#n zmZtHi2xoK;^QJ+>BAqq_gcla`6_?j zqj%q2(f)eH{;5J7E^pr7`b6y8FSp&b?CFmi-q@1(`NK3DgpT0{XSTia!g8_i%5jtK zd*OSNP*w`09q|Fj11A8hfad~-14jT^zZ^IOI23pu@O9%nftLU;1zrZc9OwsL0UQS`!tr|`-}sbf*r;PpVE#=mI) z2XBl9Q*xokzi9slbCd>8_R&K}5AlBQPq^n3O;@*cC*rr*kyNrJlI#p8x?2{9d)nKh zv6fJDLwA=Qibta1t_3}*&X!~%l2aI1ep{rjrLiZGuw$vlcr0aaN`>rXG8&HsB1s|I za^-hu`AI21DdmTa{OrQO2Fi~p`4J^Q>BujP`m0mXt|ZkhjJ7>STw%0ZlG@O|&4dhAW*#npSGia5e)n842|BCOVU$XLa%yB!zobR$8&vOav#mPu1yYu@W z{(TLe*}JWpW+OEa#)IK~{;Ba}$xB(SK+@d295utcW5LoYOO()=l0W`xZz~67xo8r#NXsy0oNK%r^9(r8gy@gmaMAduhiTrT{wI_@L1m@?5As;a390>H=j z1x}2Sz4_&AXqRO8-wg za5BJoKwH3eoUZ<#_SD!>H76`NKiCg$JBl$$vz<(77nv$MS|uimD>E|GxLI-xvt{6( zTFSs(b((kDxUYsR+Vhzndp->``Umn5+(b+M^vk ziEs-0SMZH;=1gE&G`0~%o-)LaJXOdkTivYv4L8KA!W}qW=qJWpenaC7t~0-!*3eZ? z@7#Fq}02HoBmt@hLNbh9lVC0`coug zv%LC`*X?uYLPTR-(U={Q;!zdf;P@-}ZZ{9d&aD4EWCGAG7{EJe-j&W->%Zv#UHcPs zEcel{m$b7o);In7P4@pB+ZIkN0N1+#%n_gRK`03!?6WyfPOwLleUKYtP-dTghw()$ z!`{KCd=xT)h;%Ne@($y>DU<%r%wM<9giVusDl8tkr@}r4es{9;muIv8|LD+B^us!K zUB(a4Mi3?gTY%j_+Vx$)eZW_M?*oqjE5SS+n6qDZ%?0cw<$AbU+r~<6E&+2?BL8AM zeETs+GZ!_A>>ljV;#fCejz{Bg1cWb z=NHCb(EgioStehg{5XmwP(O~nBo+O?jF(|cWIWDOlI%06)6M@!W09_&HoMJ42?IaZ z+O&ec&dlEiv)9#jo_inzBQS^Jm_Tw4&2=Wxjp0Nr8taftJP2ma$>^M!_gn;k-71lPVNZO$M(13WrLISy=NQywJ;O^~>38ssytF~YT^g7zJT9li0>(s|Nd3SfnPNmqDOYO}`>_pYtck{&JH-x)->_zc}W`(S= z;Nx()`8MD>E!<(tbC!YmV(&aKc5EaY0pK^<24IVPwRoYN2MFv}+R1oNLLSY?{#=2M zc^k+&hL8P0eweqs{mC{^zC(w4e~jMBY66)*Jl_NOcMMAWqpde&*5YIp}**P{P-?gg;+WNc*C&Hvi} zJMjVR2%;|D+J~`gOni;?^C{}i1**8glIH@*dd{#A`=`0C;TwLq5Gm|E;!vK0O_eb@ zWvl`+reRFK9Vr3RRo0sd4lorI2i>CdA|1u%9O3QGX8>lnr%SBRa&Qj5O+5qKTC+aI*}rNOvjL- zU((#?Q!e+<-$H&f(s>a3I8wADy%Q<=WXqFC7bCCwI4!8o?3ET?Y4(tQI1w0HKS*r9~g0zj#=&CElMCnf$FO`b^ zgR0SDii5 zPE%RVlS-sRk!L)Lb)JT;;km_KTub25YZDd+pw{DMNGHj)W9CAiq^fyw2O9bi@S6hs zP1o2V)t~q=2-`51HbOCuhYcN>eu*-sKhx#x2j*)u{rAW)e~;$-uBNk$c)c$FvrZq@ z_5PvjF<2(wUp0M)PNO=tHQz#=zN+QIKFWH{x<2f#%=3o_ly{Zp->>uc=yax*d!eT9 z(CL>ty-d^Z)cFr|y*u@LEKGW^^b04Tr&-Zc-;)7x0P?|QOgY7Q0BUDL+Ff9k`Q2G* ztK0?DKXU;<0`e?6CCF3J)7+7{QayB%6;DoaZp~9Jp}9V3;NEu(unI^&#{r=qSp{qb zZUXiKw*emk{sOoc*av(O_!jV8;K#rtK;ED5EX@z(dD?6s{RZy>cqiNmOaart`+*Mu zcLDLgm^^cqABlvVPi%Po5%7M6C+cQ5F08E&)}h8Immet87ktKNaQMoE_8AfG7nIMS z{$;}Xh{o`%a?Ri7m2KsbZ5i3M+>0vN>?2Fcb}sIXd_~jpv41hTvwtk1F3}CID$~4Z zsNp>#dDVfo;ZajmdO`8$67$3|r z_SAD-2${NyN58Xx{$DLGD3%9|Z^%QEMVx!|2e=2QFi+GIWvaN>p&5#zF}8JR^4d=_upZ-AckF6vTB0q)7?o`# zl!*AP>PgAu9Xw+eLaDHm>WQ=|75p~Lp~=tJB$;2+(2gAh`te>&EBPC5ri9UuSq7!n z;MtAmAPYqMs!njdQ-^UuiF&j_)K1{QEWoFd<|t>x8GvH*Ybx6k`49ucgc(^%U$2VtrN(~kV@8Ya5=62LAX zANPE2jbWaU`@ZAH|5yDX@QD^D{eY6<{3Xr!ai>&0k>-v691hZ^0S6ZUdFvG>{`1Q8 z#(!Q~|M8zXM^*FvMDbsiOe`oT#`Ds=@t>F0fBdJ;0G;^HThAN+d1>DG&!I8?8zu+e z%KY0t<6v;gX$%0){Nuj|L`!6$Mk)TP|H#8HM;JT%Ag3_D7|Xl%`NOfoh|m1IuQ1}g zE4grLdUx!UD}?#2rXDhsXy8C8I3EkrJR9n9(+2}JR{Ae>Jbo7M?EZ0Yed{&XZu$3) zFBU#`&4?%QqH27Ud24g5Jua$aVO$Oi8OL_oVSEU>zAGNNRTUI6D)0CAodpk}Gr!F& zxa89&{(leSUX1^byF|`tBICI>pxOWb4RQ8~_WumtCc|JXflJtn&Eh85i9W~&<~FVX8(JCxc3!) e;5guTU=?rza1t;Rh~c>ixjn#plOmkGJ@8+w9fT?X From b610c315262d127d5c69a1ee1ddc104f8b58d2d8 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Mon, 10 Jun 2013 12:44:30 -0700 Subject: [PATCH 02/28] Remove additional compile artifacts --- ...esignTimeResolveAssemblyReferencesInput.cache | Bin 6318 -> 0 bytes ...esignTimeResolveAssemblyReferencesInput.cache | Bin 6344 -> 0 bytes 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 src/SimpleSocialAuth.MVC3/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache delete mode 100644 src/SimpleSocialAuth.Mvc4/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache diff --git a/src/SimpleSocialAuth.MVC3/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/src/SimpleSocialAuth.MVC3/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache deleted file mode 100644 index 6b98b45f0ac693d35b860b90b366fdb19c238a53..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6318 zcmeHLZByGu5VpZ67($C_N)l)irA^y3byd6OeI_4>4GGhbVQiOl26@O?I++V6$-O%P zF2ir>FX;3qw!5+|^WHMGX82%vyguLF?Q^@@yWPD+GLcC94G;d}b9V@cy~!-$OW#q( zHj@G26&2XbH;TUN`rbxqEvs)+A(`*J%;${olhum>SAn1}JsK!McvjyE>YQ0W(^l2r zr{2qYuHei&i%vdo&*w;ij3DIF6-ciF#%;vg@Dvq(^SvO=CKX1Rhz+k9C^-$29}>>} zLu#)|N!>bctsN=q;i}{Wj4t|~!y4<1(`k!%HnWMM-I3TUXPtoabwONu=!^X>t4iv? zyLX1S?sFUTeTZ{D-s;+dUtB+^Ev`NE zKD%7RqYM3~XXzaDlp z9@d#c?Q-BL=F-lT^OD*|k=l?ptZ9kF5YS{YiC>_9j8s}uQ5Rec-jSuyX^hv@qk>t+ zTd=@~{LaobL%^%I2@mKNVdBG2(a?$#%xh$IS6aT{tlrxvbN_jpEH09HYkncWT$rP| zrR7@ox^>*rrN&{0T7S)Y%f%&=0~d|Mi=y2WhwxkOQ+?h*m?@-(fsCb7*c?FuCv75q z2MBhL;-55!;f|^k#U>fh%s!@Q=9>CF=?MCNLBwjl@ z(I!AntF&T5^!f-VxHK)fM?}+nO#;VZo>^gTlhcZCF~U~^wP#9UUFbA6w~GbSuYWX4 zv>r5oN(j(Zh$>|&eSQ#S3}xz2K|P2@hDEGBn*IcJ`4q^^+2wWybYC zoR)#!RLGygmMa<8K7-a6_8Em-A-|ly2mdo@T>NUEBQXw{=h_-(J}JZIT)Q8(=n>7J z{lf)4fW|NVF-ntI`=o*ThKZE+5JYd^L^Q-d^Nn&LV`@kv51*W|yl7%CsM+J7CNm(r zQCu-0-Zvm2)5H8se}1&I@SPc1Uhg;o~}i4d(gi40nT5kC^}rMp$7#rUU^+v%g5pO zx4in;sf~`NzkyS)`(&_Iz)L{wTOj5BpSu~XLqdS(&`7Pr?OhT}lCV%Yvl6UP@X3UA z3N*AAKpq?yFTFTC(Y^=n)bShUDZD{j7jRDrd*npRLjTNh_3~@7)`|85@cU8w7$9fj zxJ(W)QO0Yu6YWRnTDVEV*-I-kSUQAu%0VNJ7lG9bK6gT^BNRTve-2KNf4ejvoFLIf HXl?u-rcXT& diff --git a/src/SimpleSocialAuth.Mvc4/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/src/SimpleSocialAuth.Mvc4/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache deleted file mode 100644 index 0ad0c403a271d9941573ed1276a2578ec5e7da85..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6344 zcmeHLZByGu5VpZ67($C_N)l*NrAgW}byd4Sc$wh?u_0j^G9KF{ok1RQmQLovNpkN_ zfXnb(`U^V!iS4dz%e=RlSTlUEJYJt~@AkP}?cMHPBAG}e{(%R7@wq(&#NJ|-@TKo4 zW1Go<@QMm-<{Jgyb$xHMxSrLwsgTU~R`WR{{ABe)z*QjVsz(DQ2+!)Jpw5}~3vE^X zed?{&b92suv*_gW_Ck)#kr9Mkx&rBCz_^Wgo1UV=Z@v?x*`&fK6S3(v10|HA#W|0YMDPJ%uC!4k+qC$zV_DV$U$?>M}9WV$gF(qh&NhMl6 zej4;p6fHIb^G@r2O6c@C)|T(FeJUPZ-d$v}$w>?o z-hc((=XZ9l83JCtO?W^{go*b*M?))0Ft3r-U1|A(vwClz%>VCgvbabVtc4f(<+*v9 zTUxGVuUp3rU1}V5sP)&ZH(XpYIdIW9yeQgDaR|TRKGo+9gqcEm7|2*Uh0PHpaMC8y zw}4>xDE>(!83Uq?14(GNfxJ8}cjC-S1+t7oBB&W<0;chHy&47B>;W8|*=}_1MB??M z6Kw+Iw2CVxM6VBUf=knqdqgzNS0r#8=9v}dHaV^M79)HuP%f{f{rU&9 zNb5lZsDuDrg{V@d(&qkL z&ubazO@;g^Y`Kzg?F(p)VV^OVo69e!@4){I8W+FXmq?65=DD_pnNP~FIoIxnEqX*V zX#a3Q_n`4>e~i*3);?*VzF{Jz-3QUzA0ry#pZQw3kTEr+k%v#tSY9--7u4)=P?H&u z-6*V>5bqn1km+H5rawDcdhxv(Szhlr0pu{JoFy{sS+_CKmc3y{p@Pm4nr#-qc4GkR z2K^A^D*$01W35ZQvjF*|SqEosd*^wVhU`Vq5bgoM?Z==~lmcNc9SDMnQV94E0PArA zb`<*>a8!IaMWTp-q(W7%d Date: Mon, 10 Jun 2013 12:46:16 -0700 Subject: [PATCH 03/28] Update nuget package versions --- .gitignore | 58 +++++++++++- ...impleSocialAuth.MVC3.1.0.0-refresh4.nuspec | 2 +- .../Consumers/FacebookConsumer.cs | 4 +- .../Consumers/GoogleConsumer.cs | 4 +- .../Handlers/FacebookHandler.cs | 8 +- .../Handlers/GoogleHandler.cs | 9 +- .../SimpleSocialAuth.Core.csproj | 93 ++++++++++++++++++- src/SimpleSocialAuth.Core/packages.config | 29 +++++- .../SimpleSocialAuth.MVC3.csproj | 13 +-- src/SimpleSocialAuth.MVC3/packages.config | 2 +- .../SimpleSocialAuth.Mvc4.csproj | 5 +- src/SimpleSocialAuth.Mvc4/packages.config | 2 +- 12 files changed, 190 insertions(+), 39 deletions(-) diff --git a/.gitignore b/.gitignore index 97d3ab6..e528e21 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,53 @@ -lib/* -bin/Debug/* -src/_ReSharper* -src/packages/* -*.DotSettings.user +[Oo]bj/ + +[Bb]in/ + +*.user + +/TestResults + +*.vspscc + +*.vssscc +deploy + +deploy/* + +*.suo + +*.cache + +*.docstates + +_ReSharper.* + +*.csproj.user + +*[Rr]e[Ss]harper.user + +_ReSharper.* +src/ +packages/* + +artifacts/* + +msbuild.log +PublishProfiles/ + +*.psess + +*.vsp + +*.pidb + +*.userprefs + +*DS_Store + +*.ncrunchsolution + +*.log + +*.vspx + +*.dbmdl \ No newline at end of file diff --git a/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec b/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec index 5138f67..8c18506 100644 --- a/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec +++ b/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec @@ -9,7 +9,7 @@ http://i.imgur.com/n1Q5A.png - + SimpleSocialAuth.MVC3 diff --git a/src/SimpleSocialAuth.Core/Consumers/FacebookConsumer.cs b/src/SimpleSocialAuth.Core/Consumers/FacebookConsumer.cs index ff5dee1..265f9ec 100644 --- a/src/SimpleSocialAuth.Core/Consumers/FacebookConsumer.cs +++ b/src/SimpleSocialAuth.Core/Consumers/FacebookConsumer.cs @@ -12,8 +12,8 @@ internal class FacebookConsumer : WebServerClient AuthorizationEndpoint = new Uri("https://graph.facebook.com/oauth/authorize") }; - public FacebookConsumer() - : base(FacebookDescription) + public FacebookConsumer(string clientIdentifier, string clientSecret) + : base(FacebookDescription, clientIdentifier, clientSecret) { AuthorizationTracker = new AuthorizationTracker(); diff --git a/src/SimpleSocialAuth.Core/Consumers/GoogleConsumer.cs b/src/SimpleSocialAuth.Core/Consumers/GoogleConsumer.cs index 5ec1715..9f9d366 100644 --- a/src/SimpleSocialAuth.Core/Consumers/GoogleConsumer.cs +++ b/src/SimpleSocialAuth.Core/Consumers/GoogleConsumer.cs @@ -12,8 +12,8 @@ internal class GoogleConsumer : WebServerClient AuthorizationEndpoint = new Uri("https://accounts.google.com/o/oauth2/auth") }; - public GoogleConsumer() - : base(GoogleDescription) + public GoogleConsumer(string clientIdentifier, string clientSecret) + : base(GoogleDescription, clientIdentifier, clientSecret) { AuthorizationTracker = new AuthorizationTracker(); diff --git a/src/SimpleSocialAuth.Core/Handlers/FacebookHandler.cs b/src/SimpleSocialAuth.Core/Handlers/FacebookHandler.cs index fa91603..719d0aa 100644 --- a/src/SimpleSocialAuth.Core/Handlers/FacebookHandler.cs +++ b/src/SimpleSocialAuth.Core/Handlers/FacebookHandler.cs @@ -10,11 +10,9 @@ namespace SimpleSocialAuth.Core.Handlers public class FacebookHandler : IAuthenticationHandler { private static readonly FacebookConsumer facebookConsumer = - new FacebookConsumer - { - ClientIdentifier = ConfigurationManager.AppSettings["facebookAppID"], - ClientSecret = ConfigurationManager.AppSettings["facebookAppSecret"] - }; + new FacebookConsumer( + ConfigurationManager.AppSettings["facebookAppID"], + ConfigurationManager.AppSettings["facebookAppSecret"]); #region IAuthenticationHandler Members diff --git a/src/SimpleSocialAuth.Core/Handlers/GoogleHandler.cs b/src/SimpleSocialAuth.Core/Handlers/GoogleHandler.cs index b66b367..49ab5ab 100644 --- a/src/SimpleSocialAuth.Core/Handlers/GoogleHandler.cs +++ b/src/SimpleSocialAuth.Core/Handlers/GoogleHandler.cs @@ -13,12 +13,9 @@ namespace SimpleSocialAuth.Core.Handlers /// Requires that the "googleAppID" and "googleAppSecret" is specified in the appSettings in web/app.config. public class GoogleHandler : IAuthenticationHandler { - private static readonly GoogleConsumer googleConsumer = - new GoogleConsumer - { - ClientIdentifier = ConfigurationManager.AppSettings["googleAppID"], - ClientSecret = ConfigurationManager.AppSettings["googleAppSecret"] - }; + private static readonly GoogleConsumer googleConsumer = new GoogleConsumer( + ConfigurationManager.AppSettings["googleAppID"], + ConfigurationManager.AppSettings["googleAppSecret"]); #region IAuthenticationHandler Members diff --git a/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj b/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj index 0e40c6b..c73e0d7 100644 --- a/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj +++ b/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj @@ -33,15 +33,99 @@ 4 - - ..\..\lib\DotNetOpenAuth.3.5.0.12037-refresh3\lib\DotNetOpenAuth.dll + + ..\packages\DotNetOpenAuth.Core.4.3.0.13117\lib\net40-full\DotNetOpenAuth.Core.dll - - ..\..\lib\Newtonsoft.Json.4.5.8\lib\net40\Newtonsoft.Json.dll + + ..\packages\DotNetOpenAuth.Core.UI.4.3.0.13117\lib\net40-full\DotNetOpenAuth.Core.UI.dll + + + ..\packages\DotNetOpenAuth.InfoCard.4.3.0.13117\lib\net40-full\DotNetOpenAuth.InfoCard.dll + + + ..\packages\DotNetOpenAuth.InfoCard.UI.4.3.0.13117\lib\net40-full\DotNetOpenAuth.InfoCard.UI.dll + + + ..\packages\DotNetOpenAuth.OAuth.Core.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OAuth.dll + + + ..\packages\DotNetOpenAuth.OAuth.Common.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll + + + ..\packages\DotNetOpenAuth.OAuth.Consumer.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OAuth.Consumer.dll + + + ..\packages\DotNetOpenAuth.OAuth.ServiceProvider.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OAuth.ServiceProvider.dll + + + ..\packages\DotNetOpenAuth.OAuth2.Core.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OAuth2.dll + + + ..\packages\DotNetOpenAuth.OAuth2.AuthorizationServer.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OAuth2.AuthorizationServer.dll + + + ..\packages\DotNetOpenAuth.OAuth2.Client.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OAuth2.Client.dll + + + ..\packages\DotNetOpenAuth.OAuth2.Client.UI.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OAuth2.Client.UI.dll + + + ..\packages\DotNetOpenAuth.OAuth2.ClientAuthorization.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OAuth2.ClientAuthorization.dll + + + ..\packages\DotNetOpenAuth.OAuth2.ResourceServer.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OAuth2.ResourceServer.dll + + + ..\packages\DotNetOpenAuth.OpenId.Core.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OpenId.dll + + + ..\packages\DotNetOpenAuth.OpenId.Provider.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OpenId.Provider.dll + + + ..\packages\DotNetOpenAuth.OpenId.Provider.UI.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OpenId.Provider.UI.dll + + + ..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll + + + ..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll + + + ..\packages\DotNetOpenAuth.OpenId.Core.UI.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll + + + ..\packages\DotNetOpenAuth.OpenIdInfoCard.UI.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OpenIdInfoCard.UI.dll + + + ..\packages\DotNetOpenAuth.OpenIdOAuth.4.3.0.13117\lib\net40-full\DotNetOpenAuth.OpenIdOAuth.dll + + + ..\packages\Newtonsoft.Json.5.0.6\lib\net40\Newtonsoft.Json.dll + + False + ..\packages\Microsoft.Net.Http.2.1.10\lib\net40\System.Net.Http.dll + + + ..\packages\Microsoft.Net.Http.2.1.10\lib\net40\System.Net.Http.Extensions.dll + + + ..\packages\Microsoft.Net.Http.2.1.10\lib\net40\System.Net.Http.Primitives.dll + + + False + ..\packages\Microsoft.Net.Http.2.1.10\lib\net40\System.Net.Http.WebRequest.dll + + + ..\packages\Microsoft.Bcl.1.0.19\lib\net40\System.Runtime.dll + + + ..\packages\Microsoft.Bcl.1.0.19\lib\net40\System.Threading.Tasks.dll + + @@ -75,6 +159,7 @@ + + + + + + + \ No newline at end of file From 4dca65fec3429fa807d7b8082b6da204bd9b326d Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Mon, 10 Jun 2013 13:59:01 -0700 Subject: [PATCH 07/28] Fix namespace issues in MVC4 project --- ...impleSocialAuth.MVC3.1.0.0-refresh4.nuspec | 4 +- nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec | 4 +- nuget/{content => content.mvc3}/LogIn.cshtml | 0 .../SimpleAuthController.cs.pp | 0 nuget/content.mvc4/LogIn.cshtml | 23 ++++++ nuget/content.mvc4/SimpleAuthController.cs.pp | 70 +++++++++++++++++++ .../SimpleSocialAuth.Core.csproj | 4 +- src/SimpleSocialAuth.Mvc4/HtmlExtensions.cs | 8 +-- src/SimpleSocialAuth.Mvc4/RequestAdapter.cs | 2 +- .../SimpleSocialAuth.Mvc4.csproj | 1 - src/SimpleSocialAuth.Mvc4/Utils.cs | 19 ----- src/SimpleSocialAuth.sln | 18 +++++ 12 files changed, 121 insertions(+), 32 deletions(-) rename nuget/{content => content.mvc3}/LogIn.cshtml (100%) rename nuget/{content => content.mvc3}/SimpleAuthController.cs.pp (100%) create mode 100644 nuget/content.mvc4/LogIn.cshtml create mode 100644 nuget/content.mvc4/SimpleAuthController.cs.pp delete mode 100644 src/SimpleSocialAuth.Mvc4/Utils.cs diff --git a/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec b/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec index 8c18506..35425a7 100644 --- a/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec +++ b/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec @@ -21,8 +21,8 @@ social auth oauth asp.net-mvc - - + + diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec index 3e9859d..9e83130 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec @@ -21,8 +21,8 @@ social auth oauth asp.net-mvc - - + + diff --git a/nuget/content/LogIn.cshtml b/nuget/content.mvc3/LogIn.cshtml similarity index 100% rename from nuget/content/LogIn.cshtml rename to nuget/content.mvc3/LogIn.cshtml diff --git a/nuget/content/SimpleAuthController.cs.pp b/nuget/content.mvc3/SimpleAuthController.cs.pp similarity index 100% rename from nuget/content/SimpleAuthController.cs.pp rename to nuget/content.mvc3/SimpleAuthController.cs.pp diff --git a/nuget/content.mvc4/LogIn.cshtml b/nuget/content.mvc4/LogIn.cshtml new file mode 100644 index 0000000..ad92faf --- /dev/null +++ b/nuget/content.mvc4/LogIn.cshtml @@ -0,0 +1,23 @@ +@using SimpleSocialAuth.Mvc4 + +@{ + ViewBag.Title = "LogIn"; +} + +

LogIn

+ +@Html.RenderAuthStylesheet() +@Html.RenderAuthScript() +@Html.RenderAuthWarnings() + +@if (TempData["authError"] != null) +{ +

+ @TempData["authError"] +

+} + +@using (Html.BeginForm("Authenticate", "SimpleAuth", FormMethod.Post, new { id = "authForm" })) +{ + @Html.AuthButtons() +} \ No newline at end of file diff --git a/nuget/content.mvc4/SimpleAuthController.cs.pp b/nuget/content.mvc4/SimpleAuthController.cs.pp new file mode 100644 index 0000000..c33d658 --- /dev/null +++ b/nuget/content.mvc4/SimpleAuthController.cs.pp @@ -0,0 +1,70 @@ +using System.Web; +using System.Web.Mvc; +using System.Web.Security; +using SimpleSocialAuth.MVC4; + +namespace $rootnamespace$.Controllers +{ + public class SimpleAuthController : Controller + { + public ActionResult LogIn() + { + if (Request.IsAuthenticated) + { + return + RedirectToAction("Index", "Home"); + } + + Session["ReturnUrl"] = + Request.QueryString["returnUrl"]; + + return View(); + } + + // TODO: HI Errors handling + [HttpPost] + public ActionResult Authenticate(AuthType authType) + { + var authHandler = + AuthHandlerFactory.CreateAuthHandler(authType); + + string redirectUrl = + authHandler + .PrepareAuthRequest( + Request, + Url.Action("DoAuth", new { authType = (int)authType })); + + return + Redirect(redirectUrl); + } + + public ActionResult DoAuth(AuthType authType) + { + var authHandler = + AuthHandlerFactory.CreateAuthHandler(authType); + + var userData = + authHandler + .ProcessAuthRequest(Request as HttpRequestWrapper); + + if (userData == null) + { + TempData["authError"] = + "Authentication has failed."; + + return + RedirectToAction("LogIn"); + } + + // TODO: Here you can check if such user exists in your database, etc. + + // NOTE: this is just simple usage of setting AuthCookie + FormsAuthentication.SetAuthCookie(userData.UserName, true); + + return + Session["ReturnUrl"] != null + ? (ActionResult) Redirect((string) Session["ReturnUrl"]) + : RedirectToAction("Index", "Home"); + } + } +} diff --git a/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj b/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj index c73e0d7..74ae41e 100644 --- a/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj +++ b/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj @@ -154,9 +154,7 @@ - - - + diff --git a/src/SimpleSocialAuth.Mvc4/HtmlExtensions.cs b/src/SimpleSocialAuth.Mvc4/HtmlExtensions.cs index 3a5008c..3e6587d 100644 --- a/src/SimpleSocialAuth.Mvc4/HtmlExtensions.cs +++ b/src/SimpleSocialAuth.Mvc4/HtmlExtensions.cs @@ -4,7 +4,7 @@ using System.Web.Mvc; using System.Web.UI; using HtmlTags; -using SimpleSocialAuth.MVC3; +using SimpleSocialAuth.Core; namespace SimpleSocialAuth.Mvc4 { @@ -15,7 +15,7 @@ public static MvcHtmlString RenderAuthScript(this HtmlHelper htmlHelper) return new MvcHtmlString( new HtmlTag("script") - .Attr("src", WebResource(typeof (Utils), "SimpleSocialAuth.MVC3.Scripts.jquery.auth.js")) + .Attr("src", WebResource(typeof (Utils), "SimpleSocialAuth.MVC4.Scripts.jquery.auth.js")) .Attr("type", @"text/javascript") .ToHtmlString()); } @@ -26,12 +26,12 @@ public static MvcHtmlString RenderAuthStylesheet(this HtmlHelper htmlHelper) new HtmlTag("style") .Attr("type", "text/css") .Text(@".largeBtn { background-image: url(" + - WebResource(typeof (Utils), "SimpleSocialAuth.MVC3.Images.auth_logos.png") + "); }"); + WebResource(typeof (Utils), "SimpleSocialAuth.MVC4.Images.auth_logos.png") + "); }"); var includedStyles = new HtmlTag("link") .Attr("rel", "stylesheet") - .Attr("href", WebResource(typeof (Utils), "SimpleSocialAuth.MVC3.Stylesheets.auth.css")) + .Attr("href", WebResource(typeof (Utils), "SimpleSocialAuth.MVC4.Stylesheets.auth.css")) .Attr("type", @"text/css"); return diff --git a/src/SimpleSocialAuth.Mvc4/RequestAdapter.cs b/src/SimpleSocialAuth.Mvc4/RequestAdapter.cs index 661833a..f4d1cb8 100644 --- a/src/SimpleSocialAuth.Mvc4/RequestAdapter.cs +++ b/src/SimpleSocialAuth.Mvc4/RequestAdapter.cs @@ -2,7 +2,7 @@ using System.Web; using SimpleSocialAuth.Core; -namespace SimpleSocialAuth.MVC3 +namespace SimpleSocialAuth.Mvc4 { /// /// Takes a request and adapts it to our authentication framework. diff --git a/src/SimpleSocialAuth.Mvc4/SimpleSocialAuth.Mvc4.csproj b/src/SimpleSocialAuth.Mvc4/SimpleSocialAuth.Mvc4.csproj index 6ab505b..c5c07c6 100644 --- a/src/SimpleSocialAuth.Mvc4/SimpleSocialAuth.Mvc4.csproj +++ b/src/SimpleSocialAuth.Mvc4/SimpleSocialAuth.Mvc4.csproj @@ -54,7 +54,6 @@ - diff --git a/src/SimpleSocialAuth.Mvc4/Utils.cs b/src/SimpleSocialAuth.Mvc4/Utils.cs deleted file mode 100644 index 76e153e..0000000 --- a/src/SimpleSocialAuth.Mvc4/Utils.cs +++ /dev/null @@ -1,19 +0,0 @@ -using System.Web; - -namespace SimpleSocialAuth.MVC3 -{ - public static class Utils - { - public static string GetUrlBase(HttpRequestBase request) - { - if (request.Url == null) - { - return null; - } - - return - request.Url.Scheme + "://" + - request.Url.Authority; - } - } -} \ No newline at end of file diff --git a/src/SimpleSocialAuth.sln b/src/SimpleSocialAuth.sln index dc00438..1865f0f 100644 --- a/src/SimpleSocialAuth.sln +++ b/src/SimpleSocialAuth.sln @@ -14,6 +14,20 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = ".nuget", ".nuget", "{2F355B .nuget\NuGet.targets = .nuget\NuGet.targets EndProjectSection EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "content", "content", "{415946F4-2526-4B13-8F67-CB42C5F72739}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "content.mvc3", "content.mvc3", "{B153952A-5808-46B4-A2C0-2FA1A7C7A49E}" + ProjectSection(SolutionItems) = preProject + ..\nuget\content.mvc3\LogIn.cshtml = ..\nuget\content.mvc3\LogIn.cshtml + ..\nuget\content.mvc3\SimpleAuthController.cs.pp = ..\nuget\content.mvc3\SimpleAuthController.cs.pp + EndProjectSection +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "content.mvc4", "content.mvc4", "{2E0EFE72-D86E-48A7-814D-A44F1100A2BF}" + ProjectSection(SolutionItems) = preProject + ..\nuget\content.mvc4\LogIn.cshtml = ..\nuget\content.mvc4\LogIn.cshtml + ..\nuget\content.mvc4\SimpleAuthController.cs.pp = ..\nuget\content.mvc4\SimpleAuthController.cs.pp + EndProjectSection +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -36,4 +50,8 @@ Global GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE EndGlobalSection + GlobalSection(NestedProjects) = preSolution + {B153952A-5808-46B4-A2C0-2FA1A7C7A49E} = {415946F4-2526-4B13-8F67-CB42C5F72739} + {2E0EFE72-D86E-48A7-814D-A44F1100A2BF} = {415946F4-2526-4B13-8F67-CB42C5F72739} + EndGlobalSection EndGlobal From 0bf56807900cd41c6faf53c0a748c72a097fd715 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Mon, 10 Jun 2013 14:41:35 -0700 Subject: [PATCH 08/28] Fix more namespace issues --- ...impleSocialAuth.MVC3.1.0.0-refresh4.nuspec | 1 + nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec | 9 +- nuget/content.mvc3/SimpleAuthController.cs.pp | 1 + nuget/content.mvc4/SimpleAuthController.cs.pp | 3 +- .../Handlers/FacebookHandler.cs | 97 +++++++++---------- .../Handlers/GoogleHandler.cs | 2 +- .../Handlers/PrepareAuthenticationContext.cs | 42 ++++---- .../Handlers/TwitterHandler.cs | 2 +- .../Properties/AssemblyInfo.cs | 2 +- src/SimpleSocialAuth.Core/Utils.cs | 28 +++--- .../Properties/AssemblyInfo.cs | 2 +- src/SimpleSocialAuth.MVC3/RequestAdapter.cs | 2 +- .../Properties/AssemblyInfo.cs | 2 +- src/SimpleSocialAuth.Mvc4/RequestAdapter.cs | 2 +- src/SimpleSocialAuth.sln | 12 ++- 15 files changed, 110 insertions(+), 97 deletions(-) diff --git a/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec b/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec index 35425a7..2e26798 100644 --- a/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec +++ b/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec @@ -24,6 +24,7 @@ + diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec index 9e83130..ab17291 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec @@ -21,13 +21,14 @@ social auth oauth asp.net-mvc - - - - + + + + + \ No newline at end of file diff --git a/nuget/content.mvc3/SimpleAuthController.cs.pp b/nuget/content.mvc3/SimpleAuthController.cs.pp index d541053..25aa45e 100644 --- a/nuget/content.mvc3/SimpleAuthController.cs.pp +++ b/nuget/content.mvc3/SimpleAuthController.cs.pp @@ -1,6 +1,7 @@ using System.Web; using System.Web.Mvc; using System.Web.Security; +using SimpleSocialAuth.Core; using SimpleSocialAuth.MVC3; namespace $rootnamespace$.Controllers diff --git a/nuget/content.mvc4/SimpleAuthController.cs.pp b/nuget/content.mvc4/SimpleAuthController.cs.pp index c33d658..f276702 100644 --- a/nuget/content.mvc4/SimpleAuthController.cs.pp +++ b/nuget/content.mvc4/SimpleAuthController.cs.pp @@ -1,7 +1,8 @@ using System.Web; using System.Web.Mvc; using System.Web.Security; -using SimpleSocialAuth.MVC4; +using SimpleSocialAuth.Core; +using SimpleSocialAuth.Mvc4; namespace $rootnamespace$.Controllers { diff --git a/src/SimpleSocialAuth.Core/Handlers/FacebookHandler.cs b/src/SimpleSocialAuth.Core/Handlers/FacebookHandler.cs index 719d0aa..3df2110 100644 --- a/src/SimpleSocialAuth.Core/Handlers/FacebookHandler.cs +++ b/src/SimpleSocialAuth.Core/Handlers/FacebookHandler.cs @@ -7,66 +7,65 @@ namespace SimpleSocialAuth.Core.Handlers { - public class FacebookHandler : IAuthenticationHandler - { - private static readonly FacebookConsumer facebookConsumer = - new FacebookConsumer( + public class FacebookHandler : IAuthenticationHandler + { + private static readonly FacebookConsumer facebookConsumer = + new FacebookConsumer( ConfigurationManager.AppSettings["facebookAppID"], ConfigurationManager.AppSettings["facebookAppSecret"]); - #region IAuthenticationHandler Members + #region IAuthenticationHandler Members - public string PrepareAuthRequest(PrepareAuthenticationContext context) - { - var authorization = - facebookConsumer.ProcessUserAuthorization(); + public string PrepareAuthRequest(PrepareAuthenticationContext context) + { + var authorization = facebookConsumer.ProcessUserAuthorization(); - var callback = - new Uri(Utils.GetUrlBase(context.Request) + context.RedirectPath); + var callback = + new Uri(Utils.GetUrlBase(context.RequestUri) + context.RedirectPath); - if (authorization == null) - { - return - facebookConsumer - .PrepareRequestUserAuthorization(returnTo: callback) - .Headers["Location"]; - } + if (authorization == null) + { + return + facebookConsumer + .PrepareRequestUserAuthorization(returnTo: callback) + .Headers["Location"]; + } - return null; - } + return null; + } - public BasicUserData ProcessAuthRequest(ProcessAuthenticationContext context) - { - var authorization = - facebookConsumer.ProcessUserAuthorization(); + public BasicUserData ProcessAuthRequest(ProcessAuthenticationContext context) + { + var authorization = + facebookConsumer.ProcessUserAuthorization(); - if (authorization.AccessToken == null) - { - return null; - } + if (authorization.AccessToken == null) + { + return null; + } - var graphRequest = - WebRequest - .Create("https://graph.facebook.com/me?access_token=" + - Uri.EscapeDataString(authorization.AccessToken)); + var graphRequest = + WebRequest + .Create("https://graph.facebook.com/me?access_token=" + + Uri.EscapeDataString(authorization.AccessToken)); - using (var response = graphRequest.GetResponse()) - using (var responseStream = response.GetResponseStream()) - using (var streamReader = new StreamReader(responseStream)) - { - var json = streamReader.ReadToEnd(); - var jsonObject = JObject.Parse(json); + using (var response = graphRequest.GetResponse()) + using (var responseStream = response.GetResponseStream()) + using (var streamReader = new StreamReader(responseStream)) + { + var json = streamReader.ReadToEnd(); + var jsonObject = JObject.Parse(json); - return - new BasicUserData - { - UserId = jsonObject["id"].ToString(), - UserName = jsonObject["name"].ToString(), - PictureUrl = string.Format("http://graph.facebook.com/{0}/picture", jsonObject["id"]) - }; - } - } + return + new BasicUserData + { + UserId = jsonObject["id"].ToString(), + UserName = jsonObject["name"].ToString(), + PictureUrl = string.Format("http://graph.facebook.com/{0}/picture", jsonObject["id"]) + }; + } + } - #endregion - } + #endregion + } } \ No newline at end of file diff --git a/src/SimpleSocialAuth.Core/Handlers/GoogleHandler.cs b/src/SimpleSocialAuth.Core/Handlers/GoogleHandler.cs index 49ab5ab..3aa708b 100644 --- a/src/SimpleSocialAuth.Core/Handlers/GoogleHandler.cs +++ b/src/SimpleSocialAuth.Core/Handlers/GoogleHandler.cs @@ -25,7 +25,7 @@ public string PrepareAuthRequest(PrepareAuthenticationContext context) googleConsumer.ProcessUserAuthorization(); var callback = - new Uri(Utils.GetUrlBase(context.Request) + context.RedirectPath); + new Uri(Utils.GetUrlBase(context.RequestUri) + context.RedirectPath); if (authorization == null) { diff --git a/src/SimpleSocialAuth.Core/Handlers/PrepareAuthenticationContext.cs b/src/SimpleSocialAuth.Core/Handlers/PrepareAuthenticationContext.cs index 3f216c1..8645d29 100644 --- a/src/SimpleSocialAuth.Core/Handlers/PrepareAuthenticationContext.cs +++ b/src/SimpleSocialAuth.Core/Handlers/PrepareAuthenticationContext.cs @@ -1,28 +1,28 @@ +using System; using System.Collections.Generic; namespace SimpleSocialAuth.Core.Handlers { - public class PrepareAuthenticationContext - { - public PrepareAuthenticationContext(IHttpRequest request, ISessionStorage sessionStorage, string redirectPath, - IDictionary parameters) - { - Request = request; - SessionStorage = sessionStorage; - RedirectPath = redirectPath; - Parameters = parameters; - } + public class PrepareAuthenticationContext + { + public PrepareAuthenticationContext(ISessionStorage sessionStorage, Uri requestUri, string redirectPath, IDictionary parameters) + { + RequestUri = requestUri; + SessionStorage = sessionStorage; + RedirectPath = redirectPath; + Parameters = parameters; + } - public PrepareAuthenticationContext(IHttpRequest request, ISessionStorage sessionStorage, string redirectPath) - { - Request = request; - SessionStorage = sessionStorage; - RedirectPath = redirectPath; - } + public PrepareAuthenticationContext(ISessionStorage sessionStorage, Uri requestUri, string redirectPath) + { + RequestUri = requestUri; + SessionStorage = sessionStorage; + RedirectPath = redirectPath; + } - public IHttpRequest Request { get; private set; } - public ISessionStorage SessionStorage { get; private set; } - public string RedirectPath { get; private set; } - public IDictionary Parameters { get; private set; } - } + public Uri RequestUri { get; private set; } + public ISessionStorage SessionStorage { get; private set; } + public string RedirectPath { get; private set; } + public IDictionary Parameters { get; private set; } + } } \ No newline at end of file diff --git a/src/SimpleSocialAuth.Core/Handlers/TwitterHandler.cs b/src/SimpleSocialAuth.Core/Handlers/TwitterHandler.cs index b3d3c3e..a660f69 100644 --- a/src/SimpleSocialAuth.Core/Handlers/TwitterHandler.cs +++ b/src/SimpleSocialAuth.Core/Handlers/TwitterHandler.cs @@ -15,7 +15,7 @@ public class TwitterHandler : IAuthenticationHandler public string PrepareAuthRequest(PrepareAuthenticationContext context) { var callback = - new Uri(Utils.GetUrlBase(context.Request) + context.RedirectPath); + new Uri(Utils.GetUrlBase(context.RequestUri) + context.RedirectPath); var consumer = new TwitterConsumer(context.SessionStorage); return consumer diff --git a/src/SimpleSocialAuth.Core/Properties/AssemblyInfo.cs b/src/SimpleSocialAuth.Core/Properties/AssemblyInfo.cs index 5d374b7..141a635 100644 --- a/src/SimpleSocialAuth.Core/Properties/AssemblyInfo.cs +++ b/src/SimpleSocialAuth.Core/Properties/AssemblyInfo.cs @@ -35,5 +35,5 @@ // by using the '*' as shown below: // [assembly: AssemblyVersion("1.0.*")] -[assembly: AssemblyVersion("1.0.0.0")] +[assembly: AssemblyVersion("1.0.*")] [assembly: AssemblyFileVersion("1.0.0.0")] \ No newline at end of file diff --git a/src/SimpleSocialAuth.Core/Utils.cs b/src/SimpleSocialAuth.Core/Utils.cs index 04b8208..1be1915 100644 --- a/src/SimpleSocialAuth.Core/Utils.cs +++ b/src/SimpleSocialAuth.Core/Utils.cs @@ -1,17 +1,17 @@ -namespace SimpleSocialAuth.Core +using System; + +namespace SimpleSocialAuth.Core { - public static class Utils - { - public static string GetUrlBase(IHttpRequest request) - { - if (request.Url == null) - { - return null; - } + public static class Utils + { + public static string GetUrlBase(Uri uri) + { + if (uri == null) + { + return null; + } - return - request.Url.Scheme + "://" + - request.Url.Authority; - } - } + return uri.Scheme + "://" + uri.Authority; + } + } } \ No newline at end of file diff --git a/src/SimpleSocialAuth.MVC3/Properties/AssemblyInfo.cs b/src/SimpleSocialAuth.MVC3/Properties/AssemblyInfo.cs index 8c3d8f0..04825e6 100644 --- a/src/SimpleSocialAuth.MVC3/Properties/AssemblyInfo.cs +++ b/src/SimpleSocialAuth.MVC3/Properties/AssemblyInfo.cs @@ -36,7 +36,7 @@ // by using the '*' as shown below: // [assembly: AssemblyVersion("1.0.*")] -[assembly: AssemblyVersion("1.0.0.0")] +[assembly: AssemblyVersion("1.0.*")] [assembly: AssemblyFileVersion("1.0.0.0")] [assembly: WebResource("SimpleSocialAuth.MVC3.Scripts.jquery.auth.js", "application/x-javascript")] [assembly: WebResource("SimpleSocialAuth.MVC3.Stylesheets.auth.css", "text/css")] diff --git a/src/SimpleSocialAuth.MVC3/RequestAdapter.cs b/src/SimpleSocialAuth.MVC3/RequestAdapter.cs index 661833a..500c0c1 100644 --- a/src/SimpleSocialAuth.MVC3/RequestAdapter.cs +++ b/src/SimpleSocialAuth.MVC3/RequestAdapter.cs @@ -7,7 +7,7 @@ namespace SimpleSocialAuth.MVC3 /// /// Takes a request and adapts it to our authentication framework. /// - internal class RequestAdapter : IHttpRequest + public class RequestAdapter : IHttpRequest { private readonly HttpRequestBase _request; diff --git a/src/SimpleSocialAuth.Mvc4/Properties/AssemblyInfo.cs b/src/SimpleSocialAuth.Mvc4/Properties/AssemblyInfo.cs index a1eddb7..2e63fae 100644 --- a/src/SimpleSocialAuth.Mvc4/Properties/AssemblyInfo.cs +++ b/src/SimpleSocialAuth.Mvc4/Properties/AssemblyInfo.cs @@ -35,5 +35,5 @@ // by using the '*' as shown below: // [assembly: AssemblyVersion("1.0.*")] -[assembly: AssemblyVersion("1.0.0.0")] +[assembly: AssemblyVersion("1.0.*")] [assembly: AssemblyFileVersion("1.0.0.0")] \ No newline at end of file diff --git a/src/SimpleSocialAuth.Mvc4/RequestAdapter.cs b/src/SimpleSocialAuth.Mvc4/RequestAdapter.cs index f4d1cb8..6946390 100644 --- a/src/SimpleSocialAuth.Mvc4/RequestAdapter.cs +++ b/src/SimpleSocialAuth.Mvc4/RequestAdapter.cs @@ -7,7 +7,7 @@ namespace SimpleSocialAuth.Mvc4 /// /// Takes a request and adapts it to our authentication framework. /// - internal class RequestAdapter : IHttpRequest + public class RequestAdapter : IHttpRequest { private readonly HttpRequestBase _request; diff --git a/src/SimpleSocialAuth.sln b/src/SimpleSocialAuth.sln index 1865f0f..8aed935 100644 --- a/src/SimpleSocialAuth.sln +++ b/src/SimpleSocialAuth.sln @@ -14,7 +14,11 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = ".nuget", ".nuget", "{2F355B .nuget\NuGet.targets = .nuget\NuGet.targets EndProjectSection EndProject -Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "content", "content", "{415946F4-2526-4B13-8F67-CB42C5F72739}" +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "nuget", "nuget", "{415946F4-2526-4B13-8F67-CB42C5F72739}" + ProjectSection(SolutionItems) = preProject + ..\nuget\SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec = ..\nuget\SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec + ..\nuget\SimpleSocialAuth.MVC4.1.0.0.nuspec = ..\nuget\SimpleSocialAuth.MVC4.1.0.0.nuspec + EndProjectSection EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "content.mvc3", "content.mvc3", "{B153952A-5808-46B4-A2C0-2FA1A7C7A49E}" ProjectSection(SolutionItems) = preProject @@ -28,6 +32,11 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "content.mvc4", "content.mvc ..\nuget\content.mvc4\SimpleAuthController.cs.pp = ..\nuget\content.mvc4\SimpleAuthController.cs.pp EndProjectSection EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tools", "tools", "{546A9A81-1097-4571-A525-57E2125F294E}" + ProjectSection(SolutionItems) = preProject + ..\nuget\tools\install.ps1 = ..\nuget\tools\install.ps1 + EndProjectSection +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -53,5 +62,6 @@ Global GlobalSection(NestedProjects) = preSolution {B153952A-5808-46B4-A2C0-2FA1A7C7A49E} = {415946F4-2526-4B13-8F67-CB42C5F72739} {2E0EFE72-D86E-48A7-814D-A44F1100A2BF} = {415946F4-2526-4B13-8F67-CB42C5F72739} + {546A9A81-1097-4571-A525-57E2125F294E} = {415946F4-2526-4B13-8F67-CB42C5F72739} EndGlobalSection EndGlobal From c226718c302e10f87993078a3422bfde5ba7f4b6 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Mon, 10 Jun 2013 15:09:27 -0700 Subject: [PATCH 09/28] Update SimpleAuthController --- ...impleSocialAuth.MVC3.1.0.0-refresh4.nuspec | 10 +- nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec | 58 ++++----- nuget/content.mvc4/SimpleAuthController.cs.pp | 112 ++++++++---------- .../Handlers/ProcessAuthenticationContext.cs | 8 +- .../SimpleSocialAuth.Core.csproj | 2 +- 5 files changed, 90 insertions(+), 100 deletions(-) diff --git a/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec b/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec index 2e26798..c19dcea 100644 --- a/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec +++ b/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec @@ -8,9 +8,9 @@ https://github.com/rafek/SimpleSocialAuth http://i.imgur.com/n1Q5A.png - - - + + + SimpleSocialAuth.MVC3 false @@ -23,9 +23,9 @@ - + - + \ No newline at end of file diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec index ab17291..83ffc65 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec @@ -1,34 +1,34 @@ - - 1.0.0 - rafek - rafek - http://www.opensource.org/licenses/ms-pl.html - https://github.com/rafek/SimpleSocialAuth - http://i.imgur.com/n1Q5A.png - - - - - - SimpleSocialAuth.MVC4 - false - Super simple and easy to install package that allows web sites creators to seamlessly add OAuth support to their ASP.NET MVC 4 sites. Supporting Twitter, Google and Facebook. - - Profile picture for Facebook fix. - Copyright 2012 - social auth oauth asp.net-mvc - - + + 1.0.1 + smithkl42 + rafek + http://www.opensource.org/licenses/ms-pl.html + https://github.com/rafek/SimpleSocialAuth + http://i.imgur.com/n1Q5A.png + + + + + + SimpleSocialAuth.MVC4 + false + Super simple and easy to install package that allows web sites creators to seamlessly add OAuth support to their ASP.NET MVC 4 sites. Supporting Twitter, Google and Facebook. + + Adds support for ASP.NET MVC4. + Copyright 2012-2013 + social auth oauth asp.net-mvc + + - - + + - - - - - - + + + + + + \ No newline at end of file diff --git a/nuget/content.mvc4/SimpleAuthController.cs.pp b/nuget/content.mvc4/SimpleAuthController.cs.pp index f276702..a835b55 100644 --- a/nuget/content.mvc4/SimpleAuthController.cs.pp +++ b/nuget/content.mvc4/SimpleAuthController.cs.pp @@ -6,66 +6,54 @@ namespace $rootnamespace$.Controllers { - public class SimpleAuthController : Controller - { - public ActionResult LogIn() - { - if (Request.IsAuthenticated) - { - return - RedirectToAction("Index", "Home"); - } - - Session["ReturnUrl"] = - Request.QueryString["returnUrl"]; - - return View(); - } - - // TODO: HI Errors handling - [HttpPost] - public ActionResult Authenticate(AuthType authType) - { - var authHandler = - AuthHandlerFactory.CreateAuthHandler(authType); - - string redirectUrl = - authHandler - .PrepareAuthRequest( - Request, - Url.Action("DoAuth", new { authType = (int)authType })); - - return - Redirect(redirectUrl); - } - - public ActionResult DoAuth(AuthType authType) - { - var authHandler = - AuthHandlerFactory.CreateAuthHandler(authType); - - var userData = - authHandler - .ProcessAuthRequest(Request as HttpRequestWrapper); - - if (userData == null) - { - TempData["authError"] = - "Authentication has failed."; - - return - RedirectToAction("LogIn"); - } - - // TODO: Here you can check if such user exists in your database, etc. - - // NOTE: this is just simple usage of setting AuthCookie - FormsAuthentication.SetAuthCookie(userData.UserName, true); - - return - Session["ReturnUrl"] != null - ? (ActionResult) Redirect((string) Session["ReturnUrl"]) - : RedirectToAction("Index", "Home"); - } - } + public class SimpleAuthController : Controller + { + public ActionResult LogIn() + { + if (Request.IsAuthenticated) + { + return RedirectToAction("Index", "Home"); + } + + Session["ReturnUrl"] = Request.QueryString["returnUrl"]; + + return View(); + } + + // TODO: HI Errors handling + [HttpPost] + public ActionResult Authenticate(string authType) + { + var authHandler = AuthHandlerFactory.Create(authType); + var authContext = new PrepareAuthenticationContext( + CurrentContextSession.Instance, + Request.Url, + (string)Session["ReturnUrl"]); + string redirectUrl = authHandler.PrepareAuthRequest(authContext); + return Redirect(redirectUrl); + } + + public ActionResult DoAuth(string authType) + { + var authHandler = AuthHandlerFactory.Create(authType); + var authContext = new ProcessAuthenticationContext(CurrentContextSession.Instance, Request.Url); + var userData = authHandler.ProcessAuthRequest(authContext); + + if (userData == null) + { + TempData["authError"] = "Authentication has failed."; + + return RedirectToAction("LogIn"); + } + + // TODO: Here you can check if such user exists in your database, etc. + + // NOTE: this is just simple usage of setting AuthCookie + FormsAuthentication.SetAuthCookie(userData.UserName, true); + + return Session["ReturnUrl"] != null + ? (ActionResult)Redirect((string)Session["ReturnUrl"]) + : RedirectToAction("Index", "Home"); + } + } } diff --git a/src/SimpleSocialAuth.Core/Handlers/ProcessAuthenticationContext.cs b/src/SimpleSocialAuth.Core/Handlers/ProcessAuthenticationContext.cs index 2a6abe0..aa8a04a 100644 --- a/src/SimpleSocialAuth.Core/Handlers/ProcessAuthenticationContext.cs +++ b/src/SimpleSocialAuth.Core/Handlers/ProcessAuthenticationContext.cs @@ -1,14 +1,16 @@ +using System; + namespace SimpleSocialAuth.Core.Handlers { public class ProcessAuthenticationContext { - public ProcessAuthenticationContext(IHttpRequest request, ISessionStorage sessionStorage) + public ProcessAuthenticationContext(ISessionStorage sessionStorage, Uri requestUri) { - Request = request; + RequestUri = requestUri; SessionStorage = sessionStorage; } - public IHttpRequest Request { get; private set; } + public Uri RequestUri { get; private set; } public ISessionStorage SessionStorage { get; private set; } } } \ No newline at end of file diff --git a/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj b/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj index 74ae41e..a445a3a 100644 --- a/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj +++ b/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj @@ -27,7 +27,7 @@ pdbonly true - bin\Release\ + ..\..\bin\Release\ TRACE prompt 4 From 43397001b6a875abf494dcec2d9f8699eff9a664 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Mon, 10 Jun 2013 15:22:37 -0700 Subject: [PATCH 10/28] Change build target location --- ...impleSocialAuth.MVC3.1.0.0-refresh4.nuspec | 6 ++-- nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec | 4 +-- .../SimpleSocialAuth.Core.csproj | 2 +- .../SimpleSocialAuth.MVC3.csproj | 28 +++++++++++++++++-- src/SimpleSocialAuth.MVC3/packages.config | 3 ++ .../SimpleSocialAuth.Mvc4.csproj | 28 +++++++++++++++++-- src/SimpleSocialAuth.Mvc4/packages.config | 3 ++ 7 files changed, 64 insertions(+), 10 deletions(-) diff --git a/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec b/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec index c19dcea..d074932 100644 --- a/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec +++ b/nuget/SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec @@ -8,7 +8,7 @@ https://github.com/rafek/SimpleSocialAuth http://i.imgur.com/n1Q5A.png - + @@ -24,8 +24,8 @@ - - + + \ No newline at end of file diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec index 83ffc65..ee080f8 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.0.nuspec @@ -27,8 +27,8 @@ - - + + \ No newline at end of file diff --git a/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj b/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj index a445a3a..74ae41e 100644 --- a/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj +++ b/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj @@ -27,7 +27,7 @@ pdbonly true - ..\..\bin\Release\ + bin\Release\ TRACE prompt 4 diff --git a/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj b/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj index efaceaf..7358521 100644 --- a/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj +++ b/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj @@ -19,7 +19,7 @@ true full false - ..\..\bin\Debug\ + bin\Debug\ DEBUG;TRACE prompt 4 @@ -27,7 +27,7 @@ pdbonly true - ..\..\bin\Release\ + bin\Release\ TRACE prompt 4 @@ -39,6 +39,26 @@ + + False + ..\packages\Microsoft.Net.Http.2.1.10\lib\net40\System.Net.Http.dll + + + ..\packages\Microsoft.Net.Http.2.1.10\lib\net40\System.Net.Http.Extensions.dll + + + ..\packages\Microsoft.Net.Http.2.1.10\lib\net40\System.Net.Http.Primitives.dll + + + False + ..\packages\Microsoft.Net.Http.2.1.10\lib\net40\System.Net.Http.WebRequest.dll + + + ..\packages\Microsoft.Bcl.1.0.19\lib\net40\System.Runtime.dll + + + ..\packages\Microsoft.Bcl.1.0.19\lib\net40\System.Threading.Tasks.dll + False @@ -77,6 +97,10 @@ + + nuget pack $(SolutionDir)..\nuget\SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec + + + + \ No newline at end of file diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec index ee080f8..066c1e1 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec @@ -2,7 +2,7 @@ 1.0.1 - smithkl42 + rafek, smithkl42 rafek http://www.opensource.org/licenses/ms-pl.html https://github.com/rafek/SimpleSocialAuth @@ -29,6 +29,8 @@ + + \ No newline at end of file diff --git a/nuget/content.mvc3/LogIn.cshtml b/nuget/content.mvc3/LogIn.cshtml index 28cb3a9..1316772 100644 --- a/nuget/content.mvc3/LogIn.cshtml +++ b/nuget/content.mvc3/LogIn.cshtml @@ -6,9 +6,8 @@

LogIn

-@Html.RenderAuthStylesheet() -@Html.RenderAuthScript() -@Html.RenderAuthWarnings() +@Styles.Render("~/Content/SimpleSocialAuth") +Html.RenderAuthWarnings() @if (TempData["authError"] != null) { diff --git a/nuget/content.mvc4/LogIn.cshtml b/nuget/content.mvc4/LogIn.cshtml index ad92faf..cf74a05 100644 --- a/nuget/content.mvc4/LogIn.cshtml +++ b/nuget/content.mvc4/LogIn.cshtml @@ -6,9 +6,8 @@

LogIn

-@Html.RenderAuthStylesheet() -@Html.RenderAuthScript() -@Html.RenderAuthWarnings() +@Styles.Render("~/Content/SimpleSocialAuth") +Html.RenderAuthWarnings() @if (TempData["authError"] != null) { @@ -20,4 +19,6 @@ @using (Html.BeginForm("Authenticate", "SimpleAuth", FormMethod.Post, new { id = "authForm" })) { @Html.AuthButtons() -} \ No newline at end of file +} + +@Scripts.Render("~/Scripts/SimpleSocialAuth") \ No newline at end of file diff --git a/nuget/content.mvc4/SimpleSocialAuthBundleConfig.cs.pp b/nuget/content.mvc4/SimpleSocialAuthBundleConfig.cs.pp new file mode 100644 index 0000000..d266155 --- /dev/null +++ b/nuget/content.mvc4/SimpleSocialAuthBundleConfig.cs.pp @@ -0,0 +1,16 @@ +using System.Web.Optimization; + +namespace namespace $rootnamespace$.App_Start +{ + public class SimpleSocialAuthBundleConfig + { + public static void RegisterBundles(BundleCollection bundles) + { + bundles.Add(new ScriptBundle("~/bundles/SimpleSocialAuth") + .Include("~/Scripts/SimpleSocialAuth.js")); + + bundles.Add(new StyleBundle("~/content/SimpleSocialAuth").Include( + "~/Content/SimpleSocialAuth.js")); + } + } +} \ No newline at end of file diff --git a/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj b/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj index a6681da..45d8968 100644 --- a/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj +++ b/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj @@ -138,6 +138,7 @@ + diff --git a/src/SimpleSocialAuth.MVC3/CurrentContextSession.cs b/src/SimpleSocialAuth.MVC3/CurrentContextSession.cs deleted file mode 100644 index 7fa1486..0000000 --- a/src/SimpleSocialAuth.MVC3/CurrentContextSession.cs +++ /dev/null @@ -1,39 +0,0 @@ -using System.Web; -using SimpleSocialAuth.Core; - -namespace SimpleSocialAuth.MVC3 -{ - /// - /// Uses HttpContext.Current to get the session. Use CurrentContextSession.Instance to access this class - /// - public class CurrentContextSession : ISessionStorage - { - private static readonly CurrentContextSession _instance = new CurrentContextSession(); - - /// - /// Singleton - /// - private CurrentContextSession() - { - } - - public static CurrentContextSession Instance - { - get { return _instance; } - } - - #region ISessionStorage Members - - public object Load(string key) - { - return HttpContext.Current.Session[key]; - } - - public void Store(string key, object value) - { - HttpContext.Current.Session[key] = value; - } - - #endregion - } -} \ No newline at end of file diff --git a/src/SimpleSocialAuth.MVC3/Scripts/jquery.auth.js b/src/SimpleSocialAuth.MVC3/Scripts/jquery.auth.js deleted file mode 100644 index fbfceeb..0000000 --- a/src/SimpleSocialAuth.MVC3/Scripts/jquery.auth.js +++ /dev/null @@ -1,28 +0,0 @@ -var providers = { - google: { - name: "Google", - type: 1 - }, - facebook: { - name: "Facebook", - type: 2 - }, - twitter: { - name: "Twitter", - type: 3 - } -}; - -var auth = { - signin: function (providerName) { - var provider = providers[providerName]; - - if (!provider) { - return; - } - - $("#authType").val(provider.name); - - $("#authForm").submit(); - } -}; \ No newline at end of file diff --git a/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj b/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj index ecfdd8b..71be58c 100644 --- a/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj +++ b/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj @@ -71,17 +71,16 @@ - - + - + @@ -98,7 +97,7 @@ - nuget pack $(SolutionDir)..\nuget\SimpleSocialAuth.MVC3.1.0.0-refresh4.nuspec + nuget pack $(SolutionDir)..\nuget\SimpleSocialAuth.MVC3.1.0.1.nuspec -OutputDirectory $(SolutionDir)..\nuget\ - - + + \ No newline at end of file diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec index 066c1e1..6c0c2ae 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec @@ -26,11 +26,12 @@ + - - + + \ No newline at end of file diff --git a/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj b/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj index 71be58c..5876914 100644 --- a/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj +++ b/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj @@ -77,10 +77,10 @@ - + - + diff --git a/src/SimpleSocialAuth.Mvc4/SimpleSocialAuth.Mvc4.csproj b/src/SimpleSocialAuth.Mvc4/SimpleSocialAuth.Mvc4.csproj index 9f45258..bf66875 100644 --- a/src/SimpleSocialAuth.Mvc4/SimpleSocialAuth.Mvc4.csproj +++ b/src/SimpleSocialAuth.Mvc4/SimpleSocialAuth.Mvc4.csproj @@ -78,10 +78,10 @@ - + - + From a7af83c21e0d960ace486320eff3ab3f704e84ef Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Mon, 10 Jun 2013 19:04:58 -0700 Subject: [PATCH 17/28] Fix bundle references --- nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec | 2 +- nuget/content.mvc4/SimpleSocialAuthBundleConfig.cs.pp | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec index 6c0c2ae..dd0764e 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec @@ -26,7 +26,7 @@ - + diff --git a/nuget/content.mvc4/SimpleSocialAuthBundleConfig.cs.pp b/nuget/content.mvc4/SimpleSocialAuthBundleConfig.cs.pp index d266155..e068052 100644 --- a/nuget/content.mvc4/SimpleSocialAuthBundleConfig.cs.pp +++ b/nuget/content.mvc4/SimpleSocialAuthBundleConfig.cs.pp @@ -1,16 +1,16 @@ using System.Web.Optimization; -namespace namespace $rootnamespace$.App_Start +namespace $rootnamespace$.App_Start { public class SimpleSocialAuthBundleConfig { public static void RegisterBundles(BundleCollection bundles) { - bundles.Add(new ScriptBundle("~/bundles/SimpleSocialAuth") - .Include("~/Scripts/SimpleSocialAuth.js")); + bundles.Add(new ScriptBundle("~/scripts/simplesocialauth") + .Include("~/Scripts/simplesocialauth.js")); - bundles.Add(new StyleBundle("~/content/SimpleSocialAuth").Include( - "~/Content/SimpleSocialAuth.js")); + bundles.Add(new StyleBundle("~/content/simplesocialauth").Include( + "~/Content/simplesocialauth.css")); } } } \ No newline at end of file From 0d330e9750c74c6a73b7e27c97c8139f69cdb234 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Mon, 10 Jun 2013 19:35:06 -0700 Subject: [PATCH 18/28] Change file name of auth_logos --- nuget/SimpleSocialAuth.MVC3.1.0.1.nuspec | 1 + nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec | 3 ++- .../SimpleSocialAuthBundleConfig.cs.pp | 4 ++-- src/SimpleSocialAuth.MVC3/Images/auth_logos.png | Bin 10397 -> 0 bytes .../SimpleSocialAuth.MVC3.csproj | 2 +- src/SimpleSocialAuth.Mvc4/Images/auth_logos.png | Bin 10397 -> 0 bytes .../SimpleSocialAuth.Mvc4.csproj | 2 +- 7 files changed, 7 insertions(+), 5 deletions(-) delete mode 100644 src/SimpleSocialAuth.MVC3/Images/auth_logos.png delete mode 100644 src/SimpleSocialAuth.Mvc4/Images/auth_logos.png diff --git a/nuget/SimpleSocialAuth.MVC3.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC3.1.0.1.nuspec index 53211fa..547c7fe 100644 --- a/nuget/SimpleSocialAuth.MVC3.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC3.1.0.1.nuspec @@ -29,6 +29,7 @@ + \ No newline at end of file diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec index dd0764e..4bbdc91 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec @@ -1,7 +1,7 @@ - 1.0.1 + 1.0.3 rafek, smithkl42 rafek http://www.opensource.org/licenses/ms-pl.html @@ -32,6 +32,7 @@ + \ No newline at end of file diff --git a/nuget/content.mvc4/SimpleSocialAuthBundleConfig.cs.pp b/nuget/content.mvc4/SimpleSocialAuthBundleConfig.cs.pp index e068052..c91d72f 100644 --- a/nuget/content.mvc4/SimpleSocialAuthBundleConfig.cs.pp +++ b/nuget/content.mvc4/SimpleSocialAuthBundleConfig.cs.pp @@ -9,8 +9,8 @@ bundles.Add(new ScriptBundle("~/scripts/simplesocialauth") .Include("~/Scripts/simplesocialauth.js")); - bundles.Add(new StyleBundle("~/content/simplesocialauth").Include( - "~/Content/simplesocialauth.css")); + bundles.Add(new StyleBundle("~/content/simplesocialauth") + .Include("~/Content/simplesocialauth.css")); } } } \ No newline at end of file diff --git a/src/SimpleSocialAuth.MVC3/Images/auth_logos.png b/src/SimpleSocialAuth.MVC3/Images/auth_logos.png deleted file mode 100644 index aeb7fdf95d0be78a03d7ca8400633ff9f50875ad..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10397 zcmb_?WmFtduqFv^34;z2JV+R1aDvO=?kj-yKnWax~Kcz>aMT8y0Pl2a`-qDI4CG6_zLnen$K4o6qFb0SQyVO z6*%s*fbzmqQ%(w{YLsgKSwORuRFOnMsZGRvut0y7vEAeiJW)_y_58>2qTjXL>iH&x z7ewDn%hkrq*TTaZMcu;Q#fw7~qD||=!@m7T!(pWa6p47zO>x$ru*oNx_a~uC1TP*i1lM?20F=W$ONhhk>MUa=KPQs5qt1 zvlD!KL05}2%tT9z9Y*kJyqklL4x6r_`Lg3*Yo*aw7ad-NRich)|oc=s!}4(MO7BxPRm@X=8la z5Irs!>ES#qjiEM^!QHs_@psQfFR6b_-{LIlFuJ_Ce56|?a@;=@+_P=+`URC3G|Dq6 zI_Bgoo^fm*pFqXjQ#>R2TH$g?E7E`m|MN6R_-E$ibpxlhYX)yM+nWAS>z_Y{lEaDg zAuPlr4k1DJNd!C=%O-a#@FBat9P4h)mzjcC5hYH_^V8etKIl~6f=YTHc>k1{qzmsM zsRkUj5T798AKYIaEwrb&WTa+IGA3butHV(hTs(*k3pkDgNiy3gZixD~%*pz5`nzN_ z%5zNXn5mK+WN57jS5KtT1+n}a*)8A74c2a?k9HUeBuWgv;ZQ5;X6OK1-L0Q!EPu~~ zIkxQL4un%SHatnZ?LDk0v1a8f3~p;zw)(WWn@77OXNDHi!mS@K0QS$MJ2`^wmU}!b zYJU*Zx{RWia$n!k7)e*{1!BdA{u2<-R=FSp2{^Mq@#5olb$?XNl_yipBR#{yRiL=V zDfu@fT{zhLr{BIUM3x{q{qQ&j=(aIns>a801-bG zPZF!fr4v=iB*oR8u&wU&X+aDYb|I1&4TQK|Eq+0F31qBC|AG_vMekrSlxS-@`(|a4 zZzDwR3OMh=QgO3?OgxeNTeEPl!7DyRF|$eZd#rZ-Ol+_TPj)ZtFrJ&v`Esc~+$;hM zE9vCU7lc)7+JuI{JT#tn9QOp(?Xh$oo_aK@k1F9xrSxV?fn+8 z^^(`$ac0SP?eNNJ|2w4r-v7N>c0UZUGrgSp=;UiC!m-ekCjBd4p4Qr~O8S_ut(GtVK>GFLCSgQHz)eY;Cpf`Zo=lU+AptThM4*P_yx)JqYv)QoT&thiub$LgviMR z_b)VVmB&}BEPb8OHAB6?e-_fd+hay(X$Z@Gmyw8>P^zGsOHxIbcNQ!1^&J=IrnO** zV*DXSC_{~9ayx$>zA!&l-qZfjm?LJae2QAd1FjYawm7k=eki|M*nYjk_>Z z2^ml=*GEUffgr+wmqp+tRff}Q;~z2%CkubQ!+|JyO}3>L9hCNolc_iVl4q;pZ)o3a zbvCa1*^S2=TlAtvbAm-g`ROqRF``}yC5ejrxO6rSd86k7u>_n9<7$9O5k*18IZuOKkmv|*DH zH^Z!uht?QS*9*$k2eQmhs{GC}hRpO{-d{<7nS#|V`5>0Jv3Y1=Dd`VQt#u z@!%`d7bkQ)OK;!R$$kj8*b&+dwRCd5?nE%0=(aduHD>}XyX-YA@!dlZQzRn7l03&%edVio@^D6M_YyVm!G-PT_SvPR1n3q^m<;& zVm0azk5ZWmy#8>U(i_w0dWY7NAW6+rqLtT=;4@%ulHQ3h|LR!+T@EL364B!kE!~Q$a+SZ5HUa)=9eKMM76=8+ubVp`T z#r-EP``8GK*&yMr1p&0o7A5#}ZoXWbzL}Ys)_Q!zIJ*h<&TTO@`PEn${cl#C-Au3K z0!yF1^kS;~vo1g#sSg3k9KBIc=DOz6?K{M|w%NtzjiK*b`^SqKwsX=>-?!C~l#Q;q zstTAQL8Crx|LA4?T5zW{-8Ku@7z2(flVfP7QOb{+01R`J!+sS^bOmy4myAJtiAf^`UGj zf5(MA&9qgzInEW{F>ieTPKzO9Jo}%R=C=%!Xq0;NC;5@xn!~2E~mc z9^^r;0l^jSIJ`Hbtzr1q=MmpKVWAEGDq+J)LYRGR3Ux`&c`KmYJ22c_RzC#(n>E(edyIM@vsR*F1w%@)(Ol;!YToO{gt=ig+ z6U;H?Qj0Ow3DD8w=e+Ug55iv>d-dT}ChZW`gZ9E@$JbL~D$FubP{zvlGPFg7msN;* zmiO(==PD-zTr+d{X$0Rkz0ENa3Qk+xpk?Ib213q4>lk;}MR9I;(1Z zn!czE*u7Uu(hHeG(;$787qc<mOaNlhkK$DHqkI%k$PGQ!`Wb;im z**g6!b2SP)rFrC-O;FL_GJL!>7T_;0`nR#x{sTJ)D|Ck02$qG$s{AYz4{ zR#7q1&I2XYS&}RfzuHnA{dux_Uv+7feoo}2+FhPDO;#Oq?Yq3=w}UkK;VC? zca|@I-`JhoOLk*&2EMEC+Zo@6R)j70tCM4X;6ZoCpMATVQN{OTOxff6LVc|SxN!>H zXEd;_HH#ZoLy+XQFV${z@QEjqDVVA@RIxgPvWneZgD}D0ofLAFqfFDzHM4uye**_> zMhwh20mcJw@3(23i8*kNUwvU+SQ8!0t;4Y>soAUc$vKC!cS_+!T6bj?J9hggbs|{Z zf?&)^=nz6w@~gL2NM1hvsYrocI3E6j(8e}vgS`Ubl`VeGqiT-YYGC!(Xp9Ft#x8W{ zwU{50mSa@k&0%4THUl9EL|=q8J(2IMEC+(u#!9Z%`EWqmeMF3eVR2p=`!Ss3>5yMp zY|@|1OC^{pELQI<3qKsrUrB+t1B7G;U|o^u-+K+OU#_dKzmmwR4iAkp|M)T_5kh+- z@J^psVx>JWZ|ss{Uu3~tIz|)Wt;2v}kkt{cA6bF>nCwM+k@{O-d0Nq7;yZnjdlDEr zqQR*=`H5El)rOM$Xu_#}d=5z!dS=SBCTLvmyKk9n3waC9p}6`wMv`)>>CxU)34h4< z?wjgO6Tw{Ooj!e*tHuO+zL@Mc%dSjaQbB1EX4GUs%x$F7BPz$r;0yha^CFw?Q$aUQ z$v&@dlD~Hm)_#e`m9g=E`|k%ox~g&w;A-V4W*SP1KdG&NBf;5Wuup_#rHcA}WTKb{ zx|x+{pzKaW6gA^yvNzg>!q}-`?VP#*_e*PH*0Rz{xH`sP9x3Ebwr9`YTIr9!yTVI8 z(n;0Bo`c;+9l$JNZuK6L=;-)lmwE)%Sz1gkTTR^-rELz6$r4T2cxmELzlGzK(}?U+ zlMP0BQ5uwjXwlO>c6HNe2|lCJd>8P90z9BK0?A18DIJ~Qu_Qz`dI|5ExGcPP4|fR@ zD=MJpC3oTu44*ah%|yWa1gkXyGq;C`xn|cEc3c-U3A$T`W7uH!Pli@i_Tzde5t?7%#)Gw{8PUwKd{E0`Ct6n?l)YHbVwYXv##8P`BYzR!@RAfIBO_SQC^TxG zlqL9Z)T0lhQrv*zR%r2B}at-+R6?LGYZY)LCJ#=jet zlIR86o)st*{U@UMzwtXjhVhx|&sqB?>W7bU+bnP}s)y|Y3-pQjnF$*HSO<)O5|h?G zun$DpGtCWNJGi5PYlsyF1?Vly0|JS!R!Hd_%&Gvt zf>`S+uT^0AaxM5+;n}!+d_r$^x}j%eaeyHXUy6>HlA?{PrUv@(!e1{BnjF?Y(qiDg z91l;8l=p{H8e!`tZKx<~JGe@IV#Mr>tYhTaOCnjbCDw_ZTTM{TUm;4t)?E@EbiQ)? zu1~i2LLrGqY^JTkf*C_<2yxD0gagY&kPb<<$C2r%VGBJ3D(CiwBJ8RFPC|sl-xlUc z=o4UPx*rQa`NwTVqMy^bhXv}Fk<2;90>OTiI9%HeIfRM7+-T<9UPFimP=v5zuLs&A z8)d#%qBoX*Enddw64LmRoW+)clqtI|K9T)y`KmMA*kk<`SBTqVei=BNpd?gr^o#s0 z8o?C@Cbz;IDxAP^I>90uDD;^TGpK@83E8P!R{KE;w|yd=uPdHTMAHCKjW;UqT`O-a z9T3zdMYCN?z)*aesGMylj|b`}1IuG^(O7i{!nEALNeY8Ec3b?4)-SEXD)ce8J{={+ zp$0Vcc(cIe=qHN z3_(_1{#Jn!p>i|>aZj{FTLyF(Rs-$+(3hg+#Lks~9*WqgeHF@3b8rpNpoTUSt#eE2 zG8jm~_)BX1l1Uc#>DMt@CmA^CCoFj|A5(Ialbfk(MKQdo<`oN!5yRsEZp>hutpkmm zteY7Om-~eo1q4Z$p$MXcjn{<=Vlkr9RA9q1+9}s$n%GS_41aJZ5$4sa=;JzgXmAq| zSpY3RBS_hIqJ5O$6Glv1T{)A3bi$^nenIGN&Im$z% zmTACHRF&Rt0=IRWQ;K$KNPEVYb7aHqt7Ad2m`AT{VaL}`KO0lYEft_`JTwFhlfRp^ zNvnUxb_M9CHUL{;$@{!kxIfqq@W9=TjoVjlmfdE}3h%;FjzM%~mifwT3I`I(C-d@> zTzyh!)?n^8F;U&l-Q0mCb3Q~2mX#~n61s9N++SD;2su?9-S-J{zC5JI(8Xno6j_$PYuXO9Vg@!$nhs2&mpr5H(K{7jGh{NWSS_wXcE1L49GDET)+h~ zlD~F!b&_R1C&6sF^i0EOx95V-fl%2k@GOF2Gqslmu0d+q`$O6W%-PZL5hHO`S-Q`) zV8yjk*WL$33I9Eqv%N8Hl5^$MZ)NkarCLgAcq&4y>`Itt-|vp(N0J`lC!zjPm4Z}; z?_OVO;`_!Hr}l*+RENo0xrK)T@1UO(jY~#MObr(8lPX&Bmt#2XJyi|8@~1p8auM-4 z*$Y&(_QN^Ee}oU=s<=+*jF5Pmkjz}OuK*szCY;2)bwL+kDKY%biG+<%O=CZoA^}ku zFa~#&7Q_Y$_$K-#{BYW24G*B?_3^~qSh@GYto;31we{8ZcvH~t2CE(gin|H^%4MSm z|Cy%x1~?6RoA)Yu*41CVOXDp?cQdu&$|e8kXjP|-{(&^nAxn^}5!;jE-v?IH zapT`LUs?mHzp5gdGbXvKeOeObUc1N-64O3#LxtXk%p6x=B_ux7$~PF)KUS5vvl)?67CTvbyMzlXP&#E7D`dGvGWs#v)2G=xW z0^5AyvdYt`xzqDo=O|TQe!s1Ps4gjz;VSkXFjcX$A0@5zVV~gdt#i36TdZEk0{V>p?b-sXHp=)}=6DLyzE{ty&+`>BWPAZqN(zt0moZErU5U zgu(ab21jpv6|Wc~90M+!Et)1DT8!Bvk4Biyj8kLKiV3ADH2+Ku{~@Q2v$-FL^)%f{ z;)Fl6_v-~4GN|q3@!A2S(b#C~)V|ejY(nJdu}w#=7aBZzWq*8;?K_K=@fNq?%?}1(RA&=EX@fTq_vl7%J-EQh8;!4V0ogzC6n?w1diP38D3p}!SLzDPr zBCyOl#u;gYHHwkGk$i)A;!d91=KiG55t~?ILCAPU3L#4Y>pyh@RxV|uCR0}MthV}| zaMCK_s^u6GtL^l0bXDGBzNKpCOWM+$N{K;U;bR!)7npFJvRSaaR`}qb_wMADvhk|Z z3&xy3za{X6sI*cY_}KUncxsfT4yYDXd}P{LR%|ixqm5pU0iCF=tY-j=+}{&U zwI`l2*|cJUT`Hr!|HSUEVnf&7TgR@R%S{!VKh@|D(~OzT?feYfewAx=(4zJ16_W8{ zLO}k;qTW3|5|@)VOh#s_cYfI!y$wV>zS|nkPb#dt5Ps$%yxi6=4qDVLH3G8E(+f*2 zCY51r=FY9X70b!T7GSsJk&)xump3OlDjTqFoYZQ&JWyTb7f8MyJ*o46jc` zW!0QM!T@(K)kFH%2Aukg0+Q0MfW&gmgI|NP9%}1*Urbq(*@mL_yAVe1FMqtrm-l_4 zOL$Ten6~gk)_?zJ;~QAlXLLsy$qFfGL~Y+ix&>Olu9*z_GL#_6I&4-t>4hb~M%1Wx zSZJV$E(Ub`*m8CdCn8At&##y6G^C%5BAu!>U!iTGrrM}ZB;fQxW*Ni6-ukm)ZG|_A z^~B;Vh~BsQh0jK)2Ze>>N{4jBa;~&Q}xj*y@&Mr9*`w+B+;UjG% z17Tu9-|vM#xcL(X4Hy{Y`Od+5EklTYwc2IQ7P1>-UBBFfUXPa>v_gC$iH$x+Oj8C> zBnf?9G*?EVf~cK8lM^!Y!^XAa!CBa$p!0TWVDV`SnJ8PP*jh_;!xEO@A%x(j(15yS zj`_aX)~I8f*Qn~|gKF&rO%=t_mUqRK-cr9=I;j^Ne4wQxJXS0Lu;f<4Y209Wt^@C! z->5s5YVB%~7J+09;zYiGVwPXLp>78_6&{ffnkQULzHB{ zyc3t%TAS}z>S~2O#q%e>6>B#b;oh~SeS?9ESV|XaUOWGsk@w55IxUSu@OOY3JJP1DV!=_F&aPJ@b6ndw-Un~^m<1-Uh6;w3FHh+;GkQD)H$&d7KXj#%> zI(f;O8~LXgcZ`+D`dHGx0Mkb=^6qari0W-puP#FGa&C-K`*TQ}6cdpcac=pajPr=K zh^*dt#r~1=+^B6zHMUlHO37a`^l;v4+y^gc%d$5*E5JEb4nMJ7_|V+lpyX(Mo-N~9 zcER-KPAMXbeEca#J7$Nf)-=IPS#8rA!HYFLmSPCuV1Tw+O9u{bo&Agj8}{HDOlz)U zP#M`A92{~7RbIv7IiR1epsd<>2nGK=BujI>EuvcBl4OVu^2NOmVZZO{#xOmGldh_`AC?9|-86i2`5BVJSd3isG2Pu-Q%H9?Nh75<86_d_}r=zKs zT!lXEh%_E<{2a>+fQrv`TRIs0;p8qasr&6L)YdWC7RjkZImYqc4(Y_fK-N!mUgbuP z;LSk>8mQv?f3M;L_5*#AsT~FN6)NZDrJn|j)g0FafB(qM8)9ecr${{N`RL(6Ck7^8 z@NOA5(EF0P+!Q@k+d55QM>PKyj-AR8lL8c;+_oLf^t7COx8b6}Ms#3dol@-;FK(l$ zri2vve9X#X6m2HHuY#9H>gROlSHEX*o>S?EHnCg3z;{x%f7~ux6`yF05*>3*I!%t+ z-T48DH#&IA0E~_Sj-kVd`~`Z?8$bV)<7m=O6rG7)%w1$QppRCWLmg=UJ?)Vd_1#cS zr!lap6^G<6J^zq#o-H(^|3>_+4x!xJo4U8wND~SE-jI z%M=At8|*DZg)V)=e-pvYOw937ypX-MP1Y*K?jToZJuso4v1rf$0Tc%zowgqq&EhIL z`oGlDV&0RTh#k^r6kgQQ;05YR2*Xx!SGY<&KUV06X+v8D-bZB4OX zMBWMQUIwDA(-BM#?B^6nI0DM^w&r=_E*>kI(89Ik$!L~a{Fw0x3_pyGi{z!CJ}vb# zaNXaD$Z}L9H|8WNX1RC%I@V-}-Su`Cxs=y+qaFNGaWEGMDpI44u1RyNm|E!e@bg_A zK5$+K3nxX6&=0+nmsxP`Ml6D0m^i`1MxfarY%`$#dY7EN!D;+a^BX)MVk2B)v# zm{>xT_iCDWQ|S8$jSCzrVAyYF(`_`7`r&L|34G8~DIHr2TCt1Q5d7SBQ6Nv$))3I9 zBl_N4!eQ(kG5C7T?w%zMxJcJ%+c^qI35mCxvw8|{{f?QzqGyu}IzZ;=EASp>KcwB- zs*IJw!1!sinha@ z@N*^MtIcJhRz_U!)ldef76gJmGdDMNwAd`HTnMX8Mnp$ryyM^~9UfMGA8-xYCL`5S za2Mkn4UEoP>Lb1Q?ONU-n23V|XJKH7sH>}E5fI22%@ux5Pe&t!;Px&qq`D|l<^bP$ z3X1Hdu>{A24`F-0RFsriDtqU6Vq1<$PCPT+yT zou7FFE4_Y@GD)Avx_V zIi6gg6jrN>1Ez_R<54JO_`X&<;p5SP~*~N{NVGNmGI&D!LS8% zb#-OY(b2s)m=hf~qt8=3KI;EhcjTB5qy^8$9L`HWJ2nIo?>#IvDGeYZL{zFx+C!6^ yGua2zG9h1o=F<1Qx1rlFXg?+UkG}JNFDB*~oz!E`q@H&Vq9{OAWvZmi!~YA_zn#qh diff --git a/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj b/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj index 5876914..1db22a7 100644 --- a/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj +++ b/src/SimpleSocialAuth.MVC3/SimpleSocialAuth.MVC3.csproj @@ -83,7 +83,7 @@ - + diff --git a/src/SimpleSocialAuth.Mvc4/Images/auth_logos.png b/src/SimpleSocialAuth.Mvc4/Images/auth_logos.png deleted file mode 100644 index aeb7fdf95d0be78a03d7ca8400633ff9f50875ad..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 10397 zcmb_?WmFtduqFv^34;z2JV+R1aDvO=?kj-yKnWax~Kcz>aMT8y0Pl2a`-qDI4CG6_zLnen$K4o6qFb0SQyVO z6*%s*fbzmqQ%(w{YLsgKSwORuRFOnMsZGRvut0y7vEAeiJW)_y_58>2qTjXL>iH&x z7ewDn%hkrq*TTaZMcu;Q#fw7~qD||=!@m7T!(pWa6p47zO>x$ru*oNx_a~uC1TP*i1lM?20F=W$ONhhk>MUa=KPQs5qt1 zvlD!KL05}2%tT9z9Y*kJyqklL4x6r_`Lg3*Yo*aw7ad-NRich)|oc=s!}4(MO7BxPRm@X=8la z5Irs!>ES#qjiEM^!QHs_@psQfFR6b_-{LIlFuJ_Ce56|?a@;=@+_P=+`URC3G|Dq6 zI_Bgoo^fm*pFqXjQ#>R2TH$g?E7E`m|MN6R_-E$ibpxlhYX)yM+nWAS>z_Y{lEaDg zAuPlr4k1DJNd!C=%O-a#@FBat9P4h)mzjcC5hYH_^V8etKIl~6f=YTHc>k1{qzmsM zsRkUj5T798AKYIaEwrb&WTa+IGA3butHV(hTs(*k3pkDgNiy3gZixD~%*pz5`nzN_ z%5zNXn5mK+WN57jS5KtT1+n}a*)8A74c2a?k9HUeBuWgv;ZQ5;X6OK1-L0Q!EPu~~ zIkxQL4un%SHatnZ?LDk0v1a8f3~p;zw)(WWn@77OXNDHi!mS@K0QS$MJ2`^wmU}!b zYJU*Zx{RWia$n!k7)e*{1!BdA{u2<-R=FSp2{^Mq@#5olb$?XNl_yipBR#{yRiL=V zDfu@fT{zhLr{BIUM3x{q{qQ&j=(aIns>a801-bG zPZF!fr4v=iB*oR8u&wU&X+aDYb|I1&4TQK|Eq+0F31qBC|AG_vMekrSlxS-@`(|a4 zZzDwR3OMh=QgO3?OgxeNTeEPl!7DyRF|$eZd#rZ-Ol+_TPj)ZtFrJ&v`Esc~+$;hM zE9vCU7lc)7+JuI{JT#tn9QOp(?Xh$oo_aK@k1F9xrSxV?fn+8 z^^(`$ac0SP?eNNJ|2w4r-v7N>c0UZUGrgSp=;UiC!m-ekCjBd4p4Qr~O8S_ut(GtVK>GFLCSgQHz)eY;Cpf`Zo=lU+AptThM4*P_yx)JqYv)QoT&thiub$LgviMR z_b)VVmB&}BEPb8OHAB6?e-_fd+hay(X$Z@Gmyw8>P^zGsOHxIbcNQ!1^&J=IrnO** zV*DXSC_{~9ayx$>zA!&l-qZfjm?LJae2QAd1FjYawm7k=eki|M*nYjk_>Z z2^ml=*GEUffgr+wmqp+tRff}Q;~z2%CkubQ!+|JyO}3>L9hCNolc_iVl4q;pZ)o3a zbvCa1*^S2=TlAtvbAm-g`ROqRF``}yC5ejrxO6rSd86k7u>_n9<7$9O5k*18IZuOKkmv|*DH zH^Z!uht?QS*9*$k2eQmhs{GC}hRpO{-d{<7nS#|V`5>0Jv3Y1=Dd`VQt#u z@!%`d7bkQ)OK;!R$$kj8*b&+dwRCd5?nE%0=(aduHD>}XyX-YA@!dlZQzRn7l03&%edVio@^D6M_YyVm!G-PT_SvPR1n3q^m<;& zVm0azk5ZWmy#8>U(i_w0dWY7NAW6+rqLtT=;4@%ulHQ3h|LR!+T@EL364B!kE!~Q$a+SZ5HUa)=9eKMM76=8+ubVp`T z#r-EP``8GK*&yMr1p&0o7A5#}ZoXWbzL}Ys)_Q!zIJ*h<&TTO@`PEn${cl#C-Au3K z0!yF1^kS;~vo1g#sSg3k9KBIc=DOz6?K{M|w%NtzjiK*b`^SqKwsX=>-?!C~l#Q;q zstTAQL8Crx|LA4?T5zW{-8Ku@7z2(flVfP7QOb{+01R`J!+sS^bOmy4myAJtiAf^`UGj zf5(MA&9qgzInEW{F>ieTPKzO9Jo}%R=C=%!Xq0;NC;5@xn!~2E~mc z9^^r;0l^jSIJ`Hbtzr1q=MmpKVWAEGDq+J)LYRGR3Ux`&c`KmYJ22c_RzC#(n>E(edyIM@vsR*F1w%@)(Ol;!YToO{gt=ig+ z6U;H?Qj0Ow3DD8w=e+Ug55iv>d-dT}ChZW`gZ9E@$JbL~D$FubP{zvlGPFg7msN;* zmiO(==PD-zTr+d{X$0Rkz0ENa3Qk+xpk?Ib213q4>lk;}MR9I;(1Z zn!czE*u7Uu(hHeG(;$787qc<mOaNlhkK$DHqkI%k$PGQ!`Wb;im z**g6!b2SP)rFrC-O;FL_GJL!>7T_;0`nR#x{sTJ)D|Ck02$qG$s{AYz4{ zR#7q1&I2XYS&}RfzuHnA{dux_Uv+7feoo}2+FhPDO;#Oq?Yq3=w}UkK;VC? zca|@I-`JhoOLk*&2EMEC+Zo@6R)j70tCM4X;6ZoCpMATVQN{OTOxff6LVc|SxN!>H zXEd;_HH#ZoLy+XQFV${z@QEjqDVVA@RIxgPvWneZgD}D0ofLAFqfFDzHM4uye**_> zMhwh20mcJw@3(23i8*kNUwvU+SQ8!0t;4Y>soAUc$vKC!cS_+!T6bj?J9hggbs|{Z zf?&)^=nz6w@~gL2NM1hvsYrocI3E6j(8e}vgS`Ubl`VeGqiT-YYGC!(Xp9Ft#x8W{ zwU{50mSa@k&0%4THUl9EL|=q8J(2IMEC+(u#!9Z%`EWqmeMF3eVR2p=`!Ss3>5yMp zY|@|1OC^{pELQI<3qKsrUrB+t1B7G;U|o^u-+K+OU#_dKzmmwR4iAkp|M)T_5kh+- z@J^psVx>JWZ|ss{Uu3~tIz|)Wt;2v}kkt{cA6bF>nCwM+k@{O-d0Nq7;yZnjdlDEr zqQR*=`H5El)rOM$Xu_#}d=5z!dS=SBCTLvmyKk9n3waC9p}6`wMv`)>>CxU)34h4< z?wjgO6Tw{Ooj!e*tHuO+zL@Mc%dSjaQbB1EX4GUs%x$F7BPz$r;0yha^CFw?Q$aUQ z$v&@dlD~Hm)_#e`m9g=E`|k%ox~g&w;A-V4W*SP1KdG&NBf;5Wuup_#rHcA}WTKb{ zx|x+{pzKaW6gA^yvNzg>!q}-`?VP#*_e*PH*0Rz{xH`sP9x3Ebwr9`YTIr9!yTVI8 z(n;0Bo`c;+9l$JNZuK6L=;-)lmwE)%Sz1gkTTR^-rELz6$r4T2cxmELzlGzK(}?U+ zlMP0BQ5uwjXwlO>c6HNe2|lCJd>8P90z9BK0?A18DIJ~Qu_Qz`dI|5ExGcPP4|fR@ zD=MJpC3oTu44*ah%|yWa1gkXyGq;C`xn|cEc3c-U3A$T`W7uH!Pli@i_Tzde5t?7%#)Gw{8PUwKd{E0`Ct6n?l)YHbVwYXv##8P`BYzR!@RAfIBO_SQC^TxG zlqL9Z)T0lhQrv*zR%r2B}at-+R6?LGYZY)LCJ#=jet zlIR86o)st*{U@UMzwtXjhVhx|&sqB?>W7bU+bnP}s)y|Y3-pQjnF$*HSO<)O5|h?G zun$DpGtCWNJGi5PYlsyF1?Vly0|JS!R!Hd_%&Gvt zf>`S+uT^0AaxM5+;n}!+d_r$^x}j%eaeyHXUy6>HlA?{PrUv@(!e1{BnjF?Y(qiDg z91l;8l=p{H8e!`tZKx<~JGe@IV#Mr>tYhTaOCnjbCDw_ZTTM{TUm;4t)?E@EbiQ)? zu1~i2LLrGqY^JTkf*C_<2yxD0gagY&kPb<<$C2r%VGBJ3D(CiwBJ8RFPC|sl-xlUc z=o4UPx*rQa`NwTVqMy^bhXv}Fk<2;90>OTiI9%HeIfRM7+-T<9UPFimP=v5zuLs&A z8)d#%qBoX*Enddw64LmRoW+)clqtI|K9T)y`KmMA*kk<`SBTqVei=BNpd?gr^o#s0 z8o?C@Cbz;IDxAP^I>90uDD;^TGpK@83E8P!R{KE;w|yd=uPdHTMAHCKjW;UqT`O-a z9T3zdMYCN?z)*aesGMylj|b`}1IuG^(O7i{!nEALNeY8Ec3b?4)-SEXD)ce8J{={+ zp$0Vcc(cIe=qHN z3_(_1{#Jn!p>i|>aZj{FTLyF(Rs-$+(3hg+#Lks~9*WqgeHF@3b8rpNpoTUSt#eE2 zG8jm~_)BX1l1Uc#>DMt@CmA^CCoFj|A5(Ialbfk(MKQdo<`oN!5yRsEZp>hutpkmm zteY7Om-~eo1q4Z$p$MXcjn{<=Vlkr9RA9q1+9}s$n%GS_41aJZ5$4sa=;JzgXmAq| zSpY3RBS_hIqJ5O$6Glv1T{)A3bi$^nenIGN&Im$z% zmTACHRF&Rt0=IRWQ;K$KNPEVYb7aHqt7Ad2m`AT{VaL}`KO0lYEft_`JTwFhlfRp^ zNvnUxb_M9CHUL{;$@{!kxIfqq@W9=TjoVjlmfdE}3h%;FjzM%~mifwT3I`I(C-d@> zTzyh!)?n^8F;U&l-Q0mCb3Q~2mX#~n61s9N++SD;2su?9-S-J{zC5JI(8Xno6j_$PYuXO9Vg@!$nhs2&mpr5H(K{7jGh{NWSS_wXcE1L49GDET)+h~ zlD~F!b&_R1C&6sF^i0EOx95V-fl%2k@GOF2Gqslmu0d+q`$O6W%-PZL5hHO`S-Q`) zV8yjk*WL$33I9Eqv%N8Hl5^$MZ)NkarCLgAcq&4y>`Itt-|vp(N0J`lC!zjPm4Z}; z?_OVO;`_!Hr}l*+RENo0xrK)T@1UO(jY~#MObr(8lPX&Bmt#2XJyi|8@~1p8auM-4 z*$Y&(_QN^Ee}oU=s<=+*jF5Pmkjz}OuK*szCY;2)bwL+kDKY%biG+<%O=CZoA^}ku zFa~#&7Q_Y$_$K-#{BYW24G*B?_3^~qSh@GYto;31we{8ZcvH~t2CE(gin|H^%4MSm z|Cy%x1~?6RoA)Yu*41CVOXDp?cQdu&$|e8kXjP|-{(&^nAxn^}5!;jE-v?IH zapT`LUs?mHzp5gdGbXvKeOeObUc1N-64O3#LxtXk%p6x=B_ux7$~PF)KUS5vvl)?67CTvbyMzlXP&#E7D`dGvGWs#v)2G=xW z0^5AyvdYt`xzqDo=O|TQe!s1Ps4gjz;VSkXFjcX$A0@5zVV~gdt#i36TdZEk0{V>p?b-sXHp=)}=6DLyzE{ty&+`>BWPAZqN(zt0moZErU5U zgu(ab21jpv6|Wc~90M+!Et)1DT8!Bvk4Biyj8kLKiV3ADH2+Ku{~@Q2v$-FL^)%f{ z;)Fl6_v-~4GN|q3@!A2S(b#C~)V|ejY(nJdu}w#=7aBZzWq*8;?K_K=@fNq?%?}1(RA&=EX@fTq_vl7%J-EQh8;!4V0ogzC6n?w1diP38D3p}!SLzDPr zBCyOl#u;gYHHwkGk$i)A;!d91=KiG55t~?ILCAPU3L#4Y>pyh@RxV|uCR0}MthV}| zaMCK_s^u6GtL^l0bXDGBzNKpCOWM+$N{K;U;bR!)7npFJvRSaaR`}qb_wMADvhk|Z z3&xy3za{X6sI*cY_}KUncxsfT4yYDXd}P{LR%|ixqm5pU0iCF=tY-j=+}{&U zwI`l2*|cJUT`Hr!|HSUEVnf&7TgR@R%S{!VKh@|D(~OzT?feYfewAx=(4zJ16_W8{ zLO}k;qTW3|5|@)VOh#s_cYfI!y$wV>zS|nkPb#dt5Ps$%yxi6=4qDVLH3G8E(+f*2 zCY51r=FY9X70b!T7GSsJk&)xump3OlDjTqFoYZQ&JWyTb7f8MyJ*o46jc` zW!0QM!T@(K)kFH%2Aukg0+Q0MfW&gmgI|NP9%}1*Urbq(*@mL_yAVe1FMqtrm-l_4 zOL$Ten6~gk)_?zJ;~QAlXLLsy$qFfGL~Y+ix&>Olu9*z_GL#_6I&4-t>4hb~M%1Wx zSZJV$E(Ub`*m8CdCn8At&##y6G^C%5BAu!>U!iTGrrM}ZB;fQxW*Ni6-ukm)ZG|_A z^~B;Vh~BsQh0jK)2Ze>>N{4jBa;~&Q}xj*y@&Mr9*`w+B+;UjG% z17Tu9-|vM#xcL(X4Hy{Y`Od+5EklTYwc2IQ7P1>-UBBFfUXPa>v_gC$iH$x+Oj8C> zBnf?9G*?EVf~cK8lM^!Y!^XAa!CBa$p!0TWVDV`SnJ8PP*jh_;!xEO@A%x(j(15yS zj`_aX)~I8f*Qn~|gKF&rO%=t_mUqRK-cr9=I;j^Ne4wQxJXS0Lu;f<4Y209Wt^@C! z->5s5YVB%~7J+09;zYiGVwPXLp>78_6&{ffnkQULzHB{ zyc3t%TAS}z>S~2O#q%e>6>B#b;oh~SeS?9ESV|XaUOWGsk@w55IxUSu@OOY3JJP1DV!=_F&aPJ@b6ndw-Un~^m<1-Uh6;w3FHh+;GkQD)H$&d7KXj#%> zI(f;O8~LXgcZ`+D`dHGx0Mkb=^6qari0W-puP#FGa&C-K`*TQ}6cdpcac=pajPr=K zh^*dt#r~1=+^B6zHMUlHO37a`^l;v4+y^gc%d$5*E5JEb4nMJ7_|V+lpyX(Mo-N~9 zcER-KPAMXbeEca#J7$Nf)-=IPS#8rA!HYFLmSPCuV1Tw+O9u{bo&Agj8}{HDOlz)U zP#M`A92{~7RbIv7IiR1epsd<>2nGK=BujI>EuvcBl4OVu^2NOmVZZO{#xOmGldh_`AC?9|-86i2`5BVJSd3isG2Pu-Q%H9?Nh75<86_d_}r=zKs zT!lXEh%_E<{2a>+fQrv`TRIs0;p8qasr&6L)YdWC7RjkZImYqc4(Y_fK-N!mUgbuP z;LSk>8mQv?f3M;L_5*#AsT~FN6)NZDrJn|j)g0FafB(qM8)9ecr${{N`RL(6Ck7^8 z@NOA5(EF0P+!Q@k+d55QM>PKyj-AR8lL8c;+_oLf^t7COx8b6}Ms#3dol@-;FK(l$ zri2vve9X#X6m2HHuY#9H>gROlSHEX*o>S?EHnCg3z;{x%f7~ux6`yF05*>3*I!%t+ z-T48DH#&IA0E~_Sj-kVd`~`Z?8$bV)<7m=O6rG7)%w1$QppRCWLmg=UJ?)Vd_1#cS zr!lap6^G<6J^zq#o-H(^|3>_+4x!xJo4U8wND~SE-jI z%M=At8|*DZg)V)=e-pvYOw937ypX-MP1Y*K?jToZJuso4v1rf$0Tc%zowgqq&EhIL z`oGlDV&0RTh#k^r6kgQQ;05YR2*Xx!SGY<&KUV06X+v8D-bZB4OX zMBWMQUIwDA(-BM#?B^6nI0DM^w&r=_E*>kI(89Ik$!L~a{Fw0x3_pyGi{z!CJ}vb# zaNXaD$Z}L9H|8WNX1RC%I@V-}-Su`Cxs=y+qaFNGaWEGMDpI44u1RyNm|E!e@bg_A zK5$+K3nxX6&=0+nmsxP`Ml6D0m^i`1MxfarY%`$#dY7EN!D;+a^BX)MVk2B)v# zm{>xT_iCDWQ|S8$jSCzrVAyYF(`_`7`r&L|34G8~DIHr2TCt1Q5d7SBQ6Nv$))3I9 zBl_N4!eQ(kG5C7T?w%zMxJcJ%+c^qI35mCxvw8|{{f?QzqGyu}IzZ;=EASp>KcwB- zs*IJw!1!sinha@ z@N*^MtIcJhRz_U!)ldef76gJmGdDMNwAd`HTnMX8Mnp$ryyM^~9UfMGA8-xYCL`5S za2Mkn4UEoP>Lb1Q?ONU-n23V|XJKH7sH>}E5fI22%@ux5Pe&t!;Px&qq`D|l<^bP$ z3X1Hdu>{A24`F-0RFsriDtqU6Vq1<$PCPT+yT zou7FFE4_Y@GD)Avx_V zIi6gg6jrN>1Ez_R<54JO_`X&<;p5SP~*~N{NVGNmGI&D!LS8% zb#-OY(b2s)m=hf~qt8=3KI;EhcjTB5qy^8$9L`HWJ2nIo?>#IvDGeYZL{zFx+C!6^ yGua2zG9h1o=F<1Qx1rlFXg?+UkG}JNFDB*~oz!E`q@H&Vq9{OAWvZmi!~YA_zn#qh diff --git a/src/SimpleSocialAuth.Mvc4/SimpleSocialAuth.Mvc4.csproj b/src/SimpleSocialAuth.Mvc4/SimpleSocialAuth.Mvc4.csproj index bf66875..0d35f3f 100644 --- a/src/SimpleSocialAuth.Mvc4/SimpleSocialAuth.Mvc4.csproj +++ b/src/SimpleSocialAuth.Mvc4/SimpleSocialAuth.Mvc4.csproj @@ -75,7 +75,7 @@ - + From 7fdae5611118f99b8aa865fcb9d501a83ca7111b Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Mon, 10 Jun 2013 19:54:36 -0700 Subject: [PATCH 19/28] Tweak authhandlerfactory --- nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec | 2 +- .../AuthHandlerFactory.cs | 104 ++++++++++-------- .../Handlers/GoogleHandler.cs | 6 +- .../Handlers/TwitterHandler.cs | 3 +- 4 files changed, 60 insertions(+), 55 deletions(-) diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec index 4bbdc91..2177a3a 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec @@ -1,7 +1,7 @@ - 1.0.3 + 1.0.4 rafek, smithkl42 rafek http://www.opensource.org/licenses/ms-pl.html diff --git a/src/SimpleSocialAuth.Core/AuthHandlerFactory.cs b/src/SimpleSocialAuth.Core/AuthHandlerFactory.cs index 4394be1..fd94bc1 100644 --- a/src/SimpleSocialAuth.Core/AuthHandlerFactory.cs +++ b/src/SimpleSocialAuth.Core/AuthHandlerFactory.cs @@ -6,57 +6,65 @@ namespace SimpleSocialAuth.Core { - /// - /// Use to produce one of the supported handlers. - /// - /// - public class AuthHandlerFactory - { - private static readonly Dictionary> _handlers = - new Dictionary>(); + /// + /// Use to produce one of the supported handlers. + /// + /// + public class AuthHandlerFactory + { + private static readonly Dictionary> _handlers = + new Dictionary>(); - static AuthHandlerFactory() - { - MapHandlers(); - } + static AuthHandlerFactory() + { + MapHandlers(); + } - private static void MapHandlers() - { - var handlers = - Assembly.GetExecutingAssembly().GetTypes().Where( - x => typeof (IAuthenticationHandler).IsAssignableFrom(x) && !x.IsAbstract && !x.IsInterface); - foreach (var handler in handlers) - { - var key = handler.Name.ToLower().Replace("handler", ""); - var handlerType = handler; - _handlers.Add(key, () => (IAuthenticationHandler) Activator.CreateInstance(handlerType)); - } - } + private static void MapHandlers() + { + var handlers = Assembly + .GetExecutingAssembly() + .GetTypes() + .Where(x => typeof (IAuthenticationHandler).IsAssignableFrom(x) && !x.IsAbstract && !x.IsInterface); + foreach (var handler in handlers) + { + var key = handler.Name.ToLower().Replace("handler", ""); + var handlerType = handler; + _handlers.Add(key, () => (IAuthenticationHandler) Activator.CreateInstance(handlerType)); + } + } - /// - /// Map your own authentication handler. - /// - /// Lower case name such as "facebook" - /// Func used to created the handler. - public static void AddHandler(string key, Func factoryMethod) - { - if (key == null) throw new ArgumentNullException("key"); - if (factoryMethod == null) throw new ArgumentNullException("factoryMethod"); - _handlers[key] = factoryMethod; - } + /// + /// Map your own authentication handler. + /// + /// Lower case name such as "facebook" + /// Func used to created the handler. + public static void AddHandler(string key, Func factoryMethod) + { + if (key == null) throw new ArgumentNullException("key"); + if (factoryMethod == null) throw new ArgumentNullException("factoryMethod"); + _handlers[key] = factoryMethod; + } - /// - /// Create a new handler - /// - /// Lower case name such as "facebook" - /// Handler - public static IAuthenticationHandler Create(string handler) - { - Func factory; - if (!_handlers.TryGetValue(handler, out factory)) - throw new ArgumentOutOfRangeException("handler", handler, "Unknown authentication handler."); + /// + /// Create a new handler + /// + /// Lower case name such as "facebook" + /// Handler + public static IAuthenticationHandler Create(string handler) + { + Func factory; + if (!_handlers.TryGetValue(handler.ToLowerInvariant(), out factory)) + { + string message = "Unknown authentication handler; valid options = "; + foreach (var kvp in _handlers) + { + message += kvp.Key + ", "; + } + throw new ArgumentOutOfRangeException("handler", handler, message); + } - return factory(); - } - } + return factory(); + } + } } \ No newline at end of file diff --git a/src/SimpleSocialAuth.Core/Handlers/GoogleHandler.cs b/src/SimpleSocialAuth.Core/Handlers/GoogleHandler.cs index 3aa708b..2368d1d 100644 --- a/src/SimpleSocialAuth.Core/Handlers/GoogleHandler.cs +++ b/src/SimpleSocialAuth.Core/Handlers/GoogleHandler.cs @@ -21,11 +21,9 @@ public class GoogleHandler : IAuthenticationHandler public string PrepareAuthRequest(PrepareAuthenticationContext context) { - var authorization = - googleConsumer.ProcessUserAuthorization(); + var authorization = googleConsumer.ProcessUserAuthorization(); - var callback = - new Uri(Utils.GetUrlBase(context.RequestUri) + context.RedirectPath); + var callback = new Uri(Utils.GetUrlBase(context.RequestUri) + context.RedirectPath); if (authorization == null) { diff --git a/src/SimpleSocialAuth.Core/Handlers/TwitterHandler.cs b/src/SimpleSocialAuth.Core/Handlers/TwitterHandler.cs index a660f69..c4b7d04 100644 --- a/src/SimpleSocialAuth.Core/Handlers/TwitterHandler.cs +++ b/src/SimpleSocialAuth.Core/Handlers/TwitterHandler.cs @@ -14,8 +14,7 @@ public class TwitterHandler : IAuthenticationHandler public string PrepareAuthRequest(PrepareAuthenticationContext context) { - var callback = - new Uri(Utils.GetUrlBase(context.RequestUri) + context.RedirectPath); + var callback = new Uri(Utils.GetUrlBase(context.RequestUri) + context.RedirectPath); var consumer = new TwitterConsumer(context.SessionStorage); return consumer From eecc8e6d50e19af72b2ee9330831bf7c8ba225ef Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Tue, 11 Jun 2013 10:31:34 -0700 Subject: [PATCH 20/28] Update Login.cshtml to use links rather than rendering --- nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec | 2 +- nuget/content.mvc3/LogIn.cshtml | 3 +- src/SimpleSocialAuth.Mvc4/HtmlExtensions.cs | 157 +++++++------------- 3 files changed, 59 insertions(+), 103 deletions(-) diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec index 2177a3a..f6802da 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec @@ -1,7 +1,7 @@ - 1.0.4 + 1.0.5 rafek, smithkl42 rafek http://www.opensource.org/licenses/ms-pl.html diff --git a/nuget/content.mvc3/LogIn.cshtml b/nuget/content.mvc3/LogIn.cshtml index 1316772..cbecb42 100644 --- a/nuget/content.mvc3/LogIn.cshtml +++ b/nuget/content.mvc3/LogIn.cshtml @@ -1,4 +1,6 @@ @using SimpleSocialAuth.MVC3 + + @{ ViewBag.Title = "LogIn"; @@ -6,7 +8,6 @@

LogIn

-@Styles.Render("~/Content/SimpleSocialAuth") Html.RenderAuthWarnings() @if (TempData["authError"] != null) diff --git a/src/SimpleSocialAuth.Mvc4/HtmlExtensions.cs b/src/SimpleSocialAuth.Mvc4/HtmlExtensions.cs index 6675c5e..2d47685 100644 --- a/src/SimpleSocialAuth.Mvc4/HtmlExtensions.cs +++ b/src/SimpleSocialAuth.Mvc4/HtmlExtensions.cs @@ -1,108 +1,63 @@ -using System; -using System.Configuration; +using System.Configuration; using System.Linq; using System.Web.Mvc; -using System.Web.UI; using HtmlTags; -using SimpleSocialAuth.Core; namespace SimpleSocialAuth.Mvc4 { - public static class HtmlExtensions - { - public static MvcHtmlString RenderAuthScript(this HtmlHelper htmlHelper) - { - return - new MvcHtmlString( - new HtmlTag("script") - .Attr("src", WebResource(typeof (Utils), "SimpleSocialAuth.MVC4.Scripts.jquery.auth.js")) - .Attr("type", @"text/javascript") - .ToHtmlString()); - } - - public static MvcHtmlString RenderAuthStylesheet(this HtmlHelper htmlHelper) - { - var inlineStyles = - new HtmlTag("style") - .Attr("type", "text/css") - .Text(@".simpleAuthButton { background-image: url(" + - WebResource(typeof (Utils), "SimpleSocialAuth.MVC4.Images.auth_logos.png") + "); }"); - - var includedStyles = - new HtmlTag("link") - .Attr("rel", "stylesheet") - .Attr("href", WebResource(typeof (Utils), "SimpleSocialAuth.MVC4.Stylesheets.auth.css")) - .Attr("type", @"text/css"); - - return - new MvcHtmlString( - inlineStyles - .After(includedStyles) - .ToHtmlString()); - } - - public static MvcHtmlString RenderAuthWarnings(this HtmlHelper htmlHelper) - { - var appSettingsKeys = - new[] - { - "googleAppID", "googleAppSecret", - "facebookAppID", "facebookAppSecret", - "twitterConsumerKey", "twitterConsumerSecret" - }; - - var noValueForSetting = - appSettingsKeys - .Any(key => string.IsNullOrEmpty(ConfigurationManager.AppSettings[key])); - - var message = ""; - - if (noValueForSetting) - { - message = - new HtmlTag("p") - .Attr("style", "color: Red;") - .Text("Not all key and secrets are filled in a configuration file.") - .ToHtmlString(); - } - - return - new MvcHtmlString(message); - } - - private static string WebResource(Type type, string resourcePath) - { - var page = new Page(); - - return - page.ClientScript.GetWebResourceUrl(type, resourcePath); - } - - public static MvcHtmlString AuthButtons(this HtmlHelper htmlHelper) - { - var authContainer = - new HtmlTag("div") - .Attr("style", "overflow: hidden;") - .Append("input", - ht => ht.Id("authType").Attr("name", "authType").Attr("type", "hidden").Attr("value", "1")) - .Append("a", - ht => ht - .Attr("href", "javascript:auth.signin('twitter')") - .AddClasses("simpleAuthButton", "twitter") - .Text("twitter")) - .Append("a", - ht => ht - .Attr("href", "javascript:auth.signin('facebook')") - .AddClasses("simpleAuthButton", "facebook") - .Text("facebook")) - .Append("a", - ht => ht - .Attr("href", "javascript:auth.signin('google')") - .AddClasses("simpleAuthButton", "google") - .Text("google")) - .ToHtmlString(); - - return new MvcHtmlString(authContainer); - } - } + public static class HtmlExtensions + { + public static MvcHtmlString RenderAuthWarnings(this HtmlHelper htmlHelper) + { + var appSettingsKeys = + new[] + { + "googleAppID", "googleAppSecret", + "facebookAppID", "facebookAppSecret", + "twitterConsumerKey", "twitterConsumerSecret" + }; + + var noValueForSetting = appSettingsKeys + .Any(key => string.IsNullOrEmpty(ConfigurationManager.AppSettings[key])); + + var message = ""; + + if (noValueForSetting) + { + message = new HtmlTag("p") + .Attr("style", "color: Red;") + .Text("Not all key and secrets are filled in a configuration file.") + .ToHtmlString(); + } + + return new MvcHtmlString(message); + } + + public static MvcHtmlString AuthButtons(this HtmlHelper htmlHelper) + { + var authContainer = + new HtmlTag("div") + .Attr("style", "overflow: hidden;") + .Append("input", + ht => ht.Id("authType").Attr("name", "authType").Attr("type", "hidden").Attr("value", "1")) + .Append("a", + ht => ht + .Attr("href", "javascript:auth.signin('twitter')") + .AddClasses("simpleAuthButton", "twitter") + .Text("twitter")) + .Append("a", + ht => ht + .Attr("href", "javascript:auth.signin('facebook')") + .AddClasses("simpleAuthButton", "facebook") + .Text("facebook")) + .Append("a", + ht => ht + .Attr("href", "javascript:auth.signin('google')") + .AddClasses("simpleAuthButton", "google") + .Text("google")) + .ToHtmlString(); + + return new MvcHtmlString(authContainer); + } + } } \ No newline at end of file From 1e8eb1921b68b44ec337fabac0e3fe018ae52b1a Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Tue, 11 Jun 2013 12:30:25 -0700 Subject: [PATCH 21/28] Move nuget files identical for both mvc3 and mvc4 into common location --- nuget/SimpleSocialAuth.MVC3.1.0.1.nuspec | 3 +-- nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec | 4 ++-- .../SimpleAuthController.cs.pp | 9 ++++----- .../Handlers/AbstractAuthHandler.cs | 8 -------- .../Handlers/FacebookHandler.cs | 12 ++++-------- .../SimpleSocialAuth.Core.csproj | 2 +- src/SimpleSocialAuth.sln | 8 ++++++-- 7 files changed, 18 insertions(+), 28 deletions(-) rename nuget/{content.mvc4 => content.common}/SimpleAuthController.cs.pp (89%) delete mode 100644 src/SimpleSocialAuth.Core/Handlers/AbstractAuthHandler.cs diff --git a/nuget/SimpleSocialAuth.MVC3.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC3.1.0.1.nuspec index 547c7fe..b857136 100644 --- a/nuget/SimpleSocialAuth.MVC3.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC3.1.0.1.nuspec @@ -21,8 +21,7 @@ social auth oauth asp.net-mvc - - + diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec index f6802da..7693f12 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec @@ -1,7 +1,7 @@ - 1.0.5 + 1.0.6 rafek, smithkl42 rafek http://www.opensource.org/licenses/ms-pl.html @@ -25,7 +25,7 @@ - + diff --git a/nuget/content.mvc4/SimpleAuthController.cs.pp b/nuget/content.common/SimpleAuthController.cs.pp similarity index 89% rename from nuget/content.mvc4/SimpleAuthController.cs.pp rename to nuget/content.common/SimpleAuthController.cs.pp index 1f47fe1..17e2f35 100644 --- a/nuget/content.mvc4/SimpleAuthController.cs.pp +++ b/nuget/content.common/SimpleAuthController.cs.pp @@ -2,8 +2,7 @@ using System.Web.Mvc; using System.Web.Security; using SimpleSocialAuth.Core; -using SimpleSocialAuth.Core.Handlers; -using SimpleSocialAuth.Mvc4; +using SimpleSocialAuth.Core.Handlers; namespace $rootnamespace$.Controllers { @@ -27,9 +26,9 @@ { var authHandler = AuthHandlerFactory.Create(authType); var authContext = new PrepareAuthenticationContext( - CurrentContextSession.Instance, - Request.Url, - (string)Session["ReturnUrl"]); + CurrentContextSession.Instance, + Request.Url, + Url.Action("DoAuth", new { authType })); string redirectUrl = authHandler.PrepareAuthRequest(authContext); return Redirect(redirectUrl); } diff --git a/src/SimpleSocialAuth.Core/Handlers/AbstractAuthHandler.cs b/src/SimpleSocialAuth.Core/Handlers/AbstractAuthHandler.cs deleted file mode 100644 index 377d5c6..0000000 --- a/src/SimpleSocialAuth.Core/Handlers/AbstractAuthHandler.cs +++ /dev/null @@ -1,8 +0,0 @@ -namespace SimpleSocialAuth.Core.Handlers -{ - public interface IAuthenticationHandler - { - string PrepareAuthRequest(PrepareAuthenticationContext context); - BasicUserData ProcessAuthRequest(ProcessAuthenticationContext context); - } -} \ No newline at end of file diff --git a/src/SimpleSocialAuth.Core/Handlers/FacebookHandler.cs b/src/SimpleSocialAuth.Core/Handlers/FacebookHandler.cs index 3df2110..4677f89 100644 --- a/src/SimpleSocialAuth.Core/Handlers/FacebookHandler.cs +++ b/src/SimpleSocialAuth.Core/Handlers/FacebookHandler.cs @@ -20,13 +20,11 @@ public string PrepareAuthRequest(PrepareAuthenticationContext context) { var authorization = facebookConsumer.ProcessUserAuthorization(); - var callback = - new Uri(Utils.GetUrlBase(context.RequestUri) + context.RedirectPath); + var callback = new Uri(Utils.GetUrlBase(context.RequestUri) + context.RedirectPath); if (authorization == null) { - return - facebookConsumer + return facebookConsumer .PrepareRequestUserAuthorization(returnTo: callback) .Headers["Location"]; } @@ -36,16 +34,14 @@ public string PrepareAuthRequest(PrepareAuthenticationContext context) public BasicUserData ProcessAuthRequest(ProcessAuthenticationContext context) { - var authorization = - facebookConsumer.ProcessUserAuthorization(); + var authorization = facebookConsumer.ProcessUserAuthorization(); if (authorization.AccessToken == null) { return null; } - var graphRequest = - WebRequest + var graphRequest = WebRequest .Create("https://graph.facebook.com/me?access_token=" + Uri.EscapeDataString(authorization.AccessToken)); diff --git a/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj b/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj index 45d8968..d914b1e 100644 --- a/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj +++ b/src/SimpleSocialAuth.Core/SimpleSocialAuth.Core.csproj @@ -141,7 +141,7 @@ - + diff --git a/src/SimpleSocialAuth.sln b/src/SimpleSocialAuth.sln index da72de3..c43fa36 100644 --- a/src/SimpleSocialAuth.sln +++ b/src/SimpleSocialAuth.sln @@ -23,13 +23,11 @@ EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "content.mvc3", "content.mvc3", "{B153952A-5808-46B4-A2C0-2FA1A7C7A49E}" ProjectSection(SolutionItems) = preProject ..\nuget\content.mvc3\LogIn.cshtml = ..\nuget\content.mvc3\LogIn.cshtml - ..\nuget\content.mvc3\SimpleAuthController.cs.pp = ..\nuget\content.mvc3\SimpleAuthController.cs.pp EndProjectSection EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "content.mvc4", "content.mvc4", "{2E0EFE72-D86E-48A7-814D-A44F1100A2BF}" ProjectSection(SolutionItems) = preProject ..\nuget\content.mvc4\LogIn.cshtml = ..\nuget\content.mvc4\LogIn.cshtml - ..\nuget\content.mvc4\SimpleAuthController.cs.pp = ..\nuget\content.mvc4\SimpleAuthController.cs.pp ..\nuget\content.mvc4\SimpleSocialAuthBundleConfig.cs.pp = ..\nuget\content.mvc4\SimpleSocialAuthBundleConfig.cs.pp EndProjectSection EndProject @@ -38,6 +36,11 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tools", "tools", "{546A9A81 ..\nuget\tools\install.ps1 = ..\nuget\tools\install.ps1 EndProjectSection EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "content.common", "content.common", "{A3C1BC35-F499-4A9E-B651-188DE4D1CCC0}" + ProjectSection(SolutionItems) = preProject + ..\nuget\content.common\SimpleAuthController.cs.pp = ..\nuget\content.common\SimpleAuthController.cs.pp + EndProjectSection +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -64,5 +67,6 @@ Global {B153952A-5808-46B4-A2C0-2FA1A7C7A49E} = {415946F4-2526-4B13-8F67-CB42C5F72739} {2E0EFE72-D86E-48A7-814D-A44F1100A2BF} = {415946F4-2526-4B13-8F67-CB42C5F72739} {546A9A81-1097-4571-A525-57E2125F294E} = {415946F4-2526-4B13-8F67-CB42C5F72739} + {A3C1BC35-F499-4A9E-B651-188DE4D1CCC0} = {415946F4-2526-4B13-8F67-CB42C5F72739} EndGlobalSection EndGlobal From 569135ca8a3639722be2fb90cc63e69635299990 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Tue, 11 Jun 2013 13:53:29 -0700 Subject: [PATCH 22/28] Add error handling to SimpleAuthController.cs.pp --- nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec | 2 +- .../content.common/SimpleAuthController.cs.pp | 70 ++++++++++++------- 2 files changed, 46 insertions(+), 26 deletions(-) diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec index 7693f12..7a78760 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec @@ -1,7 +1,7 @@ - 1.0.6 + 1.0.7 rafek, smithkl42 rafek http://www.opensource.org/licenses/ms-pl.html diff --git a/nuget/content.common/SimpleAuthController.cs.pp b/nuget/content.common/SimpleAuthController.cs.pp index 17e2f35..ac5bd6c 100644 --- a/nuget/content.common/SimpleAuthController.cs.pp +++ b/nuget/content.common/SimpleAuthController.cs.pp @@ -1,4 +1,5 @@ -using System.Web; +using System; +using System.Diagnostics; using System.Web.Mvc; using System.Web.Security; using SimpleSocialAuth.Core; @@ -6,6 +7,11 @@ namespace $rootnamespace$.Controllers { + /// + /// Simple scaffolding class for handling OAuth-based authentication. + /// Many scenarios will require that this controller be extended or logic from this + /// controller moved into other classes. + /// public class SimpleAuthController : Controller { public ActionResult LogIn() @@ -14,46 +20,60 @@ { return RedirectToAction("Index", "Home"); } - Session["ReturnUrl"] = Request.QueryString["returnUrl"]; - return View(); } - // TODO: HI Errors handling [HttpPost] public ActionResult Authenticate(string authType) { - var authHandler = AuthHandlerFactory.Create(authType); - var authContext = new PrepareAuthenticationContext( - CurrentContextSession.Instance, - Request.Url, - Url.Action("DoAuth", new { authType })); - string redirectUrl = authHandler.PrepareAuthRequest(authContext); - return Redirect(redirectUrl); + try + { + var authHandler = AuthHandlerFactory.Create(authType); + var authContext = new PrepareAuthenticationContext( + CurrentContextSession.Instance, + Request.Url, + Url.Action("DoAuth", new { authType })); + string redirectUrl = authHandler.PrepareAuthRequest(authContext); + return Redirect(redirectUrl); + } + catch (Exception ex) + { + Debug.WriteLine("Error calling OAuth provider: " + ex); + TempData["authError"] = ex.Message; + return RedirectToAction("LogIn"); + } } public ActionResult DoAuth(string authType) { - var authHandler = AuthHandlerFactory.Create(authType); - var authContext = new ProcessAuthenticationContext(CurrentContextSession.Instance, Request.Url); - var userData = authHandler.ProcessAuthRequest(authContext); - - if (userData == null) + try { - TempData["authError"] = "Authentication has failed."; + var authHandler = AuthHandlerFactory.Create(authType); + var authContext = new ProcessAuthenticationContext(CurrentContextSession.Instance, Request.Url); + var userData = authHandler.ProcessAuthRequest(authContext); - return RedirectToAction("LogIn"); - } + if (userData == null) + { + TempData["authError"] = "Authentication has failed."; - // TODO: Here you can check if such user exists in your database, etc. + return RedirectToAction("LogIn"); + } - // NOTE: this is just simple usage of setting AuthCookie - FormsAuthentication.SetAuthCookie(userData.UserName, true); + // NOTE: this is just simple usage of setting AuthCookie + // TODO: You may also want to check to see if this user exists in your database, create an entry if they don't, etc. + FormsAuthentication.SetAuthCookie(userData.UserName, true); - return Session["ReturnUrl"] != null - ? (ActionResult)Redirect((string)Session["ReturnUrl"]) - : RedirectToAction("Index", "Home"); + return Session["ReturnUrl"] != null + ? (ActionResult) Redirect((string) Session["ReturnUrl"]) + : RedirectToAction("Index", "Home"); + } + catch (Exception ex) + { + Debug.WriteLine("Error responding to OAuth request: " + ex); + TempData["authError"] = ex.Message; + return RedirectToAction("LogIn"); + } } } } From e7a28edd3b2e08c4cf4b4fdfe89636c9f524b269 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Tue, 11 Jun 2013 15:15:51 -0700 Subject: [PATCH 23/28] Fix stupid razor syntax error --- nuget/content.mvc3/LogIn.cshtml | 2 +- nuget/content.mvc4/LogIn.cshtml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nuget/content.mvc3/LogIn.cshtml b/nuget/content.mvc3/LogIn.cshtml index cbecb42..59ae37b 100644 --- a/nuget/content.mvc3/LogIn.cshtml +++ b/nuget/content.mvc3/LogIn.cshtml @@ -8,7 +8,7 @@

LogIn

-Html.RenderAuthWarnings() +@Html.RenderAuthWarnings() @if (TempData["authError"] != null) { diff --git a/nuget/content.mvc4/LogIn.cshtml b/nuget/content.mvc4/LogIn.cshtml index cf74a05..e20c81a 100644 --- a/nuget/content.mvc4/LogIn.cshtml +++ b/nuget/content.mvc4/LogIn.cshtml @@ -7,7 +7,7 @@

LogIn

@Styles.Render("~/Content/SimpleSocialAuth") -Html.RenderAuthWarnings() +@Html.RenderAuthWarnings() @if (TempData["authError"] != null) { From 3ff74d9da016f461ad16a5a99ecdafa519f79cf4 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Tue, 11 Jun 2013 15:54:24 -0700 Subject: [PATCH 24/28] Work around DNOA/Google interop bug --- nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec | 2 +- src/SimpleSocialAuth.Core/Consumers/GoogleConsumer.cs | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec index 7a78760..2d8ffaf 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec @@ -1,7 +1,7 @@ - 1.0.7 + 1.0.8 rafek, smithkl42 rafek http://www.opensource.org/licenses/ms-pl.html diff --git a/src/SimpleSocialAuth.Core/Consumers/GoogleConsumer.cs b/src/SimpleSocialAuth.Core/Consumers/GoogleConsumer.cs index 9f9d366..7cf7731 100644 --- a/src/SimpleSocialAuth.Core/Consumers/GoogleConsumer.cs +++ b/src/SimpleSocialAuth.Core/Consumers/GoogleConsumer.cs @@ -15,8 +15,10 @@ internal class GoogleConsumer : WebServerClient public GoogleConsumer(string clientIdentifier, string clientSecret) : base(GoogleDescription, clientIdentifier, clientSecret) { - AuthorizationTracker = - new AuthorizationTracker(); + AuthorizationTracker = new AuthorizationTracker(); + + // See https://groups.google.com/forum/?fromgroups#!topic/dotnetopenid/ibzRfE4TpB0 + ClientCredentialApplicator = ClientCredentialApplicator.PostParameter(clientSecret); } } } \ No newline at end of file From 4858e2016b5a5d5fbf7a1bf1d7b2530e3a26a441 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Tue, 11 Jun 2013 16:09:56 -0700 Subject: [PATCH 25/28] Work around DNOA/Facebook interop bug --- nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec | 2 +- .../Consumers/FacebookConsumer.cs | 32 ++- .../Consumers/TwitterConsumer.cs | 264 ++++++++---------- .../Handlers/TwitterHandler.cs | 64 ++--- 4 files changed, 171 insertions(+), 191 deletions(-) diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec index 2d8ffaf..d2ef8bd 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec @@ -1,7 +1,7 @@ - 1.0.8 + 1.0.9 rafek, smithkl42 rafek http://www.opensource.org/licenses/ms-pl.html diff --git a/src/SimpleSocialAuth.Core/Consumers/FacebookConsumer.cs b/src/SimpleSocialAuth.Core/Consumers/FacebookConsumer.cs index 265f9ec..fe0d6c3 100644 --- a/src/SimpleSocialAuth.Core/Consumers/FacebookConsumer.cs +++ b/src/SimpleSocialAuth.Core/Consumers/FacebookConsumer.cs @@ -3,20 +3,22 @@ namespace SimpleSocialAuth.Core.Consumers { - internal class FacebookConsumer : WebServerClient - { - private static readonly AuthorizationServerDescription FacebookDescription = - new AuthorizationServerDescription - { - TokenEndpoint = new Uri("https://graph.facebook.com/oauth/access_token"), - AuthorizationEndpoint = new Uri("https://graph.facebook.com/oauth/authorize") - }; + internal class FacebookConsumer : WebServerClient + { + private static readonly AuthorizationServerDescription FacebookDescription = + new AuthorizationServerDescription + { + TokenEndpoint = new Uri("https://graph.facebook.com/oauth/access_token"), + AuthorizationEndpoint = new Uri("https://graph.facebook.com/oauth/authorize") + }; - public FacebookConsumer(string clientIdentifier, string clientSecret) - : base(FacebookDescription, clientIdentifier, clientSecret) - { - AuthorizationTracker = - new AuthorizationTracker(); - } - } + public FacebookConsumer(string clientIdentifier, string clientSecret) + : base(FacebookDescription, clientIdentifier, clientSecret) + { + AuthorizationTracker = new AuthorizationTracker(); + + // See http://stackoverflow.com/questions/15212959/bad-request-on-processuserauthorization-dotnetopenauth-4-2-2-13055 + ClientCredentialApplicator = ClientCredentialApplicator.PostParameter(clientSecret); + } + } } \ No newline at end of file diff --git a/src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs b/src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs index ab90332..dcbc1f7 100644 --- a/src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs +++ b/src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs @@ -6,146 +6,126 @@ namespace SimpleSocialAuth.Core.Consumers { - internal class TwitterConsumer - { - public static readonly ServiceProviderDescription SignInWithTwitterServiceDescription = - new ServiceProviderDescription - { - RequestTokenEndpoint = - new MessageReceivingEndpoint( - "http://twitter.com/oauth/request_token", - HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest), - UserAuthorizationEndpoint = - new MessageReceivingEndpoint( - "http://twitter.com/oauth/authenticate", - HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest), - AccessTokenEndpoint = - new MessageReceivingEndpoint( - "http://twitter.com/oauth/access_token", - HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest), - TamperProtectionElements = - new ITamperProtectionChannelBindingElement[] - { - new HmacSha1SigningBindingElement() - }, - }; - - private static WebConsumer signInConsumer; - private static readonly object signInConsumerInitLock = new object(); - private readonly ISessionStorage _sessionStorage; - - public TwitterConsumer(ISessionStorage sessionStorage) - { - _sessionStorage = sessionStorage; - } - - private bool IsTwitterConsumerConfigured - { - get - { - return - !string.IsNullOrEmpty(ConfigurationManager.AppSettings["twitterConsumerKey"]) && - !string.IsNullOrEmpty(ConfigurationManager.AppSettings["twitterConsumerSecret"]); - } - } - - private WebConsumer TwitterSignIn - { - get - { - if (signInConsumer == null) - { - lock (signInConsumerInitLock) - { - if (signInConsumer == null) - { - signInConsumer = - new WebConsumer( - SignInWithTwitterServiceDescription, - ShortTermUserSessionTokenManager); - } - } - } - - return signInConsumer; - } - } - - private InMemoryTokenManager ShortTermUserSessionTokenManager - { - get - { - var tokenManager = - (InMemoryTokenManager) _sessionStorage.Load("TwitterShortTermUserSessionTokenManager"); - - if (tokenManager == null) - { - var consumerKey = - ConfigurationManager.AppSettings["twitterConsumerKey"]; - - var consumerSecret = - ConfigurationManager.AppSettings["twitterConsumerSecret"]; - - if (IsTwitterConsumerConfigured) - { - tokenManager = - new InMemoryTokenManager(consumerKey, consumerSecret); - - _sessionStorage.Store("TwitterShortTermUserSessionTokenManager", tokenManager); - } - else - { - throw new InvalidOperationException( - "No Twitter OAuth consumer key and secret could be found in web.config AppSettings."); - } - } - - return - tokenManager; - } - } - - public OutgoingWebResponse StartSignInWithTwitter(Uri callback = null) - { - if (callback == null) - { - callback = - MessagingUtilities - .GetRequestUrlFromContext() - .StripQueryArgumentsWithPrefix("oauth_"); - } - - var request = - TwitterSignIn - .PrepareRequestUserAuthorization(callback, null, null); - - return - TwitterSignIn - .Channel - .PrepareResponse(request); - } - - public bool TryFinishSignInWithTwitter(out string screenName, out int userId) - { - screenName = null; - userId = 0; - - var response = - TwitterSignIn - .ProcessUserAuthorization(); - - if (response == null) - { - return false; - } - - screenName = - response.ExtraData["screen_name"]; - - userId = - int.Parse(response.ExtraData["user_id"]); - - return true; - } - } + internal class TwitterConsumer + { + public static readonly ServiceProviderDescription SignInWithTwitterServiceDescription = + new ServiceProviderDescription + { + RequestTokenEndpoint = + new MessageReceivingEndpoint( + "http://twitter.com/oauth/request_token", + HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest), + UserAuthorizationEndpoint = + new MessageReceivingEndpoint( + "http://twitter.com/oauth/authenticate", + HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest), + AccessTokenEndpoint = + new MessageReceivingEndpoint( + "http://twitter.com/oauth/access_token", + HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest), + TamperProtectionElements = + new ITamperProtectionChannelBindingElement[] + { + new HmacSha1SigningBindingElement() + }, + }; + + private static WebConsumer signInConsumer; + private static readonly object signInConsumerInitLock = new object(); + private readonly ISessionStorage _sessionStorage; + + public TwitterConsumer(ISessionStorage sessionStorage) + { + _sessionStorage = sessionStorage; + } + + private bool IsTwitterConsumerConfigured + { + get + { + return + !string.IsNullOrEmpty(ConfigurationManager.AppSettings["twitterConsumerKey"]) && + !string.IsNullOrEmpty(ConfigurationManager.AppSettings["twitterConsumerSecret"]); + } + } + + private WebConsumer TwitterSignIn + { + get + { + if (signInConsumer == null) + { + lock (signInConsumerInitLock) + { + if (signInConsumer == null) + { + signInConsumer = + new WebConsumer( + SignInWithTwitterServiceDescription, + ShortTermUserSessionTokenManager); + } + } + } + + return signInConsumer; + } + } + + private InMemoryTokenManager ShortTermUserSessionTokenManager + { + get + { + var tokenManager = + (InMemoryTokenManager)_sessionStorage.Load("TwitterShortTermUserSessionTokenManager"); + + if (tokenManager == null) + { + var consumerKey = ConfigurationManager.AppSettings["twitterConsumerKey"]; + var consumerSecret = ConfigurationManager.AppSettings["twitterConsumerSecret"]; + + if (IsTwitterConsumerConfigured) + { + tokenManager = new InMemoryTokenManager(consumerKey, consumerSecret); + _sessionStorage.Store("TwitterShortTermUserSessionTokenManager", tokenManager); + } + else + { + throw new InvalidOperationException( + "No Twitter OAuth consumer key and secret could be found in web.config AppSettings."); + } + } + + return tokenManager; + } + } + + public OutgoingWebResponse StartSignInWithTwitter(Uri callback = null) + { + if (callback == null) + { + callback = MessagingUtilities.GetRequestUrlFromContext().StripQueryArgumentsWithPrefix("oauth_"); + } + + var request = TwitterSignIn.PrepareRequestUserAuthorization(callback, null, null); + + return TwitterSignIn.Channel.PrepareResponse(request); + } + + public bool TryFinishSignInWithTwitter(out string screenName, out int userId) + { + screenName = null; + userId = 0; + + var response = TwitterSignIn.ProcessUserAuthorization(); + + if (response == null) + { + return false; + } + + screenName = response.ExtraData["screen_name"]; + userId = int.Parse(response.ExtraData["user_id"]); + return true; + } + } } \ No newline at end of file diff --git a/src/SimpleSocialAuth.Core/Handlers/TwitterHandler.cs b/src/SimpleSocialAuth.Core/Handlers/TwitterHandler.cs index c4b7d04..cbcea95 100644 --- a/src/SimpleSocialAuth.Core/Handlers/TwitterHandler.cs +++ b/src/SimpleSocialAuth.Core/Handlers/TwitterHandler.cs @@ -4,42 +4,40 @@ namespace SimpleSocialAuth.Core.Handlers { - /// - /// Twitter authentication handler. - /// - /// Required that the following appSettings keys are configured: "twitterConsumerKey" and "twitterConsumerSecret" - public class TwitterHandler : IAuthenticationHandler - { - #region IAuthenticationHandler Members + /// + /// Twitter authentication handler. + /// + /// Required that the following appSettings keys are configured: "twitterConsumerKey" and "twitterConsumerSecret" + public class TwitterHandler : IAuthenticationHandler + { + #region IAuthenticationHandler Members - public string PrepareAuthRequest(PrepareAuthenticationContext context) - { - var callback = new Uri(Utils.GetUrlBase(context.RequestUri) + context.RedirectPath); + public string PrepareAuthRequest(PrepareAuthenticationContext context) + { + var callback = new Uri(Utils.GetUrlBase(context.RequestUri) + context.RedirectPath); - var consumer = new TwitterConsumer(context.SessionStorage); - return consumer - .StartSignInWithTwitter(callback) - .Headers["Location"]; - } + var consumer = new TwitterConsumer(context.SessionStorage); + return consumer + .StartSignInWithTwitter(callback) + .Headers["Location"]; + } - public BasicUserData ProcessAuthRequest(ProcessAuthenticationContext context) - { - string screenName; - int userId; + public BasicUserData ProcessAuthRequest(ProcessAuthenticationContext context) + { + string screenName; + int userId; - var consumer = new TwitterConsumer(context.SessionStorage); - return - consumer.TryFinishSignInWithTwitter(out screenName, out userId) - ? new BasicUserData - { - UserId = userId.ToString(CultureInfo.InvariantCulture), - UserName = screenName, - PictureUrl = - string.Format("http://api.twitter.com/1/users/profile_image/{0}.png", screenName) - } - : null; - } + var consumer = new TwitterConsumer(context.SessionStorage); + return consumer.TryFinishSignInWithTwitter(out screenName, out userId) + ? new BasicUserData + { + UserId = userId.ToString(CultureInfo.InvariantCulture), + UserName = screenName, + PictureUrl = string.Format("http://api.twitter.com/1/users/profile_image/{0}.png", screenName) + } + : null; + } - #endregion - } + #endregion + } } \ No newline at end of file From bbd3f8758e221ab01c131e2a9c5cacede8c2c4f2 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Tue, 11 Jun 2013 16:38:27 -0700 Subject: [PATCH 26/28] Reformatting some code --- .../Consumers/TwitterConsumer.cs | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs b/src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs index dcbc1f7..e7f70fa 100644 --- a/src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs +++ b/src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs @@ -59,10 +59,7 @@ private WebConsumer TwitterSignIn { if (signInConsumer == null) { - signInConsumer = - new WebConsumer( - SignInWithTwitterServiceDescription, - ShortTermUserSessionTokenManager); + signInConsumer = new WebConsumer(SignInWithTwitterServiceDescription, ShortTermUserSessionTokenManager); } } } @@ -99,14 +96,14 @@ private InMemoryTokenManager ShortTermUserSessionTokenManager } } - public OutgoingWebResponse StartSignInWithTwitter(Uri callback = null) + public OutgoingWebResponse StartSignInWithTwitter(Uri callbackUri = null) { - if (callback == null) + if (callbackUri == null) { - callback = MessagingUtilities.GetRequestUrlFromContext().StripQueryArgumentsWithPrefix("oauth_"); + callbackUri = MessagingUtilities.GetRequestUrlFromContext().StripQueryArgumentsWithPrefix("oauth_"); } - var request = TwitterSignIn.PrepareRequestUserAuthorization(callback, null, null); + var request = TwitterSignIn.PrepareRequestUserAuthorization(callbackUri, null, null); return TwitterSignIn.Channel.PrepareResponse(request); } From c9de11278d6eb3d9e7fb968ab6dbfc23bd6bb00c Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Tue, 11 Jun 2013 16:55:06 -0700 Subject: [PATCH 27/28] Switch Twitter URL's to SSL Apparently as of TODAY, they've changed their API to be SSL-only --- nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec | 2 +- src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec index d2ef8bd..4ca0084 100644 --- a/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec +++ b/nuget/SimpleSocialAuth.MVC4.1.0.1.nuspec @@ -1,7 +1,7 @@ - 1.0.9 + 1.0.10 rafek, smithkl42 rafek http://www.opensource.org/licenses/ms-pl.html diff --git a/src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs b/src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs index e7f70fa..c7e30d1 100644 --- a/src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs +++ b/src/SimpleSocialAuth.Core/Consumers/TwitterConsumer.cs @@ -13,15 +13,15 @@ internal class TwitterConsumer { RequestTokenEndpoint = new MessageReceivingEndpoint( - "http://twitter.com/oauth/request_token", + "https://twitter.com/oauth/request_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest), UserAuthorizationEndpoint = new MessageReceivingEndpoint( - "http://twitter.com/oauth/authenticate", + "https://twitter.com/oauth/authenticate", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest), AccessTokenEndpoint = new MessageReceivingEndpoint( - "http://twitter.com/oauth/access_token", + "https://twitter.com/oauth/access_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest), TamperProtectionElements = new ITamperProtectionChannelBindingElement[] From 3716475f3daf9b8508d194fd7e31206c718a59b5 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Sat, 15 Jun 2013 11:27:42 -0700 Subject: [PATCH 28/28] Added missing files --- .gitignore | 8 ++--- .../content.common/SimpleAuthController.cs.pp | 14 ++++----- .../CurrentContextSession.cs | 28 +++++++++++++++++ .../Handlers/IAuthenticationHandler.cs | 16 ++++++++++ .../Images/simplesocialauthlogos.png | Bin 0 -> 10397 bytes .../Scripts/simplesocialauth.js | 28 +++++++++++++++++ .../Stylesheets/simplesocialauth.css | 29 ++++++++++++++++++ .../Images/simplesocialauthlogos.png | Bin 0 -> 10397 bytes .../Scripts/simplesocialauth.js | 28 +++++++++++++++++ .../Stylesheets/simplesocialauth.css | 29 ++++++++++++++++++ 10 files changed, 169 insertions(+), 11 deletions(-) create mode 100644 src/SimpleSocialAuth.Core/CurrentContextSession.cs create mode 100644 src/SimpleSocialAuth.Core/Handlers/IAuthenticationHandler.cs create mode 100644 src/SimpleSocialAuth.MVC3/Images/simplesocialauthlogos.png create mode 100644 src/SimpleSocialAuth.MVC3/Scripts/simplesocialauth.js create mode 100644 src/SimpleSocialAuth.MVC3/Stylesheets/simplesocialauth.css create mode 100644 src/SimpleSocialAuth.Mvc4/Images/simplesocialauthlogos.png create mode 100644 src/SimpleSocialAuth.Mvc4/Scripts/simplesocialauth.js create mode 100644 src/SimpleSocialAuth.Mvc4/Stylesheets/simplesocialauth.css diff --git a/.gitignore b/.gitignore index 04cf62e..6dd72a9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,7 @@ [Oo]bj/ [Bb]in/ *.user -/TestResults +TestResults/ *.vspscc *.vssscc deploy @@ -13,9 +13,9 @@ _ReSharper.* *.csproj.user *[Rr]e[Ss]harper.user _ReSharper.* -src/ -packages/* -artifacts/* + +packages/ +artifacts/ msbuild.log PublishProfiles/ *.psess diff --git a/nuget/content.common/SimpleAuthController.cs.pp b/nuget/content.common/SimpleAuthController.cs.pp index ac5bd6c..c258b93 100644 --- a/nuget/content.common/SimpleAuthController.cs.pp +++ b/nuget/content.common/SimpleAuthController.cs.pp @@ -1,12 +1,12 @@ using System; using System.Diagnostics; -using System.Web.Mvc; -using System.Web.Security; +using System.Web.Mvc; +using System.Web.Security; using SimpleSocialAuth.Core; -using SimpleSocialAuth.Core.Handlers; - -namespace $rootnamespace$.Controllers -{ +using SimpleSocialAuth.Core.Handlers; + +namespace $rootnamespace$.Controllers +{ /// /// Simple scaffolding class for handling OAuth-based authentication. /// Many scenarios will require that this controller be extended or logic from this @@ -76,4 +76,4 @@ } } } -} +} diff --git a/src/SimpleSocialAuth.Core/CurrentContextSession.cs b/src/SimpleSocialAuth.Core/CurrentContextSession.cs new file mode 100644 index 0000000..9c76453 --- /dev/null +++ b/src/SimpleSocialAuth.Core/CurrentContextSession.cs @@ -0,0 +1,28 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Web; + +namespace SimpleSocialAuth.Core +{ + public class CurrentContextSession : ISessionStorage + { + + private static CurrentContextSession _instance; + public static CurrentContextSession Instance + { + get { return _instance ?? (_instance = new CurrentContextSession()); } + } + + public object Load(string key) + { + return HttpContext.Current.Session[key]; + } + + public void Store(string key, object value) + { + HttpContext.Current.Session[key] = value; + } + } +} diff --git a/src/SimpleSocialAuth.Core/Handlers/IAuthenticationHandler.cs b/src/SimpleSocialAuth.Core/Handlers/IAuthenticationHandler.cs new file mode 100644 index 0000000..731afe4 --- /dev/null +++ b/src/SimpleSocialAuth.Core/Handlers/IAuthenticationHandler.cs @@ -0,0 +1,16 @@ +using System; +using System.Collections.Generic; +using System.IO; +using System.Linq; +using System.Net; +using System.Text; +using Newtonsoft.Json.Linq; + +namespace SimpleSocialAuth.Core.Handlers +{ + public interface IAuthenticationHandler + { + string PrepareAuthRequest(PrepareAuthenticationContext context); + BasicUserData ProcessAuthRequest(ProcessAuthenticationContext context); + } +} \ No newline at end of file diff --git a/src/SimpleSocialAuth.MVC3/Images/simplesocialauthlogos.png b/src/SimpleSocialAuth.MVC3/Images/simplesocialauthlogos.png new file mode 100644 index 0000000000000000000000000000000000000000..aeb7fdf95d0be78a03d7ca8400633ff9f50875ad GIT binary patch literal 10397 zcmb_?WmFtduqFv^34;z2JV+R1aDvO=?kj-yKnWax~Kcz>aMT8y0Pl2a`-qDI4CG6_zLnen$K4o6qFb0SQyVO z6*%s*fbzmqQ%(w{YLsgKSwORuRFOnMsZGRvut0y7vEAeiJW)_y_58>2qTjXL>iH&x z7ewDn%hkrq*TTaZMcu;Q#fw7~qD||=!@m7T!(pWa6p47zO>x$ru*oNx_a~uC1TP*i1lM?20F=W$ONhhk>MUa=KPQs5qt1 zvlD!KL05}2%tT9z9Y*kJyqklL4x6r_`Lg3*Yo*aw7ad-NRich)|oc=s!}4(MO7BxPRm@X=8la z5Irs!>ES#qjiEM^!QHs_@psQfFR6b_-{LIlFuJ_Ce56|?a@;=@+_P=+`URC3G|Dq6 zI_Bgoo^fm*pFqXjQ#>R2TH$g?E7E`m|MN6R_-E$ibpxlhYX)yM+nWAS>z_Y{lEaDg zAuPlr4k1DJNd!C=%O-a#@FBat9P4h)mzjcC5hYH_^V8etKIl~6f=YTHc>k1{qzmsM zsRkUj5T798AKYIaEwrb&WTa+IGA3butHV(hTs(*k3pkDgNiy3gZixD~%*pz5`nzN_ z%5zNXn5mK+WN57jS5KtT1+n}a*)8A74c2a?k9HUeBuWgv;ZQ5;X6OK1-L0Q!EPu~~ zIkxQL4un%SHatnZ?LDk0v1a8f3~p;zw)(WWn@77OXNDHi!mS@K0QS$MJ2`^wmU}!b zYJU*Zx{RWia$n!k7)e*{1!BdA{u2<-R=FSp2{^Mq@#5olb$?XNl_yipBR#{yRiL=V zDfu@fT{zhLr{BIUM3x{q{qQ&j=(aIns>a801-bG zPZF!fr4v=iB*oR8u&wU&X+aDYb|I1&4TQK|Eq+0F31qBC|AG_vMekrSlxS-@`(|a4 zZzDwR3OMh=QgO3?OgxeNTeEPl!7DyRF|$eZd#rZ-Ol+_TPj)ZtFrJ&v`Esc~+$;hM zE9vCU7lc)7+JuI{JT#tn9QOp(?Xh$oo_aK@k1F9xrSxV?fn+8 z^^(`$ac0SP?eNNJ|2w4r-v7N>c0UZUGrgSp=;UiC!m-ekCjBd4p4Qr~O8S_ut(GtVK>GFLCSgQHz)eY;Cpf`Zo=lU+AptThM4*P_yx)JqYv)QoT&thiub$LgviMR z_b)VVmB&}BEPb8OHAB6?e-_fd+hay(X$Z@Gmyw8>P^zGsOHxIbcNQ!1^&J=IrnO** zV*DXSC_{~9ayx$>zA!&l-qZfjm?LJae2QAd1FjYawm7k=eki|M*nYjk_>Z z2^ml=*GEUffgr+wmqp+tRff}Q;~z2%CkubQ!+|JyO}3>L9hCNolc_iVl4q;pZ)o3a zbvCa1*^S2=TlAtvbAm-g`ROqRF``}yC5ejrxO6rSd86k7u>_n9<7$9O5k*18IZuOKkmv|*DH zH^Z!uht?QS*9*$k2eQmhs{GC}hRpO{-d{<7nS#|V`5>0Jv3Y1=Dd`VQt#u z@!%`d7bkQ)OK;!R$$kj8*b&+dwRCd5?nE%0=(aduHD>}XyX-YA@!dlZQzRn7l03&%edVio@^D6M_YyVm!G-PT_SvPR1n3q^m<;& zVm0azk5ZWmy#8>U(i_w0dWY7NAW6+rqLtT=;4@%ulHQ3h|LR!+T@EL364B!kE!~Q$a+SZ5HUa)=9eKMM76=8+ubVp`T z#r-EP``8GK*&yMr1p&0o7A5#}ZoXWbzL}Ys)_Q!zIJ*h<&TTO@`PEn${cl#C-Au3K z0!yF1^kS;~vo1g#sSg3k9KBIc=DOz6?K{M|w%NtzjiK*b`^SqKwsX=>-?!C~l#Q;q zstTAQL8Crx|LA4?T5zW{-8Ku@7z2(flVfP7QOb{+01R`J!+sS^bOmy4myAJtiAf^`UGj zf5(MA&9qgzInEW{F>ieTPKzO9Jo}%R=C=%!Xq0;NC;5@xn!~2E~mc z9^^r;0l^jSIJ`Hbtzr1q=MmpKVWAEGDq+J)LYRGR3Ux`&c`KmYJ22c_RzC#(n>E(edyIM@vsR*F1w%@)(Ol;!YToO{gt=ig+ z6U;H?Qj0Ow3DD8w=e+Ug55iv>d-dT}ChZW`gZ9E@$JbL~D$FubP{zvlGPFg7msN;* zmiO(==PD-zTr+d{X$0Rkz0ENa3Qk+xpk?Ib213q4>lk;}MR9I;(1Z zn!czE*u7Uu(hHeG(;$787qc<mOaNlhkK$DHqkI%k$PGQ!`Wb;im z**g6!b2SP)rFrC-O;FL_GJL!>7T_;0`nR#x{sTJ)D|Ck02$qG$s{AYz4{ zR#7q1&I2XYS&}RfzuHnA{dux_Uv+7feoo}2+FhPDO;#Oq?Yq3=w}UkK;VC? zca|@I-`JhoOLk*&2EMEC+Zo@6R)j70tCM4X;6ZoCpMATVQN{OTOxff6LVc|SxN!>H zXEd;_HH#ZoLy+XQFV${z@QEjqDVVA@RIxgPvWneZgD}D0ofLAFqfFDzHM4uye**_> zMhwh20mcJw@3(23i8*kNUwvU+SQ8!0t;4Y>soAUc$vKC!cS_+!T6bj?J9hggbs|{Z zf?&)^=nz6w@~gL2NM1hvsYrocI3E6j(8e}vgS`Ubl`VeGqiT-YYGC!(Xp9Ft#x8W{ zwU{50mSa@k&0%4THUl9EL|=q8J(2IMEC+(u#!9Z%`EWqmeMF3eVR2p=`!Ss3>5yMp zY|@|1OC^{pELQI<3qKsrUrB+t1B7G;U|o^u-+K+OU#_dKzmmwR4iAkp|M)T_5kh+- z@J^psVx>JWZ|ss{Uu3~tIz|)Wt;2v}kkt{cA6bF>nCwM+k@{O-d0Nq7;yZnjdlDEr zqQR*=`H5El)rOM$Xu_#}d=5z!dS=SBCTLvmyKk9n3waC9p}6`wMv`)>>CxU)34h4< z?wjgO6Tw{Ooj!e*tHuO+zL@Mc%dSjaQbB1EX4GUs%x$F7BPz$r;0yha^CFw?Q$aUQ z$v&@dlD~Hm)_#e`m9g=E`|k%ox~g&w;A-V4W*SP1KdG&NBf;5Wuup_#rHcA}WTKb{ zx|x+{pzKaW6gA^yvNzg>!q}-`?VP#*_e*PH*0Rz{xH`sP9x3Ebwr9`YTIr9!yTVI8 z(n;0Bo`c;+9l$JNZuK6L=;-)lmwE)%Sz1gkTTR^-rELz6$r4T2cxmELzlGzK(}?U+ zlMP0BQ5uwjXwlO>c6HNe2|lCJd>8P90z9BK0?A18DIJ~Qu_Qz`dI|5ExGcPP4|fR@ zD=MJpC3oTu44*ah%|yWa1gkXyGq;C`xn|cEc3c-U3A$T`W7uH!Pli@i_Tzde5t?7%#)Gw{8PUwKd{E0`Ct6n?l)YHbVwYXv##8P`BYzR!@RAfIBO_SQC^TxG zlqL9Z)T0lhQrv*zR%r2B}at-+R6?LGYZY)LCJ#=jet zlIR86o)st*{U@UMzwtXjhVhx|&sqB?>W7bU+bnP}s)y|Y3-pQjnF$*HSO<)O5|h?G zun$DpGtCWNJGi5PYlsyF1?Vly0|JS!R!Hd_%&Gvt zf>`S+uT^0AaxM5+;n}!+d_r$^x}j%eaeyHXUy6>HlA?{PrUv@(!e1{BnjF?Y(qiDg z91l;8l=p{H8e!`tZKx<~JGe@IV#Mr>tYhTaOCnjbCDw_ZTTM{TUm;4t)?E@EbiQ)? zu1~i2LLrGqY^JTkf*C_<2yxD0gagY&kPb<<$C2r%VGBJ3D(CiwBJ8RFPC|sl-xlUc z=o4UPx*rQa`NwTVqMy^bhXv}Fk<2;90>OTiI9%HeIfRM7+-T<9UPFimP=v5zuLs&A z8)d#%qBoX*Enddw64LmRoW+)clqtI|K9T)y`KmMA*kk<`SBTqVei=BNpd?gr^o#s0 z8o?C@Cbz;IDxAP^I>90uDD;^TGpK@83E8P!R{KE;w|yd=uPdHTMAHCKjW;UqT`O-a z9T3zdMYCN?z)*aesGMylj|b`}1IuG^(O7i{!nEALNeY8Ec3b?4)-SEXD)ce8J{={+ zp$0Vcc(cIe=qHN z3_(_1{#Jn!p>i|>aZj{FTLyF(Rs-$+(3hg+#Lks~9*WqgeHF@3b8rpNpoTUSt#eE2 zG8jm~_)BX1l1Uc#>DMt@CmA^CCoFj|A5(Ialbfk(MKQdo<`oN!5yRsEZp>hutpkmm zteY7Om-~eo1q4Z$p$MXcjn{<=Vlkr9RA9q1+9}s$n%GS_41aJZ5$4sa=;JzgXmAq| zSpY3RBS_hIqJ5O$6Glv1T{)A3bi$^nenIGN&Im$z% zmTACHRF&Rt0=IRWQ;K$KNPEVYb7aHqt7Ad2m`AT{VaL}`KO0lYEft_`JTwFhlfRp^ zNvnUxb_M9CHUL{;$@{!kxIfqq@W9=TjoVjlmfdE}3h%;FjzM%~mifwT3I`I(C-d@> zTzyh!)?n^8F;U&l-Q0mCb3Q~2mX#~n61s9N++SD;2su?9-S-J{zC5JI(8Xno6j_$PYuXO9Vg@!$nhs2&mpr5H(K{7jGh{NWSS_wXcE1L49GDET)+h~ zlD~F!b&_R1C&6sF^i0EOx95V-fl%2k@GOF2Gqslmu0d+q`$O6W%-PZL5hHO`S-Q`) zV8yjk*WL$33I9Eqv%N8Hl5^$MZ)NkarCLgAcq&4y>`Itt-|vp(N0J`lC!zjPm4Z}; z?_OVO;`_!Hr}l*+RENo0xrK)T@1UO(jY~#MObr(8lPX&Bmt#2XJyi|8@~1p8auM-4 z*$Y&(_QN^Ee}oU=s<=+*jF5Pmkjz}OuK*szCY;2)bwL+kDKY%biG+<%O=CZoA^}ku zFa~#&7Q_Y$_$K-#{BYW24G*B?_3^~qSh@GYto;31we{8ZcvH~t2CE(gin|H^%4MSm z|Cy%x1~?6RoA)Yu*41CVOXDp?cQdu&$|e8kXjP|-{(&^nAxn^}5!;jE-v?IH zapT`LUs?mHzp5gdGbXvKeOeObUc1N-64O3#LxtXk%p6x=B_ux7$~PF)KUS5vvl)?67CTvbyMzlXP&#E7D`dGvGWs#v)2G=xW z0^5AyvdYt`xzqDo=O|TQe!s1Ps4gjz;VSkXFjcX$A0@5zVV~gdt#i36TdZEk0{V>p?b-sXHp=)}=6DLyzE{ty&+`>BWPAZqN(zt0moZErU5U zgu(ab21jpv6|Wc~90M+!Et)1DT8!Bvk4Biyj8kLKiV3ADH2+Ku{~@Q2v$-FL^)%f{ z;)Fl6_v-~4GN|q3@!A2S(b#C~)V|ejY(nJdu}w#=7aBZzWq*8;?K_K=@fNq?%?}1(RA&=EX@fTq_vl7%J-EQh8;!4V0ogzC6n?w1diP38D3p}!SLzDPr zBCyOl#u;gYHHwkGk$i)A;!d91=KiG55t~?ILCAPU3L#4Y>pyh@RxV|uCR0}MthV}| zaMCK_s^u6GtL^l0bXDGBzNKpCOWM+$N{K;U;bR!)7npFJvRSaaR`}qb_wMADvhk|Z z3&xy3za{X6sI*cY_}KUncxsfT4yYDXd}P{LR%|ixqm5pU0iCF=tY-j=+}{&U zwI`l2*|cJUT`Hr!|HSUEVnf&7TgR@R%S{!VKh@|D(~OzT?feYfewAx=(4zJ16_W8{ zLO}k;qTW3|5|@)VOh#s_cYfI!y$wV>zS|nkPb#dt5Ps$%yxi6=4qDVLH3G8E(+f*2 zCY51r=FY9X70b!T7GSsJk&)xump3OlDjTqFoYZQ&JWyTb7f8MyJ*o46jc` zW!0QM!T@(K)kFH%2Aukg0+Q0MfW&gmgI|NP9%}1*Urbq(*@mL_yAVe1FMqtrm-l_4 zOL$Ten6~gk)_?zJ;~QAlXLLsy$qFfGL~Y+ix&>Olu9*z_GL#_6I&4-t>4hb~M%1Wx zSZJV$E(Ub`*m8CdCn8At&##y6G^C%5BAu!>U!iTGrrM}ZB;fQxW*Ni6-ukm)ZG|_A z^~B;Vh~BsQh0jK)2Ze>>N{4jBa;~&Q}xj*y@&Mr9*`w+B+;UjG% z17Tu9-|vM#xcL(X4Hy{Y`Od+5EklTYwc2IQ7P1>-UBBFfUXPa>v_gC$iH$x+Oj8C> zBnf?9G*?EVf~cK8lM^!Y!^XAa!CBa$p!0TWVDV`SnJ8PP*jh_;!xEO@A%x(j(15yS zj`_aX)~I8f*Qn~|gKF&rO%=t_mUqRK-cr9=I;j^Ne4wQxJXS0Lu;f<4Y209Wt^@C! z->5s5YVB%~7J+09;zYiGVwPXLp>78_6&{ffnkQULzHB{ zyc3t%TAS}z>S~2O#q%e>6>B#b;oh~SeS?9ESV|XaUOWGsk@w55IxUSu@OOY3JJP1DV!=_F&aPJ@b6ndw-Un~^m<1-Uh6;w3FHh+;GkQD)H$&d7KXj#%> zI(f;O8~LXgcZ`+D`dHGx0Mkb=^6qari0W-puP#FGa&C-K`*TQ}6cdpcac=pajPr=K zh^*dt#r~1=+^B6zHMUlHO37a`^l;v4+y^gc%d$5*E5JEb4nMJ7_|V+lpyX(Mo-N~9 zcER-KPAMXbeEca#J7$Nf)-=IPS#8rA!HYFLmSPCuV1Tw+O9u{bo&Agj8}{HDOlz)U zP#M`A92{~7RbIv7IiR1epsd<>2nGK=BujI>EuvcBl4OVu^2NOmVZZO{#xOmGldh_`AC?9|-86i2`5BVJSd3isG2Pu-Q%H9?Nh75<86_d_}r=zKs zT!lXEh%_E<{2a>+fQrv`TRIs0;p8qasr&6L)YdWC7RjkZImYqc4(Y_fK-N!mUgbuP z;LSk>8mQv?f3M;L_5*#AsT~FN6)NZDrJn|j)g0FafB(qM8)9ecr${{N`RL(6Ck7^8 z@NOA5(EF0P+!Q@k+d55QM>PKyj-AR8lL8c;+_oLf^t7COx8b6}Ms#3dol@-;FK(l$ zri2vve9X#X6m2HHuY#9H>gROlSHEX*o>S?EHnCg3z;{x%f7~ux6`yF05*>3*I!%t+ z-T48DH#&IA0E~_Sj-kVd`~`Z?8$bV)<7m=O6rG7)%w1$QppRCWLmg=UJ?)Vd_1#cS zr!lap6^G<6J^zq#o-H(^|3>_+4x!xJo4U8wND~SE-jI z%M=At8|*DZg)V)=e-pvYOw937ypX-MP1Y*K?jToZJuso4v1rf$0Tc%zowgqq&EhIL z`oGlDV&0RTh#k^r6kgQQ;05YR2*Xx!SGY<&KUV06X+v8D-bZB4OX zMBWMQUIwDA(-BM#?B^6nI0DM^w&r=_E*>kI(89Ik$!L~a{Fw0x3_pyGi{z!CJ}vb# zaNXaD$Z}L9H|8WNX1RC%I@V-}-Su`Cxs=y+qaFNGaWEGMDpI44u1RyNm|E!e@bg_A zK5$+K3nxX6&=0+nmsxP`Ml6D0m^i`1MxfarY%`$#dY7EN!D;+a^BX)MVk2B)v# zm{>xT_iCDWQ|S8$jSCzrVAyYF(`_`7`r&L|34G8~DIHr2TCt1Q5d7SBQ6Nv$))3I9 zBl_N4!eQ(kG5C7T?w%zMxJcJ%+c^qI35mCxvw8|{{f?QzqGyu}IzZ;=EASp>KcwB- zs*IJw!1!sinha@ z@N*^MtIcJhRz_U!)ldef76gJmGdDMNwAd`HTnMX8Mnp$ryyM^~9UfMGA8-xYCL`5S za2Mkn4UEoP>Lb1Q?ONU-n23V|XJKH7sH>}E5fI22%@ux5Pe&t!;Px&qq`D|l<^bP$ z3X1Hdu>{A24`F-0RFsriDtqU6Vq1<$PCPT+yT zou7FFE4_Y@GD)Avx_V zIi6gg6jrN>1Ez_R<54JO_`X&<;p5SP~*~N{NVGNmGI&D!LS8% zb#-OY(b2s)m=hf~qt8=3KI;EhcjTB5qy^8$9L`HWJ2nIo?>#IvDGeYZL{zFx+C!6^ yGua2zG9h1o=F<1Qx1rlFXg?+UkG}JNFDB*~oz!E`q@H&Vq9{OAWvZmi!~YA_zn#qh literal 0 HcmV?d00001 diff --git a/src/SimpleSocialAuth.MVC3/Scripts/simplesocialauth.js b/src/SimpleSocialAuth.MVC3/Scripts/simplesocialauth.js new file mode 100644 index 0000000..fbfceeb --- /dev/null +++ b/src/SimpleSocialAuth.MVC3/Scripts/simplesocialauth.js @@ -0,0 +1,28 @@ +var providers = { + google: { + name: "Google", + type: 1 + }, + facebook: { + name: "Facebook", + type: 2 + }, + twitter: { + name: "Twitter", + type: 3 + } +}; + +var auth = { + signin: function (providerName) { + var provider = providers[providerName]; + + if (!provider) { + return; + } + + $("#authType").val(provider.name); + + $("#authForm").submit(); + } +}; \ No newline at end of file diff --git a/src/SimpleSocialAuth.MVC3/Stylesheets/simplesocialauth.css b/src/SimpleSocialAuth.MVC3/Stylesheets/simplesocialauth.css new file mode 100644 index 0000000..463348f --- /dev/null +++ b/src/SimpleSocialAuth.MVC3/Stylesheets/simplesocialauth.css @@ -0,0 +1,29 @@ +.simpleAuthButton +{ + width: 100px; + margin: 5px; + height: 60px; + float: left; + border-width: 1px; + border-style: solid; + border-color: #DDDDDD; + text-indent: -9999px; +} + +.simpleAuthButton.twitter +{ + background-image: url('/Images/simplesocialauthlogos.png'); + background-position: -1px -249px; +} + +.simpleAuthButton.facebook +{ + background-image: url('/Images/simplesocialauthlogos.png'); + background-position: -1px -187px; +} + +.simpleAuthButton.google +{ + background-image: url('/Images/simplesocialauthlogos.png'); + background-position: -1px -1px; +} diff --git a/src/SimpleSocialAuth.Mvc4/Images/simplesocialauthlogos.png b/src/SimpleSocialAuth.Mvc4/Images/simplesocialauthlogos.png new file mode 100644 index 0000000000000000000000000000000000000000..aeb7fdf95d0be78a03d7ca8400633ff9f50875ad GIT binary patch literal 10397 zcmb_?WmFtduqFv^34;z2JV+R1aDvO=?kj-yKnWax~Kcz>aMT8y0Pl2a`-qDI4CG6_zLnen$K4o6qFb0SQyVO z6*%s*fbzmqQ%(w{YLsgKSwORuRFOnMsZGRvut0y7vEAeiJW)_y_58>2qTjXL>iH&x z7ewDn%hkrq*TTaZMcu;Q#fw7~qD||=!@m7T!(pWa6p47zO>x$ru*oNx_a~uC1TP*i1lM?20F=W$ONhhk>MUa=KPQs5qt1 zvlD!KL05}2%tT9z9Y*kJyqklL4x6r_`Lg3*Yo*aw7ad-NRich)|oc=s!}4(MO7BxPRm@X=8la z5Irs!>ES#qjiEM^!QHs_@psQfFR6b_-{LIlFuJ_Ce56|?a@;=@+_P=+`URC3G|Dq6 zI_Bgoo^fm*pFqXjQ#>R2TH$g?E7E`m|MN6R_-E$ibpxlhYX)yM+nWAS>z_Y{lEaDg zAuPlr4k1DJNd!C=%O-a#@FBat9P4h)mzjcC5hYH_^V8etKIl~6f=YTHc>k1{qzmsM zsRkUj5T798AKYIaEwrb&WTa+IGA3butHV(hTs(*k3pkDgNiy3gZixD~%*pz5`nzN_ z%5zNXn5mK+WN57jS5KtT1+n}a*)8A74c2a?k9HUeBuWgv;ZQ5;X6OK1-L0Q!EPu~~ zIkxQL4un%SHatnZ?LDk0v1a8f3~p;zw)(WWn@77OXNDHi!mS@K0QS$MJ2`^wmU}!b zYJU*Zx{RWia$n!k7)e*{1!BdA{u2<-R=FSp2{^Mq@#5olb$?XNl_yipBR#{yRiL=V zDfu@fT{zhLr{BIUM3x{q{qQ&j=(aIns>a801-bG zPZF!fr4v=iB*oR8u&wU&X+aDYb|I1&4TQK|Eq+0F31qBC|AG_vMekrSlxS-@`(|a4 zZzDwR3OMh=QgO3?OgxeNTeEPl!7DyRF|$eZd#rZ-Ol+_TPj)ZtFrJ&v`Esc~+$;hM zE9vCU7lc)7+JuI{JT#tn9QOp(?Xh$oo_aK@k1F9xrSxV?fn+8 z^^(`$ac0SP?eNNJ|2w4r-v7N>c0UZUGrgSp=;UiC!m-ekCjBd4p4Qr~O8S_ut(GtVK>GFLCSgQHz)eY;Cpf`Zo=lU+AptThM4*P_yx)JqYv)QoT&thiub$LgviMR z_b)VVmB&}BEPb8OHAB6?e-_fd+hay(X$Z@Gmyw8>P^zGsOHxIbcNQ!1^&J=IrnO** zV*DXSC_{~9ayx$>zA!&l-qZfjm?LJae2QAd1FjYawm7k=eki|M*nYjk_>Z z2^ml=*GEUffgr+wmqp+tRff}Q;~z2%CkubQ!+|JyO}3>L9hCNolc_iVl4q;pZ)o3a zbvCa1*^S2=TlAtvbAm-g`ROqRF``}yC5ejrxO6rSd86k7u>_n9<7$9O5k*18IZuOKkmv|*DH zH^Z!uht?QS*9*$k2eQmhs{GC}hRpO{-d{<7nS#|V`5>0Jv3Y1=Dd`VQt#u z@!%`d7bkQ)OK;!R$$kj8*b&+dwRCd5?nE%0=(aduHD>}XyX-YA@!dlZQzRn7l03&%edVio@^D6M_YyVm!G-PT_SvPR1n3q^m<;& zVm0azk5ZWmy#8>U(i_w0dWY7NAW6+rqLtT=;4@%ulHQ3h|LR!+T@EL364B!kE!~Q$a+SZ5HUa)=9eKMM76=8+ubVp`T z#r-EP``8GK*&yMr1p&0o7A5#}ZoXWbzL}Ys)_Q!zIJ*h<&TTO@`PEn${cl#C-Au3K z0!yF1^kS;~vo1g#sSg3k9KBIc=DOz6?K{M|w%NtzjiK*b`^SqKwsX=>-?!C~l#Q;q zstTAQL8Crx|LA4?T5zW{-8Ku@7z2(flVfP7QOb{+01R`J!+sS^bOmy4myAJtiAf^`UGj zf5(MA&9qgzInEW{F>ieTPKzO9Jo}%R=C=%!Xq0;NC;5@xn!~2E~mc z9^^r;0l^jSIJ`Hbtzr1q=MmpKVWAEGDq+J)LYRGR3Ux`&c`KmYJ22c_RzC#(n>E(edyIM@vsR*F1w%@)(Ol;!YToO{gt=ig+ z6U;H?Qj0Ow3DD8w=e+Ug55iv>d-dT}ChZW`gZ9E@$JbL~D$FubP{zvlGPFg7msN;* zmiO(==PD-zTr+d{X$0Rkz0ENa3Qk+xpk?Ib213q4>lk;}MR9I;(1Z zn!czE*u7Uu(hHeG(;$787qc<mOaNlhkK$DHqkI%k$PGQ!`Wb;im z**g6!b2SP)rFrC-O;FL_GJL!>7T_;0`nR#x{sTJ)D|Ck02$qG$s{AYz4{ zR#7q1&I2XYS&}RfzuHnA{dux_Uv+7feoo}2+FhPDO;#Oq?Yq3=w}UkK;VC? zca|@I-`JhoOLk*&2EMEC+Zo@6R)j70tCM4X;6ZoCpMATVQN{OTOxff6LVc|SxN!>H zXEd;_HH#ZoLy+XQFV${z@QEjqDVVA@RIxgPvWneZgD}D0ofLAFqfFDzHM4uye**_> zMhwh20mcJw@3(23i8*kNUwvU+SQ8!0t;4Y>soAUc$vKC!cS_+!T6bj?J9hggbs|{Z zf?&)^=nz6w@~gL2NM1hvsYrocI3E6j(8e}vgS`Ubl`VeGqiT-YYGC!(Xp9Ft#x8W{ zwU{50mSa@k&0%4THUl9EL|=q8J(2IMEC+(u#!9Z%`EWqmeMF3eVR2p=`!Ss3>5yMp zY|@|1OC^{pELQI<3qKsrUrB+t1B7G;U|o^u-+K+OU#_dKzmmwR4iAkp|M)T_5kh+- z@J^psVx>JWZ|ss{Uu3~tIz|)Wt;2v}kkt{cA6bF>nCwM+k@{O-d0Nq7;yZnjdlDEr zqQR*=`H5El)rOM$Xu_#}d=5z!dS=SBCTLvmyKk9n3waC9p}6`wMv`)>>CxU)34h4< z?wjgO6Tw{Ooj!e*tHuO+zL@Mc%dSjaQbB1EX4GUs%x$F7BPz$r;0yha^CFw?Q$aUQ z$v&@dlD~Hm)_#e`m9g=E`|k%ox~g&w;A-V4W*SP1KdG&NBf;5Wuup_#rHcA}WTKb{ zx|x+{pzKaW6gA^yvNzg>!q}-`?VP#*_e*PH*0Rz{xH`sP9x3Ebwr9`YTIr9!yTVI8 z(n;0Bo`c;+9l$JNZuK6L=;-)lmwE)%Sz1gkTTR^-rELz6$r4T2cxmELzlGzK(}?U+ zlMP0BQ5uwjXwlO>c6HNe2|lCJd>8P90z9BK0?A18DIJ~Qu_Qz`dI|5ExGcPP4|fR@ zD=MJpC3oTu44*ah%|yWa1gkXyGq;C`xn|cEc3c-U3A$T`W7uH!Pli@i_Tzde5t?7%#)Gw{8PUwKd{E0`Ct6n?l)YHbVwYXv##8P`BYzR!@RAfIBO_SQC^TxG zlqL9Z)T0lhQrv*zR%r2B}at-+R6?LGYZY)LCJ#=jet zlIR86o)st*{U@UMzwtXjhVhx|&sqB?>W7bU+bnP}s)y|Y3-pQjnF$*HSO<)O5|h?G zun$DpGtCWNJGi5PYlsyF1?Vly0|JS!R!Hd_%&Gvt zf>`S+uT^0AaxM5+;n}!+d_r$^x}j%eaeyHXUy6>HlA?{PrUv@(!e1{BnjF?Y(qiDg z91l;8l=p{H8e!`tZKx<~JGe@IV#Mr>tYhTaOCnjbCDw_ZTTM{TUm;4t)?E@EbiQ)? zu1~i2LLrGqY^JTkf*C_<2yxD0gagY&kPb<<$C2r%VGBJ3D(CiwBJ8RFPC|sl-xlUc z=o4UPx*rQa`NwTVqMy^bhXv}Fk<2;90>OTiI9%HeIfRM7+-T<9UPFimP=v5zuLs&A z8)d#%qBoX*Enddw64LmRoW+)clqtI|K9T)y`KmMA*kk<`SBTqVei=BNpd?gr^o#s0 z8o?C@Cbz;IDxAP^I>90uDD;^TGpK@83E8P!R{KE;w|yd=uPdHTMAHCKjW;UqT`O-a z9T3zdMYCN?z)*aesGMylj|b`}1IuG^(O7i{!nEALNeY8Ec3b?4)-SEXD)ce8J{={+ zp$0Vcc(cIe=qHN z3_(_1{#Jn!p>i|>aZj{FTLyF(Rs-$+(3hg+#Lks~9*WqgeHF@3b8rpNpoTUSt#eE2 zG8jm~_)BX1l1Uc#>DMt@CmA^CCoFj|A5(Ialbfk(MKQdo<`oN!5yRsEZp>hutpkmm zteY7Om-~eo1q4Z$p$MXcjn{<=Vlkr9RA9q1+9}s$n%GS_41aJZ5$4sa=;JzgXmAq| zSpY3RBS_hIqJ5O$6Glv1T{)A3bi$^nenIGN&Im$z% zmTACHRF&Rt0=IRWQ;K$KNPEVYb7aHqt7Ad2m`AT{VaL}`KO0lYEft_`JTwFhlfRp^ zNvnUxb_M9CHUL{;$@{!kxIfqq@W9=TjoVjlmfdE}3h%;FjzM%~mifwT3I`I(C-d@> zTzyh!)?n^8F;U&l-Q0mCb3Q~2mX#~n61s9N++SD;2su?9-S-J{zC5JI(8Xno6j_$PYuXO9Vg@!$nhs2&mpr5H(K{7jGh{NWSS_wXcE1L49GDET)+h~ zlD~F!b&_R1C&6sF^i0EOx95V-fl%2k@GOF2Gqslmu0d+q`$O6W%-PZL5hHO`S-Q`) zV8yjk*WL$33I9Eqv%N8Hl5^$MZ)NkarCLgAcq&4y>`Itt-|vp(N0J`lC!zjPm4Z}; z?_OVO;`_!Hr}l*+RENo0xrK)T@1UO(jY~#MObr(8lPX&Bmt#2XJyi|8@~1p8auM-4 z*$Y&(_QN^Ee}oU=s<=+*jF5Pmkjz}OuK*szCY;2)bwL+kDKY%biG+<%O=CZoA^}ku zFa~#&7Q_Y$_$K-#{BYW24G*B?_3^~qSh@GYto;31we{8ZcvH~t2CE(gin|H^%4MSm z|Cy%x1~?6RoA)Yu*41CVOXDp?cQdu&$|e8kXjP|-{(&^nAxn^}5!;jE-v?IH zapT`LUs?mHzp5gdGbXvKeOeObUc1N-64O3#LxtXk%p6x=B_ux7$~PF)KUS5vvl)?67CTvbyMzlXP&#E7D`dGvGWs#v)2G=xW z0^5AyvdYt`xzqDo=O|TQe!s1Ps4gjz;VSkXFjcX$A0@5zVV~gdt#i36TdZEk0{V>p?b-sXHp=)}=6DLyzE{ty&+`>BWPAZqN(zt0moZErU5U zgu(ab21jpv6|Wc~90M+!Et)1DT8!Bvk4Biyj8kLKiV3ADH2+Ku{~@Q2v$-FL^)%f{ z;)Fl6_v-~4GN|q3@!A2S(b#C~)V|ejY(nJdu}w#=7aBZzWq*8;?K_K=@fNq?%?}1(RA&=EX@fTq_vl7%J-EQh8;!4V0ogzC6n?w1diP38D3p}!SLzDPr zBCyOl#u;gYHHwkGk$i)A;!d91=KiG55t~?ILCAPU3L#4Y>pyh@RxV|uCR0}MthV}| zaMCK_s^u6GtL^l0bXDGBzNKpCOWM+$N{K;U;bR!)7npFJvRSaaR`}qb_wMADvhk|Z z3&xy3za{X6sI*cY_}KUncxsfT4yYDXd}P{LR%|ixqm5pU0iCF=tY-j=+}{&U zwI`l2*|cJUT`Hr!|HSUEVnf&7TgR@R%S{!VKh@|D(~OzT?feYfewAx=(4zJ16_W8{ zLO}k;qTW3|5|@)VOh#s_cYfI!y$wV>zS|nkPb#dt5Ps$%yxi6=4qDVLH3G8E(+f*2 zCY51r=FY9X70b!T7GSsJk&)xump3OlDjTqFoYZQ&JWyTb7f8MyJ*o46jc` zW!0QM!T@(K)kFH%2Aukg0+Q0MfW&gmgI|NP9%}1*Urbq(*@mL_yAVe1FMqtrm-l_4 zOL$Ten6~gk)_?zJ;~QAlXLLsy$qFfGL~Y+ix&>Olu9*z_GL#_6I&4-t>4hb~M%1Wx zSZJV$E(Ub`*m8CdCn8At&##y6G^C%5BAu!>U!iTGrrM}ZB;fQxW*Ni6-ukm)ZG|_A z^~B;Vh~BsQh0jK)2Ze>>N{4jBa;~&Q}xj*y@&Mr9*`w+B+;UjG% z17Tu9-|vM#xcL(X4Hy{Y`Od+5EklTYwc2IQ7P1>-UBBFfUXPa>v_gC$iH$x+Oj8C> zBnf?9G*?EVf~cK8lM^!Y!^XAa!CBa$p!0TWVDV`SnJ8PP*jh_;!xEO@A%x(j(15yS zj`_aX)~I8f*Qn~|gKF&rO%=t_mUqRK-cr9=I;j^Ne4wQxJXS0Lu;f<4Y209Wt^@C! z->5s5YVB%~7J+09;zYiGVwPXLp>78_6&{ffnkQULzHB{ zyc3t%TAS}z>S~2O#q%e>6>B#b;oh~SeS?9ESV|XaUOWGsk@w55IxUSu@OOY3JJP1DV!=_F&aPJ@b6ndw-Un~^m<1-Uh6;w3FHh+;GkQD)H$&d7KXj#%> zI(f;O8~LXgcZ`+D`dHGx0Mkb=^6qari0W-puP#FGa&C-K`*TQ}6cdpcac=pajPr=K zh^*dt#r~1=+^B6zHMUlHO37a`^l;v4+y^gc%d$5*E5JEb4nMJ7_|V+lpyX(Mo-N~9 zcER-KPAMXbeEca#J7$Nf)-=IPS#8rA!HYFLmSPCuV1Tw+O9u{bo&Agj8}{HDOlz)U zP#M`A92{~7RbIv7IiR1epsd<>2nGK=BujI>EuvcBl4OVu^2NOmVZZO{#xOmGldh_`AC?9|-86i2`5BVJSd3isG2Pu-Q%H9?Nh75<86_d_}r=zKs zT!lXEh%_E<{2a>+fQrv`TRIs0;p8qasr&6L)YdWC7RjkZImYqc4(Y_fK-N!mUgbuP z;LSk>8mQv?f3M;L_5*#AsT~FN6)NZDrJn|j)g0FafB(qM8)9ecr${{N`RL(6Ck7^8 z@NOA5(EF0P+!Q@k+d55QM>PKyj-AR8lL8c;+_oLf^t7COx8b6}Ms#3dol@-;FK(l$ zri2vve9X#X6m2HHuY#9H>gROlSHEX*o>S?EHnCg3z;{x%f7~ux6`yF05*>3*I!%t+ z-T48DH#&IA0E~_Sj-kVd`~`Z?8$bV)<7m=O6rG7)%w1$QppRCWLmg=UJ?)Vd_1#cS zr!lap6^G<6J^zq#o-H(^|3>_+4x!xJo4U8wND~SE-jI z%M=At8|*DZg)V)=e-pvYOw937ypX-MP1Y*K?jToZJuso4v1rf$0Tc%zowgqq&EhIL z`oGlDV&0RTh#k^r6kgQQ;05YR2*Xx!SGY<&KUV06X+v8D-bZB4OX zMBWMQUIwDA(-BM#?B^6nI0DM^w&r=_E*>kI(89Ik$!L~a{Fw0x3_pyGi{z!CJ}vb# zaNXaD$Z}L9H|8WNX1RC%I@V-}-Su`Cxs=y+qaFNGaWEGMDpI44u1RyNm|E!e@bg_A zK5$+K3nxX6&=0+nmsxP`Ml6D0m^i`1MxfarY%`$#dY7EN!D;+a^BX)MVk2B)v# zm{>xT_iCDWQ|S8$jSCzrVAyYF(`_`7`r&L|34G8~DIHr2TCt1Q5d7SBQ6Nv$))3I9 zBl_N4!eQ(kG5C7T?w%zMxJcJ%+c^qI35mCxvw8|{{f?QzqGyu}IzZ;=EASp>KcwB- zs*IJw!1!sinha@ z@N*^MtIcJhRz_U!)ldef76gJmGdDMNwAd`HTnMX8Mnp$ryyM^~9UfMGA8-xYCL`5S za2Mkn4UEoP>Lb1Q?ONU-n23V|XJKH7sH>}E5fI22%@ux5Pe&t!;Px&qq`D|l<^bP$ z3X1Hdu>{A24`F-0RFsriDtqU6Vq1<$PCPT+yT zou7FFE4_Y@GD)Avx_V zIi6gg6jrN>1Ez_R<54JO_`X&<;p5SP~*~N{NVGNmGI&D!LS8% zb#-OY(b2s)m=hf~qt8=3KI;EhcjTB5qy^8$9L`HWJ2nIo?>#IvDGeYZL{zFx+C!6^ yGua2zG9h1o=F<1Qx1rlFXg?+UkG}JNFDB*~oz!E`q@H&Vq9{OAWvZmi!~YA_zn#qh literal 0 HcmV?d00001 diff --git a/src/SimpleSocialAuth.Mvc4/Scripts/simplesocialauth.js b/src/SimpleSocialAuth.Mvc4/Scripts/simplesocialauth.js new file mode 100644 index 0000000..fbfceeb --- /dev/null +++ b/src/SimpleSocialAuth.Mvc4/Scripts/simplesocialauth.js @@ -0,0 +1,28 @@ +var providers = { + google: { + name: "Google", + type: 1 + }, + facebook: { + name: "Facebook", + type: 2 + }, + twitter: { + name: "Twitter", + type: 3 + } +}; + +var auth = { + signin: function (providerName) { + var provider = providers[providerName]; + + if (!provider) { + return; + } + + $("#authType").val(provider.name); + + $("#authForm").submit(); + } +}; \ No newline at end of file diff --git a/src/SimpleSocialAuth.Mvc4/Stylesheets/simplesocialauth.css b/src/SimpleSocialAuth.Mvc4/Stylesheets/simplesocialauth.css new file mode 100644 index 0000000..463348f --- /dev/null +++ b/src/SimpleSocialAuth.Mvc4/Stylesheets/simplesocialauth.css @@ -0,0 +1,29 @@ +.simpleAuthButton +{ + width: 100px; + margin: 5px; + height: 60px; + float: left; + border-width: 1px; + border-style: solid; + border-color: #DDDDDD; + text-indent: -9999px; +} + +.simpleAuthButton.twitter +{ + background-image: url('/Images/simplesocialauthlogos.png'); + background-position: -1px -249px; +} + +.simpleAuthButton.facebook +{ + background-image: url('/Images/simplesocialauthlogos.png'); + background-position: -1px -187px; +} + +.simpleAuthButton.google +{ + background-image: url('/Images/simplesocialauthlogos.png'); + background-position: -1px -1px; +}

v)CjA99PW$UcpagCurk`u$X2_6afHs#x;q2(*h zW9zu#?^p+k5Y?QRqrK#T6 z(U@^P*;5_bmHe1MMi^>X0;YjSUmb~WX)m6kK3+wY+ z-Mz2&_xxz`BAPfdLsFEPwVEzQFk zu!H$iR{AG+gFmfDQozu#>z~e%B=_pg$8vYP#j%_c&E16PZ9bXJhP6kx9jo($$@C0~ zj@Kdt(YS2e7Nhn}AZ@VE>Fa5Y&Pu5+z|hZmIyc zuy>NM!{h+1ecbZSyT_@(bgg=vmX>J_R}Z9Su5RYAdZ6->)#Ei;Jp>)s&qPZ}f;)=! zki?|JZrzlcy;sv;=Yxu_Ua$BU^}2c-4kIh?kgPmGEokD+>sX$#e653gdHaO}t(dVL z8zs5tY#0mq;A`BwfNZm{Qz=lgIZ^A5?g#N=JXoA6cktv0^IBKwrMgq?ve%8Vm$!rn zOFiA^iQWCPDb%}Imu(#Gbq3q6a8pCPs#GF2qCEHNIGk&goWf7Nbto0)*2iIL`4Rji zTabChYQ?>ZrFfDp1yQ~xW0)6QNnZLFwzeWFm?KRrhUAz^|7j$urtp4cpE%vANL}CTC0zj z5uwn>Shn=CzN!0|`K>}q$%{xw9dr-paQbKwf9{F!a7N)w3dv9c#{VOz$ zo#hZ`{m4lpwq_!gOb~&^B4PwW0WZ^YoVsLs+S4zk%>GM|p6T9Ja~0|A8d@}=+Gpd@ z6P!uht%%!x*rkUKM5%9zW30~@iEcl}8sC=1F+n=S1Ho=? zbOo=@?vbw-+(8*^TJt?du1wIn9ZJIf?K*fNe=-a+NPVUJ(^+jkw+&UgSEIKvV0T6H zwQNV6YKJZwq0O%2%GS|DTE(tmE?vGTatY1tMNA)?qTmtgxXoLvIR^_P*$tA$^&dQ@~@U1<-G zIuH~;z6}tYf;D}dNX;-Y5tfxQx_cZ6;UDV3p5%2fdD(#}x5(9&#*n1osn$xVYTE`o z%=9$o7gNxf*s}CILsziqMXv5wkG}(qPx-;qDb~q~1ht?EE!4&jiomSJ4<4_I_AU;d zj}E<=IM5;O`{K7KKDCDqU8Rgghs@z%?-opJy6%gm0jD{(GU>TcOd-=a_8MX@;d4iL8e{CtH={U!p?Z`Ue@0sZwVCB0N*hHS1pu zEwrUFJ-=-Pd-1#!Sr~s0*A>8GG5+JUwt2=i`B9XPAMbyTqGBcu^x(zx$p__c4dGhM zMrr+5!-1rCMY;m5nn#ltRU0OT87eO13wQ*u+TJ2Vr)qNom1dS@g(us9G>cMQjM4X` z{caBOPi3t0wjQ+mkH@I)lj!>yv?M-{n5=3=e1PJhy!#~hvU&XT~4-$Nsv z;un=!U62$N^rqvBXe&$Bdx>jx@oU+&>L9IU<{&-m+xt?OIUMZ$Da;%Wc3lcHhl70} zg_*;_R;Ms?IN0?m%p4AOLkcs8gMBcCnZvTrGgzX`H`u?fXUouVl{z7{CH2wgaGWGM8xIaYB zEbrjh#-{(ujbLccKaBSDT4=_CzKf_A2iz`;lFXUh3W5&Lh7k_qYx3~S>B9d&VPSl2 z9-cW}`1dXRiab1Xy6{^p{2h6C=5*n2xA1r8;hEEgH!Yl|rS;F8F8lxse@`BsIbHZN z3x9teo;h9kYzwFRISJKoyjndhvz|6)vc1{EUhh5lX<2vk99F2hZF-}@n!SCAkUosF zTCJ{d5SjJC>dHVEXDwb`nG?oY|F5ph4dbk}t1I)uIIH{W$_9l&SzXz%Fa)bB5SOeK z91m!(o!0lla8&crE}z7E!tu2ZhkmSb(AF(9P4~9Jo%`)_ALHEgN#qQdmE$Yrmgs}{SIND? zxv!RcTjzeS+_7`NPj2`o#lKE&9auQQ(yM4nCBb+z1iN{HA>3Y6mXXCrr z(GawXK{$&)Mbkg+*B|E#mUJ^94SE2sMVMDw(EuJbH6ph8aVVIAH8>tDTui|lCl3}< zreF=32Maq>utv{=g{CQ31L?t{94T01>cJuyDOkhn!NTAatdTZwWJ;kRv*fNMF3+GIG8yc46Jl8b2!+?1QQ=1)|WnFofs1=-EPeXoNl*Z z0-8(TPnB#3BgyC3N0mJ6bzd)w95tZUo(U4u!QCaZpFjQ)BA1for1P7;QAmI{neYUs zh^673NWg()j0xAeDV&CWXQwLJKEh$_uGFGr7#p6cAivY=RAmbQ+G2Ilc+n@HQf0OF zn}fK(Zb@P0aIjCOFmpKAttreL4)&Q8W)5JIDXieDe~4umU^}d}g^ov7%I7Otpq7uQdG>XZ zw;5E5w{`3R??MS<%FpGR(r4KgI+QdYaCl%5O2#_6x3x>jt|W}VMgb1I{*W-bl$;FD zKDacg*rbnAt!o_vy0FNr0K|8ZG~M4i{Yvo-aKRbh@J(VkzM(((6&YMF{8_n%R?BF= zLNmVM^LU~}zwr&^FnkBmT|;?=F@qB1dn`(<-z@H>234m=i4BxN&oHQliTmqW4o4gG zi}+!AqePC24`lPdrcb|arCx4vK5Z%W>uO}QH~x}A_3NN+RsXs{^=nYA>KbzlE-O8z zd{k}eUVq*gR@LlgI2w0tB*E|L5P~7st&0V2M|4V_~ikjq+zVy z^8nG%F!s%iccWxK^aEM@bvV8|0T<7JTQiZjPb)$jT0=cRB-V|E2Z*>j6!id+)i753 z9iT7%7ItVn-ftLaDD)4JwT8pzy{0!w*duUV`YHb9l!?K076z`*q9jLRtK=* zFu<1`z(&FVcLT6`fU3MbZ*zDgR9&Fg502ladFbi>14MOnUr-C0&^cT4Tqa#>54vhX zRF8b_Dy##R+9)~JNWt8`oor!nWA6AMc4?v~?w$LOFxCUvdCtvb?ap)hn@?u$iF;f* zj&5`WN0Rpm#F)s{|!Y^LRLYg`+Z-PKO$a*-~+*_okK#}=6rJs zH8V@6uDp_!$0|5wc?;`i_ARokY$Y`PIZP^$pYy9fhlFT-hFc9Quiv{l$qHI~QNLAA z-j?rQyMk*8V{r4cqD_@2j0vhTY10d4TXOB0{S=Q@$;|UAtd@kyY?h;>2^&eI|kz3(&0>Gcg(*qIX^b0X@1FOj7x%?HHv>l<5Q7<^?~N5{uYGs zj|p3p&X?Cv^qu56{us4Rr|EBr;ijpe7Bul7t~uGHx`tMyldAN=)IHEVIdf0A{&F)%g(vb9%`1#;&&s5qAb4D8}}nC?`?jQM!6}HDURK6QVKH0 z-zD>kV;y}5lvbW()?a$k~YwWrDY6TWlh3XR@r1xkQUiDp)3RQw19-ffPlzS7TILC ziXs96BC;tih%3q_AW{SsL_{`G1hxLZzjJ5iPTB;07hgaBeA;L3Id?mEKlj{o&*hOn zg_lob=LeSP6sWBd9nX+WUZ+fC*H3l`_VnP!5`2TPB*^(wF%wkB!6$=*Uk+ycf#DVg zrv{5AXLhTbgN?V!&I;UJn;%fO^;PUPX=!Lv&alJy6BG(t^{axce*m(g>!}s>#cUov z7&lytpPz<5pVf3Y{3{wh>!bgm%=HhF#E7uwHT>&>f1qQIJ>)N}c||Ccu37T~OL=zB zo*Ddre()3D4>Tl-{UBG}^`!iFyN0zqJm;U)V0%JbbDug^CFW6ky&k*|)stLCiL3De zIODxQPfXF@7>(wVTmQ>Y+7!Q%mW~DiT=80&kpXzlZiH) zTgL5EuTs)%`5k|{@kUXXpKe0eYg(^|KlHr@?%&P}qk~zcoi+!naJKL~O- z!#|jhyA8)t#~}c^VtpvzS-^+!UHiAW+U!TP72Fx}p5`GrycQkNvH5(`b1F!x(PTep zvO~UH8Ofe5ap8wwD71Y^ZGSkaj0kI9(amc6ZT0g#3Ycm!rP32?C3r)a_K@PNHapPX zn{hii_zhp!pYg}-a)UHyn>|m!1I(*YwD#n16@gh}&0zU)+Yqe>VGBM^#n#HhuQ$Nc zYyhI1Tu7uC`3g1KOu=kd>C{lVnoFn_eGj{+J=$@^ThmckHP+`7e@o4%sLo2MdoswD z`g=h(q@gs^Rv~HkwT!_^GV?|64o}rk5L|zcHXBl|Y_bGpQbmdD=IX8p^id zwB(!ybz*Jfc?#JuUV)lq<@~qM_IIPrwv@aEe>GI0!|$qBX6GjkKTFTzG?`9j)6{$% zW-gk=^GMuD{mZo4QMlrx`AHXCH&dLBmzXy(Tk(0CeHxpWND^h8VwAd)5&yqp5Q4j(P@DTeAQTi;X<|~;U!FP!K@TmIxUs#Z=4xb8CCa$>+KbT=d8kM-WhPl;S<%KP$r0gF867!2m} zGl<*Q)au8k6>YPHG$9;=XU}EX#l+zQ#p+2+F?;~7_+WmhqkJKRX zn!*6{^BtAAhk3>Lv_klL7q$C21*t|~W_GKUvneGXx2vZ%5wGUmlEO?qK{Iti79+x% zS3Cr#+gmHK$4*weReSBdL(h-e>Q}E5qc>P}g&#M_V?iJB2@3X_cm znixsLwU+{OkMlUD8>FVxwyb}(@WF%q4`%7~W_OLLTh_90?nYfOvW7&nDHvFQc zI6WLO2l0QG#Wx4>!M&8>%mGgKA~xkqwymMvphRH-f?#o+RKGpx`3j4KNmfEP|2VEZ zjHZxvwu#qXN(d_Ohi}3c)c8YhTJ9*gZ1f8V3y(H&EpI=ARwoD$9 zTWn37$>YX}E+AJkYaZ4=iPPyxhV>)m=C(h%l}GQfZg83Rs{@wWcbBH*iUjJ{kYoF< zV(#AAYd$8!(^(&M6=}ZL(`@;h&Gj%E%=0fi{bqYf$;oe_YpM_Ed|htI$%Vh2`WGI# zmtnsM#;KNv*XjH|LcD9~n<3i`Q_c0ffs^9B+!CSb1 zdqs%wqm|jwjHMpHYE0(sePIBe=63KwRLRizIb^PmB@-W&4 zrHN7tJl??%ZzpMaG0PF+*shgyPuJ1ZM(RHH`L8fV$NvM$WL zJJK+vC?a-z0{&>Uk(D-?Ckkq;q8j!l;VP!R5WRH$N2 zs)%a1QxPvMqP92GRYlY}hSK?Jp4QWb()nkO+TbpwbxnqX=AGy(19QePo8#Ezv~8aa zet1KsE4xatJrzB@*tUKP7uHH9@hit?Qu}?9)|O+Kd~4kwleh6k*hkbJb>)fmTR}Bv zQQ*0=D0kvC(a{s6psR4x3FuzPZf&qCZi-e>D(rF-g;ZS(qvT`t*)B9L?ks?MLNWl4xu`8hzlJ;HRcc( zIfTmX5Yj#%4OO5+T zTza%fEM8Wz+M@rRtl6N+On42yOp|7!I%rA_lnHBI(S1s779Q#b1BG;=Z_4Le%77R7h;2Jwykpq4wl^*_wrC{2JVm=4zyc*&|IOhO|?#6sejtq@7}=NVSq#D(bcA#d+20H+?%j$M~qzM%|)gM|LUC(zx z?2I&iJj<5_%C&1lusc!Kr(Nr-!RW{`-)6{Cc`kBuJ`Fa}B2rx)zxog@5Ph4v8~#I~ z{?}CfFNTjB5!Sq-?+{39pz_d~xCUVa>r8%2z8jJsD#n`qv>fwtjzX{{od$trGwI_D zJvoHCK81v-(Y@dmy^f-CmcHIeLi8HIG5c}*S9LGiebg0guaUU2UqEVhxwmY~M{|iw z@DS1xS~si4!<4w6%{INa3CgN^2(f0?&}`rA9t7-~xMWp=q=u2*6{}Gky)MC23DLxt z4~v!2ZhO!Tf;~U!_EO^IR2iEW%i-7TQW&4A#rJK57uL1+DD4Q#!M}`&Bd%-Hvf0y` zQ%tAz?yNq-;a3Wcw^rVG!kSmK4b^578(hzkBpMFCT8OcB9z$63@-ez#G#*l#pG-JPt|S@uG+?)Kt#ov3tCTkrdNHK&zlwQ?_W$U`_T#So3@lz9)rMw>mf2N&UtpB~_1H3t)Bp3V11ZOC!L< z7G#AUXU94 z6D^mjGW=Oi*I*6Nt|X5o@}2de{`Szf6z$Gu)ci5{7b4l1F$ei)w&Qq`r?rcd#Sapt zbB?Cn^0Wie_i7nyZ)fq$fiJjsGMqWU>FpQrf6egbaA8HP#_U`At`|mhg>rN@6{NnY zpH;EXZl1u}Pw&Q;SBc(bKYbz$NqYj%Ij)2p*?_W$Po<5r)o0m#wD^_TS<5g-h$H+ z=pyAP;fJ?Aq-kRhdNOyO${gGbTMCh86$ncW_#!%emF=SwCZg9*ytIfZFEH4cmC+o~ z2F>LRXAW>lSpPWPf2e|o`gddWaZ>7Z9oWT@SMOP2#8QPytaTpWbm!1??nKDOb~Q`i z94>xShBJr5)iRtp9IiRTnFCzg>~^a^S`i*_u4R8Rzh(^!B|<&y6b-W0L_@fc`W0S! z5+5B#3hmJGDGGNy!`)d<=iZI;Fk^5E=Z(R+Ik?H}S$%}ObKd85-*$z(q7zBg-XL@- z)@LxvSRSHpG1qg6MiTC5kQ|EbqkfH?HaLRxr)c{#goqqFvF~GgW1DlHzU5Q&%NnB6 z5mt0{ql0(??xToj0{v;5jUh{P!{p?3vuS25S)!)CTFDFrr;mu+SUi^oZ8lBAB38|u zD~v5WNA}w3+d`v~KGu@8qdA}z+{6rL4sdOp?_SK8*T-nv5#pv@i`Uy5%m7*#ePT4$ zmI_41@5WHd+jj%2@8Wo-94lnyFo!GK zEajJ?9@x}6Bw5-W& z7hMQ|do{Vwk-Kw9>3Xrhwap`A5x})KB9x-V{5H6G3{K}-pltX_UfNt!+qj-as1pAeUuJbc$zY_7wVQvuN6%= z_cvBC-K@PLq=(U+H0)4^oajiY^tMVB)>qi(hUh9hXaJiu?{sb$_iWf%caV{^=n}e4 zbcYK-Y0B{_v_f8YZVu`UBoihnzpfQ{nsI1z4HNHAn(sp9)p)0Tjd3#n8MY>sxgQ_w za=+tiUP;%<XzFzvM@!T7mE?PV(*73lWsLGH*iLV@&uC(QCSNmGq5A5cJtg=S zU)F2CCKToacvzk;b86_rYr*F<_gzHrQenT+;({!{N!J0?q9g2H4U+tZaB2C6WL^IQ ztZ#H7-9e}4A2#sZ3Vd4dpF?s;%keja~ zxw(Yn(Yfl~ZmsAJI0^|qMS5YRNjUBi_vczyPN&G%e-MGv0B6uk(g1R%0k-r3=KB=n zbUb-~j}I`}2aq#*fP9Tx=!i}jk7Hu$cN~-Y-QqHQlBmrX0+j`s<6E?CZ?F5(xq5^B ziUUAvO3BphkS98OXe{+(+e6c^q(doP_^$ToK{5lD{pYPHi2k(1JqFq>XNCE6Qwixy z@d^0#cj0WXhsDFv0@xlV;zt$dA(x)gcRZ_RY1_A~s+=V&GzZb!I8(TU@1@p8*C6yG^sIIJ%e!*%o)CXrO6i@tY=531jutPWMVULJ{pH;xqZd zEfy%&h77lMezCTXxQ*NSDDF}@K8)g&?DmnL7+iff26Lg0p5y5&@V}P1aRi9>)fr7u zvdA8&ikIJDsn=vVxqO;~9`ey2OWJ2i3Fb}Pp6KV!trA7Q;K$|^+oxP7C^?v7kT>}z@DldQCr8lpyi87ni1WV0rDB7YW` zsRpqQ8CDPtV9Dmj(0pod>uB6KefzC9d^Wdpa7dwZ5*_io6#Od^79CxgcJ~;Y;VOW|QHH4!RnXH^SP_<<$|+XdjB`PpKp?c|<;N zaJA?)>o6mPkKT~86uqoZNAwCG*BjOT^y&AgPs861$>Dqq-z&W4dUKFJVb{#U%25cr zR)&|OfER6JzRxL-EL=D8D{jjLU#4DDSq@RC~yKaUEO$<^cOc_!$gUn!^P$>v*zgxiA1l1uh{8_mp|9!bCOzHwWYnqgRQ7t`2IS*dF9k!Yy)CLb$iT;Iquj*^G7L)rxk>Yi3vW zZeQoi%E$7V&ELCQz9vgHlkwywncBX|ouIFp&ccya(U;IacM~fMvOc(GFO~Fxo z?}e5E?>+I`Sp%lY8#}fJMvh3{W_I*vf)$mPFBB=?1tV;2hQZ@Lu(6QzNagM;h>;cvX3FG zcp+>s)t{ktaJwF#t&gzT_D4mZ2yN|&7exMx`C9re-*hmgV;b9}ZtR+aT)Jm>1uyYs z&*#Qi=Vm%dFOIP=E~zUo)Zp1kb>GG$HpYdCa8PBBKSeEcYgGuBNNdJ3{_3|?qHB~R?-EiD)$4&F8Qf;Li64v?kUXpi? zg{m56E1nrP`b+U;kdw`2tnXGkp9bgpc8QQdz%GLGYxMz>Bs-@SGx~uRj34sTs|Vx< zDGZ|`>m&1tiwMB)7eAe6-(IV~m(>r|{-K>%)6&${s>RgrC*iUwmap_z(LQ8oeN`GtXd2-*Ti(Gbcvd}D zuDyAjifEn%jL)af^}-uDyx2k2T?Q*D2cNuw+UD}KZds3%na)8gq_=?nCHBMQ8Qb&y zak1VCwEI-j6OvLio%r=DNOwp%gf7IDswks8JEQCgxKAAXWSn%PPEtv=_P(oTa$?;E zmGx#y*uN1(g%&DKK-wh$XPHqTlu3rA6bIBaM+ZtWc7vG9Y+BwZ&~;%4^{hl0QLS za?*EcBx4bD8re=k!-l%H5JMZ%3r6)>#N)FoU9}C<>%z~cb|_(CEc$}IW9LT!#t<6PtAN` z)C~a`n(kv-XNC~<%UC_k*6G#Oaq}ZOKIyCIenI3pF4kAL$zD=RYlyOMoR!@iWH68i zT$_L8n1e8Fye0E(zR!#^o_w49Ol{In{4m;*;K=L|GO4iQv4SWN&mmYkgwtG%59o{y9d!P+7zEYvl-|O+fYcm{Vk>)atH4k$f!i zbn+i;$^#6Luk}ZBfTx`{$#CWXm(lx_>&CQ6)%0BP%5pY6#bP}<356=IWL4zsDtw3; zuAUmkb4B*GU5af3PMXC!dNR$kd-kOKUDK5RA13JNaj-7gF>s?D#GbS~kg+FWypC$e zDk^3?Wwp~T`VHY|B&wPCbc(2*k*H0!%9B~1u}!Ppgjv?4t_-euOV*RJ2_hRe$DN$> z6`N-DYz}Bi*D{l`sg1I+|Lgzh*dNt}+}JO6p)tq4n&+R4eZ4PrGjzU~(Kl_g7;to( zSk=3lUeBt&gBDdyvq%P=(N3!4xAHm;V+C4xOg;%mdnmwD-^BAXzSifSzC2(_TO4Z21QZE z@K9G-zs}YJ$)$BpgdhQ4c54L|_Ze{?xVGS9@U1Q3$--7E(U0LPYvs!Nzs%;NEG|3X zQE{;g@h`_kazWf}M&~=?@)eeRVS~obm+kVXxR&ofiQ7Fpv^#@{Qd)<%B!hvq)PuId zHM176>!>+w4QzA}Eis}%JW~w!5}l0q)8?PP5z!G$UDr%dVp}n5Yj3nTw79N2bffcn zI*A~+$@qeK%J>MZb#~4j(I=YEHrS;S9mrNI`9)hcip(qi45KCW|ET;A{eI@Z{3!D= zlA8z?FDC9nG~2>4`ohk8Wn-!md<>%WmyW6bOB%!Yvk;k%o~)l1X;b~Z`Jb#mOojjd zUVnf7PuAZm|NqwC9bx=AdS~(@4W{dGInHt!n~JbnPRDS)NfFxJ@}Vn=qmTGl4b1(PpSHnLJh)5w_A>x+@rzle=k*e(sjo4qF4m$ zYm#JqBhh?V$@+qtpWpkn=~CE8VQ(U=V~oXnO4hi#!t+;n!|W&`#ON__VTg)}ZzfKC z^{jr;nfS6YT&FIz{t?apy|<;Zzd{;^5xxFZR3Cvl8BC_ zGD3GqGQ2BEWeO&zgSQiu5n;{C&QMHLI`n>U;h=u)>^<3sEV@NPZD2cPU+}tb=iE!| zxD$l$1B>V6fI1iTp*fvhKxNi%C#93JdEDBkCHMrf5t<gd=cEa=NFqg?mHpK#V78_3`R6S;Wx~ z(W#c5WTEJsCmPe~YGyE^(k>PE8Xs}VmG}-klEY}SY4O+8WV$LC@kv&DL{G<2*7kmRQj+IzipnX%Z*%DJjAvisMi7+$I6#0tL+GjOO56BDYvtI=@L4 zA1R_`S3(0JJB_U$Wkq35$S`pa-qcYgkce@z z#?HcZwSc<&U|4#vRw}!;x}Cr_N4knE$Er>gQba&DM@o32zqEOE9PL6E%pi5n&FZrn z%pvTQW!lDa%i88@4(^s~n`jf+97*$F(s1^p8EZEAM5nlNw$1JhzRI+QfDYUG>RDlw z;8lE0y%ej5g;5>+Ca%s?dbNU<%vK{)b{k_v1^vTpY1#`Z#EsYrKTECYRQ@OfA{_%;!vtf z5s9~mI-N0#t}%)jn@Xf?Fgn~8n=Bu9UE=E5v9w<`@RBrRTK$BT@Z;nR590PqlXO?E z-T0aA*)1j)g?nh_?$L<^i%!71BRY%jLX3})NP|-tiFW{1j^D>`#DtKUXs_qX4!Q!) zJ2STz?@m~=r%{e~#aTatpOz(>rzbW=TLYvz$B%MEby9n8)%I^X1#Ue$X!`?2$@HFQ zsvOx??i^|`U3+ab7WYo9YdeN!o~kpxla@5oRC)uW6nv6-U=7mg3FzRtS=W0>EHmqR zf9~!|ew@3fCXeOrY01;MyF2+!?p`T*Id`v|yqUYFCx6S`Gn$f9s##_;FhKXC9B5A3 zJl2bjfa&o2zrYDO$FeACh13k&*9#|#0)&r|1 zpZCCO$&DUZJ-N*TGm|?#Fe~|n2i8dL_dt~V&;##D9`ZnM^0)`qOrG|@TFI|Guy*pI z2i8em@xZ#tn;w{*yyJoQCc%&MHeD|%dtm*f#RD58Q#`O?(&d4TlIb4UI9c5TeMzqe z`jgon7)Unqz$VG29@sS5$^)Av+k0U1WET%?k?i4tImzB0*fKf516w7Bd0^}0C=YCt zBp%o{Ine{#CBq(gUvioUwolITzz)gz9@sIt!~;7eS9)OQWU&X{pIq;OU6PwUuxoO= z2X;&D_Q3ARH$Cuy$yLn)K@*xi#ne5|%qmqL>aCCCG2aZXO@j#p`@Bjyh9yl%; z@j#NC;emQ`jt3Sb7kXe}a+wE?PpSInXo05|}*Y;Zp=Z>)}%czu@7I3x3(drwM+;!;--zfAR1cf|q(& zJXq53ldK!{oGG~G;ZF*l?BTNncX(LBi)1AapCfox4~xf7A`dSTypD&@6TE?k&lf!4 z;R^)M@$iL$xAX9)1n=zOiv)kb!@9SZ%=Pdkg7@?ArGgLf@MVJMd-&6WkM;27f{*v` z6@pLpu%tW5sUE&c@R=UITJRzdUnBS;4__Xt?%}TqUfsiY3hwpr zU4mzO_-?@)dH5c|n|kk`3L4?iP#l81jOxZT6g3ZCZS=LGk7 z_*a5wdHC0Y*Yfah1h41e=LPq9_yxh6d-%74xAE|cf_L=r?*#AW;gw|Mv+!FPE0uY&LO@ZSV~+rxhs{Cy8E75ozq|3mO&IXoh1 zRxdaw1F8hu;?`d-hrRZ^Y>%6tY(GWx(IV&QlkC?~hCN5y_OtovQyN*i=%DPD$q>zf zAGqB!oH@X?arQdE_dV>5hd+RCCayl06rC**Va+RKjn}d7Kr<1Nl^(`A)qcn?PLiBf zWg-1PD1F^?)SSO2Y1TK@odayR?T+dsHrzg-&!B*8L;pq6aV0Ac$~VLRD96`%?S}*K zaA+62(Zbx7&+rGy2~A6mQOfnZC5dE~k-Tjp$qN@9Vb63#r|JOx9`N-;)UCpf3u@&VAKQF7nGvSbY3d_q z>bNq*ge9wL4V#b^`R1bZv>)234E?YgXf4@N?RXFMT`Sk`T0Y@R#P{g*C52`1qTI zA5q^=$J}SgG@B1yXTY#DV5HH4e z^ljkY9o_4G_3r?jRPUz5Ck4~e?~Y*)GVGw|TEcfmijMKkFU#c~nae#HBnGd~B z>J?K+V(1`>6ZVV{BlX%o_d3|TzUjSo$h{7cS9Cc!luW3%g?d6m$EIaI_4`FySZbUS zpqqI!VZw5yy`dwzP6W9=*<^2n5jgNP?U<*&98EjrUdz$6bM953$t>=3ehg@93&5l8vzn ztH_+T#y~vGcC>FPeu3ik?+!?H--SDRil2cwLX@JP%e?{a#`frO1zbn&V!%!zN?k7M zy^8;Y!da_+SFJj!!LGlT;va#Z%(ai9{nQg0hW6(}vOiPsT}UMylt-sesU}ln-^Y9C z06h98Doha*4hqkOMuM#Uyn{NTM+H668#Y=jjRV&nm0%6r+pA9xDr*Agv&LIU>Iy$@Bj_DTv&m4---tmC48$+6Pz3^c94+ zR4wGb;Ip+~>BgkHJL#@4VNi)UHem-yu0NoL1Fe)C`p6<$pRO%VInDo!gQ-dn?G)C!M6_t0F)OBZc)bF5@ckgZF z4!RtZ8m6Wg*RK*x%Wx)}U3r?({_MFdbQ6XS2dDNsYqWnu!J8qVn7zCuIVz3Ppd!aV zpdJ>Sh8CZt6_y4SIE|rx(P(c?@2UPgDta-Cj+$9w3N6L*vo7WGvlm~Dr3jcLOLF7q zmQCCB`=&tqfW4Hy@k3$#P}NBX_mXF_gfw@wxVo8$p&dI9TXRkm5tMS@=Wt}`wda_8 z=T_C~LB=Pz@Va+l30G?NICg8pjM-bLb#U}=HUme~j9T;^DqTMF+_Z2H;Ka_BzAY?V z^h4^Xe{I~BD=S-;tNFOee0##2WaX`__netOb#G5P)E38JJH1*6*_4g@YM_0^zRT5b ziNonbtQ~Mo-JfH(Ny>MoRc7a0*Be5E3XM(J&Uw^XpQv^1Q7u)b&bwen*FmL97vIST z9Zjl&Gz2JbWE7RsRS3BpnRHm-`)AGb747<|X?e68ud^h2L--q(FTz;MNo-K7; zaCP72W8$YDRO%$%zMe6C$sccJ-bJ7=dWM>&1G~OZ4wThFW7Wkt<;@7Hbu_0JE7Ykg zrLy|oyjrDmZgaU~-QO*jkBB>TxqLcpP@ySPy1ML!mZPg`=lUO6E__!W{%Eo*&FDFV zuNy~Qj^JYXriV79dk+gcHnka`GMBzO*ZQjS5ieE$nrh^3ZVGFKvD4X7{Z`>h1ytxz zXvORXQz~96434BsM?m9P;nJvxk`W{5Dl~;7Fu9>ot|1JDCGbL^X#t22U zyRu1q)cSgyO`l}#c37!n^C~e2^&y1{ONW}{P}-II%MOYE0PcAN==|(P#yQUS@%CCK z^*n4x8diE^pCOGS)dsFGb~CY9){I!2g%%w#-}Q}STwU+*7=`|^3hibm{N22i`X8D5 zce;4acW(U_svd=Rbt@F8G&#BiI$VIV^NIGQ1m#%0S>4&{$$g+k^3j8oWJI9h)c#Gub$D=dzBTMVxE9Wsv43-= zpS8*6tWIVjD@jYa>mavZD>cPy(1cALRaXK$A|z(DO8-_w>ST%_iG$i2oHv8%JS{jg zcWP}oV2>4N^i<@1$XMR{@6jh_ZP|D|;6@JEqiS`O^DgWq9-z*m@2P_mLVE(WGkPTG z8HtsvmAemaE|VEHXjL2y>B@42NE-+bD@4^5qM8-Lc~hp*g{Y>5Sl&A=#Ihbe5I`aF z>BQPOE5i@+GBgI;6Y!%}26YLSOg2|NdvVRuX`a#3Vt4Hzv!&8`NOQGgYmL5gW&gEa zu4bXT51QM84g^J)zQStw50P%E`;c0RN_nKYv!ZrtaapkDR`=%y2>-J6rDSp(RC$;e z+)y}IUEQXgcS+@dJV7O8<(w6kI-`eNA#rzPZqfBV=sG>6i{fgSY`GCQCdC>1i@@fF z{x;w&)wCTd2ke3Rk;Yc}*$j2q{(E@ZS0~Pys>gH!3xQYch2O|}Ho}VsA!)5YX8X6s z;Bvy8RfwZO)@hv{JsQ`grqZQW-rx5p^JNL#e`1rV2u+hXBWnSq7Tb`7qqDW~;=$pyqdq0HKa60_0`$i9@_TDX3X}I z+X~4C{Uf&mSbupS4c{?tc#H();Vp{2DWoNYcbt0lzL0Y_^lGk8-4@Wpp}|@gwKff|9kb5#?8R$6=G^XT*eHI^_xm0qUP}4t>9!wr zW2D0|)Y;0m-i!IXpmFkP3lAftI!Wi8%Ci?AXk1XmWxDZi-8h*Q!t_4v>ieBisuovT z$hL7pzbd12ot*B4`LJ}IrhcnIdLp)}w0@_}%jBT8JRogLxerR+($f+t2pO^IvN>4x zw550}d1rOFE&f-#a;}9l96myG!Nsn%T<6Vk-+ppnvdQ~ zV%NHKyNcG(|xkVnoGd>Hv|ju z|Gd$V4&`))>zcbqHnzLA{Gh0Ft=l2Df`aq$*fi)&c0U)d^_*+d@|&?r^VWGqRVtvW$J$YR}rbwyVcuYb@S zt^4&S=4jim{|Iw*?$>{SIf%6vjv0E*WJMfhMAH{ruKjLb*U8Mx{JiLhO|_$x?=jW+ z?|qUN$>TpkRR2`4jwA&0c|DlsX1TZ01s`Gs*+$H-bIwDm^Ab_}`q}QO{<-=f`RME5 ztlnl36poTDsj=dp(VS)b-3A*}#tQn{bZtm{^)TW$1dP1kHr1txxsZb&vYB$9(cRp4 zH{WuPHo*=xrMd45hWdVvTEST~Eca;3=|Z(M_nl&))*@wxYHIE~#!#H%1iZ1suB5qd zAH$rVVODPL+tDy@W|)?^`(d;Y+NQ}ZN{1>w$q1d|o@7s`{O4q@dTyWDurMJ>K3IaZ8W;5-g-{e-+>`64h zNy&bXXZ((7J zqy{u6cC^(xc*t9GVrx^yt=MYl&bFHI9jye9zD;u26XloK&GhEx*5>MZKW%lI>Zm!h zua_mF@)jSaJJJ)g@;BOE0h!0YR(@C7h7K5^`68&nMk}09Q@kycx$GZ}BHil6NatmV zpFv)~Bi*q~tumKXAf4ya9hoBCwJxMLf}=9a>s^r3?dP9~!41#>-{GiEW;ri7`g=Gck7l@xcTb{w=er9pG`h<{25-DGep};#{}kFSJWFCZ z-k5x%M(#UJ-bJ()&c51#Nn)RUp~WiDCPk5D7@-Fp|?j56%SAk%@w;btW_CQjO@r%)mEQCAqvN) zd0DQZER2ZOdfm!W8akMmg$I*-OO*%Zm6gmlSN&)s7O{ST%45c+@{rL~Dn@o{nZDp2 zRtAM#j$l{!qq%H6BQdgM;`f^u5ZSI8Llx}uwV?UWZeccs-NSKwApO+CNIKgTZ+w;%+8P@MWT`y`$eE)8fiW8E-% zn6B4X%fUwgb$S9x&3*fWuEdYx=IL*Z&*^(lY-)(Fhwja`#t--Bac{9P?n#YdQ*<5^ z(e8~l6-{c~&CHWbg4fr`b;s@q-FHi8ss?)~Ew#k^X}hvrv9qR%d#qhkp?HSTHVR>O zLtaol?g4jSOY8M11Y+?Ys}9C&$FZr+T-(;x`m|88ifQ&} zM(tw}rHmh=R;GWL1*~WWE+31Unc;8z-0AyWIH(EB>ZCOKy%`p4t(#(r-cos7z(ZAe z(OUF|_-EwFLp%7pF|=ZEH`6R^WviBP{??ikJx-Vr^`rU|7P>y4_|28!g`hG8lNJh6 ze^LR3HLv(Ef>nl(FNB(?P>DhbYhLjo3S}qx@!@jDKgYjpd9+lAPbkEml;<=Z*1Rl_s-6B@9@Rn~yyyMVLhQ+T9>SWJ<+l z9!-Tj#IFu>UpKF`wP(fcCTVAMSiat9o0zWt={(;Y3=xNQ(a!;X(#v&sym>URkN_xC`YBi!NZJy6qJX^1=cqMoz%vi@6u*ZeL2rpCBSpLl!y=1M$nUYQ(R zL|kSGKYvX+BU?oB>C-Qfa2b19)2>Kj@eR~s|8^u$#JXmWss!lQ1Qy0C6p~19t z0@gA`ZAYm(r8K3%8oK{TBUj`%+10^h%_k|ZjN4H~2Z83~GCqW_>kYj>=f3f|?esa5 zH}c3hUW;L~c+1^Bgbh=SLJKT6v{T!vA6Zr8)3?egP zKsd!aBOmSG|3%heWhZ_n`DA;9?%AsbFB6^)==;tX{kw5qoE7?20_ysHB7{O*X+caEAqJAh0*v#hmw?tXe;*)q0 z`02u1)f^s3)1>bkcG!x$IVjxo|3tP{nS)eVzfKqK)VvSf*OvEy(vbYJE+kuLG6x#{ zmM*JtM%**A^vvOKYJchStxwo^CFaF6>?gCZ<{)gEp4q)r7}-bqAYb}6eBc=bA6OGG zOpP+7D3v{QuXPS7%o6ddsa+-)B-R_7VYHs||B%_ERXE0&@zHI;N~yi39qB?UP`r>p z(T2Esp`kOl82%D-A%2|vWgx4Pb|zLuDa9BJWe^YSOy;F{9chx@+d(MAWVL=tr%Gni z!M5UV>afR!(6uPrQEhwk5-c$V(V4_d?5W;1x;(S*(-^ubtxM9XAxSbx>kJW_Z2FMOBq-0*@gf~qm9)a3!&x}>|C=f-+xq}seh9N4nO zKB=uKY;7u)qs_>ot(FR!mQHJ}H7_A}P(fs+Z)>yq$(9>H4c~4mP-47o_-b#L{YfTE zy9Y<|Uz^TV2`;;Qi*VB^-MF8&*?xe_+4V^G+8P~x3IWE%>F|yfwZg%~$IoN%lY>uj#jGrEv(W;GSk=Flxg7n}+ zWcP*14+ZNW`~n)%HT1@bTlqT$v&FRP76m@ zm7l3dk{=@u&iGT*sardYmVs$X=3^x6tO6N}ND7ViSj#Mz!MV=_$2P``h}qtzgL32|&6c6`lGSPH2EXL4hbinI>&*n$%!+ zNn4xRYLgoK*N3u6jcv^xZ7qG84qBUATRzJQF$;!2BA_8lWv`unT(WF$z6Pq)axxO@juzwSZgb{zbwsdD21I>2qHd;&l znyFkusN9tS$|mx0OO}~hO;@kADX{JFy4kO4=G{^8o#DQ6|K^rVJ{3FdG&d2qRLk)P zH4SU!NM~WkIE|7qrF2gXW^V52Zkyd2Fhd2qD4(nkuK3GrbmimHFN3Z**CYs5(rM0y zcvB|K!eXa~lj2vX1g?#g<2_ccp$Pwbau0e%!w2md!Ry{V?-d53dHdtm-jo zx2$T-@!=cmds$E||J-#^H?EeV%b+8^j5bAjgtx7gI(J5&BHl$4@8$RblwvfJ%kh;! zjix}-SS_rR>D8GOvm+sk`><}-%H2tG59+HSeu*V8{yjf6GqPQdIRdIJ_z8`T1l$c) zt{-t=aVI?~WoMsS!ZwO!m?>}q>PPAgRVM({`sU`|mSFa#PQ`dQ-}elk!w`?Qq+sFj z*>Y};Q*YUwD+Wh$33HGJxJ4Px91eG0hBJr5ouA>%0j_QK z=fIBmL@!asXt#W1B2Y+9I6gSG%PgI+;Y{wOZ3&!e>{gC8|YV&=Jez)h^ z3IDP8TqV=N+>fxPay_EFoK_E|>bkN#A_{s=A-(jr$nN=Rw_1ZtwFjG}Had&m1Wesu zARo1dIfx7H!VG5)aBc9K=kPs%yz_Ba;4l_$CAJ~6JUF}Lzj(T2#%Ov*k{huP3Vk51)Fop#59 z;W!p;`JCXz52exMR-a|qN|rzipGRIZjqROPinT+I&Notyv|o|c(GZovbIQGJZz#v= zbz}Di7BrWHGB64CM2r`zU${>3eqx4A%!=FKsKgQ{Ta84!3ibu2*lI(QFQ^S6S?Mk# z9yg-Z$7st>Wo>B=aMCZ_mG4pia(!jA7mBaxRhY9ZFBhYhMmXA4H z-k;8J<^Xs6=yzb>z<-bj7~K=Fl=CpCNM9}We(otewe96udggF>T#@0-;c!=GICFs0 zxy<|c>MtM9{vE0OsMwF0Ot3O^HED65;wpU_hpyq1@vF2wG|7LwJ-YnT&=yv)#|v9X z+1@%(hHk~DUdTr<`XJ3gLKzkm`a4}dBa-j?|ZX%B7X+Hm>Fi*=y>Y~-Q2M}9Lx#-3T;~w zFdS5wOVKoCHZ{(q)^`a(T?;nE7)fWMHu-N$W#M+r?-Q#gE~xT~fyBVl z4pk#KdSEa9Kt<{_aLM~frm6oeC}}b&tDVL7dtrU^bI6%aH{QB&$u!H;O75lnE}n_1 z2UaE>SNb=Im-?KU#(o;l#*WQ=+AI9JkoGt5Eu0;QRd?~5Oy+Ci?r3g4vQ1yr1z3#! zstbh6X)?Ih85JK`dfqlyHaV#^M4E6k{M_md`h1Du?hSKMQTru{>^fH@l`pB z{VIo&>}v1IQS4V!4UyG9lf?|(Q&V4{ox?g(iQ3Tha;COjqf4m(E(#7^CuBo(zQD$4 zkv^T#*?dON4L1OJ*!d=?u=j6Agf%aF3Aa6YPJP5A zM+gwveh%MWh<0-xO<40vqiy?q7Htf%hik8usj6r@e)6^Tp>+@kFx#?KX*U+U^Pzc6 zK1Gasx~p^Oi{w{|u?meYgl5`GygKfdDPc5|Z>9khoyA}*u%mb*&&*8IpN*%J1E9^5 z#zdXR_|`%7^%R%JiZ6q(bi;bSm1@+6HCx==n_q7SC)M41L6U7>cvZHCZ3#XOwTzPD zTXX)M=X@9zCP(oEP3S(2}z@mu({GX$VR|$(Wy;9H)IWO-?V^)sZi9-1V z#(pbJ!v!e-^GViD>xI!d8rTxMX|Cv=-5X#>IAGvsV`(qY#j%7XTqo4~u4rQ1t?4-^ zKX2w_`WbimG0>P=rZsEGyhY7!pgTT-ma*g6asln0G#pqLT99BUVA0nu2*mI~snKCs zQ+7s&C!@WrcUvd347M}M;)nR@*NPgh5X39t;WTECKPr1WcH&qg=#_xYg|z5^l1DtL|a%hnHxkH#B*`HT2aPOY0}2?;{P#!`VKdr8i%nhM}YMX&gF6 zAJ*w(?b|q%=$o!dvLnuOqQSMKQ$NL0DGi-WfLtl>F3RY7dU;SD%d-jfj}cF{UIy_- zb#er--bBe;DuY7B9k^%OmHb)5w-ze@OR9VY91+&MbnmFX3$53Ny724zmir`_5HTs57iNi-+WPCq(^EB7}$Q<3G#MWaew8G(~R-s526ChU-+#3yn83I zX=%r&S=-Xg8;pF{iIz~oY0{>W7>m6%uNX7mWxL52!bd&@4gHeGxo8KynDV-&0q1Z} zWjF(+iv1XojN5Ll`i@5$ZjHJ$c;7SbNGc3Ao-lKt393it!Hw)(3YGx5+V#{7XF{Li zGhmx2#|^ziwWJ)+AI*7|YVb5B6^RpbhABP+Oon)kfcCgI=fE(o8S^xDQVWULf&l0| z(zTbrai1&qARg7S3F6xOB$6!0tHB+{9~C|v6kia3%(=BR#HZj+DS89{lki(NcNz1e5z71zAL_nrk!Y~i>M=Atd>WW@_782$Rwi&d#PIg zIoJB7;wzzc|BVSU3|5}-p6y(nOD=OXBz=WC=kV4Tzvjxe>dB4#Ux)v@@!xDNq`dMB zt9B!CA@#x`uR>v@K)j->U&lBU0&1&Tvr4P~UKd?(cD%wYwSyAU-f+1|M!z1L7OF|&g@dQ0&sYV)t^ zM>hUx&QY*4Yo6()GzF5q>u=e3F=i?_>M%Zho%)waW5ft~AQylX-n~jUI74?qYB-D< zNzIN|GQL4}M)dy!;h;jq4^sz5d`B-giU^(hOHV*;dIxRln260b1sugsEMPMi#&<(c z7y9)_(*(&^>3ZXys<|BZBuDF_Q-b&`GMrVmcL=@6EI$`rcOc_COMyfQcR@>mweoyt zyJL&8bwPKW6#kyk;XNz1O!#TTYe}6k$i8hlk0buqiLYb6t8~nl*1z5hI}pG7vU-`e z+4}*D^^&)We{S}n7c^nOE7VHy31Z=s-Ci1hhfyFeuZuZ5Wp&|b`<Z)nm~1o&OkZ z6NAmE4E^Pm;AQRktCr8uW4KE=#3y>nxrgO`nxCwnI(ckUphGJC<>?i>ditE^vo4K0 zm4?zQromqGZVg(U6PSavz}=JK%;9kNW;k;=+}AUlIUMdA8O|Kwbe3~FU;T|qr)CfG z{|*t6mC*m42%|qz1bfQYy<%;WCTd1O9Nvzahwdk$<7_$ZarXDa2sM@3LwjT!%sDHN zmSb8UqHD!x6L3^st@x)&$7uW%X9d-DHtuWF?7dOt*ee`wl8Eg1E=bb+K-~#8`K5NQ z-=(jOIVKD7Oc055@g>@(W*m_bYP;uUHqFcInC)HNd^os1(O~*0-y5B;AKNb9Qv4kV z_S1sRosu=}2+jH{k|!QMj9!Mi-v1I|>9k>K>)nMDNaqL8W#T5*L94j?p=0>FR9VL3 zzfL|*SRt%=Ma(E`#_O{5Hk;*+O3VyaYY|7FG^$n@+a#tN_-B^iz|%VJOmovY{5Q@M^^d3g_>lNC3j9+Ijuj~s+syfmHXS=kz#c!JD#pe6~S)wma=Gw-sa<` zj?I5B&asf?^UB>A7(GLsPOKV-$RGYJKNBp{?=$!f3aELaHr3{l2Q*h`?lp%C_agBY zAUucT(%ji?Hk2Nx9vlsqL4$Gq1wvRhy%1n~qM?4{gaDfWxOkIa9z}b6IRr-wAjb*G zI500H$b%-P3RqrqX|WYqUw$P<)&b`I z2eY;`2We#dQufXGF4p6**Mxi~&&uogv|o)5@8|O6!aLsQH-r~o_L(twpBL~mX6!%2 zm(jV6w#8%6#`^akqHS!Q_xaj4F5)L@rANhYYc`&QOXE`gkrP24sC9_$+3N&%AZuZj zM9)e+D4n&^TQpk|EZORnjHwOl?~vNiPw6sYSN*SYKP0!k0yy-DIsYc?qjE-*i9Pf) za~iL-?B@0?QF=2!Lyr+?S>N;V=#2kPa`94rGClWy;6~3~`Bq|fqVJ~XK4_FKEpGrJ zPN9AR5thy995U*NLwxL%jBGah4Vm?? z<>AMGyEc_pjhkJrr8@0ukPF`x|BL|0(;Qg86~V#K6p_ z`TmJ^3^+hp+JpvGRV>~HvHf`!q#P%6-kgNrdw2X4coS zMi{goAGEZUbva5axvnE)l2h?u#X~%u z8*k;tr|4t|%A{Xb$L|IDCv`j)QPCPXP5*M;Z5mA3#nY6%%dU1GhKL4F)4#FZOW1S3 z;2Yy`i|%sa7fHqZrwu7*l zk_#$~Nh#f8uHE#2w#{axIfsc?9O&Hc0Q71eX?R>2RaHkxAb3^IpN*C6wKATBscnPe{XK zFdOUC$?RxX>T9zKqJ$|-)lQG1V{qmt|J4{xlyYjvqY~ENV6dRz6y@3|SUW%gLTxX7 z6loICU3PX*q^T z+w0t`F%<-iCxUVN>5`eF>LsoEMAa}GU7fbI;bs9*nC{s#f@|nIYmMDDx{FA&m1F2( zj&`hYGK0(tvVaD+AF9|5Sm$H7zQ zh@mp!Ar?W^x^W9>P3+SG%bDCnfVPGTH_IpCioea6S?~&Fx7VQ;6YPf}!rW7Z`$ zA|~&|ug#D8zMQvYwKMuLwAYf~L2_F)y@Bbk zimXSLu6U*m;w}koLX7Bp`q2u576F%DYEIz%Ac(eV+0)WmwF?d9=vl(FRg=;mIZUo5 zH!h$j3l*(TrDHRTe1g_mCf~d?m_H#q>s>L}lD6xk?b1E}xct$Nt|L*xj&#|_ z-J`V~WOEJtES^Kr4+wHbvjjy1}4$yIdLOR{XK+r4ZarzC{+s+oe9mV zmX=MmH`>BBO7SY)3qDH@13GYX8Ne$1oDPu5j5oyB>4gYuUQW}au{``#A>2lJIAP7p zg`-atG(yTwBc!obF#JQ-Zr$G{*zd+{f7l#ke4p-FZA=*U`RxD2n7CbqQx3HaM!Yt; zhwZkBa67S4m$0&P&S}AY#NL{8^5fR_&YaAnavoyWnd&Yck4OCkern|r1-0o*zcmj2J#UYlPCO3&igEBi z7zh9Naqyk*jGgcP~Zj47zh9Laqy3h zgI{gJ*!dnj4*t?{@IN01|JFG84a2eXjmN>?Iu8Efaqw-WvD5D#2mkSL@VAbGe_|Z` z8VzIT`>}EGUmgel;5hgRjbo?ZKMsCy9Q;qm!M{EZe&zDm`5rnB{+e;{PmF_Ktul7{ z?;i(W9|zxc#MtBXOXGxJp*nWH@i_P|kAt7kGE~H$<5u|fTHj&drUcOx0E~>a@o6y=zSX!L_r#`iz5*X_x1Oey!b-d%NJA~{ zkVlNVO3jR)a6@xRA8DmW7T+`mb<~jsxpWYF?F-x%Az0dRd%i_z@8v3M$~Vpkc09uK zjUPSD?e8uL>t}I9KJ-UO&kit$-Vji#pDB;mjeTGrRte@o$DYfSv!_tbioNoPNh`=P zc~+%m2^$;LgHiaz7!)Q)Q={&|1RWXVGQ;&Zcl1fuOQ*i`$d`M-xzb`YIH}B->}2>? zB69fG_WK+C7Lv{Onhn9Wg#WP8$<&ND$SC0hsw$<+HCO6Rl z`F)}SInLZGCInpqT^h~gJ|Vroo6^KN(95K+^P}IV-#_T9d%~ZAwvUic{S#7HIg5Iy z`a0_GV`nrZqRPqd$b0B_a<&h>WSCW&!6+p#N|?_p?xSSO$%p0tsyR=P^EEj~G*)~r z&6UnhpG(E(QgOLdl1sB(z$h0!%7u?|srXzfNuEn(L}Sr%X{ja~p2W@PQyEp&`G!k6JxN{RvbyRx~ztb1~4VOmBR8%SLQhPh>aVo}56@ z+?18AF42{AZnT=N)@PVGpjKa*45Mp-ZC1%`d;W^_6OG@o(oZjx`YCbQ^bbP%<5M2~ z8^mW5=4Z*uO_;)(SA%mgPUeUX|7d#(kJzJQa? zMSQx1s{?c32QJKT<^U&o*G#@As(&=3_T6RNn>g zS-(m<(T7gSgpZ|o4dg#*DxHMO5P4EHGt$k|F?d3;Tf>@yNFaYx{nYK3~zNBf6E3#iLvbr}dzcmCqcc1Fo9k%;9iN8O|IISIcnb0M|Xc$LzeFOd0Dp zk{hzqoA|^tAT2YN)PuXFY^KPo@hSl08%s)SGFEG)brY+(aNnk6RW95&%l&2NzFlq= z8~iPDtI+;TcuFvHW5fLPnPzlnROg_ll4*O)D2t)|F% z?QHChMbByfL3-fF)H?N5>7Ak%SS^~vl98?r{tWdUe+K98ow)d={31)P!JN$nF8(J+ z$M^b;F28q;KZpGFSIYJj!}(m2DIv^ zGYaqKnQEYYc-`nl?D0}8h?D2M75 z^BZ=_R3_8mVhm`ml~V78`S44`St zIw)2u-V#R28R@UsOA9U0k0~75`IgY*xT6NfI<;x(=q%11V|*9-3Zc$Hw{Jp0sgTMp z8_w=I6iCFt8O6-nWvgWA3T$Fo0%{|wX!TX`NBZiIIo}q7l*3xd+3Js;fG!q?=iTSm zeA0Gie(6v$(ibxaX@Kj@aOQBht_)`mhnt$=%;9j;GMqUat~?$Z+OxIMiiaIm`j>!cw@j{9DRu$7Oc-1>(g~2-Vwg7(E5jj;}b_!&!=7 z<2UL+X`UnG&xg??@|Sv6=0Dc;LLD~C#@Htbr@wsMjN(aJcb3A5HtgVL60LNvVAgO8> zVv>waX-)f>XJTg|(-&kYf^+NB1?F{isN+25fUE-6C~DX+e-I;;{Z zU}a6DlB)J|euW+QXqh%t!}OmhulP9BXzZFM>R0BT&)zs0m^|TFm-E2t1gjSOI?uhC z;f#{RjCHSSidSP1iMWkklexSqlaM1!{U_OxM54!-{$?#lxvQ(37g!^!TRF12rOqSa zHD1l}|JZx)_&SQK|NnYdx>vfAjAaSQ1uRqSEHcG(Ni@?-=)L#QVPUT+K}aZ&&|(OX zLY^d$03ndxNJ2;j5|ZahBb_8Tg;Yo{q{sZ;pEEPNdnLJ$r~Ll;>SgbpJ$q*6%$auP z%$YN!32d_fvw(vQhWH8;@smHon8EADmjDfmlupXq*c7TK1hr4JCbg#4`brs zHm$Mg`XxnP?4{$CQw;>Fi_*EYL~{~r{xXhBujAeASNrwR%PU*FKghdrWjo5vGR4jz zd>mbEb%ma0qa|mxda2nWDfuzANPD&KNh=M)=1rXsYmmk}NaKG?R*aK#DE4xli`DrP z<(*4Ulh=Gb_#?XjdRSv{zC0gcFMTwZ;^Xu=Ch(-4R7^44-!Zfc5#sdEfc;S(1>2mp z(5h;e8b4<=Fz-nAf(ap()QDWd$+P0_LQ>xQ@W%S0kco=1Jx*k5lS@YNU8KQ)D@f9lMmoGt4wO4S~nCR(a2i#uHBi_ByWIkgR79p| zoPtwX7I36GnjWWZ*`UvL(`67Ux_dZd@3}iy*_GG=$&1v9YBrA4Nc=Ap zMABdac=!=Y5F1E$Wf_Q(nc@norv;0r%|PpEo!#oNdaAP-XaFVq(E>`TJ}3Oz?3znM zR&q2f!P;iGIhc)14%Uv73`@5@o8xJQ)-k)INEa#%*g3n?#YG{(^~WByYj#%w?bpq$ zj@p^CXBKc_TN&1yy-R)o{N@vfW?I`V;-Q%?nV~`q{5Y#@6 zZ&CU_SKpWDyP)$Xy~rJ)GF_UsZXpX-}HKptc-72N_U>pJp$2sLQwlOzE$b_ ze0|?s`3h>ElAn_AI4i+?;@m(;TL?)|`!v3F>HCKIzNNkkYM&Cuxq^7nuJghlfp&z< zFvcFks|~l_*ZVZA^s-smS9|WN{j<4OC!0fDO2euw28`RW&~`lbpHe;!8?k$1;n7ER55I{e5TUUJCKeqD*_efHJL10pg|tB)$J5 z^cUwXS}Pkc{yYi&jsIYuq>eix?mXejOqe)tm;KjXnChtT!=ZsE;OFX$4jZo|134bL zhX~wLLrKQBDYc>n09+Rl)IN=GTlzkr?^~&r32L8`pR1{ES3+7SBv#k;2|?{s@(Uqt zUqaeQNLvd@Q2UfT0}|elR%o+m8$M}!YDrkNyLz8f+4)E(b4a%|2;ZI(-`?o?_Cbn; z8>a_fAo~<8u&-DzP1B-p_UyZt2(^~6xAKFLJVhDbu~fEAR5lxE1hr4&Y!l{vc~gBi zE(&U&92bX6NQ;EDtr#TexE={Y+mi8-64GKJZ6_o_?NjnA$HiO3#qGt#UzfPZoM*c2 zfy&M&1lcXB%%P283o5@@uQN_YV{fNuG{kr6$Llqm50W2&H_adsjqg;V>qVl=hCD&- z)A-J%?}@%2sUcBN`;@#LGK-rSF4zo`R0+F@2s@ zn^(|aOq-`0-*+n|yd=+9&~bY#D}CQQ&sflLJtk$Wv3Wt1zJ!@$@Bq#U@*AaR^K4wt z@e|oOrdR44GFD>;s#NpeHc`4GK^KYl1uhSuwNFtx zti+V3?HM&j6jeTlvrmkwTyK%NsxyI3&EaQDxhiRO$^6y%>-iGC~=$kjbk5P(U zuLb6f?;GANFmHUn@NNOMPwg-0FK2S0tB&n%*M-`i+qpw17PK9o*yuoikbad`8~3MQ zcRxRHKi_jdEA`_}KnJykAD1?$97d|Fu!{9rakeI2{$i;i;uJs9)ik3EkDtoo+11sFC^a}AK zFRHsH%K>vH`RutXy3B6Jfc1++^0N8rnS}4N%CYQJLM+RwCB4ZPpu#jBaf+C|gjLD( zWe$x=C4hbx7?2GJ2+1EBXu1qU)UP@G2J;{j@%q|wcABr%Q+Cnjcl&C zcG~Hqpy;>-D%IpBc#yo3hs%G zKWk6tL1S`u!MLZ$H6)sIc9>>Ig=_;ZXQC8C8wtrF@TN4PBs;@1zdv?XbBgxKMU7pp z{6Y!L;?Yx+uh9KSG*Fjk+eEWLMRTC8=o({C7Z~;lG3<{#M&_2FpBD5_JXSkAOv!xs zMT$SU8#a+-6o{lKyEcq1`Rw$W`B!4}KSCgf- zi5hRG4wD0UXuRv;&QC4z{!wn@cPbvhC75flfv@9BC;k@`M3?lo*{2Q+!Lfr$HcE~o zt@KHaoj>H!*i&-CA;lNe*jx#yFMH_=i}w(RLAe|U2e07^{#MIz4llm2j<1ff9tfCU z(>wA%@0Y+}wiu4$B{>nz*zgty*5IY%mB(NdPT)r${CQXOv%Jzib z4GA2UidI*n%5?B{B!RX{WmOB!t~dLE7)KX|aj_8pY30shDCbUMC6FA$vB<1@eG2}Z3O;qIi(q^r4X0(!De#DY$r-AGxIcM` zejPb2qUWj)H*8k8Dus+N@4?6k0W-%9VZig#^1F58#)I6VPQWp+k&0WCPW9p;wC z-?ns^^xM*%cnImGCS+mnYtoi)Rp)H*a*7BfAxkuDiUHqJ(=Dfh);+15RW zV^u}zh*IayBejZJ|FJsscL;^s?T@RTe?EB`890Loa|^C(oy|t?O0%J-II?pK^%c&H zSG%T_1ERPuIf0Zzb^H0&oik@kVLI7CaZa2rj_mI1#L0CDSN7%OSGo_KUiH}nQnhxQ zZItvm*XdTm>MiH?AGgg!R9=NW&8^C9w%UF! zbbUT2AUAUPO%969Q)1ojyRO=fT1Qm#yTdNqm1mNRccATd)XKL3KGl-$OQE`kHUNuz z$_dLvH%ie%xN`;loh!Be^{zCYvM$+fu6^6n1L4(EeK=KM)T*@c%MZ>KRO9aa>>iaZ zQrG9A%C(g({l476oFYC7=10lVJd;y-3<`FP!H&&g@}+zjX`v77W*g^BeYhoWIQ~?> zENNP7Cp=CU((Y_c<2VpRDG_g0nF&Y_r=OfSGPnSUp-`#k#*VjEH^-?tU5q`Y7 za|g&Mk73nO;RIXRLoW#W{i!2X<4&)f?BFBn_j+? z)FwlF>8-Wzwt=g6()!ba^=0P~Y|kdhIX#ewokJ3H4&}T@`gtfd8K^z0&dC!-gsns+`jgX@MN#@QL2WL5a}Nr-!p-(`ZA~M!rYM8s5V znTnXfr5)Yx9J+;;VtX829wkmYBt74R>PdZjm`g<^{~pHs@Cs-odOQ}^8D**xJCjb0S|ilcvSXg`8%fxl2@gpQbeZ+c1EyQB zhD>>MnWn`H1FXFm^few<@N&9*lNob<&G4xCE$p@E{ET#gc(;+R``r+uJ0Lzq^`h&3 zL_aNKkLf4acR2eH7I?YLHJ?h|lKAdMOx=$uDcf$utoECj?ZOkssaj5>4L3eTJ`>05 z_0;_Jgyyd&Hh(=yuZofVfg%nZnjAtEj4MvoHh;#&3qJ-C4yK6NLSO+&QL}BDk(5$j z`Y2>r8a}9~{SK-~F4#YDGGV8i+lN$)<=I_?l8?|9R*HT8(%%p0vs8E4mo^BW#d~-s zF$s_5Z}>-LpiUj!QZi)yxo~abm1uAQX}Ufx+d?%hrt7lpK^Yy3c={KXt1XNeFC(Uz zi!}~~H&?a{FC;SdDR9`>oJbUN-Ssfm!|revMjsjRqFS;%&zNW$Ulxm;i-0m=X+FFI z__m^D>f9r1H5z8UY^|1_&3e-lXyN*}7-^DAHMy2_>(%vUB-ap_LUn0Aou2C0QQcRj zS~SnIJj@S*GSeF36#dFhP65YRTZfz~xYi~XplmARzWi=a86Bw%sye5ZRAF-Cz1BC< z2l=rXW?uRcjTcT)X3z~cr1~}Qn0-XPM}IUo{zwa9&|a(tWYz{x1>X#&1$g7a!0XP+ zb>zIGcx{7jJvPbL8|S%uKiZXIH)!yRM3ULOJLG^CsJ~Pk)@)mKE_F2=l*;5Trm*7K zc~r_P0;@)*5eTi~Ew)|yklS|M6D3O8nb{XSGID$(=5dDT@V2GW$uEk7?r3(U&o@_F zgTAB82U%cjs+JU}pAhx#1tZUJHz-L_1|#P&Fpw*60uE ze5$T-K1utsDcxI11I3VRUc}p0UgPL6%sgB^c|Y03pYcdOeRn29l+)df$E+nr zW8c=eJgTQj@z##|2FEqb;@bN&U^NaWv*gdrJ8rq2r?m@dEmK;b^=Un6Y3W&Nltp5X zPnQ^Js9ns5wxbB|VZ3`0oHr%HCiI4|o;VB#g2~Ha&8&*+S(4f#8w6&tJheffzEUh% zjHuC9w+Xqha3CKWKj&07+r84UidWq?HVXRQ$}`xy6tb|(Fc<7VDWBZ{nOyM`qHwgoqtzPwdCBaXhH zT;5_{YUw*XN-rh}>NdHWTDR?#*!Fp>TxRuXq#7e4b2BxI3HR_QUrD>R6?BR6!Fdyu zu#EqomT_rtv9pX01E<=dNwgh9a|l*jlItmi$)=b!6U?jM+YS`+llEoQoZXoZ-zZa6vAc35c&wPaOZ%!+a5a5~M{<30vf0OI=ygZuum=5V zw%G!jzS>jW+(LP8?D7S#GbJp_swtyeRgI=9L)>bLr549YlI64_>vMjb{#i+G+Fgk{ zg++23oJmfGj_h(l|7yJq@#QAqR!HLaU{8CX3e4XNO2!E>3{xw_|2TOKKVxUogI=63y=peAz?F6tDMU_`eo*Gv%!ytHJFF?wv=#U^Z8;zZa&AYt{+LWJ5-`? zQpGhl$y*8`ZkQ%-hNfz&r;ThBH_X|B<#RUuN$*CJ^i3$D%6+(CY2Jay&(K)GA)NZK zmL5^|07ldPIzgBZpmhM-eDnF|4o&t?>chIz={j1kW>s6OMRqozzhRYw++NWvtNLj( z`RioS6vp%(68Ad%Fr<_+bjIiguqodLE=HZ40@cmQ^X-Jdq9+c|Z?jjK1_z@)Z0~M2 z?J;$AR;WJ z^fM~d!#uj$-7U~pYHe0oDAlncn1%~Q@e;^tPgw}m)6;lZ0i};{MQlr-ri@Z&feI%2 zfzZD=r=k38m~+9#8`ZxYw;FFyc;k3rmG%r2C+L&YG7k!Ukyc#y5~r#C%C7G;;v#8= zHt|2XuMsErmvf|QXK5~&ssl%~E$XeA=KIPisL#z``l8CO=-Mn0{#R)3OCBIgr?LE- z)u(nGy!!t}YB^5X(5Wv^DUJtopEeDrj z1d;tKHizr!t(K@ZG1@)3Zw`^uxAAQl$&4H{jkzMENW)wwX`RpIaoff-F81G;MBRZE zlvfCz_4G|7v2rUSql=SZ2b`qpPq~<1B4*fAIgt{rn8OY5sV*iBTK9;4(3ZfHu$%LB zMvNB+6P}xf@_+-B;%-dpU8i{Un??SUDNximw{$!go~FhJaltauk$QI(sS$@P$kX z32$B5NQ7(6qH@1Nd57_@=tr@s5+b*CR_KaPA%@!q9w9Vo%ePs3Jn3Vz7CA~k1uxt} zQQVHk&u8FDKMl}LMd0RGuTY{y(B|OY*)VE67|j#u<7Y&0}1p4}(b3oi#6{?G(4 zcdOAQ3Oz{l^da&bKAqQb5$G?kuy8bcMtUZck1&S0uhDn|oa|K;HcCE2?Cefe%nwz@ zudw{aZ0{vRC|`0>i_@=bVg6~beJ#_LY%bcqvgZ|aB>sLAVTQ{-lEyGc-$I27`lJzy z3fI4J@}WGrRo;=cC7{Ob5*Wx6K!9+!PLID7;-mD7&E!Zv-3w&>c``(&OJy^Kj0{U< z9gTp9ex7fP8z;2n0ZRJ2cr3qwG5qw|Yu<~taV`0%9nIshMUo}pD zN~QP!wJ=PhE%WGZUe~ESQz&X3UO?PxxfHFFsc!ljr%3$O^embj4v5RFO3{z_4{I-H zPvy1b`>LX@R3)x#S1M%n|8cdVxx9{FK`TnmCeQR7JuYO7bPP1ShlRJR@Gb{0{XC7$ z-3?Q|siN0zsi^j*J=ClrIz6E&R;Sd48++$7cK?cWSrd1UYs?89UrioUXgMLXteRly(=x7s$@Sz9(U|5oKBulbVf3C$kxJjc!uNq*kD!95lMtQ( zVd3-7KYz8yQ5Q3u4qpsm!nwz!skC8TT`Qu576X5=dP>YOe{ ztNO5u^mhQ**qk=NNS7z{kb;fkKUSuf zD^9Jir)}sYNa?P1x7}NX$vy4m;^Jsttm|%XE+&@OR!n{;7t>jKaNjwCWBn<1NsraO zYIp6HbGLb;i&gDAFMT(ypIh%&wu=iKMhAD*yzY*{%I>dWEC#rO|LSx1@xLr@Ue5a- z{QoHb#X{I-@}^Y7xA6aa{73w-Kcz#{uv54j(pJjw2JcFL1;6F=VL?S!u%F_;i0dW& z`Aavc{D$|t)&DffC)-fB%dh1VtT*41U@=MR8rt@B4}^7ztttK^Wu_6X z8c9AyX4AGhr5|K}s~|V^_f(TBMUv!zQv0e6^@Gp3U29)dWBN_n7eCg_*mhSl`=M)Q zwQ@7-?P+g332IN>4K_uC>*(w09Fic}UGMJb?zAR1_AI*;Mc&=*rpE8Cud05BG#Xc^ zq2d)U`5R)T>6c6WAn(9G^zsm+LP?uDR8Pxbe7t=xw9o|%q) zm%_g8nQp|HBlvm_{*2)36(dpKV0Rbt*6#0e?eS<(#k@28FF)2!CI4$sdoTY(J5sy5 zivRoa|1th6p8f>?4gX2D!b+^EJ*xYEk^gT8F7nHNYLEIaayNF#*k{4M>f!1K+F$+v zUznSjx8F%9a=tWZnga{(tj$lW>>z5 z@$q%E)sgKS;N>}BD+jnG2dF$mc|#6Z1YpqE+HNg1gzXTFhu=X94)8k_rU0gAXsNuI z=ntu{Nm}-Eoe9n3CN%$A-N|NL3R`vN%VK>=u6{)AU-G4I1a7}x^T&>Ry7}X-@o^Fl zmL{JCzi}lEX+lu@l#KGa7xSB8fAu^bO2P?_^XOn6*s&XlqO;fvTk=%So>b zxds%iJ+A@MRbzm@mO!n&ul<&DWz@-7-C~;%O;>D8)eSDKoPCFD?po_#K!yk*WqtG> zDhX@*C6(mmB806eX`=gf7I9I>&`$bkJP$RU)vi9Ya~go!yIWq})7sYEI3H=}f-78eCndfgySNa)y1Tl5AI22#ud=K56hJH~;tjsLSTgua(m(=_cIu zIofJB4Z_Ho(CF{f5wPDB@5!V3u3Kj~Ch#af9V^Ax&g63P%RWu^j`_9||cJcd#GkM&95Nk-t4Na z0w`+fj}v?sRih1(hJMDG;#(T;5R1N@Hv_i@?5v!iqVSjNN{S}Lxh~K{20zJr1n#g5 zz6mwjn{B>X=qc2=KDcPfm-4Kvp6hdD8#6i)+MNZ+7ud@J%mNN}O@LXz!LAK33pm(2 z0?Yyq_Rava05I8_&ExlbsvqWKi-8Ns@;6jF`9HYc(B{)y#=S=;SCvz z)T-49rP8>L&d$!c!s+!IkR~1=IIc%udINxow-fZ|9!%lGK3I$S9seQekH3qr<@;A| zg{MzYuhZPWB2>fo^U%EUcPnZ5IAMXK6H=^Z-y#M3Qry2{@L7Y?!?#%t{Ib=+Z(j}k zGpm7rcQx?pl1cQOjQI-fDjFBZ((h81omI#qsE)WzWxv|Jaf=U9~7(!|U5%>$RG;pK?L>k|KF&2TSr|Hu&Y!$F&?ruCU#r69;VF%v2G$aWr`?*$!FL8`l(jz!rY3*Ou-9 zEp6N-s%f*gbf+kDruO#sKGgADc5jlODN(o6>EFmW$x8GYB_&(N4zt+EHrq0|#AjOs zx7PhNr#9RLxS8{02N7bYgatu8*hRJ2nug>n(TX3TRB(f9TneA&jn>NF4b(rlUd17< z>Qhu_n&{=8xT20n-|ueRWaLI;ujIEnYES&7@Y1+hk6Us@lzLVo|Q zG+qUge9YX+Z-nLCZHmc}rFw(y9_PEEXKAmUz5b`#=LZ?3hFMuvETs7snVt)}oe8X# zZM}n4XZq-dgx8SFrGI7A;bKwMT`her5F)-#>6dUegj0(;4X4eg>(hA_wkA7b#FO7R zYM1son`_&PdO{gk$G1Bo&E^`(_X(vr1)O}2s^uC<)mGzV!dJR6@np9*um=U|?Mv@~ zya|U=xUR!{YF+V&KU>0z&M+3|P4)!U*bnnOJyhk%lCdluR z=m5qIX0Z5ULL2|Mo+T;4jo-1|ozX(v#*bP0%W}O{XS&^BeypM^=p8v#NA)oXQiY^8 z{s|JN+J7SL!Rsk<@=sbxZ+5ndN_9 zWS-s|>+?0~Rd8})PEv_j5ml2p`Yeg&VP=SOdFFFY=w4`_3GLS387^#|NQQ`#`)7Uv z9N$@c)j?~?cNy`SSuje;o~O3cpUON%Sex=uA{tWQ6Xp1^Wq;D#HOI9+Um_w9B zo$1esXZi`B&M$a>3Ww0H%^q9X<+WzEt$vM8(aC)lAWdMO3or`++b2rqQlRuO_$G}f zreEM0OtRzW1HJ`Z8lM&Hn!G|kRcbb4`WDz|WA<&tp?bRW^lWu3j?gTG{+DN<81E&pz$d? zfp>SO5thKN-C`r(r}CdowF$O^dv~`>12_O@u7)7dEg1k+Htp-1o^XB2<JE~AnQ%v3tu^Mrxz1+0;O4SzOadxf)hc7drm{Ux*%ljr z+&Dhd=2o~7y{lrZ-t=WP0(1#C?{|k$w4&dQ z<^AqRW<=lb;uMA35;~f+O}$-1YE3Z3e06*TMrhjQ!Y-U#I7c?g;iOrT`3m;r^6swt z2YI(%d64856=gncb!F~9HVj@GyEMM)jDBrv%4@2zQt8%_6U)W5dW&=JP%e?FaNU9> zJB|!|VVu^uqe+9r`+lr%GG7dgm*L!qZ&Hf zTr;g%n@x`Z)Yg(7rJt^9tv&q!l_njM>a%eyV7!^I9U}K6ev}F23iZ^pbZ+Hwu(zOG zc_S?M6E(tEm%UZf$JI|_>#c6u&AaIEP9j%ExL!zfX3+-d7}5acIKj2Yq+w=@Sg3uB zaL3T%>AtelsIQBxWiF1>K8<6z*xrQ3JK{wC7CRLf#n=%;B84U$)b5NyuFrLuKiX}J z`Vtw__PL_C2v5qPH~ZmGXp&P`SQuYwz-rW>38~ugri&LX4)tX+bF?6<_03P_L#M9o zu9of6{dy&wS8N_*HX}wc#vmP+#?Kja-C~UCS-Q~5i)g*3di)aPrJsef$^L}g@PMW& zPW6FXzO?>o8XLc)Ix3BgovtF?$mych+ET2es&V6Aq@lIn^Zd5A=^}VF#H#vL(9!zAal_c{IsrNgKh2;a$KCE$naPo_-jD`gc;(vJ1}=oUjyw zVKo&_FusS6)hqLryPG>|Zem?s-mXtrMxP@il&s$qo2&);Gc&qx9?=qJ{+0$cSUDgz z3jjYkrsS#hMYE1>U-BFOPb7k}j_yy4Qcqkxt&UEphVR?_yz&2%s6o0D7C1WD1`4u` zw?X$MK%t{E_{pn*KfD@vwC$vHq`T7oGl!YG8^5siNjz3#y-*$1v(WtIFLO2$u(TZdETdESJhNzpKogrYk!lyDBviA77)*kmDGbZ%o(%OT$UiQOB5&2;8 z&n=C%=C$0{$;x%?;t18$jvd)iQajM=&JyKT%CuYGPdD8vtZ_PRKjBdFWPWzWew#JI zs1b!zaHiw8qgi%n*dKVZG0#x!fZVdftmsFwQYhtagDN!9epo==BJO{IS`2%1yHK}{ z6^OGFg4(Bk>2J^wciPI*Ma@@fuJ36N;S6#+61x4VIw@fWqv4JCiAU!1#AD1Yq{|7H zHUF%7og*?I2S~xYq_C5)^GrBew9}uPI6QMtSh-Z2s zkEw0{Xw}^pDM-2PKS5qkylmRGFI2BI@wKaf7W(zO@N~98+_;0z|UL_ z{PmOJ(wAI9IrZmN2l!x9hi@_8FUbLfTZd^il~(6$=JN!1($t0ZCEUk^zEwsM)r4lt z6&oqm!qtT4q`OoO=clE0C+P?HvZKBns4p#JU$auWx@5iab-hYgZ2{1MeIvju;9%bj zFbg=?w*t%p4)*N;vw(v=8DJIwHXer9kk)6Mpo+arADOIuENz9e{BNOgN+WVNzqza}y_W>d zIp558R$u1hf_RS?Y@f0LE%_ z}?!XlCC9fsJ>o`n@bX)6VBzKpKtr0A{gkDV<%U zbi9V<_wub{NZU)b^w;#k<=ex&PA;HoT&UdM$7g?k$PZTb3hUBMLEwA|ErIhT2NLBe zuE+z;^+%gCH?Ax>NM>Uyi|fCaKnMNzUnVg`V;f3h2z~tVC^?I~#!&<1Gu?Rr8Xq9l z2|?{s(n2?ssf(1|8gI@g{jA{8ZRO1Lwg)6c>RLgqhx#R87dQb8U^c1SsVXR`Z@kfNUXY( zvasID8T!g~d0*+P+zHw>O?7cGMTt{AQ#ujCx^2Jc1lvWt=2bF6#5ffwzwhHkfEZavYM?h(Mv56tlTPR80oWZ~7>z$>=Zhb^cP_ZYOxg`n=kfKTHX?<;Nx_Vdir4~$`0YxshYz5A9qFLsDAUIU>w?$!{JH)$GB&IQPKcy{Mk}GnxelKKv4TM z{>#$$YxVsj6n#Qa`;_30Y>A(@yDBdy<=3p9kG)*sI{->Gd)?AXiIa;uf>`6_sJ+Rk zq`9jx?99?|r@hs-fiulTL)$_o5L{$VAEnJ`n!j|QB7bSGS37-(ieqVV8nxz5X4qZK zX*cER7*Y>syqnESXWW)vLvG9z3ys*(JO);~{=~+ca~QGE_tdv|WaUgtV^!aSxxu!- zrD~qPoGN=~9?N=75AH=Zc2!Me^0Q>#ZxEq2Bt_hC<+B^I6E|5$jlA>l5yf78i|?8* zt?pKv;&i*UJ5N~icHAwgx{yC7i}pOKY*^XB@4p9dAnl{%lhF8hK*nI@WMJdGHm)^T{vpiicher2)2ouz9*WR9%w&Z3CJFJ1$VOZ3R8vnY_7B*) zZ$}EHn+lK7PDLAoz|s9%Dla%Bjs+ORz#5^J~a^$IDFJ@+CCJpC((Bt)E zdx6%hAM+}#!a+-Z;&e?av$%ZpWBm7Y<#aoi@vY`F3#Aon*j6*eNIyWI?dxb6ZXxH| zoKrhw49li!wR7bKKv4GSB(t4=R)q~qpGSop3p?xxw4LTyCSYs&Y4J#{-PzrqxVO%n z%gtdmVJfwTH^0FGp>DL$QbJCWRaVVw>#3Qj+pSGacb@si%FH_|7i>(kYW52=tMV42 zd{p&l{bEEZ$b*+U$s~n^x9TZ>i}wkA19Jd$n{s2*cV1um2b%a|_iA2k5ON<^tJeV= z&QigM{%wCn`jpcKc-Ox)%2m?~`I@btCoF;_`MWi!(T``R z6RM~|?cHL|$aL}$BP6_#?u3D$@-dZnbiLL}OPwu^I9U%?F8?P}aA$Otpl!9JjYeIs z*0%kDwKwWC#QpfBxZN)x?k6nntZDNVbWQnwa#GxKzH5v7DT|BLGEI2}T~ofFo)ov7 z@7m%%VsR0WrpZ^(HRb#0q`2jL*B19Ni`&zj@8%r1pne4<-}cqj?`I~(wS3nS_i^r? zC)p7Rs%U9QqBj{}JM$7Tv-5E|8^+)dBByN1_*ZvVu^*aAmLC|WF$K8vV! zDF22U*gh*7)3?&JvjI9vdLJRXgP?)UzSP?Jr)v5(zOfc8K!&~iU$l1XQ@8j}+lPew zmSo=wN;Bg=JqAxM;lu{FWCw5Z@coOpRmfXxy7J`&@t7jr#XAA&ujI4o1a)w?`JFxh zi6;F-$z#wzV#`v4#!>o4c$dzG9cC+={EVI6#)aJAu-GP>xTLO^WPAHd03K{1(VevW?Ks34nINC$KzPq4ZQ|#it6>mkGaGxG|y$UBb zxU1I?_nVXA_OG~CarMaK3MV#rbKGYp#qC>hgyQOv#}!U&@aDMBO^G|TEefaH7LWH8 z*|D$h5X%lrF838F?d zsWXTq9X#lq$0z48!=;yU?4&pOPc_=l(3aia_7c+ly!veNu%dO^*yD7u$@$H$*YM{0 zpi!s!?)$lZtJuM3zX8&!&R-E{lL&hk0XJ}ql54!^XjA5NE92qp(>_EvNuEqSyGsE!qxHBs_NY&AElfQt9#S&k^L|o*V>?#K1}0V zaWp+HU8ruLRak`dFEW`1Xv;hJ^ae?9F)*Fm(NgPc;^U~BtDR9zH2!(ANdJ?Ek1KuK z7`P0(=%9_oadrTir=KKS6rQ%J`-H|cvy-kSJHi+ns}8v{sf8?|Z7Zu=i9N%A5!uH@>+#igAJyw)Y+Xs~GeDHQ12pF( zChY~Q->w_Xc_e-DNo4xd)zo?V0MRk@)mE<>mZY2>{trob=6VznjCWqM*G;cc6|k~j z(qVI4w)FwD|8KC!yfU}fl~2N4z6@>bhLZxh`QB>L?Bao0E$Nk{To%kS1}x{2<;%3^ zc%Yw6*DpY6HmWS2(OTPmn3eqpkn}5HwVDcgM6-LGy&Y)w2#;3vh^mY7gwo1>tWSSa zEWL-m!gvtQr2GP2Wt+ShTjZ~TfEFPdUPhvk4O?@UNfQt)KZ;R>t;+Pz;t4kh2HU}? z=#)u>^pSo|nJ9jLN7ZdT2;#&O9c@d$&TDoE*`?o5=r%%b0p39*{5^9M*Uz;#BexWuh-(?3YY6hp4}%oXAxDUZ&bwGF3db zt%+9Z-?C{w5WL?^-*)0@YptHW7lK{o8SAs(sz7p76%5wg*fGEI71I7aX?uBRe_p2@ zdyBT>nn-9?&naOV>$K-d9%9~OuVAwS;odI^@OKkPuT%Kx#P=g#{zzHNLc)_ov38bzhY<6o zDus^!UEY#5+K%n~rthZR=f3X`_tn1nGOP9p)iBdCI_!jPGo3GSI+f>?*XVA1E$LMJ zx>?XQt-1d^DQ+pqPR{q~k*_I*6R!}cc}@9+ z&*NQ9ZD9>O6Hd9@A>SLO~lbsn+d}mPtzJqI?3T^JgA>B2!SK*Y~tL!aOyb@{N zWsh-&Lb4q`k^KM0xaQ}*t$A&p_ts&ZA7?)#x8$b?UlD5_E$)+;48l@5$i~5b_?jqr z8XUJ;^My~p$3#P9^zR}uA1`d2eoEgGQ_b`&-J)_h%e;SRUPzt<+q@K&=EEm$rlZ+f zFZ;6?^*YUG+~n9`;>}JzG#LM}9m-}QGpDzOH?b|wE(Rfc4Ud$QbO>k<=>3WOePChs zlwKs`Mag%Sy=pO@m;Ee&&C__5tqxXA0l$!pPI?WV-OP3ct>U zf2Hv2T^JdYOTJzBcM8ABh5w-NT`v45h2P@B$SA&Emx@8F*Xc%yPz%MbZAn8%ZkgKgou z{z7&qg(!W|XdX@%ssGPW4^rqjyO1TwcWub+SaFIEz8H$zd*TC&bI^!RVS)PDhuOlYS#58!9LMG2R{?#kLr5o@C~j zPEzw9{aYh8V`-<|4OMF2@i_@vC2l1)w)7u+PWop`9F1BobMjZK)VcoE_VaQYjmMMf z%<;In&aCtN#dthk?ig|USIg1G`I`{JTIFp`d@Fb?c;FRf6Avg`)pSx_YWHy>b*w9e z8O?ACTs-mxOaD$TRd*`HN?J|-p?uW`wWsk$0~Cj7?pgfL5}RM{k)!2^HR5kL4QEkK=9L0t~ih{44c zFMEO_H(GcZ)0i09$e2AP{%9n`z~gCt9N0*#rL7ZbxMPGyY#bQt(xak4Y3*< zGf}Q{tf)~F8LBSVYMiP*`zypaZB!fI-KT8!;ZUf)=HEBgyV`}1x~jSx3~sa&Bdr(F zb`_eMf@8WvwjF`A1FS%}HQKck-e$b8LOXU8>fT+#hPA4? zi+I&dv~;%RA#lG9$u5bIw?&_tx4_1&sL`Xm&$PVt>`QwsL4}j`l|f(ro{A#_v$OB# zEE#oCGz8`45~!TEW?ybpu)twgWcPY4+IoU1whq*32_hDXk`B5Q8 zvJsi38}o1{T#ezrQN&4@|1=+JFY%pF(oY%ux_+Ja64$=>6ersHjFOG>Qtx7=wt?tb zIO{&;N9^MC<7`VLuV?4OAGWiRh5OTTHib3Lls&Y1<&~tZzZY5#B!{)^>EXrH%CTu) z4sG{3vZ6%Lb)_?`cjv0jjB3S%{#=_^*w$~&-g}bQ9_@Ssx{Gx+x*qp}1ac zGETA?IY;TvJO@ca>l+sMmHA5BZR#%~lGmM-jYhmi+S!PdtH*4PjN7*OFINvr5VJA~ zIuJK?6&2&wN61&nVxv^_%(4A;NDAw%$Ezq z&;E4E*5I8#382<+ivFWHXzE5g8jK}ggR!sEVC=7-mNERuv{YNi4rQv5%Xec39Hb96+ae2lgj+WCYdN!k{GQ?z7Z5j*ZB1yl*jm z`Qq`j=!U^vz=6tYOVXGS)IKG%$t_w{JxHHeht#!;wj}B0!6uarNTq$`Hrr34D;B&g zHUi@oTfsRaCT5(d{o|ktwKj_x30}k&Q83LnGwqz2$`+?D(+2K`^gthh zI^W8lf}EOb$1Sl4JDKk{rd4AHIz)?B>pf$95Lj0;CP> zoB*?cgPj{-762w&oM?>L?Y}!Gu zZuv%$EjHI;^ zpS)V-%=K04xKE@=Ub&*N;lp09b#F+^S(3Yr?;LpFtF=d|yII5DtUkpn1a|wBA)U`n zmrf3JcHrf7^r^h}6w=A}S-gE6)+FyAK?Mi>NL$j|;&Zqv$J4t41IdYXy zl5_bs%+N>hC7~6LoR+_rtiFd|ENIDSay!P(VGcA+0Xi=o_c5vU?N&0B+a7$EOS*%G zT{j2Mt2|5+!`2T(=a??AX;*O+fmf&P@Hpy@qrI|Gr zh<2pPTPZz&$m#IroMPUg;_RoY!68zKv)>YQ=jZTTz_q+e z^~IjNHp_;-sQczA#p%-&rZ-Cku{m+792hqq0|&#oOMUX+5@`5dy%$Q1TpC2qGQ<2k22pGO0q6bO8Rr&k5I0s)Q= zb!SM8lILX-XsVGQGBCC~n;!I9taaW7)iE_Sxbr-_P(>`e%$n(5K218$BaoX&W<#ZoM>l!w$MR3k_K7D4bG{0+ z(ANtm=<7qgeUA@Gmg6~lh68-s!kHZJv^B(&e^mOD{W-B?MCNI33>>!oRHucJ!YDb9 zUS-GjEwm@)n^P=&hoq$+~IPf>;%}MF?uebx5<32rdn1J21;CFBJ@#IdRuDzNT(E-wXfU?Y3&d-QDJSMy-c@@uU zsyQv0!!*l%8R@;etdxGUlL=T@ZRuMD0#Y$}mxs3(aDT62QrYytO3x+~TPOdIJhRgC zYg(4p*qRd#fWB$wp}3KfJPI9+_gvE~yT2MHk-IW5P4X$(Vte!~GKzGL-#4GU{BWLI zvwxUm)7?nLPe@LdYN^O5_t0`0qpCbxMCEhh`adX=b)&WUp~J!Em89CCQxD6El-*id zw#AbF^cRh)at26i7oThMBFl$9S7|u5pkXh@ zUkTZ}X3`H0wQSFm;i!W?z$a(H9wj$ULOaaR3|dCJYZBV|hGx(b+U$6COY$C2+bw5S zOmcx>;i7T=gTj`aRy$N{NVV*0l5J0l6n*3owe(tcCtraSpUa)$XmQ##N|QHAt3Y*i z-@UE(6hc9Q_)up>rKsvxJ*~CuW6GtqDVMy9nG?2J_EjsrK?`EgxdQflb-AmBJ&`wR zKYv|!if?PRbRoGrJO8{LZBV%uYFK4eQ$7~C1Y8T7fW_E>Zn>v%ZJ#F(M=<{nW$ztWT zR+L;vg5f~L11c=FH{F2>hdKUcjnv(w(z~kqexf!Ggt!So?UN=(1oH8>l+ZqqqX}xC z3~l`G64D2Sbdb^#)IMn~yM!|{_mt2c%+nIoKDo5+Eg^jl?wp~~!E~v1`svsP&Hqm4enD=zfylERjHh3x( zs>6p-at8#CoBC%qPT(mKco_E%a7Wcx9;?-G^ZaAse zTjWHjYExNDx`5!YHcqlLPoHsdN7X8{<|>n^!QF$~zr`Pe? zGjsM#O7amZ(#7dn&ql89^>X>4r7})4MV1Nkvqp)g`8muk z#jv)nyM|LWq^zB^RcRY+Ey<^$I^QDA=eYxq3G-Zw?PVi2O*{StF_A;?YIAO%(l&|g z5l>3quW5R0?qnT3ZJMF1N5RUbA-r({obRX&)U!+ZWE*R>fs@=uU1wj{(2a1dt^HoS zNpkmJcgv->DWL1vQJ1hh#)TKlC|uU1w!ist!lrB=I*8Ap-!612*3MsoUQKQP>=QYj z^k9A2YsuT~hnfpG%)fL9)N1-3yuf{j6iroq@2&(!UWskMPw*)Jbqc_>6~LHmJz2IfxsUC`($rt>W`3G-eNrjXez@By9={L4DG2VLqX9O4 zP3a~CwNJ_I;Mr_n&ZoVig_{1R%cr3I*@E_L@nv2xh_dJYL>rQffCA2bvi`q#NMM*N zPi%g))}Bv^M^C&tjJ2_w@gAp81?|tSncz1-WEix*PZ-b1km-rqrAIGp=tJFP#QMHwY`b8#0~qo`&|xqwINa7&&`4N zod8n?xsp2HU)HC1g}_dy8}!-dgmmnT#yakKD^l#zQN4wTtEz*=7=A8@kC8 znOw~CX04WfN9lZoK3#eSiAdO1q=!)-C0XFVIXi(s_Ao7wEN0BZD6-M+tO1guuGLKK2lvs zT4CNkIA6EQ1#t3RN~Aj)-^FlXdomUvTVU@FFbe>iY$tXZ_kx4tl%b8QNoq{*4r+DZ zRzaCzfB8N^>8eMIZH`?Nye(9->J_T>TwpQBvTPG6%`g<3jHY{}enM`+Gnv}i8}bZF zlMJ)-RitUtw@=~eY4CFONMU>xCEq85IF)&8p7&+3Yx0h6QvqAh6v)s3e=x#CcQVO$ zDEdpr(r;6Y(m3pWhYHF#+_t)L7$tsFTpNeiF)sTK#C>wwd<9)ozUa-G;+FGWTU?ZB z#Qn~+`3kzGe9^Hr#VzN%wzw$Xi2L1X^A&VW`J#_&id)Wib#ZU<`>Sj7WqF(L15T5+ zI=7X{Y}RrAr*135m=MbGTKps0ydAbHwE>mSy=(PZIjI2uw>~RxQ9qZ=v4%NWIORDx z%;(z|<*rdx_`94sp9^QYxKn*)PL1n)WeVQBXD$C9%`{K-nIW9A4~amt{C})1u5hM{ z`~Q4|Oy%?c^AS?`! z9SHg>xioCjUs-A_w3CAo&a-zgO1KTCC^?PkJggv-3-t9H`PXT5S0*<{$!|W?&{#~+fg?DPUZiB)bYFc&knmT0mo;31R^={! zKdJdXPR@|L=9W7pU#xB>lN(bGY(YJwsz~NK6oVG!q03^ra)|5Ygmvl&;S&_5Y@{Yu)d(>t`=J!R~L z6gD!`IQq=?B&I)EWs>HaoO<>_N|R$wRh87{g{&KNIQxK#)?)Q}b1*RbXpy&*Hgl7m zDGo8q>3)7q>7pRa=8xuOa?<3wrTbrNN*Dj5*~^M_owT^NbhoQ~2R?kUoNnoyPwrgi zudp#Vm-)NG-nq;_752_$Rw?YA%V1NLJC}(R_ReKm6!y+#stSAOGHnWb=Q4G|ZuM-& z39A>rqC}|0vUP}FQt{4Z%ARCgd(#=w3qklYWsQ8j+THacNuZJn0~B z;W5QIXx03Ia!v9~B08;d$@gci(;45?Qn{_?{t1os&i-bv%7W9KZNSmaUm#XHZ`X;; zzVv>6Kn%9VUlWa^&oVtsT~`UZCV3y-LQ~wbyuZ4*=+_<)1&7Bjz>IN;M$0GBs*8TU z%MGsPy2O(znB39h)1s}Sp&0E*cYNuq&~{u z+m8nuRk&`m@-3quzb-8!zb9G068Sw1+h*uX4z&3!H#OgZTS^@ISJZI$`IZKuK{hGZ; zakOLpFE#f__*khnz^4DJKuLZ^9lP1^6TH%y#ENR+Rnty)cED8m2RBdSoe}#pn~`T* znxFI>3wdaK#TW0MbX?k8YelA7KT=!izqwsaf_u&1ssJ|4MztG{XW2g5kA-I`$5<`y z!uQ5m5`fS}ElKww#V}Qx6;iI-c4i=0)iLkndM4RDXqx${wNuwe%@VYVQ_L?qM3?t^ zHoyH`c+SmRc|JajB%&mNlwr+8QL==fvjjJ&b5HJFdduX8_9G)U=bTnsB#1VOZhplX zNz}wtSIYZj=R2<4OAs;Z@NH=Yo3hF?jwW*rlk7}HPg!&E&4j^>X2RWX&r^|PwG%OH zBR=?ceeoFZzRB=r+XLObIF0Fn{J9n2-10z<+YDS79<)@mo5=^WITO2Na^Q>+e~45u z)t0PqJpLDAxh<+tlc9cOr}|sRi*rm~nr2kNR?J3@ZNZHPdLuWcd>MAe1B+-IoJ1zH zNw(fN-NJ#JJj}Vgx++@}|M$uZPZsd6aUSt#cIw}g9jLMS#mK;Aq$yn{)T#U;ok|+a zT;17*WLD3%;@OcM#Iv(hf!wuJZHv?MNx#ckFP#gyEfmppTt#Fi*0oO zqnD9>rtNaNDOpiV?rPnf68QN-{QCZ1`?tNxkCtolS*-KgRwCMLX*xX#HiqfcMi8YD zdtIaRIS)&3*+Z9cSF92mVTHl{5IDKW{_2a|reyJHgP? zvYs1N{a9P6tcrTG`$dmc%5+P4qfj}=mXi}elmjxyEczm=%dJM-vNE)#9~5+&9&xT& zEjd@mAD}Ie=Ra;kq$oE8#hKC&$R+Uk_eGi-0v2bj6S;5bb>*|tSQDQ^UOgo3^*b)F zEt>Pvc9i~nwFrG`vJ6$Pj*=Njn@w0|6)gMCP_xvdhVSuqgR!-ck5HOSiA=C{4sHll!?6 zh^RXM9y}Ob0A%PPy?EI z2#N=~%!%{Gp z0Vyi7x?S~JhB~F2t?H%eR}Gs3b-UgaZE(~58T6^ENS{99?z?JN-Fms+G-=i8?z=js z@(@bz4&fGkrQ{Dr*7Z%x)Spwut|Ye9NioC2m#JF|9dyHtiw9hb)!B+7LEn9H59-d? zngbV8P-Fydy~m@>nTjIQ%QDK`sVFiCFQd%E8xFj2_TaVoQF1tMVRh`R!D|~t$sRym zv(S{Dy_Gw69WZ+z!R$dEsV;l8FWC(@l1ct*_rSOTd?Y~yf(lFPGLG;8|aFX!f3oUFf&TdQ8BcDyr(v>UX+|ydYy%_ zN$C~EO<^2f8_@1V>1$7v?8ED{7VkB!*3F1ZdJVKQ_@%=6{lNNe0bKLP|9r*Y0;{~1 zAZgf`bukGKFB6yF#<#9=TJ8p#J8oj=(WubwEt9pnb`38qrBkd7oNXE0)!LS}@BB%0 zTieGBr@W^1z8M5%O}kpZ4s2=BZ;H6Krd`LlJr)-acIAA%Zw5ihw|{kOY4#tLK4W!N3lB zTO)ACoJaBM*y6n+<}zDqUJ>1qXhSeuuaD}le1bgLPNWU0F%3(~8VseR%_i6bq68Y& zbXHAe=SDGg#Io^Q0BiwVPmxo06;Lo=4w<$2>1+5}LnZfm*x9%OSbB|z{D&Yf73AeW z+;Mb&0KKsr-^N6OBgC#Xa-Uk4Tq&O2Rf2t zbFrIkH(fE~;(4Zdlz+Of@Wz?>Qp~8gFCC?L_tfTOf3&Z2BUkUzb^BxWP0CGI^tm^) zUE{R5sKKo-Y((9U<3lsIvwx#_cNK|G2x^~_jfJ#X3F%EjVrfvH5Y#>;o2V&i6T#JB zl)j3v`69NuLr20+UFC*1hI77~S30S;jn(hUhh$=ZNXF5Zj;j`jF14n4HDT^rPY?8KaKEiK}JD?9!9Cx^-d`2Un_)iX@^z=Rb+NnL=#c*Y{h03t3 z4;nx8!-is#3bJI{B4@Gjm$*=yUyS8_uAnYdvxzV<-bOo6i&o(AhBVoys ztF_aY0d^M_M=j~=sCu^^*_gLG>`h~Bdu5ok*|R}BQSjqd?z3Cy;)anP=(3T=@ zeH>Wgc!Yd>G?Cb6b^aZNgWOH~cL0)4~b*>7aYP6bze~@;R|y z*_8D4=X#`b3D9&OlOp+q#M7{5zdoe32Hmo7n%C@W-eZEF20vlGMY+ZagQCf8#OCnMUnD_@Ui_aK|| z4|3{Ry123>{dj9@FSd@+c|DuTh8Gjl-6WK~opR+n+m-^3IhSi9C7|0R)VI$i9iZ5fIr#Qc>~|)>(srs z?<^7D%j5UY?=#7{UAOAgsZ*y;ojO&wZrvSu1w!+>L=u1NDF)gWZ9uR()whgNX=AqN zWhec!p&s-wXp%8rT18?Ab4CH|$H; zh8%bXyONkc4-&4JlojTGo(Nlz$ZxPDm60-T{qqTqZ>-Qvc|4-@Sm?<%e{q-VuBvO^ z;qb$6PA!hn^e-UG!YH9a(eJSY%t;@4@$$Fi#q;q%UW$;sEGCo}4nZWZw<>i`l!V>0 zT}&dqAB&m#)UHwZ5_LtW*$?KK9 zf7KO4?Bsgi1Ys#+vbp)NfuD2wWkuq-m8wmE7*9^();aTr*h~!nF z>EB3}io7Zm{hKVIzr1cH9(moOqD)?jki0A=l-JCdysnK)MA$tOV-k5Vo+=tWlVYi# zCa+m0ubpD@x)lr0x@=}E4Wig?=SS^kE5FU1uKryFoxJY0B$bgeZvAf%>@P2tn6k|^FEsrkl2?VMe-BwI z@~TkuziA2m<#jLd$m>28W%5#lM5si=cLn2X9F)6$H4-j>iUyIi4ySJyT<;pC+&UO-xAvgx%8`lgK^sRMF^}7EAp!dGUM${hA(=*OQP) zlvGU0uKrU5oxHwpNh%{{-1qjce;C5q8fWF^RktPZf=xJ!7e#Ca*(GUVFvl^(-V3B^8sh ztN&wyPF_E;B$bgeZvCGU>@P1?PqWSGOBc_NhCzUKN`DOJu3Yt3uI#*%JE8YZLLv>sKnu z;IZye|hoPDBJw_>Dj+U@~Y7EUnfgNUKNV|Z!Dp|yxt%ldA+HkOkRqR zyeuY^*P@ubo{39D*gbP%63Jc?(=XBJ**BK@Y4YMJ7y30fCacl?7c`*qsil>TJ&-_^Gns};8=-Drp+F!bE zZl1C;VvjM|?(bxKfad0Zf`DT@W$gR!5#grof3_r*pRyYH?<-0B2=afiBo)rF3S9la zazX5_tc<-Ub*yCm`lcg(8p*s;mj5^KD>AQ?@pcCRpmZUOL#;yM`!T!42COOVqJoolUjuo2zCuFI}u|m=J(n<(*x3X4LMLhCK z@Z;pA2+7N0LU}ET$?JubJ!;$KR@*%bFoqQmNcq^rMKqG1qlg{7=Wzd;OW0Wr+C4dt`lA=~`5 zRntdCb*$v`hm*r~m1rGvG7f=Z0ks$ zm9QhmMklLz0oAay&dvHb>)b0vZ`u}w8kKBRhu8mjA(gRLwVEzur{muRI9A5WY#xJko(U%TjZQ$(+?FVCnK$gSR744o&1#J}1b84SF z?6*-KMfb`Rme=<;POIF97LT1pOVPb(#q+H1lZPEI%A@FBd3dVf>PZFT`A_eYpU2+H zujpR+`|=&WLsc;Rx|D4J^hOWo1lT#KsU2h+_7^?0DfY%o4uq$7m%Bqen#3Cwkqi8Q zYI}!zbuXNVl;KR{puuaUud~F(c-H#+-{0LQz4v{t@KUezzV}Uqw|k}czL)OsTAp`` zcpT<^JYo^OG4^pjCzC3B|7?xb77(?M(LU4_C{RU#Vfz$gNu?Jvj zi*Vy0JLWH)TgY?pkJ*Ye@s(WV072DrH1CyO4CXp3+if=ui#V~<3yKI1Jqi>0md)e7 z9EH}~tNCfaiSVFg#vd7DWbh_BEoY0dcLwGrzG#mZ)07u*>Nd)FFMGMc?$r+tvUl%E z%=C6X**>pJpRcxei`g)Y{{PSAqz7(+oSdX3D&*224lAO18R-#YpN6!y*7N8~i8$?l zDXUQ?D>e)vkI{jww&XX)OdoN*uvu|&GN^d;?A(8QuVkjTTep)}9ewLqFHyK2RY}_B zUG>%Z*6H+ar=GE~V;EVwk{NfrmOPh6;c2LqF z-fzz%@BK^?F1&vbmRzJCXQ=$bT*&jRwYp}Qm;bCVA}b*p(@;V=0{H`6=Fu##^E}); z(|FHsMU#5#dFoj`wl2Spp32)r=W&W2@?Z>^fC z^7#X)dA-%jb>-{G<|WeAHN}HT8RRPLj{$#hV?%YzOj2vJ)i<6=BbWdh(79~Q@QmMV zBsVpI(2(*n*;M%ph$iDNlxRIWzC-8O<`&w^;um$8G5co5KazB(pxdeFnn+(^kgi)2 zl`WF6L`ykEgW4oZvz-AM|8Pgav@3^pS;pZwl(vP}OB141hE!+Mhm419DTjBKm%Yqu zk}H)!3m*B0XA~P~C-v%cB-i{l)Ch7qe3nfOpRxKiCiB}W;C!Ekol_o-?wu?A;dP1n z^c?Ey$&cC|*aM&lI|)S1(K3rmVS`k%MLQ4*w^?wuf=^perl9bi1t%&va-(oL&crLU zT2Rh&V_^;9{6q;hAVI9Regl%?%h9kmDC49!xOSTO@bdGu)A>qr#W&#gJjH9^a`Ch) zV-PRtv;7VKbXte9xYzc$+qpvEP6)V9n3!Lxmtk|&T$;@96qSaWmd*!rs3VFT2;a)r-u3}@j?8uTIdP!eg`7^55 zg_iCgk6jy(uZvv%OZ(?{a$`fF=wH@19Y1+3%|Qv{*(+5&q$XdoTc!u%g?120wS%&% z9qMe48X3%JofcphUZSD>v1q)@$M-B1vArUULbC8t6yZn(K3|=;uZZbSR^dZCQ2e0#)zt`my1EBP9JJKc=NtMy=`X$4jU`1&I0VoZ_Dvq5+lkRRlUaY z<@~g05a&DZUs6;_F?lADb=~NAqWncg<_tYIKFl}PuyPA6yUXIT=MSP9yWZp0^O(yk z_xMr81vK9}O?@@Lx46o@UyNwp@4f>a&NtYIu6L?G9a|4pW}_A4`?R5Ca-3z-Za-mYc^K# ziulWt{&?>@6_Kdcs~J_R%GauXC0*SKX%@7d?es0zmTaN!)t2la3ET2|f|a(^UDTFq zVOMR*=8@{MF7dW3kZ5gr9~HdH>aNVOw!Dx8HDk-?xxl#5cGO&3-mJoM7T7skT|o#2XU%b+8;Y@EWy+8d(09 z+V_q-qP7she(lSSKl;6^<7V1d1#GT;jb^2NjlEd=szqG;24WKDu6=JIWczNy_Em&y z->`4*mE;RKcMzTPC#WZf@r#o_3v)E#*GW6h{pdS4-;2)4&3*}Q10Cgrb{k{M6V=(n zmBUHg*f@-wzLhBL#O<^#)dodg%C9T$BHTntSpKex5JIB38&|VClNI=VRMvqzgkR}n zt?g6{*YLv6q9}%kdsNZt@;CVj3Z<_pQfs@49e?OhFWK`mJe!Xjb@jhV*HwQyc7S;N zPV_%vKL2&JU2?Uuw8|Gu-mD-tO~i+J_A^8COIHjrDlMPG__1us!lms0t`6NtS**-Z z#=9qN(@M3zprsC?wZ-rx0^32tX7JZZ@~22R+A&h?H*qNRs66|b$ROGwt^JbzSCLDi z^q{aDL9N$@^eF0nQbMc;gryUe^K7O{6?ZqeyRoXyzTHQaI126-VQj~K+xWWVxmHev z0-LqM?+Fg|J!<(uy~T|9#L=^94g$N$%efj<_ykCNBTKtes*y4;zoExryO925kp9#_=?5lC-zOgJ7%Q!Movtvx za=!PJiaiRA5C?;WMu;+Xm*mWN)Ag{-Y3Kr5UaCj?%x~zO;kb7T^{g1#M2Tg$y1<8- zPOviW>5g$v1AJp~4{kK>?a6O>FD~(MZ*T4y_Xc~v0rytuCrZl9(Oc8C8j>10U5ijH z-{QiUXLL)VQ8=oI^?O6Ffh8=$pFwPSCKtv);W?itQBssYONq0Um?-JT-$xO16w&0c z^(d1>Mfv+Gajp^*CH<7=DLm2;84{-p)nyAZn9uWQB0pbvu0)GEgLN08qET{xZWtxQ zG4iFCqA^k>#Ky>KPb2u(V)9^&lvfw}K;{QIS=FbToPQ*bPtYRC1wN8EdN~M-6*rzT z=p;CGre;r9eu7n?iSu0;yDVOMI#{vMSWp>bP571OFRS&(lO8sU1Rc0cCiBml?yL)% z!$~SgHz~XHQ0Mlu?KRbA5tIIIQsbx(9BTW3s_kv@6-ob}wE9Bv7Uq?{z7W&bFdmw} zAbLQWMhp&T^^lPo#MKssDFT!ymFR38C$WMTo5$1|M>Fm^j$g*C1$I93= zP#NbZ{ZTBl*nCUC;y=(CuZf6Q$Q8Dn9*9?I1;C^-=|l-bRX2ql9(`PK{@m-LYdM2Z$wlEtXC}gU({bDu6Tm=m1lVdkTvu7^TVCh3;-Yhnqov1Jz*Z~tkZ#zK03i~CSld4O1RY?t&TEB|Y z=hFP3&#-?XsYZ}uuznZt4yD2snM*B(XpDR*~< zY6Oto;{qE+e#t>T0^Wl60JJKDM56R}C(kVJW`>oIDu7&QLbmRl?Q5KHuxHfg0>ThDJS!x)?-`_Bdskz)&3k6#eSZU8UIuma9I*1 zi`P~vh=^gIhE0{(K*YVSt$#-(t`hz!B>6|mL$V})3x+LD?lBtvJ6I;d%HzLHcu)|} zi^_F_TQn)H^_k<;HB@If9aF9)KQwurUxQJqb&CKm+nc|&ttmrSKYrPfT+M{jeXvh1 zAg9~@4mRweXoEYyH9rS!4T_iN&nNm=lHs^htBXAWajC7rs+1Tl|4sECWuneCq&I0< zGL-xX!tP|)qi}fx34dNBU2DidPHX%4lTSFO8C7W{yI4!)-;+VhrpM2OeHorTXb??m zSMWQS-|+840$%|xCtiB@8PHLC``ez30#Vc-KD$`$WnVStd@QDyx#<~VQlq9rFIv$O zYgkwJ46D(r86DYcqgV08Oo1!itgK$oKBM}DS;f2`Qg?W~< z>gtA7r5f``V8C+u3ospHwz%+UI_{v<)_j9$i~MyAaOsSZbkBG7csH;qZteN|M*nY= zS;w=<^JRUGgj#+2q7KL9MI8$r$#kaCe}p1kbOr>w%~&;}@5P5Ua)tB1+)+uk-;Gsk zbY^^RyeIpaK>!2U&#&2bwCa8s=3n^*%8xvq$R3}P^cTW&qQurS2DC+lE91Mhfm>HT zKj}BYLhd;1F`izcGz5HqEK%+`m3$oeyKI7sEV}0IY+S3hqW={w_M#0$i!E@yXtDDx zq7}~lencBo6fRL>OIc{wd1x53>$;2Pe%WEpuCq;}y3F3KUN)P?l+7OLF=_XnwZ5Uu zu{BS9nSeQ-*YXh;?6%QPltd{17g;`bV#rSF$N!P+ojF@uDK=-=Eq5piHQ;02$C>%clmtF zLZcud7jEob?_oim^=LJqp)&Y#suiN=!J99{p3Tw}D!R<(L^-r-&|E{!rU@eGS}bTQ zGuX4uU=Kr28bNXfdnk7=^B|KPGa08s8@w&5B8b^wmC?%v>$$?uV|un3A6MlK=;LB1 zjb_CTn?hE)MOnSV*Qh_6%P-)ic#$k*s&ML69JTcTZR1}-MCy#m zMk%y|>F9f!u`^;H1KXVu>z+rO@y%QjMuyAI`BBs-QJvqCAI4=y8|O1=`Nr9N3y?tl znB==S3lKM&^;aHOdoRLka9->#+{V8N6Mew=>6^n9>Hder+TksU{79IHjyg#CC-YrB z`{ZIiftCiR9@uI5;iuf)SXl3Ex04%=_00tyhH>7eLD!mn{ z#$Lc#$Q0%Ge#S8_Fr2^=49Gnq!7;HuVq#e}QdwmJ;NL|$ccbW#{A%kJ8H zSC^yT+W3JLYiBuXr)RlC`Dv zLmK^(Xfe*2G0Bx#36$+sl0Cnz;EW1zMme0OfpD4voF<1evNulf%mMvYDUnT(aPV^! z*Yi3pB3V`XwlPo5CXp37xxKF#BK%H1mB=IE1g`EEYSHF`B zg@v@3!?7|5${@Nv@$#!?z>EH($35r!VdsiI!MIp`ogsv$O>T9!IzNT>;DnN?{PgPU z%!OUQwg7aI1(RYIX90_IKFGSHKUs82%#y49vtZU{zoE)Sd>@+hcL&e^nPD(9u6Aod zVZ9o6II3F^1xikDKHM1yXg*Li6WrMp+{#b}Jky74lDw+QUzxJ)3 zWHyyQl(d%JC^44_1gdYI8=VZ2%%%gJBp*IMOt>0HlP(`Wzl7GrKdFDXxqixfi143~ zZ?ZA}9ErBwn(qK8+^W2d`3DIiTd|xdsS$!k-A9Wnc&v)bKLXMgRW7MNR*=zQCHm2# z1JY}g`MqJd9|@OOZHa7Kd5nUJcXO%Za~{e-=MUE{Zh*|6RhR1g0#fvWoDpuheIzL| zVsuQeWg9MGwW{;qhL+n#ivqeE&4Y`(GM!nM392W#wQ9V~3?K)M0wJR0Fvx_S$T;>! z%+U1H(aE?1^x+@zd`%!JQ?re^<8m`tv^6G`mv8rs7<9U!rz5O4mqDOL5+gN*1M}9HWn_gP#RIM>>VyJZ; zAvMZmu+y0zM%RAt(E5E9mi3pMB1d2&N)rP;iI16R>{mhCx7zEC*gC~ zI*)I$cpvqtdwzdWiR)u;F$|o{N2X1Koy7C|L1U1U%-~+MoMalRaaUVaC771YwLn}nLes(q{^op3tj^EVZ&b#& zX|kFuvM@Up6JFC2C%igNiA0%PinW#&ts?u;w8YwL^9|CpXmFZUf__q{=d(+urJ5zM zKbIzIT!C>-In~ToXKNO|y0I(SwRmAeuefZg^O|gGO!G335#-p08mF;Szw3Tu%*|xh z;$>5fE2e)3)r%7rk+joycB9EA+NyF;Gc(U&*lg{aE!r$=q}naeDSO>Drg=$>YHkq> zA0L!&ouwitrR5fO9o^ZGiE0|d%+`=Ko9S2CjSaQ20$#mX9ewQnaKC6lAcJ`F#%wKK zq4>$CMixnHB)I*R=?32R;+3SHx4 z7_YW*#-nM`ph#Ey4iIkq za^{Y`;ikHyq`I=ZXfFNPNs2w@k>bXqvNh;!jr6ug26Ajebs(Sb_1D||)QI$l=`8XE zdTV4w;r2*a=IZQ$4Jrwj%oPX>B^HWn62krL}2kZM>!%8!|CbggRRzoptq( zrEbh-oXXZnWlb{LaUF=}k}OJ$%EEN(8KzvdXl;xGsaduTm6ht&B2=!S%GRR8k;V=} zV+SuluLs36wl>gMFwxk$Y+X?7?G#%}ssB5T&7iS^8fSe?8XM?n+Pi>e*bW_aK4nl7 z*`LVXHud!kLLGI!t@FCnXoH%O$QgrMG_$MCEgPJvJ#NAW3WO-3JDjDN{yoKpMC&sq zXVh5+#0g|!1I?dlk-r&OgA^hUEmP{%Y;A5yHgo(n+1fEBDKOV*9Gt%9I*@nLlfj=YdDpebRZlgg7cFKwuy|~JZnr~*x`zDBpPzHtz5sqIaKbJWtWZmeF+ zLp1CaUIjv{?sDBKtmDS6#SSwY=-bAwg=lm}b~}@6sBM`Kr&;EH|3*GC2DH)=V44K(QVAsgby%icVROyi0fnzcGwEn4mh$-24d)UUT}C&9WAJYb?v z_2{&YlOW4adt-}b5C#W~?sG3)rbRQxz#q;nGVjS{&duh{l~B?y%7&K-KV|-_Vce#o zgf+aodBG8hq-%i2jpoLi-%PuQYZl?Jo{bNt84sad8yNv)GMy&O{0wC}8uc!Q*^yip zrUJs^)h{jXx;We&#SL=!fu(GyuFS%*dzP8Lx1u4P#?E!s>asAKrUkPpj9r>WOiLfq z*txNF+3Kmk$fg@t*vpDimDafuLT08!uM8rh@xB&OvnGsEC|hQx>~=OY@nv%8aj8(5 z`PW#g36)iK$jE$#WUg^pr@qTGTw7PLb$4gKQr?ST9*ul*u9CJ~5ls82w?q=w+xgqr z0y?}5bq(xsrNa}2a=*GUn_|FB+d@Qaz^n-d%+P~z@}7DhpA|8=PCrb{*5qdF%5Ov~ zx9A#ZstZ7PTAfe={HZU6q3N31M>(zuJS0bT>RWCVr7}0F_Fe$JU47i@RTs3sdV4xU zr7)!O2C8ueQklqbRa2)LoRDm_)k&^0ul(Y~;l;5IGZyhkJEne{WdH@H?@3Z^ZiaSt zRmkKPEl4r8FJz#y?cxFQ)J@he62Yv(^$SO*k?DV^fi6bl_k^Fhu@zKnCmuT@{RbedaI-XP)P9>RKUc>d+It=}y`o<~GIXR^? zj7DRw7Qfc_rmF@2{&eG%UW?PHvAwWoLZg?RXQg??IaT z0(ii~&^qLZ8QUT$mlLIOOOKX^hf}te>2Aiy-4&;dxfyyVkrh*kgOP5b)?fllurL_4 zFeuF+oxz|atRN!_X=@`6*+pt*Vpg;UlUgH>-|hLq<{dZT_d%-!sL|?jB3ok)lSU{j zprMxaZRbN(r9;AXbb*Gzs>C=5#tj$K1W#QJgInfdnzFUo`i+`TDv(kLi24p=TyDq??Q9sHZE%vxX5lA0T(i&y*ci64VT69dd1r&>oedhVU21lOn{YO0 z!UYgp$jZcnV%BR)F9JfVP zpgg&SDfdJL|Jk7qPPVRu1dcY>rwb-RfF`hfiuielc+AgAgV zb+C4nZe0{qK>NvDQMJbP#)cY)SNp1~z_MNySb`ftn+#EVJO4s5cEQCnMnaWr&K7(;pjFo)8HF+}XG6m(vWfr| zsih)yRHWWjq&BDsvs$Z&DnvzU;jWG)3;JrU`l<|a(etnv7=avYDyh#$jJE z-MkfUX9iVsnR``jpViEBgK?vphe)3H6Y1!|dYYr=J;eQlBV@uoE3l=*)I}Yd@&}7e zIODH2vb+sP=9f?XW348sS~RY0IUl~LKP{&nAXK={?%-V_9+b^AWos8NBskdSbVFLE zx{B0yrM0TU%r-mN$)HZ5Y#kz~lL+dvL&(KyuH|)0Cqpt*zl&8`;r2y_=&rS`MYFY; zeY&W&<8Ek6GliwHa=y3FPj(AdCx&7Nw$SRtP!=m}9-Xb3`eJsdn+FPO=rutFaXvA` zEgPU>wSs3kIPfg@0qbl;hr#kNv8-EpnHA@LSm(k8hMXPNIa3~cHq(F*8-&#mP62WY z7r5DLHXa3*W+x3ee{VW<4cJX*vsTB@J73}+6=?n&Mg{ZVa2{jxT|0OqFtJm99_U5V z`wz0ciC!e?lJ)69wz!xYlup_5MO_95Nq%c?%G>PDwCA?+HZ$X0r*GUiI9;3n4u;*_ zffiotWfqmgxN7_l)_$sMkIx;4b8EG?L{N^K@Rw+bu$H?Ia1-{C&&%&35wORc^iOVB z8k_h-Y=MlpIZ6@l`;p-t=`=^u7#mm_=1v+5(zzMpw03+Zl|C8;9F$5Q%ZE6$x|7Py z&@4BZSv0;jojN+Rc;Vo5>e%}9#HY2n#@T|j=i^BHS+t!1W@r(i;w!b`D>+^UcD>w_ zROfotJCs50XK-!YNvqApJhobsVzMEXXhYNTsCkZS@+B@5=LF7G2?O@MkYspGMa7x*W<@nGB?g$c@Ct=HTzI9zC%JH!!ksR>N@3rH3ksjCFjcpHLH$=lnEkjD zy={`7_lfLANd>c)OIsiWf6_oh=h5$TK+D@)*q3YkmBdTo;?vlZ#GYN45z{uFkv7Jdp1 zte-GB;YDwRinL=Oe+${lMcp?R|BB+2yA@896y?9Ch_#ByStVK$)Q&_&`F~d8YC>*L z>t0tzrPzxF!^^y35tLHlu$9;6L_xxx#t9lYeo++?B~kOcRS~yB&^Kwdm~~`zoo26^ z8m-oyq2(BP+!!%Z?@KUWRGmv!Emy$%Fy5l=U+^Kcgo!>;k|H>EiW^kWGTk>>#d)i2 zqN?u15D0*$*>%(Y$Si@6En9z48U7(qZ`|v>O4TY&CPV6Y-0#cmWaWUGRLfIQ+?iJq zcdlz7qx3fkc%7IS>7@TTEAs&XPGV)TndSr$-Ka28y_fz0P zKH<&qYUa3b$VX*wqjlJd=_$+dxP8m6D@*@_eaqGrK5H8jPYAoZ3FqTRzAZW0ot#mz zpI=V;-$b_(r4l4uZ~mEjYY&&wZxMZd2R2AmYn~Aw3GFGLPI{v7wt{C^@I3|3v|!EE1kbYI(_ivdmCv@|XvLmm!Ep+H&VsE9 zZm{4%3Z8Glb_Fl6U`fFq3vN{KLJQuh;6)aEW_OCX*n*EL_6rt#R>4aw_>O{?S}=PJ z!OJW-PQfo)aEgK(EqIiIU$S6X!OJbUQNb$|bbC6T@3Xu2JuLSBlZo4Giq9uS$Zwz% zIh7zr`ru+rGl-E|xENCqVx%1|#`J_3DT#|Qbs^^5C`O?KG14A~V|ql)c~Oi)!ufm@ zqmW{xXfBtj95K>27h{@7jMUD>m;w?b?Q=1vhr~z;U5u$CG15gBV_Hd!RMN$mauOrW zbTOu*#7IG1jHxOy(o+{>8cU4S)y0_N5+kj3F{Z!7NO@h1sWCCqVHacCOpH|7#h6kP zBaL=33I#rW>^*z+ad-SDY5z#l{CMOZitHjXpW;Oao7;r;s$u6* z-aOY8aS?7*sim8YG9GI{?nEPplS)aISXYSMSLkO#`tmIgfi9#&)A$+^SUsE{dD_#sDzT)=Yx3RG)8_z^2df#^B^kpQpTq>Vp zMA^zHiC$sKjL_dpSVX>2uYeq`!Tv7NaX^IJGFurFB}Ms1DDgj(m?-JTZ$~aZ{&`*b zZpAjaEdQj|U?|EzUWs=o(dAgG9C~+Rnr4aSHRjoeOzl)L^PpOOp!_lPQ%KLx;^N*{ z;mM7|<`crdl7Ab=73tyzYEu5X3gz@Dk@c+vV|lp{zRVa{zSAKXo|PWZQDY}cmg<;L zI|qbJh1A65o0WT{RX8_j(@e4KsvlI`T(-ZN%XS4#6iCow@37d*iESLT$rdy7U*zWH z%=owua}R=_ ziWT!?q~*?!u@uvvz>hIia(;}?Bys6dmLT2q#-&&KXuRKl1Kj`Xet!=%IVH;|S9e|>s$oAjK3|eAeKWoRM`u~7oNAcT+DI(_{g(fMPs=Za zq~ACHI!@bC&U#)zvbP|U=Bej-=xp!RhUL7NtbAPDXAWIgc-^@A7MV-$%1>MpM&@7T z&Es5tDfi>Of0^%3o6je^cnmTa+{Z3HOnHG_{5HXgUDRD<7w$r>Ct$tiOn8?ETgz5FUaTN+e3UwsLkSbyLs^%#V<+*<3pwJCxY6 z3U0CYQf;N+ccx=ePG|Vf5V;&D%JQ)Y8F@*dWP12EGUs$euPR;sK9STwZJ*x)%88Pi zp2NB9>O>$MGxEa{ACLF~lcUVAqzlyM&3Zp1m2IjoDoFpz)sO zhLwtZ-1yDd+^}Ki?Ytz4&DNBH_$lJxvJ7^^L+lI|VQMA~m=wwS*g z?g)PlM<9QX3v-%9UH*O-ejNLde~@r;{Su-_`J+G_l(8FoCx7AKR$4-9Ljxi{g0>#o4GrL#-pHY^&WM^voHGNYPayTJ>fkXls5@p0R?y2 z!zkrhU^IyiOjaTz^)%g3bDlz5jIy&D(W3|qND_361SE)g?jHfF(4YD6yd7rub?gY@=Xw>qM|6Cnt`Qa`b4RS zFe-Q+QR6Lz{HL$h9G!mQ=ITjKw8dAY%%+I`-dCq`W466Ib%s>c zc)Kswq0SUbu0u7SL8~T%?&(%CAIbs$e> zD=EVNn=0Cge75JPI7M_3p73&zeSKFoBg2Qv{t}6aJm0>qE59O2s!piKS|8k1_tGX`o zJ+DQJ(8H?oTXDl)63IK`ucSSR+nTtEuW!=h)L~U0H$K4e2DX05Dy#7PkKiV*AdNxQ zqUP$uANrs0Mtb9Bcp_=McIjLu{%%ONZlfqic$KxBDaOeblv4SBvKCPP8{+*1|>d$-WYOS3a-y%6plbDU8EvgbxKM^O%VO9QJv@~7OZrMHHSj&}v ztKv(##uZbX{0qhW87%Z_c&C>myyLnYu@7P|MDwXZ$k> z4^9{Aud7xx)K@pmqzvW&{&+VnLCS*3`a8txi(EP3sPw_5$ z%C&vM+pp@-uT+U_wAQm<(ofhTV>O38y7Sq+f#O2FiPCBYz>md+_&TR71!{QmWIR3{ zix1DIIT(GcOe_<67!sZ@y@6n5ZAN#|+RXXfXl>>Ke)ZI?*ZI;Ha*y9Q-doB%`4H=~ z%FG%J_qL~DI|40yi&^V0MtA)yIBN+#L8-I8?_Wg72q)J6DoXM@T7EmvT z;!LUh7leL^67)Q!&R+pyD^n6Lv3^sOJxIH>f_9m3zsN<8^~kHM%Zu--WtJ}~dbl3% z>0D|RkY7ma=^>vY?8mqc@;cf^rb7ElkXz=9Am7~}>^m$`b2DXLdHAv;7)!RGh%Dr5 zCHySX!;`wi`j=z%v0Np^yIOoj7$zD$Q>kmY9C`EU5vA)SoWfjn<&}i2lG8q~(LKs#+Djt+9Eyd z=X)ngyIyHI(+WG1$kZc{n`M?ezqljF<1i~O|a6> zbVona@k?n<{2Pg^bq+B<=y2<2${btkyaFN`Hd-#@LSHl5j#~a` z^tiBw1`Y0y=iXl|-MCW|G0w5lf~Rt{%u?<|Nm2egSjBGk5LcDA7Dl3EKgMA3Bz28Z zif*!um1C2wU`N1g?cIs|$8aC*?f8%zx3@#%r?wM5@PPAQXj4&)+BE!D&B9oHH?zK` z5;nKKW;83hVEn~&L9OGyWfF)?b$8z~X;%G8x&{w16m&Z>!nR)Ar>(aIBWUZ-5UjMd z?xMC%@hDVny&aKdUE*#1iEHcO-e<8RM_JvKnYNa&w3B5F2{-b~T94Ns{j-LO>7O*l>7S)IDLMVi zlawgw8t9*bz4h<-KKi#K7=iwcCs@%x-9`F0G|;~ZM3!}l>tBXM#`GHR1Z2`?byw!t zn65>Xmi?TNjc%f3lqQ1KqIEf%RN?XtTxfman1v6JmFC}s^&DGYRyaNJN8$cq+CZ72 zHV|WBTt$XPCniJH+I>eu&rX;1kqJkMgfiKQU_~ani)4}uWU>p9WnJi>yD7Y@!WvK9 zJUYLHT!!?YD~H4n!9$vRuQcp`pvc?#KDf+sVE`c)bAYccBnfnj<`MM(j{ z>mWEF?fjd1sI$8<f772YkJo3k4Pawiyu2>gc>|`f%d1{}UjAIaKq48 zq;K?}js*-~0>gofzb6eawq2UBSmsp&JclKD$ zn>iVIQZQ<5->)n3tC_I=G%V_GAw5nIv*#*0vL*5-b^!0BSf7pUtq?gzgXpwyu@bZC zmA#+XBcoffM^=}ZJ(9(7`y?v03{1FHSo6(_z3S{^ul6K&V8izySg}{Si|kc1?8%2< zt+2YR3*i|G@2zmmUX271dsXML^5At@-9;$oJ6=q}YQWw|!e&`H9NY<(>q)Z+(UTP4 zau|qoGex#eZ*CHQl+g{%`G@6yRHRfV%tJZOCTVXqB zTa$@v+i8jXZS-cI4$U@v_RlJi^m%hwjU)fD173@L+J0Y(Q24V7$8=&l2%r<&d#t*6-6k&;5YvhG=n8yy&TIJt7j(kP zcO~)(BXAQX6~JdexaRkxR^F zC0+a3VMY2CJFEtGm~lgEIr|z~i~QkOjv60Z5<8qrv(WfT4`MC2NT1A?wRR@MnP)9N z$nT&&qK^f{eda9sB8b^o(eKv>*T!^eGks8nZLSX*%}O6MZex8=y~Opw zN0r6zReOn5PE4ZyfgHW2hJn3ACuLUlW7aG z-p)<9jxE1fL%;rPzhYhE-mbMRi*|F?m3HCc{|A@7wZ!d?EVYfEF3IKd?*PG`+j1WD z*9rHqxx&^h^jzjnA}Y@i(_RmRN|NbVZEED*R>z{<#7MhRk2B_sm5CrnPj4({Ct_?B zwAFQ;h~t2arQao_yScQep)tf-6g9mFo*w4LJA0hqiD1vff#76kWNgB9lO-J0 zi@0?XDnF%f^DzzErXai+&SHnNNI2ge2#592zj7Qt@1KEUCw-6i_Dd9IyvlC>(}{8o zrg1gt?Fa4k$ZK@8FQareC~n6Eua%z_-83aiXGS+86Qwhvn^B3(jhqyz6U4e3jI? z=vyAABnrvvc_l&ICv07{EZ#$rm`ud?dA<4md{jSVa$aWo4$Orw;#Uw z9O?g%Z`yC=0koe=2$@y;Nrm;7C^V>A8sSiPC5Cdz{sb?Lq42$$3Eni1g-iSU{?He1*yhB?CV%&P zOD;I$%M7vFpG0m(R}n-7V90Zw~2(zyGK7r@nJi{U=A?_m|ZD@BFdl zqz@Nwxc26+U%OrQwEf4tIX{2GA%A%DurtGQ!{7g(mj9ch_I%7c?Sbo;K2meVi}QBh z^6=-r+|juAS3lbB+2hV`KW5vPZ@lA6TP}J3h~{$-edwC!cSx`L(w91y51Mk|e&4>L z`n~RznICLh92fE({{Elx|Nq+O|FzHmpY$J`I*-Y-Eih}usRuMA)^tu!D6}VQD?qz_ zuQ75&u0qwwY;3S|Ez`^oP2hIjI02cro0X@vR z8n_X-6}SVq2e=n_1b7s90(cU54tNE49e4xy9q=yj9`GShg-@3TblTuhfNgi)NMJND z7T67#3bX=y0<7kEhX6+b#{g}>azLjVu>R(ifYX63|L#+aEXt;8W?| zBH%cn9q0f~0@eUL0rPmE<*`@NyAZex*a%z?+zi|f+ygueJOMllyZ~$hUI*R+-Ua>& z`~#>;q8C5|uobWaup=-9m_5|hvhXad%qk!XpPT*vq2&@4v04@eD2d)Qh1MUFs z0UiXN1fB+d0=xjc0=xmd2mBTI5cmj4Gji7gLxGV1+k(BZz&Kzcus1Lp&{LE7z(D}- zL3zgjO937*d#3|u0(>^jy9~G*xDmJwxEpvFcocXNcm{YDcpi8ScpLZ#_ykDSzza|h z@D71D0^ob>-e_PPumi9Ya0qZDa1786tO3phE(R_GHUd`ytl)aL0=ENq0QUfo0N)3m z2A&0e0z41A1iS^j4}1uunR5&VvOo^tnWncbup_V&uqU7+apnT^fdhcUfWv{KfOcRl za5``{z#HY>)xhd?nBO5a7F#UTqq^0mcC1fT_S7 zV1M8s;1J+&;7FhiV3(&?1l9r<0BkYvcwFr9XxY0LcnEkL_&)Fq@GS5g@DlJE@HX%c z@BvW6KDwd62!O{h9?x1l9zuCMV(?ho_gLZbSfcWnGxC3|?cm#MHcp7*K*aW-={0?{*_$%-apr)2K0k#6R1;zq90y_ayfZ4!&-~iwt z;Ba6Oa2#+Fa5At4I2YIeTntZ_$%-M@Db2Zhx~zUfL(xA zU{7E^a3s(MECrSWKCl`n0jC3J0_Or30G9!m16Kmq0=EIT1NQ1>_0Nw)L z0p0`N2a*gbSzrV(8rT-t0hkEv4a@}&0geQY0onl{V70~LNCodg;4*-PX^#bW?|$Gx z;Bnw-;8|c3@EY(t;IF`kKza~;6UYKQLGX40b^&GrM*+tHZ9peb1l9m&0~>%#fQ`V_ zz&*gdz=Oa;z>~o1z#G8ZzM0B{g+7_bO93Rn)D1e^|R1g-~e1a1ZH0PX?q1s(!^0z3!& z68IhPF7P4n5s+lQJQNrMYy*r1b_801J%PP}Lx2vT2&@H4z`4MAz$L(Cz}3Kwz|Fv& zz}>(@z@q?P&eT_sy!U|j0ltRf@%0U_9^lIb-Z)?)pf&M1z+7Mva2&7{=m30x(>J}d zfeV4Ffa`&qfm?ywfyaR-08SzE`0TXz7Vs{>cS5}nfx*0$z*{IDZ-?kD3U3EsM_?C# zZ&i8h^7Q5ce0s<`4q$~`E6*OQbY22xj~2Xfz(imwz}w#59AG|h5O5@L46q#N06KvZa3*jbZ~<@$a2aqla4m2r z@DT7g@I3HK;1%F);2q$7;2*#zz-Tt3Zv*TE>;_B+<^Tr(i-3~=A2=CU4O|FZ30wdKq3E&yv1>gf9&GWcgU?|W4i~vRgqk*x&Zh+nf*%O!p90VK= zbO4=z53B|*11<-y1#ScG1nvbM1|A2V1)c+b3A_Zn2D|~h4ZH(<0Q>`}#rYo!YzvG7 zb^~St#{f$K@8y3?tN(m!;SWPbUh(B8ZurqIL$;cF^7;!mp8U`$+ZLNncysFy7Ec4{Tojx5i4?5#H@KDFh#T+=CU{OH#G zhtGTDl{=fxy6B^^Bi}o4&g*BLF!|1r^WV64$`8-_^1SKipYoZ#j+tLK_Vk*EKWY5) zho5=k?A!PBW-uAq&f5lFyuF*cHvaJRH}CuKm^Ws=_WRbUtv|kfw|8$^d-esNy}0X! z5tlwW=TEPHVfG!}zq#-mzrT3H+arejX~BQ~`o*Un{^oN#-FnISA8z&h8;3shhxL<3 zY~7UJ;i$hac=IbidZm5A-@koM=eSmX@}0Ae+4#eAuU_z<#ho8|?|`rUO%XTUG1y83vDYWG#|Wr z$;ytU`?s%M;GfjqwdazlQ`@F2owEBbt-DQb-?^oA+x~^E?&|L7Y!6F6ti2nLK3c>+ zc;-I(pE}?NXEat{+H>)@p1=5%!%x1pY3XmSANKm6zjn*s2j8{oh7a#PV^z~Vmv0z% z-!DdG|MT`2k9gwHZF`>h>{I`Ia=~9S-ydAO_W5r;^48BkdSTNqKECbUUliAk{N=9y zwdj}2HdMVh`z{&x3Cjsl3s7AOa&Pwbg|tsq z4lo{y;4CM!06tZrNz}XL-y?J&StXI8vA>kiwPc>K4}k)8I)&e55#0kRvzybvPqk9S zl~VO}^L_UT1fs|ziCz-bPPDsOOj*UX!|Gr39HGOI(JKD=6y->1`oCA4l<4=aV{bV~ zgiB5K9fTz6M<6kI4#B0+T}EVq#hfnVq0JCFsBy^2zJxnyJ{9v{WZZQQ=#p%K_7>w# z3T>ctcsC0R=772!D1xYn283J58b z^uET~0^(E^scN_Pb;wNUPv&qCRC_V5MpTw1R@09i!@b+EH*1auC)@Ubz%uV9df1k( z@tyMbZJJj>*jWhTx{VH|{@~P0&0Fwh!qPG?6uLS{yEl}6JYg;Y=}3W0J{9W*X(d^g z6Aq;rmbot(w*U7!)H+aCs701h2^Ho#QoI#h2Udym=?7}3_Q*oaM+qwVq$AE|bi<>x zYh|AnZN&7}NnT>S>>3`at?+dGlf#Ue!dR&Xg~ra3aJy%YG?0kKfMdpA_bkE@yM zU0U9lq3ow1KsEm|%+6{Psw{@HX%dKZc}}kis{ve>$zq|m?@gp{$p4@7^2P zDV_{f+zK2?X<}=6WX^^&OiUO!tJ*}2_14uB$guCg8ICYvuO{0pLNXk?dy~zGI6LIT zEpl$SxE)fH1|}s&r628mO8+BScJ7^J0f?O-N^a_CtIXEzOBvmP`teq*H^H^X97E7h zcNobk!)ZWoOK>R}_Bn*y?FN1OxCEoILXuQ1H{Xiigiv1S>Qrsk;2H!qnw?~VQ4K@O z_A$sDv`|4FNVA<1^dB`AGt|#h=E}I-m+ep`Dt6Tk2GUzKkQ=JSO%KFo^(EFXOsDfyB(A9h6czc%?-undU@|`>&Z6xus{OpAL?_iu9CP~ z+6}tB`+L!Qg^as@dPeE&%09;8eX?$?tj=kYLiDX~BR*gAVHCfdM2))6BueNNtk*)-3zXcTG zQ?zQhwvVwcGD2!Ra88LBI1D`X|ABgome`tmlT-V|hr*(H&v|j&-p8q{X!14h5fl=cJ=n+e*cq<&Z+8a z7LYuM)ZL*g?7kvI@RsT;cC^F`1Glx~Qo!MxInE>oH% zzU}`N?TS3L%DCk~s9}Fu2ZCvXlwCGdom^hBbWB69rdkzxT6Hvj<^M{D2Xc($bcc3M zWcc{Iw}+VM--+Geu1;R@oi!LOhZEPYPNe+pnfY0T`x6MY@CeE*&`%eFI&0vv`l33O z>8+8WST2IhJdu$_a0Wy*>EHDZ0_R|Q^kMiTn=^P%LaccpL4|&aNH?&iS+(cP!t&Lf z?OomDip`~+%acmGl$%!-{8jCR?zPPw#pXi$$*VgG?aP{%tnSu*d*><={6cfr>Xj=e zRh?CJcvst!mF>;lesi(CYgu#K%9YKX?Zsl-^7iIsZQX6nOWK#VtuD4V7yZumX8(ld zj_#0VvAL6Fo{ovD+6vvx2Oo6Uf(cg0`~zI}BRjfJoYm3QR#>|abS51J^_j&3l*2Nt zX)89L(6+MJKB?-&dEMQsX8T>;?WcB6n!UPEpgQ8!SZr=yaAJF*owADEFw@-D)jadC zgC`w0XMyq2PHab)s>~7<6scMFiR6_8+PYbkvYM@4y0pE0*`z98tf-_y+tTjC+6x_R zD?8S;7n+y)t5+^-?((gKj;@Ywm$0mv{Gl|u*REuZ9mQft*Yf7J=A+_d zk7;h}?k;p7@Akc`&Z&wg{SQlw+MxTy_U1UfnPEYb4s3(XRc%Y#do{i)RBZ2_RCUnI zE~HfKZtDVrMhxrHtX610byfS)?)GJ_`3mhz+dED{VODpA3C%3`S(MAROLsn+@`;w@|PHgL1wz9o2scO3DEJH!XKqzWd z`Ox;I9jiK|2az(H0t8Luly^o&cU|RZwr*4zl3}Bns>Qq(xIy`^rQfcS1AcH!LQvg?kC=Vo;w|93dP0SQ%8bpJp zAGkoe*?#KMc9WKgUsYO4a(7|131JQW2AwMS#H;s8!$W4ePizBO{c#x@IH~H!sy+n6 zUJ{cB+y)dQnHrfj9dz}ewT;bolSNR}1lfqTplSN?5$TdqvJMxklq0Me5HBkx@Rv(2lTZRxs2_;fLG>u!+jOCkDHD%v6 zno`9!w=G+Sr0MC+C;{E0n|?lyY~!3fPH9`Yx}At!%Ht+g?K-o&d1ZSWlJ>i-gUrRe zAOKml<`Y)7Etjox_GcBXiC#{sy3)xW!YBI6OhWKhL}sQVXl~r9H8;;(2?Jf2q*K~g zuAR^d`3zHAi=q6*4FYe&lqM~&tww)r$8EUhsO>vqyubQHw zIxsGsq8BRZiL@r|5oSP4;Xu*lV}2)9?IL5$qZOxzs#Ov7Y(A-dZS#qkf_NvRPxbC(yQ-7T43zRy`y+lq*ol|4729{8 z40E#Fld5LK`Jg9K=%;fc83d+!Qq}QhFe`1P4yy-EjE$YE)bdDcg6#X!6Qv(qH6yf}w$Q&@rw69v(Mjz_# zZlg-hky=hMXwl9tN6_K=DO`}V(piHpeS$Bm6>k-Ft0Jns%nfsGSQ)3By$pmKljP~G z?kZy4iYIimFLV8jQ4{e-bR$Di5p$$`MQju#obUsw#rh5Ob}3iQ+YG(FRKk91eL_v# zkJ53X)X&14aDuZiVU~)FLYs(xN@79IO(Wi7+#~-EwR(8nA4Se@WRog^y zxDDNHjK%1%JfhIXX*}yaAk217HBLA#D|WzNvO=Q(G(%ycw_*1zb}VO{GJ8+|mwm(M zSy~zKLL1yqC6qDN@I`4I(+cMaHup`PAon70EN2H=W)7x}NE#Rm$iVdeFbLadKfkD; zF?WP4cQ9O{t{+cfQg0AJ= zCkCE~!@@zG-PWb&;1&0@(2mHu)NkFSW>STyLqC#1G3K84#a|pbNetMXJ}tgWKh45S zyV0&YP{xY>IOo07NBQYVv@m{*aOp(2|Kg>y?bMFW)txar*0tJ31B@O%t@#CE_rXDJ zNB;spS2}`$RMVQRpH#J_2(}dpm=0^Lz%93KhbAetm;FQ0gkmOC49$-!8~7uUWuuC6 zjpQWIB($`Q7HXibCy&vFB!(|}pva%`K2+PN_Xci>3{Gqg<4jKA?;RACA1Z|C$0=wC zgBR0;Fe{^&@gU0M7#GJ?xR^8`!Co$|2HlA3Z4R%@u0j?}`9qI*Qq_)(BkI)h3sh@5 z;>y)(6mxs~2y}9Q%uwe9|8M2`|EPQKK&s#OfBYPKMj0h4+4E3JDiuQZUdbLIGcy$# zk&rYLNhBo7Duos$yKP5Bv{0JbeXslZJWmJpdXL}l^T+4Y`+Z)AbDsCQ?(4qhYP?lx})Y%}h1=cLu-XQ1A$c_fp0(K#A7z7BY+zMX@Bb68C98Tym z7axC@$z{NExW54pf`b?sj(cRVZm_MvB1EghxDW)93vJ+OQ$z#990*sJLSBKBi@Kx0 zx>IIFb*nLFY--1t1EOa(c>+N^V{Qj^9aIzE869jm8xXnx+ZN^wzADTN*aF{{DU%Sg zp5kdk8+=Z`aMxfPBS|-NuI!607g-$W9vNxmL$EjTf(vwJo@TvxsLmOoL zH^ci)_#OS3)Mj`l5nhYoGXeN40zO*~zi)yxvZ6Y~I8me*Wjjz*-5Y-PqXzEOA<&0% z0eIvQkAR}_Oi(V+4RU0EYl^ZU)8qC;oG=JF3W4Y$8qN$}D6NGC4#xgS!73tD9fF1a z14$^*OPdkO$hg8MD3FSW6;ZS@1O{`%>TpHSxF}qUqWb93U&Cl4h__%e}oT>0x)ecpD4=x{+Vq;PoSVHJ}{b0Fv%P?QtwZI4uLTs5wor(fj+Lh&NDYe-a9h_Gv4F+FuRJ;8|fA8{F;<5$NH55i917@Vo}UJr9aIWLrn0;~*lZ1Ar-rolGMv4&`n zf0YcYfez=>h>kCkb}$gIOveTeyCP{Na2=vQf(YTz3q(5D2OuT^8ViN*5KAC@06Iw1 zXQ~P?81g1C3^BhP3#LQZ8G<&!2=j=fH$mpYnKO8d&JE=nCf)97#^Mglw8w`*TF(oQaw88ZknmrEgz@i*H6fx4)1q4V zmoPkTh+u{R@hCEr-JL;`LJKUQL^v#%>9KR_eokL17%W%<1k6S}|AECksNpz7N3?Bt zoDS3Xo?x%Sj3*N+C|-lYfq0%JY-$Pu`AUdt?v`K+W1&HJVdDUIKV3~(d=8W09vT5K z2RazpWEi_axD9eRfk0=>pr+9RJ%To3N`wz6O!N*@KemtH8fVdpNa>%r#nt@tqaN;l^BM+PnaNP_o zA@piwY=PP!Cl{=|aOwai;5GZZ`um_c;(=Xo05Kbp@G*&C9}!YP#wC85f`a^AQI=pb zDo*ugDP&c3Ft%rOKn?r)Baa?iAr`4440f9LMImdbQ|V3(IuOqwD;RO}6v|-<5pXzX zurh^gi6~)at}bt`qrPNvDl@|iXf3#@OHIB|!~3p~@&jUHab7HTgnQ$ZE0q5O7M~GV z66hb*;!Aup6dmMxG)}pJA@PnDb5eJ^dh#xg=tJxapB>2-{g__awm4(C%i~P?hgrv; zJUw=T<-y2_qLcO~m6>ew3Or*@w=WPnD;LI5YTtRKtXGZcf<<6dRn>LR>y|2%x{T#z zH{Nbrcyp;+=&iEW9Sv95lUts3sJE(ftZ$=V$ayE`#I1W4E!iC+$GEzjG`RbFgPEUh zes<~kvL^jk*EI zs?CD(66pH}JOj7RlhE~^PVoB&=mP<^pTX}e(B}^L{UMAq2y;WgjVgG}fuE5DZVYYb zz^f1XIt=gj0Py<=b6yYMGs0)v;e8v-I}Uy>htIdeJWjzJ;$aQ%U=IG!uMfPVlEbS| zW>W?2QQ6!=csByojLLe_;h6*Q^D9_a3jF>WeqIJ^;(&4x33UJiAQRjNv+a;+7zp~F zu$c%LD$Eo)1=BI*y3o)B3_WBXAOjIMNpV9085Q!-$Ze(>gj=)7il2_AA`k@#On~g0 znHUSy0=G)cVW!g|PNp!B!QTg(>L92?*ED$dR9F*^FY^VP47VGfLWkP_zC&a;27yKP zuew4t>OeWIHp*LvD}{vzbb}^%w>5{t??w#cNhf?aBo@KxoXFY#cO$ z+o!S&jgky-Xe`#l3=qH&xnDTX<2+>mb8*Gyht2`vTxh_j$WcZ#z*m7>HpIyIp`*HR z(D9Z(JDz!%5J8Z`fVxD>N3%qo`C%kNKyD9s0udRx;JBYg^ns>E6ak$5`#Ok639lH@ z9sfB920()vVFRKg7zpbp_JY>21W3HK|9%}b;t*@l27(5{wgqFg@)(T?{I@w!7419% zJ^jfjcszkt(_#d(LOX*(28eeM)D%BybRhXO(cJ#CjtN=xXGez65mdXN{iJamEn+eK zToF8swgi>vL#+pL_lTXsV+(&1oJ7e8>W&srXn`*DG+_xiO5PpnY*2T|BSx%&cz-G+ zcsg~^!ijEi)cMnh%JLbd-(w|khnpGE(F#T z-5;Qciil9)ftV<+Os10<9VZ)XWC+7Rqg6ye!~$zd@Gc%7LK+h-!VKQgs1SjH-vTl8 zY#`|jG`ITO=AwrX6QEes^gTmvKI#TVF8&pB^g!28=z+#Y0tKOJQGo$cZvWl+`_BZ_ zQZOwH@Fk;?iU4emL_xyel@vZ1v{IxK@J%CjHi(oD9bzRPZtxX4N{AF%@Dl=l2U4R9 zxH87&nIW|!JZ{7fri(V3587tLnrPW5o`Uulb%izoeUHb5XzB_NU-)9*1z;j_)t_Dc zQ=>nJm<~!Wgs$dKpB0i`o-iB4ahzb=@lO95KVxhE{K5w24+j#yFhV94up)GTq&oT; zEsl`o1THe@ujUsL6+tise=0|YlcJ%^wfF*qz-U2V2U8gbJ&b6F?-imYDgyj7q9y~j z<VV>Q%R3wRIdt*Kz$>1Sc)xhEjE zL8MIRWFhKg>iH&=GU_B4yEOtE2lav~?Yv+-53n-Ot|3u?#&?5r>W_UB4Es2p5fCjI zz@HF9<4m8}pCodD2X)YcNW9H7yb=BW)jpcTOq^jR$Vf&#WJ70iQ^UJ6r-~0m+n@#D zDv3>PU;%4JadjlRw!un?3KSK1&k6=L=CA*TqC26><*HH3fZ0GmXvQ zAv7z*IDgA#$b%CnG+n2MV`JiK2gZR1md<>DCj96Q$L2r$}{Kj_r~bcsT6?Av`KpA zunE&^l%`J|sVP^OByQfIg&eL(6td{WW`kxoN*Qsx-PdSGgmrjk+RB@#!T)TZvF z&+xDqAz)~x6gt7k9wLOe4QUBn>7k4^03CHakAxp1BrQ;O?4P;Z7@GdIPK1!K#PLRq zip+bo$2*{r3mOlPgAlebVyvl*hO0(=Q-~vhY)pJ^f3l!E^oYa;A-&PfB@X}TFlghp zz>B7nr*H7z-FfPZGlpV1@z$^u^WC2r_T-DsX|@eOihHFXGBH~?W`Y0cytHCRE4k!x`0hU zQVNeip#vCzMZIQvG|0h6nNMGAUPzkZGewRt?rY;JVdfbtfFYLtC+Rf{m;#=LM64za z(Ks30^uv23Vsbd&;gXZ^XxvEND0uhJj}xXL>Ny=A1z-&%6I_D)eV{@^*wRcFB{xw1 z0fUyK$T^lC!r&(qvIv%Zf+vVng0rxRiLR!wE|J@SB8Fu0loSSJ767P?B^eOX4uitr zSvo9EA4EmqQ9nm8Bj|h@ssv_$We^Ei$z%lu2#bT>m< z=`Ya3gRfD7KaM!M%6-yx$wP5^CUQE zDzID67(v)kIu7GEynu<;6-H+q(n`&c5oJ0EqK!daQMM9C`5ngCFaSz*5Y!(_s1jdJ z*=%>n{-V96ZZeL}2jZjj8V-0=pTWKWS|KfGNyB&3YHn~C7gm%4-3NJlK~@&wmSOkFChEfGSOOEW zlO6zurB-%PNrF&Tc;?o_-49iLL07OmyygbJpe`5Xr4eUAVjdva>j8`Cf-uiSiW~L^ zHh5|R7+5&W6JhZ2bZOA!h7;*dEJ19CmIu{leo#l?>f;PhayLf+rlRyW^;0|z3I!36 zD5j<>aYk|h5HQY2SV;-O&=DVje8P%MwxQnFl~R+J zo*|I0mWL_1VF-Kbs6Y@5dyVRlPzn|ms8GKmWFeGO{2LNsXBM#(f<1Tz1_8KF7tSk< z8?h;1D}fV@7f$-2f((#yP%R{l$(U(pHxOe&m<})!pyb`B^z{#?eQFCdI6?=Y+&Cm_ zk&+-7`41@pSPd*!9fB1auE%~e!_l}>AQLxW(gUYR5D2~?R5ySlYJu{&^!5szNivMl zsZd;DR9i_Qd!SX&5cX6$ctMTHRO(UDDKK?mP1p}FcX=ImA0ODbDbgC9#VN-y0K4}K zAxUwlwK7%TBBnJrHxLeoO`%F6^B^Bhz>6T@H&(fd_6y+(fNLq_h-o{9Gz&V)Xq)h= z$A6$ZUOpo%jL``}qG`Jh8$G2xa5_N|1T~Q2_<=L`X907OIUg}{oyCL)>R z8SaK7Q_b<@zLuX`fIk2&0Fkd9=g5?DAe1fcM1L~tai2!(9@r=UP$$iUy#*=LFJ}(Lgc|pCKIdDH3jq+?y%m+(Cz9pch=UQLE=BMIA2Z@KcWF zLxoL1r7jwhION0u0q*|87QuHOP3BM2iYVkkk{xjzRB8pli9_|y*r9iK2Ezxd!~jDN zsVJ%S2yEgSjMa(AfwsYfj;lNTzBEFb>_cS(yr7h-+6g=l=s+q|1$YVIQ9ekPLZuq; zD)b06K&GX>d$_z6R(YrmKw|_v_D8i;AReWBynsJJrL2N}0ckExcBPJn7eCExN(}1^ zFBhX5JS$}kWTb$*i*`0F4Fh|WQ-o>2WadDcCl92@NrdI#JL6?KmhnnD&u z4RCBWPI@>xh_=q?L(nU5z@a|C2>WCT=mjx15CFqgBh@mAH=5jIs`x_EBnVg<6O4#t z@Bxi8LB;ul5<$Q+s-T!s4e18Mqp4s9Ev%N44NMtoPoVX&lL&`rv;Qji3bvb*jSx7% zSkoVX@4@a+M)Sm~Z@@qT88&%lX(ls>O3Vm^DPbjxQ0@*;BGit?n79=;^JEaJ9+rqE z4H^pDcM5qUYE4vYpxU%a(FEcUv9J%+vd&Z?lZG&=!$q|l(>1QM2SBJOWL`sR%{pd} z;T4e-@_I0>r)i>Ke)Pa1!f3I2hI*VKnNSTf+H$-R;&JMTm_fM{v%5gr zQmtI-`J!qXAUx=G;A-NAfdv@DdhRIuR;QSke@{`KV0GP=cF-Hnoz2^ia|(Gn%QGUl*OAvosYZlnl-}H zzegX31VPPOa7X|$dXRrkA^Us+J0lZh_p+fKU~`3PMeb(Dr<-GW3a2?aH4_`th^5ulTS)mm;nx# zoWy|QOoSdWAwmkkx|91&J&Zv>X$-hZJ@bUy16C*?LXp3K2NJ;5f?GYHPt0PJMd6NYu$fyn?^-1J=pm7o6RyT;?O*8Z6qfGPsU}yeh2|m0w*~b zBG~Q{yMkEW7m&r6;-|XXW>_(z1zZ|1jr*v21}iIr`4Pq|#$AX@F>i!IjwK@k!3W6R zqb-LvQEbiBfEjE$VkBZV1nw0+#wzVG+5zep3`wvkX>=oi*uZzRezB$C8j3MYR7#QamtYN4Ju-1AteOReB{@d^y~gy;y>ih(URq+abn?F5-A z!r|~w-q29q4MYxB?T7{JupTFm5iaay&^#yUjCk*_m4}#YhZ{@4lLp%wP78LlW|la@ zQ$R|p{DS$+D37F&L;q2|mVu2Y7?ff>Y969-%`>IS3O0kXERouL}%Q*|MlBw;^d zn@^k;u)V0bb?A9gHsC$MPSMmUg=}i(j%tX}VgBoMCS$5#4TH9$#n6zc4mRCXD+3Fz zQOIj7|F$kXFoRY`$PkzbHtT6Z1UUacY>uggB@{(M&k^eck83UdGg_20x@pJV0-0a9 z&8d&XKM)E=fgQwQ?F8LW$vaX`x|r0W#z@e^;Gu;=5e632phj(B?bE`&Q~)|MK&Hkf zqoy80uxJ7uL2-lxI3m?cJ25Z>I(b;=8q=}Viw=bSPy`4S7tnMg^=Lw%07V?A(htOd zmoLPuu$yyyQKc>QBm*_n5NF#^mMg9lo(e8U<`p{D=&<1%F=<3m=>dlw)hI#@D>C~D zF*9j_f%T3E0&GCtNF?SdWPbE8Obi9)krty?EH=~sAHc5zlo0zz#jgkJ1V?F1d@1Q> zJU;T9Ge#19cLH9o;DxS#i<0A9B6IsptRvmVl;n$s$3r$UXV<{+WP%qx}=&{7jHFPd-+(EZT_ z06+pB1&A2}iXiMD!Zsmji655JMS=jKG0?cv!C%_YY}r32M5iYHr+0o38j{737>3Z3 zzaNCBeIV6|R|8T*)l{KOUZ_p2Ed*VJ1*fNZ(-g8EraPv2*vO1PePjFwHY+t0fw*T< zhfN(9f{-X+3SsW`leKY}4>m(j;C><&9)%IG+ahQgG;{!{m5P+I{|lM~pv~AnswVj) z@+*GT664MWxBE=jPxT6Ti@HmP*wLdcCb0tJAqKnxuQYgx!)qQKFku8lLs@!4?Bl!a zi)HN*5EK1_3)>0A7!9yNAR+$-IWUJt%37ErnGWbf$b{*)Z{p2q*tJ|}Dniu9&_xB{e49AWj4TQ!<=f;}~oWUvJ zjWmiWVpzO%608_1%dEn#GI0)ZgR2NZDubYh`<$p(lTF?&Lkk9)O|6}zdN4%z5HrJZ zYYlnS!LI7D{6oNRK%Y_4P<{pGzs@Qs0}QU zwMsk;bOjX#R^fV3HQre23C$r0&o*Fc4Gm5N*AN{j^PraEf4#y0Y(DmndS*B6f4`^y z)IiE%&#VI%IX*OyADr%ttWUNz7M%!1&!IossSEG-;S~r!r^7o3yvM@X)kG*dgbX5h z9ii4{{uL17I|3eupqV&hLyy)X@V1s zr-e}&{A5TT*=GnzF)hjo!AfLU!QW3J!*x5<9%!K_LJJ~cK+}nn`jFPR7MXZ(=z{$H zz~+JsDK%4wxt1uYK^z-EWuVJ!XPoRAlOp^-6zc@c0MfzO)Mh+}4G*{uuw+*$D1?QD zLHZ9bEXOpnhkvL7mOFA*SgNSFQbBRK0@w_`3J{wQ@baPrxWRS7C`wGdG4sfOzXYl? z3Q})!p8r24gDsJ|rl}JX2hw74anj_T^i>HD0eQ2gM7jtrP{wHn;X!IB6f0K;n!^sE zt$+zrv*mfmjkB};TI6$~l+7qY)VPrw0S}~#sa;9;l z1rKT9X0{*nj4BIV;J^4^QNHX~0LI z93*aUc)(4w!H{95e!m31hwQ!);R!=$t^i-d?k@*H0T3Vr@Iu%cKoU_QTEOc;)LaA2 z)jyRnZ#HU|g;h+lwrqDw)*{=$_5HBOA}4U(-?$N*9U1mSSA z5Q~I@RKkgcJx?J^>%x_~5SlEL6h_w{V(V0=|k`dYkW>Q!|1 zS13;=Y302J>)~@BZeC|fmuh48DS90xv%fRk+kUGqucgVWG6nTV@&|Yp&&rEtO#Se_ zyCtR2f%N^yqwVx=H^KsHKEHkhbSCL)8EKYiIK{NU@&6y(%sH@`bI1?+BY#Y8W;ZJX zgE-gSlsrGUT0#%s%yWkfbu65DS~mn7;2^HrJZ+OzVPatd)|wvk(lwq18Yb0_nI**7I!mf z%BwX{U&Z=lEkEbbAjgC91J`0D#ZH(EvH9&4?&hx3i#)yRD5E{I^iwCUv3Cm&o2!la zs4d=QY!wVE%eKZ1 zo>sIuA96%?(<=d?+%PA#)t{7ZCpUDw?voqQXANXLdQ9iAr*+uu@7FsQ?J*T!(D!mt z_f&3P{Xfgie-TZHnYA*(g@2K~I2La_B-i6Jc*o6SaZgWM)($z5^_!Dx zhAbxfcHDit^M!Nj`H3XsMSGY(*_Ix);K_2D&$K?}EY}Y6(uH!WyRv@!55>kl?;RW+ zV`aM~^3$Q-^j_^dYn#W%Hg{**HYIg?WaU&_U0(h6zG_tek-ZPB%Pea@H5d1}>>ZZh zQu~Cl>}-+yM;rUG4=;N%55MVeU0J=Avzub|K|EbRVdc56UkbCUAOAkHSESC2^Ot-8 zxs@fslUu#MDYTdS0xAAxwfVO1_1sZq0SXaSLc4VC`hHl;s6Ttb#8&of^0qI7%aS-1 zl~!=6y)rxSMNC4MS2u9alCXng-@<-;-Y%oObo(KHN9zjn?kC>loJws?6TOp_1%mND zem>k^#+KD`w*FY6eMyxZ^^9Y7qvV-;Rh#NA`u@1ME8b~$=i@hD8BBQ>i+G;9ziRPl z@E6lkE+eO75?h5tMG{!t@7~;cypFY|UvVt1^Vpq%#rv|d>R224wjMUS9;Pm3Epu2e z|2NOhuOHvt$o#_oW&g9=3@U4$PGui-C*c2}F#J3FaLLO3UN;vs9~nwckY;oJ@%#5W zdhw{e(Hd$MRFU$}}$({vL2)plj|<+20YvSGjmx7ptFtbZX@Ks$J`bd*uoO zo^k6^n$`-9eIDzYkY7}Ke!*Ps9l>t8j|V+81yi?5slLDcB22L4+^32(dJ)^R`7v1_8o|L|0yZ#+B>DhBc*M& zt2zBwefjj>`+J7|i|eZ2L+lMx?LA*-@49~a@wM<5rA>}srN1n@$!U{a<2qkb*5m7; z%L==mYzs{r80cu^pmQAFA2Gc1YNCm-lE{m=+Mb06-a1^#zSUA6vd=m>V&Gf*f`>Xw zNn3RI>FMcz!*65td9xeHclVLx;*Z{08Mwk`>Yk24P3~XzG!ULK!K{^A)r-~O7lB|c zn_zSQ&B0-SLm;WU`GfJN>kGH7fg|S@zO~t1l|-7gAMMz--ckG3Al^oS-F^rAo$fW&I%UB3+p?7UE}k zhlK)aQ|i(;lD+Kf7YGgyRP5gg&5y`bLWQ7eZ}4rk56p$+Vx@N?S03I z7ixOp%#S0Kx2@z~pupUys4Cqr#a_2nVpTyT*Y(2mRjZ{*CsZ<2lV^iOj=%XL z?^0i%+QA#Dzcf{5{UncO)9YsaG!8d@+4xQKXYTedp}}08iw`H_Iq9#`hoyE(OP!?dJ*>WyUHzcouD-ws*wtGAT8) z{nm)x(8AlH3w5^pH-;oTM)GrSH7Q@q{j)aOg>>?%=BK<}!M+c&r9O?H9PeR%c>QR_ zhtXGD&hP35n@Mes;%>5xSbUv~}B(pTdDy1nRcp~AK4t>Hsh8X4pI>Is`teV5NH_FqZ772aY zzHeU&uVA8SRL46V2Ic5v-poV6D*M!rSFiLv(y$~!)pH)ptluY+VzX2^eyn6ZCi!Wf z8Uwo(t7Bxa-|JI~R^i-2ewzE@*NSwBIyaKVJNLFz?Ad>Ck4Z9%cYN!ee>1^FYYBVV zqXwn-43<8H26;EVWD-7VG-}zzl7<)Ous#jnuI!zzyT^QuniFH{cEfLFg1h+1yPcg{ zl@-g5Tvv9>U6fpR?JbP@DWtGNIsMlh8=iJv)#mX8?yS6C>3mAs-ZR1ya_<5P!s7?- ze+V#fjnfWSR3$&vr0=9VY)^@)_2Y3}+3}!BvCK^-a?z^e${A7>2N|47C<;melC$2P zzJ6QmR_fBgK%bq-_d}jP=R9SQJe=FIP-ypVFD9#1O!pL1GXw88Q|5A#_8N>u*)a%K zvsBrMsq*|RGZL|4da+MCmb1LQ;B>dC2PfnE+gSsw^bf2kMS=1o<1f92vQPJ|vx*lw zY%ee*Qq-r?8uB0aLIZ8mU8}paDiCyvL$pYRJlezZO^)DHd;7xn6CNo z@jXEka%#Z?f~6^S6T2ejT^#Eb*=9AgzUy(za<8$gCN2Ti3)`PQJF_wUa!udi{qr}Q zy*C|=spzWw%Dv~I$$o8Nwx#CZ0u9H`*|~0co3BwPw}0FCSoSElyI7;9Lo8pyky*Jn zy$UHlJ2sb{a=H*y>OiNs)>B}fd|co`9oym?1_#MH8+Bg^XZDgWcBxsY@ww$S)mQo5 z*4ZeqcdSa4)ZSd{z?gb8X{oI4(6MJ3dzy6~pK_>h7Af_5&gm4ful5|*k%2p3Ep0Y= ziX9v7PI8~O%auht`%zzzQ_I;rt+WF|vZsQ69XxnnASIn8Tt-pxGUz#Qe3;?9>=Nx&#|4c(#wA8}{8-kRe5juBXwsQlJ#(8Y7mqdR+*5qe zAaEj6DTmQxn?kdembc+huF6@7(0o5nzIk5hvTdy%dSjZBA)VL4uRT+%HWA(|V8wGT zE%U3>%_6xKrtXqUR;xa{VD4~d{HnhX-;l^!??u;AMjtV3%6|1$Aak~NV;krFCwd=~ zgY%wBCZ7yndGk!;^V&_1s@2@XKXTmt)-p@z$9*=D*778r`69cXRhKp~TKaDU~a94Bhn= z&!Tt*QkaEa3~;<$&b?`Y72`QR)-mo3X$R{;0qKUE?VfJiE=w?H^?RQEdZR)mvZjca zqgd-e+=8P???;*E2Y0kPZFO%X7dMStEq_?u>K!l^EPhPR$Z<*KGp7uJpO+m3Ms*#F zZjUlIXlB!Qc}C`G$6w0HxU;L8oc&{9@g+~ow;cO7y>UEq<7ctum)E09g?-nqP^z~SmdT&--#^$+M z;hfr5)m6c#J1;OlO5nKu?R0q64(I%Uz;bt|`{ML2FPT?;KUwv1nYUuamV!?*%|jg4 zM?!;mS{;8}rPDtz7#AA<$l=gMH?>7wGM8Vf-kzVFyxu$fg4-B}@umk>j*{cI*2%0H z&^M&Fy0mRicIN}d2lu5^a@*QgU6_@8*eUpTfrUp^_{weO@pw@CMdrG1o^K!AD@DHC z!`0@kbm8)%Yac!=nHS-AsM2oPr;XLtBfuys-v_=osqa=Uu zHqmv0N|B~P(f!*#ee5#eALQVScBppTbvC}E&sR6bv#d8gt6S@6g`wVwJL3x!4m%IN zRICY9IdEjZl!GMK?PVdK={b!Wj&f9~h%QeFQg~D!DC_{HAN|yiR-) zdcUlyg>8#v<(7wu?ead7@hddS0KR1=Eh86aejSh4c{{0AXG22Hhw-d)W(Fxn9L36y z@_0K0PT0FHSGwP%6Y|bTd9Jt92Z<`*ox8)9 z&uV_D&2aqGfutY&PFf-H9s;(m0$%3JlC}*+(5o2E2~3GP^jvsB@OQ<7f(iQ{45dmQ ziAY+^=bkr5>&2}dweMv2Ugo~h)T}k9^_Gx8k0EI+`jgU{GB#00L9^}y_h%basn)f( zXhp_e6Ip#z-eX+_?{bY={T`(&vdO%|A{Sd-U@aHNHnPvrYJ6+K(RAng*Bw?u+`}$a z2jnZ>hRx0z;2%538+@|ZyIV;$j9Y#}TfRt1we_m4tJ_enem{KHHLrV2z`?|0+i7yL zzHadSl^H=^LyVhyPYl3fGE2NpR~0=Id|=KpoFbO@R=@!`^ZEHl@+G5B5cNlr>nAuA zpvV2re9mH0ixcgiJYq^qYMS*kE+jsTUyWBs?kH2XN9m4aF`dxN&+bFd3Nk|H7|i`p zm=m~ErsMcT)TZKPXW_5Hd|k6}#qDML4y3Ja9qT^eR5?1<>&PGY$R)`4qO0)p$+$Z_%_?#;oswwch0_E z2}$L?v+8LsqQ z^qZ0WB=0o}!)(XL@v*)s922Vx`$l^%@4tG-=sbs>hg9lmFDu_;@6(pOJZiYA!llLZ z$N7{&4#{+-zEr8?Jn?(H@t!=SADvF|PENN2m2-WZ+$I!*TQ1qW9&uHB(DrgdL-=%` z)PisAA8#psJ?$vDVB?awtWDx()~%H+-5bMjC@Lw()cp0fGQ z+B_cC2a`*>?(Q;5J3(ri*G4CC&)|^xoE^Mnl}=B&;{C#k}lURFMHbw>6NCd zzVqz;I=lS+ms`6cTH?DKw8vXJBd*%DDMc69F_#(VoY{A$q3h|XwvU{xJ-nL_T9o~q z6}#)wl*&HQ2)FS=~L{9x^2 zQ|lJ`*fNiui;~~|mN>LGSSA0Igt#4P@KL(f;@GeHt3DeEJzl38>3MwEadXxyWzvb8 zvblv3gTj#k<#f6WT`IHkCXPOSwqUUN(+%0#$H&CBZ(+$^I+x|>B7q$pA6M**+$20} z){R=Hst#%Q#b9bLaT(f)k zo?o%~zs@6Xp^z2|!W-Sb1GRmH;`l^+j6^y;J;2r zbRYjchyiXei4AjjclY==!Y>RS>W1oYlW)@s#zYjM|4$rXasciC`=s91yQ#(-ceh?w zL&B>_s)}cqn#t^%ODukNRqtoljC1Z}s|zz3pRE}%awGp~ZXs{5_5Dum% zuXl@m&+4S_x2q>oA7&MwuY2L$s%ThsK4_iGteeT|dCNMATX>>ljwZyvTVr`|XLLi| zoGm3uwpVAJey*`XdYN9svBlh4dqrdi)-;a$F>w}o&A&KdeNVMFM%w<-+_hIOaom2! z_~TrKoU=SzpZzR#`G#5_!I~1;+og(P(O>4uB+{`ObAOxTX2jXaaAnOa`WUBY0dE`? zTbGKlZkYGwo=-T}`2~z6W6j_BLq7Jt;}zR&a&O*omEH&CwrOUG!}ivk-}-}Fr0;%k zObx0x6NOb?cC(xJraIW1iQyhsB&yY2~|uRf1cs?@wgA?0ze-s>@L)JW+}x zPeW5Z=W+j@Yu^sf+Ho@|*6Z9{1?KxvB58{Qq8s(OL{|!ZyT*3vwd%q%@>X3d-d<;% zM@kfKNvXP5h@lsWnEf%~zlJnAVH1yFJDhttRO3I~QDIdgq@llGs4HacB^9M1j_kn% zt^BH|XZP-Bm1#ESq$;!Z}inBrh~?TqO0#tU0^c zoWxCCq7VA0@XIG1mf9=gzP5ga^g$(|J39(wB9bioC$`>+u&@rZ{?x~wR#W59FZQ=bJ32ik^A83f^_t|BE3qAoncu`8l;8`x{#8 zeAq>kS8>g%5ZyNx7pmUC7ULE1Z1`(KXkq!j;l>S@e0Sd;JM~KWO6WZ8&V9Rg6)DQB zmhdyGZ5!g~tJ%r!XJ5@3w(hFziM1!lqxmHy+4Cj}ZY2(E1q&Rz$(zD_yn2t5!!g{$iZRbCJcS z{;=zfmBaJKyI9tF)ENH&t-ayvhYKTp*_;Q4g9IM_dY-u_ef)uHgY9oMgJ0IJgSR*? zj10Y4`gQH-s>NK7VaTYl~m&>c`g}<%BgR4F2 zpB{gI!Sib4pojCbkDE>pjP4C8Q@Nggc@MK7>GD10vZY=7Hx;!HKl;$of2?)Inh>r# zS-)6H9R1Soy^`kI5xz^~MO5OkT8+mayifU5Xs5h=`2CcGPW?o~-IgajcT;vh>;7pf z_DjdD%cIs(eKA=rqdU3Tle^T{;phU*yUU-*-o01iuF`aC#KLLzUGBQfghK-KoPk$Z z;~Szo*Ghe7-Ku(-i{2$SR!`NBZr%$QNrxRPUO3r3RdM23kuF;px`I^c{ltjV#N+WU zE=txqYlD@hl3u?SX62n@l`#%&-7TSZ+QE^dU7lS~_paqSS>_{TiUQpa%vY50rb7&&WjZ_2Uy!jAr$j&5Rmb9?pMjzdk-$`6%v!2sYp3@aYJn3fV zTKB8WM?^4cFh@pi!+d9%W{j9;<+tzINQ-IfIwF_{~TwzCVTdb~Vz zVsWSLE~W^h-(;tl5X)U8gPaGFJ2eafdtP_T*?F&9obo;9z^>5a3-A2y7e6!pLh^Vm zpMVMZR20t=M5sNMQ)PMNK%86H8!cWUI_O!G8?6AJHc zu`QfaoBWNDV=fCzYBODQ#m&)N`tXzhax{a$?b~9eH-=iIt(c`8@}tkOnrASJ=dg>! zM+gk(Sf)!(j{Rh8X4 zlKiTmZ=g1Tx0U|oZe@~{3bR#!Cc}7NZSv)f23bjwE^(fccHw+Z!a+lpCtTtp4ob4H zJen(8Ykt;5-fmWIrv$yPm)Gp)n?05VY>hj9IhND)<9gAur4Av&N87a~N_kDRn3Cr7 z428~BbPC+*MxI6HC>Hc$R+3m|Vs?qu!YSZuElH*}Z)ZUHVUDd|+n$J z`n$~LP`JpWFFfa?dft7vQJZDuz^LsY-XpfCoQ^Gl&qVDkN#m^IxQvvrl^Ux{+yQIp zA4VZR>kS#_HP-fx`h3{m;99+UB4wB|;N0T!uJ8Ji6Q*?!4{3gS`}ww@cvMmPuv3D8 zAICiN?1vKRqU`CSw>jk+isv;4$z5S%8<(k%$*?!DzZx)LS<$0b&lY3N_sooSaPz7J zzHX*fwN)Lqa~L>JL@ZNWRvX5(*GiwE^W+bWmE$|udNtEb_tMMrFH^=8ExqEQh*cFy{*ekr^Qg%^ zky-k+EuE(O&g}@uI$TsQ{^>zI+lEW61)WRwTv%+cmHhGWnTwX|zVg9dR=tz4>n)I2 zb3RX}=N8*O>y7erZxjo4tX#IQ`H=NjcPrs5MXdMwL~a$XPVlvhnQMO|OWtWg%kYHG z1*?qf-50F1lw{i2a_SZ&i>zC5KUbtzjiF>vXXr-%yfv)s<1#YO^B?>1$_m-9J#6j# zAb&k~cb2uf^cA-C*>7y;T+tge$qA4VuAcj3^Xb###c9oNcM9=Fr(K&}ZMiaMDM@sx zc&GLWI_(3u7qvMZe71aUTSKwX99QY`7}LZY^|MZlF|}-^GRs*;TZ`pfv=%#PMQNL} z92nu}pDX77X5hQ}Gybv)xujr$ghB>~Rbdx39V|~g%C8A~DjKi3d16V$_*E8qrPsMj zVqT~)MAxlhX={IJB^g`WCQg4t6!m$f&%oM2i=AJhY&b*Uywbyi8ilrJ>09=;bAD_w zyEHD7z(KLDQ#mAIqG`JI9sN%Si4}@-DmoS%^p1$BJ*&n&k8{-ytl#6pO5O7qtokbJ z8;bSV=p^Tt@icQXu%{XfYX6d5DmyOcceqOXz-fj+r+h}o_pv+sYPOz|H_>X?sVX7a z_>IBk{wE7YyLu5PiHhZ(UYUa{7tEqNPp9tmd=W!Ic-pCLYVV4c#?&5`Jyw6P<34>I zQ`zDk0ewzulf#dzyN>QFkCv-SJMEEos<84#-m6cKtZwo=nXfOef32iZSCRBh$b_Be zR#0j*yFoT{&6m_`bAQS8o%Im7^ZLU_-4cneq95_kEm_{&`_S#8dwVcy@m=nOHnzdX z&sWBZV+Ik)#PXEz|;Z=b@7PcARGL&_@Q=@o!pK8C?ty;B* zTlUuK+1Gu_>}2O3+5Wv^yX%fYMQ{M$&Kbcl+t2)x1u`EqdW~8lT&@AJ54<*>U;02Faepc>aRmISNS6ySEgl|V3FUiW@ zA@1ri7t5TzbGQ5w-dpTa`+j4qh4tF@I}>cDBua$8oL2FAEgXF|+9fBjxiR({-NXLY z4`nKud1hlZW9#eq&Pu1BEfJ2I+n6iY86{bCr8TmH&)|I6k*Dv=y{g_lmNRhJc<()_ z%Wu){b2~OTH7XT5Z+oVe-oeMjH^vsTNw}N$h0INtuVP(vWwy2jaT)U>C!QP%7}zK6 z8Ys{F=xQ;~_`6~r#m|+M<1ZKa>zvy-uY*rkvDT}(Qe*AnU}z}WrQut9nCs1(s~_%O z66}=utXHz;cY|1;%1V02ACC*#4LMF7bBT*Ibdisc(0$L+-D}1e@p^4xXEBA2;gVY8 zuUDNBCeh*dMXahr3kFvG`qtQG9uRLD5$XPXV}iR#1*MRC>kyO7rL-E`;of6~;dY0g z9@(;0Li_BY9dY>|S1R-y^fxOOu}k#uUGQCUm7;&n!JNg$Xw4~+@E+!N(UHOS>&CTh zWBFz>U4gA3uh+fVz0uLsLEJu;_w~n;#}@T2&drrkRwet!8Kagr)udNnO)uKzPO-i6 z6t}>?fuZODDruF;jmuU5?iQi(a zsW0x0c>Ged*y-5|E8Ew{>F*!re9Q8_wj`}=YgbWJB3q2^TCV3qwyvFw^SWF&TBu*r z?s3}dZn?(f%7nrO=YaI;4>DxK*DD>0{qAP_a=d(*Yh&8Y_pxaUbCCgDQ%g;J&OWp))vbk!*5f2g#H zT=0B0cPE1ZZ>@5qpJmOvI`smXSh7LKkfpEXjS#Po{YGgLvyu`rzVggprfoIfTEL)0 zOF1Yi&eYJlOiHCvuZrX#ZDb;rq9xw7gasVLap|b#RpYA_ySkkzzH-&> zr<+`QQ|*$9cAE~RMa+h;I+PU84BxFSSCjlw9h28*)KJ19lM~!l>#>Se!eRB#hVSRS z;_`M}`FZE(y40Nt6**h`FP;p(?|MSF{PW3^_txY!x@a}>Y1X|@?>))CQF%~ExFIp* zSo`{yfxFHMN_q^mA9%NU<@vt+jwr3;mxKID!UugqcaB}G3%2LGTgLKAuYa~|jcjAA zl@d2|X7d&}_GJuv?E7o|s>2s8%!p$5f9zcx== z)yj;rZMVL`c=Rm0@cf9m7j3o$o;$y)JHLQMy6|xov)Q_>k8-uN3J-)P41czMoDoy} z*5KyN>(`k=e-6|F zFW(}3dDr-0>6^Mu>#i+K-1<4yI_;C{#GHqkhIREpCr>R89j@A)$Ky1|ab09cMZmCa z`>F#khCJF*6zcpPudrJ0H)i}8yw^G;=CpVx|Ju*Ja~=5gFWEBOP2B#1E$~20X@-n# zb*F{fA@VF4lVfcW+lGut*39;GMo9|`hI&KiuHrB5f5Rh1nQbswdF9P^fi!Q!D=op4 z>z{5OZG;SDbyUu=DAx0~Hi74O8I&#So|DqTs0t?e+E#Jk>RRc-h5kCZg; zb651PaGiO0r?ENvaZJX$d!8k;oNjcv+;Z?fpVvFrS8_o6bE3hqM3x11>u=@kOA$sc z!4)hI_FHplnTr^|3iY}t5i$;gev#w=@v*wf9e;&_*JR@r#ue?D+u-R5#c+2NK-HHK8f zD{Snmg7U|EFFzz(@G%_|1(v9XE6Z73J@;gQ1l0r1L+--alE7-p+EsAth zSn>J$CG>^$6Gu}F<-JWT7Z?=DcKfLdj91vSwTrg)H89t7^G0{sKY7sE4x-MLfO zzfAXtz~$wM>Q6KFYNZQ0zJFmU%y97h(Y;9@TG=c@=njpt(Ph}R$|_gqshHlZxHtP~ zhp4{bqVoFSOEO*0U0ZoXUs<{Bd|#}q^1+dZj+DVudSmJ8&4Oz7m619A>Xz1u&Luhe zNft%M{9^96%0)KM62A0`?Q_MA2Oifd_(K=kY;dzp4^MloeaA?S(Yh?gNhX)A#gMx_ zK6s%J`;|>!?%lrHN@sp4@rLThc9uKEwQa=)@5)F8TX<9IEYt%^whKOdos)elQ2*ks z7L!=#9-R(ZIZpq10naRVXC}0KYdvgjX`f;oWmK}fq?K;=HU}W%@^NLG3ZrFOFP}Rp zJ80Rpe!J)Li6?!?`{n#MB@q=rhC*`=dEc&%%_`pg$lfAD{nlCa7r#C-ey2A$qF0r! zGW(g65~n_w%X6C?9k z=e6ceuB4Fmd#&Vn%U9n%=b%orc>58j_Oqf1`rO@xEE1oXEgfT6+s>ISUUKQ()&=n@ zM;wFvWp1BIDalbPrQ2=2#GEVfDck4y28A*S;$1FUtJcK3pFAadUE^$eU4F6F2JSt= zWevsY<=1pbJQk88H+n5*{RmHsm1Rls6BhT=oNx2G+sky=(&?Gy@)hQ-bOt78*ByDQ zSg<$U$=Bkct&Ygfiv&QWL*E{iJVFV)-9Tz-TnJuj%U zW;Bb$pJrD~=D1`L*#B|)R8tHHFb{=?kVvCYrfjx2AJO%UB|uaWysW-(`B$`!pJ=JK_hST@Z5ZFrEavHZyD zbOSo=jGHo-Hs~E;%y}oL&-t-tqx|~7bNmea=Pb;|x&uguPD*Pu-(-_3tBPJF>8xjY zYJN@3y;-GtGH+*5JQTgULS7!dXX>{hrY>ruq>x33;Pav0`r7h2U$>FW^ZSiordAHd z%5}5Gk0u@oF8mbin$|k+Uh#zRrSd ztr#@XuJ!*od(Wt*x+qMT-kS&rQUno!gbo3b4x&iWP!fV5MVf>XihxM(NUgI+$aTiT7Q!$GyyN5(BzalLwzS~7(xgl0|ung1sPeMDl1;A=aqExX5 z#ShjU?(ew2I@Sl7uh{%#CrUNjw6B3ji!z#rzp76A$a*FA!KjC|oIF^Qyo4MuE(fvn zybil3xN;gD!`iE_wlyAwylq~u{f+!W^> z;wSTvl&v}YQcKZ8VwBxa-R_F39@N`UntK3!G*~m1s30q_Oq&EHRJK9+h2xu}Ku~vm z@iZ4OsK~C=Qis{*srlIF9Fo2{X&cC>A^s&kHt7$cl zNy!&aeNRhC&aym5wSUj7H3-V+r5IE+fkzEDzoComt{6|styqIa{3jOeoWpTIP|-^> zHCFzI=3|Vh+t{U;a34tF5{y`PCB(tYz41f|1uU-Ws9f0nHz9q}%-vYFL#40%Gh%}G+X6wJ@IWpvG72jS`>SNad5 zdXdyTv5zBV!mQiaotJwUlA@o6gP$yCH!OneZ=fM2-$I1AR9EMGvPngF4ha zSC4cg+$u8eH4N#cn?mdtoD7|^3U{kr{H&F=Ih(zafxwVl_dT2&7*5;*{feJUR| zRQM;z&e4MAk*du}zhn)YNKX9m?ygy2AVq0*MvKbla~>ZKx5nFoaX0PHSv8n}yJwE* zdIV3*kgxSf!yoMMlH_@fFUc)~r03kAqQWh_bwUn&?;OP;#y7O-2jhpe_BYd6b z8JluVh7aplE-59Mz^9av{1lVma--7xJEFDj!l5v}ZNaJiB+ph+)`pkwINwb+4;zWz z`08h`kER=MOWdov4pD5RJaSUK%l7Vme?@&ce-w2iu2L;gHCPLfwKqft z5ovsr1@KS+kWs!FA_9}Q9_(9`|K*2%8LqF*&M_OHHlkw3SR5?osG^y8RY`B`hw+Rw zrnAMd+}3qz7Zd&Fz22Xrisx^wJZRTpGbfiR%QI6|{Ohy;;f>;X&?W6jmU|o{FhSs7 z$bwF5Qh!Y&Up{d4K4j`0QT`(`PG{D{nKMB0Qmz~jS{M91y{bIObLTNVTBlI#xm=gq zVm~S+)%d5>d)CuKz*4)59F)z}9L+Yl;?H`7VQ z*SN>EJ4%r{_@G^Qf^N}u?otNednu*>^e!blbCd3*1DTJKcN_mS4~O054G6y3C8U7z zEvECs+X;XShhpzQiJ088xiAp=>F%6bPjkl8(M~gUKp>+lLt930q%S4FNnPDI(r0qz z>ehIyMG|^!k_}_tEG2H9gJ!#FD^jx*H(wEgro3lmf1jw&=1qXP6lLz-(kpWPIdH?Y zs`)Vd5$YVEa0Iw`=4qTzJGuspzXnlWk=bqNiz@k%Z0h7-m0P}o3 z7R>88e?}gx(2lAPZHCSC>8FX!YgatsGIk_>DrZD5!Kp?Y0RK)?35fILlx^NsIstW) zEACI#olUpVZ<+B1C&p>a2rL7-IvB+(S9M5@X{FsZ8T;sbKJe7{n4m2MD1-fdAjCiO z9+kN#6bMTME!j}?h45vFcqJU?>XBpff-M<}#qXW+vvb{r^DIRO_Le`IBN|gdp1f`D z`O?*rc;6t_+07OAa&}-{-RHmih*w(FFQi$(sPssy^vFY++lLkQ!(l(!j2y=0+fkDt zLXldsuonODzsS3VckczgQ3k;F;PC)fDQdQgMB!An{$OZiPjp9-r+&X%4|dp`_OAC? zG0TBVF)6yRyTWn>lBrYboNjFOh7^2z@V;JMt}LqcSa1a2`EL#wNA(MtW)Pcr$3>Z+A8W(}L)*FDCV2&h7}G(P$Et5_ z?RDo1Ym~9%eRFb8ol-r53&DN7BN#6FQma(d_-x4!enrZezeI(60Up4J{kT!S{9C8E z*Ky*#!yVd{#mS| zqt_S06heK^6K!rxo@_)O;J<-3d1c}Ld3!)(M_ zMh^`@(2{z7(XEtz#(n!{RhfNOIoiB;R)ay}x<|@ezx=J<7rwD9vjZZ5pRK{h0^554 za^6Sm`%5Jj_R+>2QNDH*&&=3irymL){*jP)RCdO!>S$7BOX@Gz5f$9R$8OS4`}2m# zX|hq{)ioaj&n4>{h~LLCK2BstaANQ#)`Vv?;5wkUUlg;3sxyt@C*-|9Q@o64N@!9H zUUbd+Wpo!q7IgI`kf_RBzM1E`mEljVqvPoW)%Wqxu7YZsfb&18?=<~o`|Y6{p4s-S z0O&Z;#JR}ur5^((I5&7yX?gmba^h?08+I!rYOR_3Zkq`%lj@qp;7IHb>fIqIYcriC zrF78tv*%W!-{NE{C0da^^O_b?{XahK$L{RaHziM>#SZs4((q1;J8`zEShKV8tYNo> z@P4yOBd3AH6hwJal#veiPdte?n6K zKdTjD6MA2;sIf%cl$JK)a_D+GzEF`3@}^;UJHt8U!ZP`G%!)sLe7OKTB~cFfNP90R zj@oMF>33%7nKxX-()=3ux*m_>LR&2=UEAxTZ|_bf0zHfQSDAs9K8SI} zZ+>uX$U=I(t<0ylB2B_rPO^msrK+jCev1rQHRJziaCyG(TQ}xZGKs>zl=Jdx>MOtD z%JZF3yW91fw(&N`nUkSK=|k=|4gWgrBjTcm^YKpI;=DtHX*|Ph^=Tt}8`mK=U4B*v z{X#n>{cVgSr^>>})G2=XPY;rL*PsLPV|io%_t)}k9}w8M{wgXrcIEg_Yl9lHY{qu` zdmXQ}gl`--HSSFQ?A#VKj+^d{FrZo3r%ubhzwATdFckksz`j?~XhX(hD=^klfi0r* zbzd2s1=Xq+O|-P0;RDGw52`LVrcwCn(ox&90^xYzzgxm1jvjNWme8b!QT!qH%Vv+o zLOxv4DLM)NrGo`1KefCukmz!w5nLmC_F^chU*~<|QD=H~`2(x_9F6OXEvS#dX2w6; zSz<<&OKL+-Yy+%|J`I`r-J)XjDEE#JZtnDfJ|2+npHbqB$=QJg$VOaUc#*|x3<$E6q4psp?SaEvf_34HC-R? zw^A)UPkuL?UKdqs%l&MDV`9WGX4?Jaa4t<{x#aT;(A{W80_RXgC;sb~SgcUUeM*%9 zh3KV!irF4{i8R=y_j__^O8)IVUegP~W}+Bhe_dqKR?*s7%0{>2o!e1mjN~|_B0@!wyYSZ<^1H2yG{lWfG6CkO|%tEbC#>?EU zP7>N8bBJP+1#1%7aQAXz;CwH<1YtpGH)8_&K0kP{kC%#H|7?9m3cIL z_s|Qah+E(mR7lq8SkZEm7b(4wzU+5W@eVm61_yqx{!m`6I8#%g7TWnYmf3uOW$*D6 z%#t3IQKrR;eUj9kA(n#<`Q7$EvxM;g$>^3)e zdn6kV4RZK!QhHob?bPI^aP@F7XDCO~+lOJbtgkJ6ev?POi(K_5tG*SXC@IY2hvy?X9BU*7 z7rT?s0MQh2Zo-^*k{4!4UI~86dW({9p!$BjPV%Zr0c^>NIiKK$gwap5h1oLiZvMWZ#+dH#AB%(y(z>z%;Fh%8T*%P8O?je#morvfpIJYdZ#_G7T?qBS{Ho80f)x<;1~`y6u$7;% zmpNFKeY0Tfx!|>IYBe`@sjIlIFfEDN4Gz5HlztkF+Y8O~2@2=_%RmT7AH;Q~1ga!- zrBF-KIrTA!oHQ<|$Q{kEQPAyO%v{%B20qRhyqGzxFTX`+_vuPbIp)yvJuX0k_F1+s zM5R|qyIs(c99jrjSZ9W|f>lm`E4|3xXg%|AT|6~)-MKpXrKPu`>U74awKb0;Nn|_r zDWOuWyg&ba+f>KEsN|jNG-JRjRDw>QOE$j^)0J}NDYOM6lHs=!aPDhrI_MR3m1ThM zkkPFHQfDL<$1L-kqZH;-DNGGl7MA{;d}{e<{1Oo1M_kh7NDQTf4*WJBo6WAFeOQ)W z9nojN2)s+=(<%e%3|tHoY<|Plvl-#>%)`h>pRd=8~O;q8D#zhz+ z-Y$myOqmt_i?Zdx z*u7ux%|zFAO;H6>V(o!Cr*m$N5YV?-ix5c^OG$|%N=h^h6t!9igS?@kqtnu`y8TWXVZc2$HL?lv>% zf~V-0X&K0UGz`v!1HEcycPewI1ALOB&^(0(T|mWBYKYh=3%>XtrfdmG zxZ-;PoE!Un*-GQPOH(&wPvv#JN>ON+=P-b1P`>&fG&%)3?hx5HxYdKmf-as@Yq{p7dG})smcBO zl4adHA=#A{e>|hQ&BucTiY36F+2StZVtwCN76hCAbyq&xh!uRyVXK09EK0X+00uK| zTHc}XeQnE2#E{Tqo3V2Aw1~2gSh{MXHFymgR`8g_Fj4LINl?^_V=ZxDu?^b1=S->M z`W!mHSCTOy6z_-m7?y}iK>anHd|Mcz6}|b^p2ik@R4*EIRwEBHH8oT=G;&SLK1#R) z%beO@Ke&FqLHW+~&W6;VF#|9#u$h5nc1c@o$t=3FIjX2nJ&4)-Q%FUhbwnLQ!G^mq ztJYtelhiF)Jk7x=v<7$W)R@?N`f0D^{SSn#xCXyJa7Sv}zmXN$2>EO_e8}9_vv&GQ zK_&Lg#K7Uy^_ikP>$tT$ZKyd-bOCtC9-@N2-+NEvTlckJgj7E~E!|$+xmcnyR$9k^ z&FGEPzu!mcTTJj@jK8Z$+N)>`U0D5r5k(w4Id+R_8vX^3PZAJnjjUZK%8`h%(62O7 zD?W3Era&MHBSGM^OvDoNNjE?4a6;A^O=%dWs-k7v>jK-Hi$ydz>>a;jLUea*X+XzI z{qHHxpiFC~ zMEsp*fOgv$#CEsfL>EX=zhhe=vkSK0*DBLnU(%NEaB(KmVdhXv}b$th`wRNfFLw|!{k^0n@Yhy)USg1!&a z)-9m~R>smEl&Hdc2b-$g9^O9VxjHU^g&=HcK?*0LEjE#4-;_cTw!e{FxprkmS$w0h zf0aZ=XQU^6=hu@$DUjuBaia&hN^UwRRznR6U&9+^$o$^wpG5v-`tu4so|U&!AUuhVXLf=tO!?v|_tDj&OY0 z6U*-=l(G};ijDV52D5-;mTU3#!)pVJ!;_spHV6GzaPQXdwXGYSjDSOmGeKk)amsaqt1 ze9Rwc&#Ar&#wupU;Vk9+PzEaw0=d=ZuoSr|uJ%08RJSS@Y>IYTFV8bPt%dfsic!Yw zUaj~K8{(hrI_ey2AxH|T!HV3f&%GmKy9Xr_Fo**~g>V(s(QPg`k2@Y9G`a~L1s#_@SIo9eaJsaa?50fF~;27_WbTrnXUBN z8ku?|KH3){HA+WBZ2tPT22O;C9Y+N^M1noo@Nk$qE&@SLcu^o{8WYa$Igxn$#`` zk1C#mJ;D&0xpu$V;5$ja@!sL*&@}iMBuV+ftuZL<_6j}v0m~+Z-AM^X==nZp)z!GD zYnS~=bHS!un&Z)PdzN0TOHSE@;4B3OEr;~`WK>K1XM(!C;YDppqd8s{c5G@I2v&9k zxKv?w3p438|998yV3)vlN)IbVKGZ_=;F)0JyVyA!N& zU3zN_8Zpxw5cIz%%At-5Q{mcf{_C@vk35zE@vK`okty=TEk_eSpcq2K&^0E!b*gxK z&IUn2DHLqWEpKn*nyB*G@5sFRW_NCqGKH(o5*)thVD$iKBc z@~gzxvhLg*DNt)`l+)iO18yBBaXwu5^vo-W3r?Yf}tPYUUDZm#`9Ob;?m ze^#(tZI; z(DX@>d6mD=CS z3_-an%jvARIp@KgTO=rUBnK8m7LisWop>LsG|C{dmhmDhG3_U*Q^vqC&cZDCo48qc zYE|-l&qeR)`G=09_JORgK!!zW zC^q)!4b`KDGkdJ-zM#%{_vtd<=tRxL+Jc|k*$`G5bCc_g*~Lyz&F87{qY(KgR%&L* zNutDYr&lj@Zl?)kAXQOxKv3Hs)o$52MH$*c^J+V*Z-G+E#AWwxIz%!8R_^*O?&`Ju z<4*rem9I~%?LrHbA4R_`ij6=z%FJTXqar0iiap@gIjmw61^z~E%?&1i9#vGql8E12 z`@G*xM7>KG){2N9X(RE54zj|%&Y(S9rk+H-ci^&Y92Mx%*a3k2x%~wh+WeaFUTfk= zFM~vW$>`-&wwY7%N13;y2KPghfN$wRzJ91z*f6zRJOA95PWgm~7=SVs4D>vUf6Ag8 z$AckyKv4FFeQo{w@x%9pR`yCp<0XVgW6z+KsoGc);F>m0W6Nr+sMGx7dunC3`H42J z>}p-J`tq8YyM_#<&BInu8n2Ga%5PS8E{D>gVLORw!Sr<6p+xwaiT2b6@~&t(x5h+7 z{_4c_G6{DB8On)=O)JK*Jt9pqbT(z5udtPd1{CUim!nq-f<6OBPewfA|7%_(KVH?^ z(>CW=mSGYxqVi+dmCFi}PNG8x+8h}c5`I!rkETP@eiKB%Zw)w2z3q7cr7PlJ z=_0I*9;L_weS+jTEU8{L8~b^H%_65`08x6keP&3=sPdd2oj3K-dwaV~S-prdFU!uI z=(}_6j(!g(AOF((Y$m5jLEgA|qN`pC_J~D5J{56u{?!u17e79I@SKJ4CogmiWxuZq zQKtg1s?IGm4h-9%sI=TQp7N*uJIBW&Ir_P)60B^GxpDo|W#7O1(^*2A?k-h}vogb< z4v2-+U^H#RZ8LL;(YdP_fyN)$IQ|{0kMXY4JKcBvfmJkh>!rev7oU+qLxt|tD6c`( zktW$m6m(!)STfV=68Q(CeXX?%8ZWKm)YIDMfgZRJvl~pME@lZ)OOEv znvGcqG14q*2(GUzvd?snD9LgfCF{6XDmgh-DM)vRur3eE-DB0 zl?#G;u4*=9qp7Jd(iB^ZLS6oJt`Qgz%14g)J0%dUMu_|_UJ#04q#k0r6fX%hz{(qC{&xo6;0jhq$20>I>D-9LM zIxCSu3QNt}+2000Af~amcrHs!E#Yfn6IC>DhD1M9_E~tz-hPv`-m|Ne=3@LjHZl!$ z3N@%NjBky0fe_`(CrI{YnD8csTh~5m2pTWESt)TH=_<@60m}A>0oC7S*5vzZ)>@$UPhGwMeTYHk^gO}Mj#kmUra>3C zs;{*JvMa*UOmY_QhOI00%>!G=C1%YlOmu4}vKSi=DK&I&@vC}Xm2f`S`-%WD?Ge0v zO+5>H@t{-!p@ep^ml;mMV)J`uPh-{Uh*UdQLzj|YOb)L{`LDVS4jYB#gRvb|8+t_< z{5pSANha^YpDro@e#hGMYZVndR(onKV+EobOE|tR2TRMT=G#+yJn`TqAe^HT%r7@x zMUlHQX**UB8jvGJowN3ecC&$CMhq?JnW(PhVuP{F+vTt>)s|#-cqg5gm^W@M&HSP8 zC|WM+L!q{dasm}tX5(K;#M3y)TZWYn1BrCSPPb15!qQk%98gOsbK`&2KF(`e!~9Wj z9_R<832~}*!7#j;1lic0JiNegw{Jt3FhwR$tr2qV{EuXyfigq`m)7!0HeLNVF}qD2 zx8rh}wRhKR?1?R3+(V+`!1*O8_)HzgwO-THcz_k9{Ywv`6xj#CdD!Uh`t+79kXvXY zCs#~YOv6ZcB}eHNdjEWmiqzc8yG0w)=>zMT+5VYpH?5n`q|bDoCr_|a-9>Lws1Yyb zCs?enTBm8JHi`E>7H!4-yuA$}JY>a?#H3A8gchl;j$76JF*Zi6WbqC z$~vl~av007Ql9oc`^TK|VF6%v*_|hqu0FU}SedGk-+fxzZm7wwQemRK##rET%87Cb44IXdTm2CsA=*b>r4l=H?nIHo_#$J*b*^HPEn6Y+PJF+1L?&b zsj}XKkB1KDi1znjg+#RIK#_n_zJC}3W&tK7dI+Sa8NI@4CV zOCSmrVyHl-{y>OlhkE`Ckk>{y(52GmRS}1E);+J)fXlywboFk3@9T&7p&FB-AR0KY z|NIF!;;YIiT>UQwYM~o;jkk?Ly&t+`RKot#zVLgJC1dG-Dc>0uBjBs>Ej+_MR zl#b{)GQbwMYQI|Sy@e;1&}n&0#Clk>9nOPse^2EH%r5jg{>zo|$S+k$G9>8kXfZpsbtPpyXAoq{rs-u%k|IAK-_*a5`Xv}jXGr-nCzsK6<~OkMz;vEF6sr-y(=J38mNli&-dGP^M%8+_P3id z!h!b5QG~JHsE5fh{R1UT@X9jGcRd}$=T-#sRC1;vp?eyjChW&4E72hv`Kvkp)=5dm z;1j}}J6A-&60?4oBKmw3mI#(!G!34+|JD12w+#bO2RTXLH+-;r;f)lvetwy_Tmoap z^{@^SzL38@=FzL^qZPoWR+Q!Z2pf_G_PFzmE7o0K|LqtHTf6u^c@!c%gf8|tLaoEY zYu4@cG1z0aF;Oo(GvEv$V)lwJFSZ5&Nsmk<*gw^LuMSF|9X=Y`JPlms*{>9eUrdas zdjg9DgfA7Iw&VvaFq9asYCZP0{o2;O`XmQW>`(LU}GVMjwT zV~bVVV$pruAhfqxxE=Myf>q+ubr&M!qh5)Y1>hyJCK_RT{q?_&pS^{BpZmBVKa~DH z=3ltchz2gn!9g{XNFt_{hG6f#+Dz+H)ZW8ZHY>L$sqXo{TT|7*6*WSHSC+e!6&qE{ z9jXx^Bc7z6tGsUqJh}`l>;@nND-FT-+<|}Ej9^S{MlbTWOZRB{I7H&( z(DkjCMThh;LmiJ|{qdL+<3>G8-QU8Vf!zh5b!387lNoO3qs`6wMqUuvsl zT2=2K1}r`2!P<0i81~XiAUw_Ui-YqmItQ+8xg7NcfpNN-lbGqLWG?FfyZi=B`^TnQ zGi3Id#5eBChjk^2^HW#-|DZ1CgvX7MVrZy8Z| zYxvre3-_gGg;R#yG2{8ZLq?yUL_$q{R3=ut`O@Tnx|iu%EXBbKTt~CQi64HY5Tepr`ZAmZXV*9e%anv9!P4)mBBr zEsV=G7mtZzExZp8>C!?<{%62r5Vq~U#lj+cVQGAC-DsRXmW_H+r*D~__3Sd?dsOZv zUrF8#4eff1{22t6{*$gTtMkVmc4m@&pJQ;6gV!}g#q(p?PS^2J8=S06v5__G9Qp+P z)krUtEPLa1&BLX(bPYYQ+C0foE=@1n&;778=Y4K$Tc)B2`Am%;5cS}@{#eyr*0F>G z6T&&HG9Tw8gqj4AH^*z>4i1Vdx!%lz;av6ZXV6$n5MAS#kc&p#i0XUf(x){DFdy z`)L|uT`9PoJT-7}HN6%i$kCq0XR+yZN-H56o$h_6sxZ^lUv-ceLY!--`aYsH8VOks z5(GWOzhDFb8zF!Fehbq80sqDCjo5IB6!0PV;y=ng7+3Y?%XOg>VWm{>Wp4S+9*FUc znsrn~8^98iPKU2Ypyr8oF24!UFdLMxb&3}1_aq$QX>G@ug^_8%Q|JN>fxOsSk1&3C z-AlNL8=B}33}H=l2L+WSm6%48Rh2y*1S}i*a(lkKdGCAd_ zpi2z-#nXR}jS1>7;*Syvw+%}J4G>Jkw4JbKp?1W+)VTj>@eCK>0!ju9F&KB=TLw$7 z`2=u;+Brrsf~vpOHXBnsX!M3{wTiN;*wVh9(=&j~fWlCN!Lt6Ao1rGc^q} za)<6?o))vk(t%8M)V|9+z(*^h6|+r^k@DYKwP`_1yoSa-Y7Dr)%x>j2Yz8!)GLZ*! z;w+O;vi#an*z4R?T^icq^ceK1uv1 z$K!J-U3RCR*#J{PSehrECUN!qbCJi>as;455VdT0BJ+Qj{C(_aJ=0G_h#^1aJck%B zEmV$7HeP>#g@!>etZIbMVD7UpQ9? z-{Te->klNszdeJt2=Hxk=v{+7auAxB)&R%F(#%Fy8DC-=sfI{ezc>;$-q~$}J?M-g zv`G)E;~owE8-N1{3tzSpcn{;If>42$q+^)Tt{|3M@X8emP8#4rGL`n261w!we=0Dk zcE&)g^VHB5ul?QhTb?|DGp?>20*80hP9zfYir+?Vp$TBBKjlRmn}NWHFX1yYOHY5a z;zNa_sEBhI8;zB%jp{Dc&>y8AOqm#U7J+|P72o$%h)WkHtaV8;YQ)F@n)U;p?Ndy$ zE{oIi_{C8qN!cO@h-=047TQ%i{{qI9W8!yTh@Rv0sk+tJs_CttBvu_I(h`3&Vb@+! ztF6&FM!T|4NnwO+*1@lkoRxniTv^FS$_NIuRvbNkpwO+kXO^o+%U0eeanV$M0rXJd zev#w>#uc6~6Dj4JsKqZiDuU;=&TOW{F@V;{*;Y-}G7uf*@$nIiPm?ZE5Gx|AKGs&6 z^Za-K156|vq50)tB9y>C@!oShwbHyEwrrMLqyaV|G&}2J%nB@6S-x~yc0|%b$pj8C za0;j>w;OPbQ z{IJlxo<`83UP=aYU+4(ISz~$h?B-HI!guvmNt1$MdewUi>4ocHSgbb{BS@ODkHDZ@ z?lCF{&7L?%yskoo=qbp)BjT{^d3Ji-;%||gZhM#ak`1zUQQ8vOb!UDH<+1AP^Tq>d z9T9PGZ5pUN0>#SBg2<=65Hj8aCkp*ajLF(e@~%!3vktlP$;B3D@}=#GqZ6)67v3sO zelPH!+~S;GUep|v1`2Kap4gi0v(@}#9G(5Ns`936JwRn!`TVdw09s#_In(_3`qFoA zN)8{~f$FWe`I$cThQ#r>t@mJ-p9Jr3Nwi-YPK2!tRP{8;HZ-rEO)29BU_|W{P>u<(lkU38uJ8K8EWFwBD1YpJ-UXif z4BHo9kao((?G6wAbnbew^fOVDJOP{cK+$9_y>9E|Tk$!xnG4=Q2}Bhp4H_(jus&(l zZq-amOq2YkG+0Fg+8T1^#6P5i9$4HQ%&+t4HrHvZD-R~DC6fL;nLKED+syc7V5wnS z7$ams^5+n)Kuv*~o6`b1a9(`(H}_6wfCc}f>^{I6TA@Tl7vJ+drGdpmJgfg_J~dynF-0YvTwG6S4lgt!F%8U{MSl z{9#^O<`;MDpI{*rPim7FIG9A)$Cu*t0eHIk&os~cbepOzIsZiSTYZOS0f}SFm;jyw zzi(at^yG?G<|(lUv)=?TSk_YM6*BZe^BZ=BPjE{=aNHbTx= z9Q{rrEr*09HYem(a5jVINL~E3o-H|Lse4V8o`xI9Z>x6S4$Ecai(#?k{#CDaE~@9q zaFiVT2we}LTTC!L4S3X}F&CMbW=+WS4A6*cwCG1XJ%yGY=pI(Q%kIusXZhmOD@|`R z?jAkef^3$hi_JOH;+o|#?k`?k$tj`YK@fhJ}(Bp$KqoSM)HF7g%IfK`;HVL8jczGax`=E$yylB|(jwe5q4Isiu zp!JaV3Jfv1jgaxgG{gU0P5}M(8jxs1z9{{b_z?|Y?+j`tI>5pja`)V9zohvM#sgkVgYrb{X5H#`|o^~+J|lz^t@UKCNRk~ zZNXn>tD>jmdN~G(%DT;~YzZ|cx<}ECtlsNN=?L=9;I}-nJosorX5f7CS^CBT#qZ|t z^Udp~e9jz|*wj}JoKUg!=pm70Q5qMr2(a;pT+wwRlWzQiSlFmO9ZcQpHM88D=-*1T ztP`=t*s^_QBczq112Fh5sZ_RkblEhVK&Pa(%}b4Xc1rz{A6+rs|1xs<-UErc`A8t4 zRO!8T2nimVSEW_9VF~srZYI0dRu=xPZ!r_D7uR{FWyI*>z5 zP`!#}2-ZO^ctS{@bUri|K~DWYDrcm^(n8ZUej1V~zVr~XbSD3VeLZi;m)6q%(;aM} zT#M+CBmi-Vr)e4xaJRr6ibivvPNfKCMzCusHr4VUDz5)e9YUqJ^oRT2@_@?u{Di*c za~Vez+MC9b1K?N^G)_}Bjvz%a;O0#wQ3yhjps`tz{Fse*i+FPtjSItAkF+CaP`=_4 zly#AUf5X(x*EEPRZGZDk35X0DvfrqiA|jBwu0f3DSU0Vk+f~AkHYatPSu@CEpL+a_I){4C`ey6X zM8kJ}dw=d>R0?jGAc8)#^|ZL`sS13X5V2@4ToAsXHV3Xp5Ew7kf*A@{_@~1Xp;5&r zxpq7p@QBCixauMmK(5_v)l}g8_kyA81GkhWDT_HJGuOY9yq2ChM^0;Kt2&v{-xEjJ zDUV;93x9tSSYjFwqb8DLgAsK2dlj4m#?qlev(J5&+=d=}SRDJd@_Hdx#qNS`f~EU& zVty_XNKP#IR`kx`Mq*@eBWrkCm)IzsKQ-uZffhtr;ltZF7DWi|ECuXr2FZr3!z~}P z(xYEEoW3>w)o@__{^Z&2;$WI-Xa#6zFXk!lC>;x&ff{sip1p<39Sj0vsgJgDS8x3* z+3}fIV}Z89&s%bnryyqQ+0)uBOyT6&7jXkTi7S&sYvvUin^RLCa5$f^lo{peFF&B%WM2NGRusVVGLH^A&Ml2g-5N{+6vqmO5_fHo?HhB9=99 zF079UvDjC7mg0?_>^l5kEI3T+bfR?gp z_F%6w22n2e;lzF?q1NIlpX}%WfW;Hm~d~gnBffsKNvOaxnAxzHkgmXx4!k2I1O=mZ`tKHamAZEH!Fd=o2r{u`#oOM z8fswT(rIO{^h3i5r~)=ctmno6rTYEm`=!Q{(5L-;^#ChQ2ioW5>FTsFrS$U}o^Z(E zJ$;kKgO0#sAhzRZt??@Rdcs)2{?;^Hhy8%WoW!hZCLjjlHk6}g{VxI&)lMxh+-~+s zgByl}p7}MkzL^PP)k+q>8BY$_HNDxNZXIFHUGHkI({`m67Rsr($?~u6(j@d&bTUdt zj!lw)TfeK1%PLJ0j~&Wat{h={q}`>E?}94o7C98Jab^CSMW3eNp*k7#Ocv^94`pAJ zFMt|+?>N<2aT3Q;#6>Vz<UMKPe4lUa`u3rCayb-$*QwNc9hTJ0#9&F7);&LDCqCTaYQQQ zJT?m2Fv{dS_-EzWf9w7ntM&Uj)ic$zKlsZHV={+q)}Bqymw|`8=xj)RRrS{9455AG zsYhpb|BCCH`;X$UJkr-qM5IJLiB$~CP9KE+&mJ5H!gSsLOUK%M!ZqywqX#FuK%AQJ z=Ks%xWHQ?S*>m&580W}p%%XDApP72X?C`xnG9~ElE&T+tAKSxTlbXr-w8E!?)y~E{ z;mq21T*zjlkhD6FnR%znJpPFGJG4ew;Pka@U^TicdDv0m-3*Z-ER^P<1TJHk6) zHv?a@rbtm8p!oi3t9`$F(!5+!!`G7T(V7sC>*r)yhq7{xMoQfVm-5NbxoLZ;XQqqU zx6Yr{o|IOVKRVeB*FmXVc2c!37loc&pZPM>nx@k{V+v!coF0S|nD7d^+*zr+Cu-~@ zcj!_gbDonqfMsv5_KkcxG*VB}%75J*&z0vwcX)E6IG~~+BfA;Gq%I@~aS(RZUYcVh zArIOg=3B}ccsr0w_SKD?8hNR{Vc*Wf=1O~CiQjHCL)mE*>fKnfJ_fkNgoVI&HrmjN?_A6 zG%}j}ARtIVyg(v+Kfe9TEhcvZBhsgxdXcm?=Q9E9cUk8dJsus+Ucc7-E_^>ka_7l| zt)+;HXP+w;P}vW?5}D6e6Qdq{C5g8Zrv6k!jeD)X_Itzc|Ksev<_N@2lV6ec#XX$Me_I zKl(zOE4j{f#{0a_`}lwkSY$mfZFneb^Z zzNh*IgO7xBW>KYK^ZVn7RqedY%smRSXeG#4T($!)h02)((JNoL`r-Dpg;SHuR{yZ@ zX;R^!y;!x6bD(xKKj_m*@*Do#eQ%!zitvnd@8kQvPrm3o78DN)Vouunn6}$%@jAV@ zqnuQiQ8Vi)W*(eQ+s}~KvM`>K*HdPr3^FED4&!FA^S{#4JINfPxHgA=Jz2dbN0ca5 zww^>cI0Dj>j4g*Ars?BGYRaZeznI>te8Qqc2Hy0@KX?|n+mbZQ?y%Y~-zzzgZMadH z$;uSt`NzL%=&@1^r3PKT)u5AiG%6f7cEnEn@Ugd>z4@$?wPn!Dg~J2+Pa-|$sTt;} zeo3tS@4WBbh6as(U1$BMu^JRztfX_QJ_PmlJiYc+b<4u;XszR9_*XIi(mQUk*sgQY zp{3xf2gFLf^dF60PC%0)Nk!zEfT+yAW?7vQjPm#Pj$^`TslF z2;KevN;br9z)|0NqgSD{b93;zGC$KI*^e-{3@{w@5GIjDzm=_?&lz?o;zek(gVG1{U2EoIO!B`Cl~hw6)>{ zBFy<>WNw5ou!b_RB*BQ2TWoS#ZQf-0&NZxvtv#P9JUiU-#mHpKtG+n(QR_QDn``#p zy`pk5ywE%8omPIgyB@H;8#p`S-@sV|{P|KAmXlbKlZa@fJ3MT?qG}FqxIrPz0UJ5? zzP-B@xVpHw=<@6aZ*akZhk79Q$LI;MDX#ZHT5F>hs_z{r`a3&iOECe>r|aO8+9$Cn zt*=)v*G8L|v>G?uvTR=UGa=_{1IzV;`#L*2HO;6GsNFA14!V{msl6m7{%RLB`Ke7& z4e!PrlJc4a&g5>@2BrPAP)Y0+ zK0(<=OY7^HqnMajsR#Y96fFZ3*}2ggf@x7-Y^t%fQ=AwLA9u5$ke{ilzWHO+ME~Fg z5i9EiVSM|qncrcj$-?*dAIkmg>HT{y2k;j^`m&5FmC+YMs=jVNjyQ3xxzoqx#lWq* zl$_l@|Dnf5YGNsLrqp&}^FgD2fN0%=_+O2FJUcbd6AuKvWlk{?TTfmE(%*vI5bh$?@k^T)~7CrvKHgImJ*gR33(R*z3Jg8aUqZ8VNcG zKQI?onQmo zjAYY)bHP{f{Afiq&6`cmI$$k@(eg?z<3uIVX6xBDGDT-F<$`+DGnf2^o#%di6mp_O zW4B2vEHyve=8ER)A4@uyiF)7GTRe4&o26+VZogbKRyZ1oE4WiaePl>j92jPiFKfBe zR6cpe5&iXrb?C&eSpfwSD(;B~u<_jb@FB%ChV3FEEs(Ns3*UosiYQ$eq1%^)yVbyF z^1DA1BeL)1S*O0>?H5I#%+PMN9&4Buf?(s|O%XzSq3hXz`)rTTRl9s{*HbcJ;T!aYxhH;dMZEO{|p5L}DvOGO+- zVmL^qE1h@A2klDY{qV3qPt$>20$4lY|+SJJuQHJ}m?nu5?j17HHsMfYh!ssx_ zztj2nXnMNI<#4mq&ynhw>$9Z*-@|fa^SMx?)+gJiLn&(OsE8j0gf6$BZ!MAJq=6(^ z+jn@;_xj*?3rxbZH?ZL2IGch*+WA5V>1)MsyeJ966EWV)vde7o%3{keq1}jQ;FBC3|R^9_d~7ATbYq(RqCc?WS0|d zLrGX*8Q%$w+;u$(Jo5<;f)W+k2)!hu4;BSAwOh1eo-!vLnHFT5(PK*JRNl}d^O%t) zt?0Q}Poy>>^0&{j9Ff}iCTQCI_!a+gON5@Og~fKJ$%eD+Lw!#9;B|+o{)+<+@Ed zq=7V%RFdZ$`$_?aq8~jb9p7U6$^q94qfYb*J&3*68j8VhplB}?SMvQGx6-%OtAdfv!=>Qu*s^pf5chW z^s)DJfse+BWOuNYZl%8&U)bl3O|k&DK;81R_R>0K&=TP;d_2f@XF8xmk>gnexJVVY z-oU~aaO6r;Wi-!94xG~yC-k)*#1<=Tv$kA&ci(cJ2)Rr;+^sZQp9HvFIO6QZr{9Wl zV=ep;I+c5Wao~Yu(Ewh(^*n73-~{lBvD{ZA`aP00)9#p@+qQTPKj@d=^B!}STL$$n z+S1eC*k1n5HmMnFV3Fm0SbU~jcQ$+{f2N&}?oaa*<)+Tc16l_52pekBU>K=iG$&4T z5ScLQkfeAva@kU{7uwo)i#4|Y(Vqqk(R)f!w7*0j-?lRN3dGSc2yNyk-ob!G3&LW3 z23iowA@=w4Li5|=sS!6YT=M4|&@9h+`tt#4QFJX-85SP`mMc&hTp?_b#zH!kju?kr z8Km}$>bG)@I0+gTCX~l3wPt_jjP*5){@h7mbg61C8kGw&++oYwD5~iny*kD|B{SzS z{Oy4xvLFy`p@-%}CO-0&@e{G$o``UH&K@w@5aE#?lAE#;NgN&pz>s@il^H^Lx#*-> zLk=Ug6i_-H^veXD=(`%>>?#IIUL-VtJ!SC*9DQNY;5YLG^%ktX4u+;vLGFZ{o6CXZ z&FF6Pw;S8NdU{+7T_&v$YyN(!e=#Dzv-=R^J-q7^_jB~>X@uHe1>7dX=M>wm>c1q+ za$u^gP-2%R~d?dZ+ z_K*fe(v`vvE$=O`$XboA2ht3K_<+`D2Br02Lqia~zoF)iW3SSq`>`h3N3Tn?_4`;^ zOIy&q3Qtag*`Y@3t`H1!5eU*ma=cu53@V64?qPsAjp4Hh?-Z5S*QXlo+fZ9# zob7xr^VrfD>4B1_v97fx!m15y01Lkk&T9K zk|rwQ@0G_ab$o4A}bxjCW@69R`DcvIwOb1wblC3SzZv=lt?vZ~ zr|KMSNQz9o?d{r3`=B-7m-Qk(1mPck>jwvL?_lf5bs{bep&@Xw(6oFg`4VB*1OFQH z4uOBl*ot2b^yLRfQpU-^Ax3ghEE~=DWj&Fn2CQgG8ADGJeG)u*svGO_|Mpn7nHz5n zIM)a^3OlpD%GMUSIa{;_Q&mBuuln3x&?@c(N~V|8X>Ot>gKQ7zlwv^`w*z|~d>1;e zp%2Y8!78v_7+Z1R*7IIr2ZzoD+6ASD|=+i}&ub{IsVfC?Z1ch1J!XN73)oK^XAl0Xx8$Z~kcc=M|r_ z)$hu^HE}1=ACdfiy~)atM4x4v_NTtO>FdMe?p$?g_o--`4}_1$4S#zTrg48v4&CN3 zF-L(H6uK)|41MP}SFg#oolh`IG(!pmM0P^t*a|BW#aKGbVLf9cz7E0sLhKZa9*wj;MF7(ChG?`c(gBr0-V7abK!YTSCUB z@e%oQ_spZed_F$$M%+6I*}@{~Ys#7@gPTc|(leB3#i4G%inl z?=)F3^s3N7bgU~WNME~%2t?j9$nmRs(#l;86P9?@90~*Lx!w?(DzbFJW7gK^#|1QfKwDU5sqVY>eWVlx+DDlIOV2e0YqCGM>&@64P&x%s-@yl_szn3|=V4vl_80jK=qBg3@{ zE0TiNx3uuH;5-g=IJ=8^4?GJkhKeFeJau0v>BGh|Uypgf1 zDeu+2f$SHPeCc^l`Tiaku)SccRTHK5g&Zeh=@{0-Ck=El%z#f00_#N0pI zAN82Mkin22vx(c`56*w(l;ik+-e`lI*7XgJ*Y17VE#7Xbt+{7;^fX~}YsY^A#dC8Z z=+%{u!t`GY8K83hiyGRy^5WO@;`|11p3`2e`61r0 z$5FF47xY@AJOx5C+>}*U_K;hM)nt?`V6;?r|GoHb_=Zn$-hIdq_1A6~n)yHIEz&${ zYLlU*N}oyg=#DS3pSNi7_fCEbU7m=s%*0xF=HRu=$_i3xrezC}X zCx3?qJ@R-BOfh2Wt>p_a5=$cUkG8tSI6!1z4&ptHT<>bjVy887xU5;<+Za-6xd}py zHzp*V27Sj%i^$CJkwc}`_>CzbV-RE$*A%@x62gjUsZoIMB1sYyvqmz%j|!_K(}V2A z_B!*Gch~wl$Ly{xUc4kqN3ep?zY9q=Z`Sp$D(+;%gs&w?d|`XHw7kgSODx}M#6cNc z3kTY1lu6sh%~yA`Q9vd@^&|d$Mt!D@J0uv7ZICaG6_T&fqinVEggy@S879ozb+3(BAhCb9%z+ zyG#y$Z@>xJPIjug$>=6iHCSVVkj1M z2V#Wu@mgr*cVpTAl6Y_)bJP7Ct0!^rTcyuOW7^7~_ax>;S-@1K7YAylinz4VNA>HR zTxUzVvlCE6GrNia>4wG0zP>& z*_C?LrPp>$5i)5se5+_FR$>BOLAgLM-PcjYs*E?JpcfP`eLrV&tmuU}3)5Ps=b);16FNS)R`ZM=8c9P?~Z?Y#K0`=(IESExmT_ZSn&bKe+0RvC#;g}o;r4(Gx6 zzFw{y;!|W{dEpKfG;6BoF)wZET-s03QIARQjmpW0i$z2CS%Q0+oZ4$wqygBKO`WD^jXmZaP0Dj_HT4)L_Z-Yg`_5V=c70A~IV*f!NJvXKwZg^R?HXsT>D{rW|9pz>3oFaa+P1dvZ z6N5XYIvZ%^8KbY}aqOeZa#&F-PcUG{md>Z6MD*<8*-XTAJ7*^!($7f~uR}S}rX91l zz3g&lfMf*rL(Xw8EpHNi?YB7>u5$r9?78mkvK%J*V)Mxo|0?~|7DwZJxPdYUNWc@F_cIrn zf*_q#w=-APG0L(w)OS02XhV|l;4O_l>u%b7AN{@S7X7WTk4Ku!pp_cejpaA5AC$hQ zK~s4lmD{QkfWF_F)j*W!-raoDf)-F_0e*@#)(uFl^&xsf3uQnYS3W%_(&XPri`V*& z&ig|tV>*k2%sOwo(a(H4+x&D)PYzF8Ae>Tvd9Y?}ZS!$~k8$G*NaeCFSrpvkGc|8{ zKNOm12!cnDb0?%d51H@?XF7#5ftZ=LuUUNiUcp~0;yIQ|!p##63WhK(lfi8brt9C5 zd>j>H0g)L%Qg4oDYMUA~RORbcy;y_^?>*;-ns;C#;^NrCj4(#=ts47a&!-S3(_2Ao z_yIEzZ-z4~HJV{P@58O{M;ctjfCHU9ExGg92Vyj}6y7awVF3vKeTKg(;0I{X$v`Zh z<_Z3d|Bi+mhLFK0-*&RNy3K#PQCfRrH>mtXJpyi6bn{qPx*jR!lJq=0M6V4d?C8VE zm9@NrSytQuUL}c{ahwc^G^m=EWt}ylfg27a3RYcUi9CkuHXl-+sJ{lF;g`Kq;&=By zAXpy_i!p*$vUZ$oSc;F83kBU^o-S@yV%oqGgvHx-sQ=9P*jEjUG@I97K+x&xR5Ab< zcL;_}bdD!!h>>@U5_-wtwNOrTlaVgb9R|xDR+#{l#}DE%C#gv zs-`2tI>PeqK>efdT|ZR6t^gox&QkJ1;b$Lo zj+_Zjdt&AL!7-USJ!oZxaM7)NVdeh&jT&GmnL^P0zBbaN%QX=dGV)O0;<@hIe?MkfPR-nkULq_7j}mr{5hs%UB| z_%8|4NWQ3De=~FZr_Q+im@%vUZI}dDWV|r2S8cLOwsZ|L+CVye4*+>MdmuUM zzsC03|M!M_Lt~aSUij{UcV}JR<~1K?OQLmc?~`Cuy0KHQ--}) zQjGiK*Hlg^OnMY>;*mv)koyC?R?p)B^wqmW9zayF^Dmsgq%7m+g3R~DZtP*TXVaf; z`d-Glnq|~*2-SV0;In08Fjo5K4*gc{x`mc7aF5#b!x~XQ`&rq607^>Fwky75YXLXt z_5jZZKrK;|Syp7{cx}z24tFT%r}vZw+)xhxMo=iKk2YBYVit~Af*an5BMMuc67tc( z{`8vlIUbv--i;uYz8QDZXzuS*#G`R20HF{1v#wtdC%h)qZ8BE^~7w zOn4@P6v$>OFMk^BRYOv$`SiO3_v*G>2;S`+ehybz67m({3eLj)*f9{t*o`*YtTbJgc7GI;hE(Eou0=l#Xi%Y=EvuzX!mlbsa|-8pZ)Oi zlJHvo#yig@W>)XxBVV!yXz;KVfU}I~d-Q7_YXZ*Vr$tGq6(}H0GJ_lPv4O~5_2yL{ zXHoFQQEDD;)<|EBf1(n|!JL;lh`n#`2aeK82P_;GQ^rZ<#x)5FMcU z?e^|mu;d2q=s3+4KW#aqwFq?gkR=Y2@v;5|6V|3eOR+vy7bAbYR+%C+kxGUB9dkJJ z;X_}*h-Nia>*`{r2JzrbwW79@$F}X2^&?1Xqj0&u#>*)~K5)+}fkae>FaC|R zzo))A@Dfaar>t($^Vszfjfz(aazK_RQN=%Dk|YZ#sW{85*X>{X~+{bUOP zP-)%fuX`d#E%`f@(&#)WlJ8fINl%M#GE6ugL9JYD?#grD!t*OlX$Dz#oTPTek*xa^ z6WlOtk8C`nz#7zgM<60BuTQSoWJ= ze+!F#?=gMm{qsNoH;2w7Cb<93jx!iV@ijqQ?)yUsb=dwx<0>t zR!UoB3c~Jvp9bBgDCZ}2e`>A?kM8e8&$a~G{+*nJ8#tyA(;y6QPIvLOiAgv{9t0>HA|_QPHeB`$tL08`?zaY{RVscM-3;Es`9 zfB#tGcc^x3;AilU^kyG!0~OgVQL%Yew~((9FRSpe zrx-`bkBAAD`Hbe~GHa9Tls>gzogt5xPLE5Xe1nkEaq=cOLIVGz z8&VMG%0qYtOjz1n!*`;KNXSrZTaODQ@Vb*Re0FYUH7C9Yz`^E}M|4-CS(b&jB$TuH z2)DJknO668Hwm=XSHr+nBafelaH`>AI&YL?FT_f97~HR#fW&wQ%DE*R zV|==t84nW%lfl`aB|J!wKiOuxrXe<<<9GDJaRkKKDIlPLvbA`&yYc->kxuP=uyDR@ z%fz(Aw7?uzw{ldXyz>oiSXYlC=RQ2T1MBDRrbhp!QHl-M42j|reug|POH@T+w<FQGVo@)WjrFT=9YLX){7hA|2X?B zX3zi1RkUFWJI5pEIwBe^qB&(M!1j>Ro~E!@`IWSNR2bx zP$;*-=r!UlTb!QkzyRJkIxP-X$)C=N%^<1j z6kL`Lx2Yzw&njHHmhyPAJV|JnS_L4j0v@7hw`M;VEdS3JSoa5c!Vl0PXUDg?(Rto7 z&+1(p=dxrZVx_=TD$m@cz5IC>lq|ez&0 z#<$~yMZla4+)%0odkEKG4AriK2`^kzA|V=|vwRf31=*KY%X+}lJ`c+L2IYJdben$0 zPhp_@ZiV}w;e)TJc-1a#Z@u%c1psFeg)kQja_Xea!S!SH$l$zTnD0M)i=1G|0fy2K zuX#nJr6O1}`<7;@p#Fc_VEFJjvWDA6l4$m%yYDOjFoDaj=T_HTtK^b-BnTFwTaOP$m5}eOt)PldI2xEYcl2SY<$Nn`ZaAZ0N3<#@!z4z0#*BZ(9$`8=0y8-X`#cW`Fs;-q#R> z@JI>}Mjy;5!}4Tg7RAiv`eZ)mtt1MAdon4V>D;M!+xn_)X0$qXoG>@ltCc2`@C%}r!-JK5Y>FyTK$8vE~fUe5M3S8rag4L~Is zd)^^ythx{FA%p)_#Hkj2_DwZZ+PSnA17<(bh^*44pa}~H>*~N=H;F2gvBulDd4}lu zWB|8IgbD_=N_vc&i(5JfK=~i$f`|*_9L7NGUQ--$zsTSj1Q3ZqmSN?Me;p5JzXUt| z(f65&PdTphJXgCuz#=%y>M#gyKSK##lagfGX&0SZ+RPVflVw#f2)MXsCJc6gtJ*Q?tW1)zTD@;;u3tlY zlFL>x&y>UwOLD&lK*CUTSKrQ?);bHXj6g)&1%~d$eMq|l2>y4cVe4BU-tTBlz$h4GhjffNmi*#TUj6E3U4uG?VECFI5F zSdD8hDd!qE-UF<7BvUJ+rBR{MC|9<&Qg})BMyyxGBDojKU!&3gdfDYu zajwR&fZ7_ve<;GyM=1AhvJ)#U`VQ-ZeQ6K=Lc2b4K19_{j%z)S@tCVx9SBIzNZ%ye zAJVWJrz^W>T)ZH-p&wdAtjupg*v zQcQ8BB8SJ2#0kaQz@%OcbA&w-y#QJjab^&62Ol~D+s)Tsn(>8Q`Q~^%UP>$=6DM%^UsQPs(>)u~Kaj##R4DTTMqO>^Id-&Gg?t68B6c5WQ zc%kX*&hi-MH3cxN<4xhe7##F$xk_sjNSb_(jWHbQIqE4R8*OgE{T;9+jL5wTaWh~B z1jNUi`ZwBIIs=_jt_j)z;_;%lnQ)7ck{|i9KP^(-h$5|s{nI3 z<4i|pMxK5vg(HQxgWnr&$ctrp9_*`GTDuL(#QxZ}z~l^BGBA6UPHDVk05#y^!X}(q zY0%$TAGZju87jFg{#Pfc?5sO;_OH{Z+}nHY2~sW?gdg{RnUP`bFRfkfBz6LE-bJhbsbk1%ikmc?`r|ni{ zN?-CR$}RI^3?W8--4&JG?xhY?Ck3!HKDCwvxUAJO~FULXE?#0`Wz(YD#0`#%AYfsCluL-G+S}mM5%$0*nF_*#@wL7m}gX zKppx~0cVHhj~iS*U80n+XZjhY84Iv-3JN!m zO~Fdizp|a4%EFoi1Ye(BP`dgF=gF0F@?4CL!E_bWAg{K^lGB{+`)Ndh`;yBaR`Dw!-x2Hew& z%}6nfmiZ7HnNtxy6_yvBgA*2 zdJX-h%lR<~u6Qxy&^xd0t$F*%hL}!yLqq{rkr1a@EwEXnYB`p28PL=DtFjH5l61(;w(#3!*SPG10kswdVOe1UBEZwkF&Mt zLB=tog4F0X1`=7(JBpBQW1#ioHo=EK^*qtOfkh0v5fl?);Mj5J6kxLLKf*tNz4?~D z+Z03v(3Hp!?bn!A+%_+bE49&r-Xs82SCt51Y9DVb1mkMTa7me9Ir9W$+li&cFo zOc+21Y#>1C1Q2YFr(6&6K2xWw{|0g7)>;|lnR;`oKyKW^Sl)#&{ZH-7wrW!f+x|ig z_BLj8l5p%_w0x?ODdND`-ytAn9B7e^0yxfSGI-1o^(RU>YQNI z&I>73CB_Phpp*-*#%fD{VO#SeZ?}~1eOn+de~%rs;`Ora!F|($m~w5PHv=wVRTpXL zMLlSS`Om5V41xpW_fwiy({PRI&kDFd9>^FZ0vKO%9e8oW|9Kxk5PR0?N-4@w%ki?m zr$o0+0$;^FS3VZdf`BwJTEMSI&^QHUzP6F(<9)pQ2teUUZWY?{=6!xBd*bY|7VAHM zwv&Fsgzx?WM7SQuq9Y(=K>&oQuHSp|k-?|e6|T?M6y@pT?3R)Mj)Dg-_HCQFemhw% z3#cRHpe!!nt$GJ)yPHRWlP-(G@-)ih!pX7>>H*%5jGSAj>Sg#t&1nk0tTVlwT-7^l zAZEZ|X#E#BN_5`!2eytAeQPR$23Y_!|B=`qd{FRDXBBaX=%r+S!7@Y15e>C2v;;uS zcN$ucYpfCf@zR`rcC8LZ!{c7hqyFKb*k|8XS2}jk|uq4sC6psN!f|hVt9*Ok0S>xxlETH#KFP3)ZQ{Bj)exfoe zqVfnx0@SD#v>PQ71u+67UzAKpmKl^)<J4>&Or}TvHLHHdX%}EP!Sm)>8GOxB)tf%43@{qj?~|mo#ZX|)3my`9vKx}5bY(1ACG9(?CCFkDK${rXi)zJCcH|h zs&PyHH=B8$)$1^v6Yuq0mHRyvx+hnl+gP_&2aw@F>)lkR;zj&m-(>y50XnTyAYSu3 zS(XG?m(NAbImLw_TM?2-&&^AV)}1GOozd_EK|D}60TA45+D>D6TDV8F4hoXJZJ;bd zpidis0_GO{fkeZKoYZj8;C_eU63xBa(?X;L|s9*6;VP*~$M6`~4A=tY|PX*1dsj%omp z-L=a;SdNjig)n(-57+Dfj>-*p#LP4WR{hEr;!gCl$8~@>=ucmkwxRWbxLF|}dT^7n zUT0Rtn)QG|KuK$S5|aRw>%*FPzl3>0bL8y*UFsE67Jy3MYndNi%47KYi_l?tQ$kbB zWN^yelVY6$h-fmvaPhM0mE*~h%3T4KNw>!o8NJqP1V5*OeC)Ve3K?7g{AyYP9JlM2 zD;+0y-G*NGUo}j66&9x~B{VdT^jDeIW;5Pbx9io+k^^q-p{ec77Cv?0u9pZ)d<2!z z*Ml#=X=F+L1HzLYjMQ@akW`a$Ta|rqoEQaMUzl45&(Y236adXy`!xtcS2WLJ|wx!n@+4;|{bdFn7jujxzb%1iISx#76`)@{C6Ve;B zwZ8&86lMYmkfLXbCvu+;h%5bj9$w6c2Zax0%_;{)hHt+;pt}!D=9UN-J8|g(=YJO1 zpDgsf`nxySx>BK6YLiZh{(Vhl>hX#rrmy{%kXU?9v4c@7z;-I1Q=7~y2Os^>4th~o zI8mUoGoN}nwjEI`s)43L8NO{tyX_rUIXcu^H*Y;Qw|zAuGEX%TN7vs15CEmzKn06< z;pyxsA%}ZeXSBg{ikMkRjuhj=rJ+GBa?EJklM%mLG0$#&#)>=7Y3dxD4JeW~si{0U zI4M7FQ3-bDsy++co=cmuZ2q%e>|S#q8SG(e$C|LQ;p}~ueParLZTLvZ%?y|&(7VsI zKhTX2y1WuYsYOncy^@UftphhJXeC;Q58m`M;XU`|9N~iYnd_(yCGI@z9f2yN%>YWq zC;Ms=oSCEp)|#R~a{WU5%2sH{KBJ{Pu3P7HJUXH^Bx$idkLLF5` zd~af+jjw!OJ(51j-I4KVl{+p`zO7a66ZJJF%?lb?MANCqYE*7z&LL*Tv3I=h*rGsd zE)!*w2c}hx)gTe4Ss|OU!_W>7Mv~gZjB6*D^0$PViPkdu2}O zcVL<5%#y<%k}A8uKJ$R@xsLho`%J9c%Ll)~awruBYuQGC<5Yxlf)#*$2T2fLYX`_G zoOIVs^7J+#-rYbmRn_RR@d$iSI$|Ni|K|~rS4M~R$}gwC*IX^OW`AA;gIlZ^Zb&c?}~t@!d=hq zYAU0udRGX%HqgH>ZOzy0gl;jMyy7lSoZ|&wMUZjzrOXmHy%m{Y0Yz}9-&a?dujJ@T zY;EjxF9-8wM%GtE+-JQLWnGVUiOu|@48Q-~PF?2X-zl5GLDU4Uw_03x#B<8VGPPi- z@|Gy+8`5zxCP)kKfCrm_zn>KbcD5_mqWL(*aJsaXcINqp$ArzXxfFLyoE$G+EM89o zSN;s06Qy?!RaSvz`6UVWVc$2wiXiwdkaDz-U3l%?M|(9(mtUtn_NA=c$&43iJURn_@pyXg8EBrinRO1-2Dn-OhS63F~{}r`$xIg-Z%<<=MEaMd4Qa^%Nsz z)NY&RS(Wr@dg6S(+im9)`3ehuJWDv#9JH@thM^%Fq-OUM?ZEP;n6X|%Q+Xnzd9%+$ zwWKgy-oZ(sT3}#h4S5bCcW0p`ZIHR6^kKl(s-{fTbB*;^rqap>6o4QXhG zks5H;PpgaRraXE)Ix0MP@0yI*)E5J8#TaGY4f^eGP-U5YVJR|BFa>w7Cz5{QpQv~1 zUm-_k^kAiN%<}}y=sm^axr+>fz-pyxSf*400$&~zXKCkcI2v4STM@v6$5}KjRUV=` z_s_Ow-L$t9t_KxLhZ^`#>~aq8yrI1r9;nT_b2qQ*GDqbV)lB#AWYN}2#s!bv76c%D z>AlUnN_hQ$rSEyjde}dy_pM$pWb^17V5koj;}g7Ok?AMaf{Jxv1wCD5RUQ$=UG28VM?$8*@!a=6Jl4()Rca# zv0MG>Q`6=J7p4T$TZAH~y*)M4hHugQ42O~80$>#TY@7#@4e&b2GwBQjtEp_`0IcYG z0m+yr(jOfqmiei;>Qx$?oSge(;m2DoW_Ncv?lQzcr&;1^y3qu6E>s+!&w&sdpAg;NM(!^RubR z&G^`m=zF`5c~$ey^wEEHRFVrNuNSUm9q4E^=H$|s;P_RG)GMd4L}{FTsy_-Mt0eAj zf53fI=Tr9+tAlArO;%vrFYUxV`*kZi-Xx7Q6A?#=Se1 zI1W7(&-J1v=PO{1l8a8!EzGSr*Ntb|>gnr`z?%pSrLGVjS^(=`Ub_%o3b?%|5|D9A zg_-$RclXWy0-TQD>+Zc159IG?{vzzS(hdF!k{wE!ph&R~P)=$zm9mBT>tPwyKMHpH z7geM5_R)ymA#tC2y+ivm3!GGs%l+ZCZ-Mz20yA!E#~laj1I9u+CN-g9d4T?xZ5sD( zzHxdV7ITjb-U@UnAplXWOgjaDy-q&g%imhSwkk)eJx}1#+tzP;7mW|NVq;NjI%`Vr zxQ8ZjtSO>@Bq)JFCB$e2Zpeb?_JE}NLqE`>znKNq!i2lwhE>n#jiZ{j)(#1TZ&f1#uqdFsHr)r%IVIfiAx3o;P=B+Z-*wj-{Wk#13d<7_ zAG_t*>mN*ck=r)(B>a22l2U+*S*3r~3s|2C%K}f+g0+0f&7Wqbyg^>;w8n4Xi3tS}=jClxQBF2}>gLMH(JJ42oLYOja znt!+5L{&#ieLuz@ae7S!-uG-CsBR9Pr0<_q>=sE3D&=ccz05 zjH4b|@#|D-YVGV^%sdDpuAEGEv3aDp``W#@H2EfLdi;$&C@8HP%LxIcbz*rF5fl_N zDsaQ(u)N>@s7K&&YwK412|QV9CVnyJg)l5nd;XL(@vK93jr)FJj&ZkELHOD6?ZcNt z427xg!N<*kgS|DzpWQ$Ijq5E}XpS%49Do~s=2HNMDD2Oc0hRuqaU?kz{H3BC1w5_9 zXG`9D=8z(2Wnu`4%&}Fw921ggz0@7p5>R&2uR7Xjn{oWvq|tII-sCxR!1_jM(E8I7 z0cbKHY<|E!=T)u2ic*(|XwfdbRFnR_B@cZ|bgT5tubGdL)}m(uXMXaW{Mqw`|8?X! z?QK5G$_)YL4?wbM)AyZQp4heWjd7vLu5&S7yW8?*Ow!`fV~CMKp`IB2`Q3lLv==1x z8gBd{8Jw5`E}L&;@*PMW7%CrM zfIrCG0_%!@KcB6W-Ed505oyJ}p}8qQ*vQ{$C4F}p=C5`& zWUX=zHuWe?yhy~?WB#oZYWS8UlTbK^7Mo}UjQxlWDYL4GeLkNQme)f8U-8@~fH>k2 z>0oqn6|kPrj?NQik(q}HbNVBvzWMB9FQ#0>zH)d?P(_)l622Ij{?-Zt7iiM?8n z&AwRW`FWOBcGcNV;h*jA%ag8h)p0Px%=Y~6P=9&g+EIb(mqQ`e^h&j7re?1nc~|;} zJVbv;>yFB)rlyC;YP)9Wowc?k_H^WQckpzp+%ucEXhU3|%7OH#e_X4=?r;xao*!FF zeq7^uBuE28Oxycy^V{AB;Smh%%KJ0+-6ve^rq4Oq--7$Q(uQcS=YysuOmd#Olt1h= zGY?Dnl3LqX#!p!5;a)R(Ge9}|>bUv5U#;PIXrlRipQ{`=#8861aE_(sBGS!rEk|UQ zjoSKY?$7cJxwMwIX^_bYE3s0+GzQm*D0-&+pH&?0=Teh7>P>f5z~RK`;OX6n@_gxGwMex$gV_{GXSy?fZ%Id7pFMCq{f%1>7t^ zYNSLWDS!MU(`r+L#jjmiNE77rSS31sU@B(g&dp1aJii9pVg>`JZG*mA@UBW%CU8eq zCfIMhC%aKK-g~eM+&{qCO!vMK4{G>#niJ!>uB`1v{oDtgo)jHZ(ZBM&RiOT_`F+1>lzOhR9eZyAc86r!P>%Uz;+#AtvS*r7mH@JCarL44}xL>uu zqvKqvGVtpoY|AH|p5D<5Tz3CFX6^`~ef-j^x}Vk8gr8TvIok2p=CgibviX-$vr1<- z^ZJ+fB6w}rZkbqCD{9W+@4?^!v5YPf9=Y@>YVMcfXAqzN-o5GZ%eQ`y-m)mrijLa% zK4=o1{jsUIK08AK+!TR)RG{$+NiakhzG6XY=X>CIuztG_HD^KG zG`Twqh<;c$^dhsSaiGV9cP(l2j)7eL0dT8~DTY1zHm9xiKW~-6MD|a&$^b!tHQa<- zWyqvz7yuXltNZfQ9NrqE*9zssb&j#HZqE<qqq?9VwFj{jbM%?J zlB}$r5dNa#l2U3qW@8gojfAVk%JJM>WD43Ls`EAJ>ru%YK@EE$;otYSKfkXW_-Pn_ zO$)g({b{>lqp$Y{oai)fU-Xv$@1eEf2bvY+2h~9e_8z`ZtFYxhQQyd->J4$1d!`rLlq&BxYy4 z&M~&GvLHu%`P1`t<6D&GcWCxwmr_W6#7t!92W%CKkga^lnP)OBl=x}N8T+|Lv3YP* zY|MJ4t$G<1_8IujPvjscO>-{AnGdHlZlg24TH*A$9?G_rj})bBz7ORd+i4WP{AIb1p8vS0;VW~<_6(OYQ#p;B)J8pxb5i&*Q|#?B?E$~rvxc( z#+z$3InEai>QMAI%1DjKK8fxeY^T!8GcV~N|MAg{f#+Z_QzkW~W1NNs_o?rWGg_j| zV%|x=Ghb)5M^t`Y;l;wj#)oN&Xb)KMTsp(4OK#Oy4cOeBGdiBNf9+xJdY&L<+`Cpm zDIGJ(2{HMmoQFY3COf;=ofG~J-`UNU=ZblIGVg4oRi7k%pF-m`b}r-VVoUWrvVNZi za#t|KKWxLj>x8bl^hnEgCNxZimq z8wQ2Cn*%)d`$1cs6Q3P~V&NQ~2p*<|S~`rmlnzcP4(A4=pUL%*a6(Pk|l6>t1@ zX6WAXXVu%16>k8;pHi~OqkB9>+R8k91b=rl1zRWU%4nL_Zg zNI^h12kcpZiXxa^4*ZoNN>!T@!rYzW!fbH~`rfxwC}e@73+Zfx9U4KMlbS|3nCM14 zT+ip}+uMztDYL{fc7KILN#%a-fB)&!$5R8h`WDyNI33ze#w(lqEuLBBis_r*vK01f zOJ}y#Vs2l&7OJ(rKw-GZ#-kMfd7jN&)K!@>?&d3P?>K$gx}>}c_aQmEIx27)$a+Wu zv@{AH!K{x5veRgh@HYP-_KTy~U3(Xt6HPw5CjaHfP}}^sghe>@QmDF$%cb{RHfM)# zy!s7~wp26nQ3#L-s^q;}Ivp1M)mz$R19*-Do z|Cwxxr>wyy?J}pb)rB`Q-hmPqwC{|*&F6k8#AQ~Xo>HUT>r{zkJP$UI?RWRv@^)1G z5Dp8gq!|w2fZ1`#kA^(|EQHQ?n!8J{e=X54gS|^?Ia|sHy&|Dap(0;7b*IytQjliQ ze}>{FH`(3g9j*(j2nqW7&C{E7KQ6Nft<_QlgV!osJQb%Mc7=vM1eJZIe3l|Z&?O{&+1`eP4amG&_t z4$);d6h?Y;-z}k3KaSO$AnEjRuB6+KHYK%8%(+0V<5RMw2ag>4VSCGPO_tn#y)I zZ2|9V)jf^?3^?jkVAJw&TME&&4e0JUHhz=xE?FK5zui@LV>?_}!O0vimimVM>Uc^bLHN9yP&<_GimTH*>W-F-%r%JTM8F5?JL=PM1v&^BO@6aQly^qz7&U<7h6KZOz>i zr=AE;xM=Ntoh$jGx->?zm805Oy8Q`r2UmG1B2SLqUa*?4a5z;{$xt9f_ie6h+Rfkh z^R-A}~JArSsX-*g$MQ&xjeLJS@dLacxD;ldDeM@)OHJGjX)4dnbX&<>R zw?8`-|2uWhIPJ^LX(nN9l!SRYW0SY@lY`7cP~0c?Rka+RzH!F1uwQw(lsTvPF5J>< z=TrmK^)gN*43kJo_anrq$|j8+pDE-9C3f{P?kJS<-Q}gXQ==1 zoR$`h!C`oh4qNGG_*lkMnki$qj_bm0np!1Wci}gp=LUvfV{1P@m=+y)yCF&QAg+Z^ zq_@&weo%8|B-3#zrI6)rf{Apaa!6+|V+4!MBY(=}?5$>_jc&W=-{{MKZ4L16-D-bM zF_TShS#{p%$JHy}P|qybG}%ar%)j{1&Xz!DQ)H|0 zV_cE_nJo3dQeCPZQg34>kyEexSJ%VP`p~ln0Wb>jkGO5FF&lBVJV6i1Y1)J8T_d30 z@C%W$?|0K{{aJ5LQvPGTISZ^gL#Q_!fwG(b$9hBY;IQ6I*$iM=&v6~}-^lZAxLEQ= zRe+U`{h@{coGvLq2 zYxTv?S3d9O=E*e8e1G4&wjQ(sd#mH{5{WIX`5rzqGqX{nte|*Ne0yslvY&Q?S8;f9 z1_?TtyYm9LU&f96m)eE{g$eI|EWRj-`;FV|Zuu_Y99dNV1!SRXA_JdJ%R+fGY zBYXMvfUj2HjUPALqiL+2t~u5)a%^5OId8ZeJDpkxuN>!%WxT|g7>{98>;D=EW~GSg zFN?s1VxCL>Ufx_L-6TutxbDPoD{AXS1D(@+o#Sm;B`r`+(PM{1FIVmt5!_J&&H`Ve zDdS^bWYMO*N?oBG{>JyMmdzS`gPw?eJc*NnhwwIXL3(M@5?xL-#V4Y@luf}XWhy?jmq79FGL>q;nN1yTb$iVI|P@^ z$+rcfOM!6Rr9in4;gi(@MY~!8H}6zGV=q~2%}R)y^#NBxLP-q$8T|_b*eP=1T|ZFW zixIQCi<~7FS1$fe`UE}kVUjfFS5o^sgQQAU@4)v_^y82CxJDlXS?uI<;)LLw&uaD zF+__i=n9z?wAu7cp{2VQygsrEa>>Tot7tP}|6`zY!k2m50UFd3syf+{QRz7@8QoL0 za@ygy0#15Pk?EPfxj&>4tr&6n0Y94^J;$7U%Cln4zyOul@$8o|cJUGCaJd2bNlz`S zRM7Wvt+&OcK(=fo@Cb}J*TI78w#ksL-osn&d6{=OwYr12kphvc4UdUm)A>;PUC|>G zbGz$vV^w%q>2tyd(5b#*UG~DMG9{Kr0mg5b%ZC=PCR4Y#f2?3N@xong@!oKpu{j|RqGTSJr`X!+7^p+MtT#d*56TAEbj z@U_tFnl$pUM}w?U_en~5xk6EPirF@omQrW#tV>J*-X|m z^g;X2d2rbUC5rMarv6B zWu`K2w~3^;i8RnJf0O2lz$(OWK4zUp6<)Hx^o?7_)Kk8^-I`szO;@;vC+E^dPMnT_ zR-N+s?$e27oeTBY29n6mJpf6MZr3z3y+Ct8TXk4Ci9EDxmZs6C8TrQcod=o(x-C$* zAi{02Q}$%=KIF}C__tP@?kE@yg+^HY2W4zmODCOq08C=q^z0X9y7C}_%l!u?akewp zvrcQ~2ZwxTTT^g|B@w3KribCoxUW0iX%<+zzL`SC+3hFNAKK(Ng5YNQP4kJRa%L}_ z%+E1us@m$=iLk}%lAbWL#=VK#2uf%P&=4SD25tiL<<2f-ZTNcK!O)Bry5)N@&aUt?TIE+m$Ie^Q_lb z&YlY_Zcd1x^wwZ_O54CaI!T&C(uebupL!#9Tj*87qf*IZjdZb*c)oqvW45jbK87sy|<*V`h7l+JM&YSK`hzwpW|eaZlCL$g>}lN+Ap4-P){hU z(B>Q8SRsD{Esz2wWc%Q16RfcMT78wccNy_+f!0I{J8L@4>sP9$|Un~Y~rQ1rHI35)NW1W<-Ou)cE~O4<)lIT zseuX_t@~tdd@MPsWRXafFoeIHH2w6Axs4YQoIHa~0_?z? zY?RO5R<;{2E+nKl+mO6ZbvBnhJ^3du7=9{Qh%xP?F^q^+Wio(?RJURJ{kF7w0Wxqs z&<)$@EBk5`x!fBRx>WaaBcxx3&Eqro&!1E;6$(}dxO+FeJ(5PZ%hvf!S@Py-cZENXP+Q*`Ik<62z~QrSd~ zjn?$1ytkGWuB_Q?c-ju!Ah^|mJFOz0(}rbqCGMZ{<*TRIAUC*`v?M$DeNzjmEkvs+^KoyiyCYyIC3)Yt^bPl$hPi(@b2PgqP% zy>0VAxm1{L&oL&%Qp=J8%{bQH`SW3r&-Z?VFYg$H<5M>^d3xH(TLi6t$$gN@QrUNZ zl}42ZzN}I>noCT}C0N~aV3x|)+(8p@{&Kvg)d$Q;yU~lf&uH!Q1j9S8&E1F;e)XA4 zNILO;1{M2-wb@a(m(P2FU2)YEa^xXjy?ubYcwaECXwK-jJ_B;nX|`gPDB##)XWpiT z-Zq6f<)p;CkX2%^?Ru&#pQE_OSf!qZRnP7Y6=0=F3wL0?^x$f}kmTS53I9rq)SKoE zkeceWtW#l^HTv;sgc^U*POGwibS-AhzwDgIiPSerFZ^@VrfS!-bBTl)Vxqf^EP;khxbM$MBE%b z-*q-?`H>U-iDHLwI&0kgJiB^a_*O#n6d46WJ#p7rL92V6xtTo5xTWtgB*D~HYVDzc zg+|ZJrB8S~XJT)?JmnM`RsLAt8tar4v^B=X>K6FOmd?Imrr!CHN!gcdJOmX`4)JAO?h}`! zGP>s1zN+vS5v9XqCA3rHInkF_@)cg57%nmhm<(6XU+vc1 z&WYhl!KA4rOLS!!KlQqLX}iRkrRTlxO>eKO!OHx-w|R88ZOCzV*T$*7myWc&YQCQH zTp--|M=5DqV=dZ11y00Ii?}||Iaiyj64Lt7-abRwbmpPxjQ^vPiQ8_o`@DKY2^lDQ zTE$F18U+E`$M^2DkU*R+cg%Cqq){yf%ySJsPT-Dva?u@;;uR`EK}8{ddZ;JaZK5K+ z=6!_;4)`;bvP`{3wi>z1n7{?8d~)CZXrmH*cKM3p(Af;D`useo%DyI*kRhAXS|8n;nv$CI zSf*Z+#{rnYN9z>@A1APlo9LxmkDr5F?dl&li-qIXUsDiSeI`!p<+_$#Go?#SOoDZ_ zT0}m`MhJiAY8UrUxk;8`dF|sfUy$i_oob2hYX8eDwQ~MX?`^!Q^eDR2-XHroa8~cZ zZ0k@h=EftyK+6jAy+C&5=#S6l)H7)q=j})1JP{{3tI(B!|0Cv+SXT(rr6Mi8Hc^ z+&v|EUay;bXUarsL(3iWD=Q;Z$3e;omnn;Y%u{MKr0Rrr$p4oUVEolM{bJWhZ}DW$H}*xt#6W=AKN> z;Lh)FzBAE!)phYUhb}~8U4*bwd2cIyKurQ>xC-vbk&Q^T8md@WiUlF z*R*^xC|+Posx%-&bMo?ZqjhtHc!J^*((q^ zBgrKf1~Yr?IIN!AXtaF0d+D97!(xUcH&m_V8YcAafp=;8`ZPnH3xnOy{rOi$4>y{y znL4~hW|QkErHqgIYoGdETOR9Nzl?EgoqgIBpAUSvahxkPdG+o1v(!o6<+tB*V9ro_ zbat-2KOh!Vs9Ec{Y8j=kTV2Ik68M1eF8#BsHe*~U>dS1pqmY8m4BOI+>ORg&T#<=# zzvZ_MUNK+zS-u-migi{JeCMexd$UDUBQpofB`ThMr;1ev^fl*g1bM&(gD)a=D-FnM z@jLhr3gG`@N~DXZcKfrt;-~q??#cvMBS+}23`M$#{+Hbqb^Bp=wPrVo<+9{BSX%S> zFx{Oq@kF{sBt%y{_EUbMUQzJ{io5q2-Y9|2onUwYGTpz>^esN+0;%fR3&O3OlvK4$ zly&#dP0G$nf{QP-!*teUCBuBXR$s5@waK~n=k4_ShK4jIpUf68SnBP~>+2nOxe?KX zWD1)IofFpDSr6JV-s!kq-2(ZURQI{!X31_u^yScjUtCQGiP5OX&74aOmYw&yjCdp6 zPIW56$q%reW!Ry)o}Dt>_iqM7ORu?l8Mqk9Vi)7SO(7j`<=vE(CX!*RY8xDW{m7(@ zLrIe|&Xnu57~3B6r`7KzV_bJSIh@}#u52-@3&tlYU3*V57yUkYfoDPKxp-&NJ)^x9 zS>@5euU=eOC_2h4lH8iNy>P{QJ=l3b+$XA@XyahT)c5zys<7PElSoFXSmCCf66++E z`Y$6l9@)g9JJl?x#A-@jzZSoldj zE`Zd3ER2$pkuif?^sL?EI&#A=FD`$Jl#Qh#>#3Wbw%_6EGD0b|CWmS&n=xx%SZ%H` zI{%d_Z12jl6E?J~j3wZ$sQ-4>qM~cYr%=fIyXvfa5;sVlD7pF!+qJcZxSwh=GjZnr z8Y89OEFGgBM@8MCa=$$xdo{h2$DF}(CtMm{8->yN6*`zi$^Fr_Xec2Um69xI5uHJ7 zd8Si$>I!A`*uAlYJk7Ifg4FU2J2qdv&4k2uMgvl=nvU^Ctxqa^ zomr>!?{W=&j^M7Rp>)>LH0o5llTb6SR9k^_)BgDyxG@Ix@SHBSYC%E{N#^#JRPmKy zrT&(8MJ!ZKE;gom=0rpv--X_WJFQ67+~S$sWm;>(%zjeZUMTbuqPEaAeqbIQAL}nV zqy1v7J@d|&!8~j?1?#%OZt>ER!ptkH#x1jVySTZvGj?)6ZeuXih2-b<(OHcH$7 z96S;Z2+~-FtHsWHCzPu@NSu=VOL-p@`%tPEZx)SsHj?(rJar_}x940+swU5doat0V z<#JGXvT7TF8bbV7t`A__4AWJg={jLbsju8R75B+wst!~tKX}5quf0fCp;CuP=qbq$ z?8}EOwWBhpV_T^uLpi4MXX5M5KOyF<+ukKt7H7$0o3l%kVriWBsps#J`pOY+I2N`V z#eIEwHP1Tz>P6pmiTYm+wN02}lDpJD9!a9pn4?jiD3$g1v@7?(4XxJ zdh4y2^q9W>c1%u9eFUf3I@|x$FHhE+Eng7>7wUO+gF80$WfM*4e$xkoQOmG2=;rL( zW%4~$1~#`l0sbN*>1-??w);aKFanMdFzwK=mZ7Yj- z+Gfeei4QE-Q~j@-nR~*!jA;8(pVahYSk@-ZLFDeAjGqL2n2!ANe!zlZ>NboN*J`YI z?bP$PUs<@_Z{(iGh)S=Qn+QvXEUA|7WJZ=5)bB=AVEHo{>y!C9OS89klNGPA%}@2` zrbT-->p(9oU4S>s3}F4?Sf2arb-X!XxO65HEqK9a85yKuUoiJdO=3T&c1)ie?*7To zaYC`ET@{W??|oXr*_e2`y`3M{`*q_iv0lvk*_C^nCUmMYH zr~izo2o&m}>hW8i=Za)`Oyu5huAP5k$nw&HTU}=eF?Js}4m|+NsqOJ0sM1f2iXs5^;4F_B3<&rJ+b8~FnkZtCU!lWwf z(<{%%eYvW0^#v=n>jM1cJvCQ2AHOlVm0UF{FZx9!;A#3R6!KPXPVAF_rwuyL`Yq%N zT%lXi@>AZHQybxWwvqp9`4~@1M_R2AT z;W)o~v|{!@aaeH zuUZ7zvQo;Rm5(ic&A*s~sA>Eh~Z#+x!^wmYAS+!TL2`2A%)2?MV}yHOs8ciRDpq)thR zdGh+_RNE2E4Z8x)U~=riPie03ZQPQY8}y>&iIUY)4f&q(be)31%cSnbEUPv+pLrKI zb=$_r!@2R^VbzssY%$^@;%saS@~YZb=J^ACE?^LI%^yWQ~yqQJb7-yZq>I>;8dHT_1EXZ?B za%uhjb5Tdwi->nF53Sul>OjX{H?WT+KpmMA>C$UHA>pqhO?JrXhKxTz3_eMWxCnK4 z?!!O@1^J1cek2wrEl*xBjN01m&~P$;#rw5)=$c4;2?3=M$UNg*PT%q zbjV_~q=Z%6+Y*`^*mK=ukC~>aq>57H^QYV&3*TQnNw44SH@h`Q30-LU-g#33w?rfC zG~X>e*XkYf!2jIO$FzAJN+)N3G~Dtoly3;|T^#DZBfxU$%!wTgA_bz+(NsM<90+Au zjtYm?G}n%>)e%FggYOJbo4Ld9Jd27yrPq`4M0ZPKG_Gs*`v8jJLiXv{ei?AkJ4b=M zD6emuo4u^GN{9maO!#2T*y+}NuA+|#)?KlPv2FICKprE}mvrEb*UpLTRlCh^P!r*G zQA&%jxtaBL;#8p~P5z+S`8~Zr#@$oNWTn4ghQal_n8h#6=C1dthg+zlhVmaZ&94gd zk)P<@qa$rf{q9Ia4x;uk2Cvn%E&tgiyV3q*muv^DQ6_ZBIeU!tz{UUN*I{UW9(T>t zK-YW%_$ccE*s<)CA@x~BI9UWDjd}Cqyogl@v+R^Rxh|r~gjozueJvoI2o*VYpM2*}- zw);!>8eaaM4jhpC0d!Tot>Q0Ljk;F+gJvJZJ&1CoFO-b5tuP0^Jy&=;M|kDyq|98p zhMAHJDB@~i>7`J*M#ZKWu8_5HqMiL;Eb8xKo1Rer!1lJRm5d`A3rmX*&NAVsxA~~o z^VDXdD%)cn?5z_gYh-4>Cdhr}Ta%52(+_OoBxLukn>OC;{fg#l+W7M0V$Z$&#J@-CVcJ~C5ja!wR|BS>-~{)Q$SJk%EsBmz!>?M z+a})XMb0n*E}!o3FLlU!6;3q=E3warL^%?;lWSW!QhjnZC}zJ6;4p3qh%s>dT?q@9 znr^3O3?8@IZf&*DkJCEzV)!4~k=r`KH-zI21`3zsCVg6M8tK&<5@)}ZiR-_8@6P`? zaoJNyAZ+2-h%&3o-)3yTPGCZEN^Vbp$mz_pzWDqUH6H6dO=encSI@isBkGa;Zqw>5 zj*scJr4vGa9m&Z~ps%?M@MwU750v`I#V7_^DU z&Poi^YFP`qfiM6=QVC7Z+v<80Bn?TM$K7{=#^@6ob<;K$`IPe zwDMFXB@SgfOH#gF0T+EQLZpd*h{f(@3XafZXV#CTFR4zZk8w5BeXc|v$t(IcBT-`aeEBV> zEVLz;IKHQ_uJJa0=N@}pAx>P9Dd6V+{LZ9pa{%$;!O-lcxSu+rRjPou7eh74YDli& zG%w=19ntcXXl&J~#@XqGc*a#L8_XB`x>vlS);Ieb-@8-OEzuha$!}D ziXy(QAU(KPXIWfb-sRzEoVWR2<>>8zI;yrzTPIvO!#9m7WJ0sbvOzWzzhSXl25r6D z`;s^BL&%+$8mW5=Z0K`lH@EgqP)o-*R$X_RUyLif#+*ENJB@KvDjrK__w+$E=5d8% z)xpjP@sxt)u+NH+>#yw4*KdlJUt#ICS;yiQi*-{Z;xgEA|(#?p2vJvR&z!);x31yk;pF)iBJK8&|kyG*@&(kW9d5Gv@BwFHbCJYE*6HN{U{W zXIYr?Bc@6}XeJ_!eGMU5Z|}-QJi4z?qU?AXJDI%!dE_jrQP+{+s#vX)(gDeSd-vIg zXZ);*+^M(ZNh95PH0fCz`uqLp>b(mjetXZ43mK%|V{k`$F43?%{M^s^U9(<8pBw#? zLcks(ydrF1X*D7|HWwk%>&I5CDI*)Z6N`6?|!gP2zIbi1Aoal@y2_Js6eiEVNYu) ziqS8!hALn|nJ97FXC(rn(=hm?L#iUPl+`|me?_*|VPK%VW!w=(OVaA3y+Ebkd~sZU zYB!AI>Bh>X=oy$v;G?R0LAJJ@LLck2G6XeJD$AbnSCq`x)Sc{Aanftj4iBMI{N1Nk zABrxyC!|xx%~N<<;q0q$*Pbjd_Y!M+97}+DZ=PwNd|)3;d2!!nz~;>3@49szpG6Jy zO3im)Re#riFmPUJ=0tOdBq;HOn`AO`nYadhSso_80>oRmR;N&sCKvOydFZ-beT;wY zs#U>zl=l^Hp&J*enzAf1m*Sk&;w+7Wb>rmBbh&dUm#;^v)@|v$J7M?a%%p)EpKf=S zm-8SO`)WeY`R6Q6VKGb(7faokM|xmGC#S#63<00?&Lb(qwU(YIxwV<(L44Z6F{SYA z%zEpk+E!zF`t#Va-4gM}ElM8y3XTBM4%mm<8D;2_hA+{L)=$w_1hdS@h4Nj4kbx?+7 zh?B|5+Qw*?sqex9bc3G^F6^^jzgN5|MFD=oO>ekl_@Lbvd}AT2Cu%TgSo_L87BkG- z@9UrD|L{dte+zk^IW5zeIpmcOi1s|IS!OxwL3xK1#~14c+iT(O#IM*k(g(d8#5)W~ zCu!?3sRC&wc~BN^8QCZE;@8tleeOC4S4mE*k7&mVH0jZaPW~WW6%>7w`E(<=!TpW2 zCv&PFC(#d7{FAEOd7<@ZuMh$6y!IR{E`GHqb^Kr-Qt zAq)FDj3?00% ztPP(dM<##MAJ8;9Fuc}~DTM5MwwfGdap`h~sa$_#*arF6nbly+%AJy8VJjS;3 zw`bCjCrws1bU-u^+n=>FFf^2pXdjkCU?bpbYdCRE$jS&&_k(>pGv%UyDk3B=v~_#> z_v2ClS3c+G;`t++#ZN!BRv29`Q6-A{wg5f&#o#)2Fm3vUEBRKs;n};3B#fk<9W{<~ zDspw7ay|t@GkeGDs)XXt8c+0#4=nJ^+`LtClEuc@vf8RLrasHS;K6L{<$v1C&`#<8xKOjm6LWcnVI2~k?XKV&>c497a-K6Mizb!fWPUD)(d}6 z>A`-32M~=lsgmApId!QLZPiEDktim0J%h|yYa{WNYl9G1?++{ukhYhkbxJR}LHj~4 zzBWAL46I4}=8*6t8u$cO(Dlq9sS-g(`+(VQC zhTXN&!M=yV?>8&5G#mYY%~PEGExuaG6j;g{Te843s4F;LU>cw!aByp577Dz{Eez|~)RvJ>^FtZ{aw_&EoLKNq~0Wio)e_|{ZR zdC%xQl)?|OhZ3JVId>{l?5^*{d5f{eP^Ggm3!HCe94}mXza!c^b2H}VtEVj(`ctAF zR$L;5xo3arudGxla+6#888)(ePBCz`ex&SiIR#j?J&CfTC4L#x z#h$#Jb>H!)&(M{i=1+?3Q#@mnb(K@`uX*huW)Iw)UeYX`P9c>Sb&ZZEj`0b?+?D(? z1bX8gHn`^d^(`~>ZNe!q?MKfD?+Nq4-Iu^!AG0qp$4*ssME&_rW0)8O($dkCl|wUv z7(vDODG=Pb(KND=&v_&;tud>l^I2mLFvxd6W2j+nrlw-7fq+Sn;J-)Dw?hj2EfWX? z#XsP;gGiJqpEI^xl{=Zk=o=58Z5;0m9_dPR;qa$bF;7KY%(+1+WW1K{J zsU1UmNs!zfm4u8~;Gjm%KF;_bLKy&|N|evRt$@&ze7^CFe+bn#F@G)br_eU1Bu2jW z5B%14r>HvwSU3!bv$7$AME?$y9*~Kme6HLM$h3s`67&5bGYxI7$B38t*!IN<#Yu_S z@(yQO@~bvXxU;&N$xvFLacWb*k6E2)r5Rs(nU zG6`8YF;VPKB!6blJl(?=aTyhVs15@CEm59iyHlgqDw5f3Ql!9EOUIcpO~f<*!M6(c zJyxd4=U_0Ur%6%6boVkRSvV>2-xAaRO(F=yKrklYa)~ya+{ts4zQoRBfAc66Y)-TM z{EO_%Vahj;>KQMbqXv-{2Blyg88eD zXOJfr*n`FdVts;xT!D>L0iNz2LGoZRI6)3o5Eds7M*LTq1Q51C;W$?mCO9Yv>t}x` zKg2W86XWUQ85AxL_V9FZarMK?|L0S2XcrexKlfw!RBl+mAhAHt2v>Qq>>ogmKw+@J zF~0KPqst@6{~aYPJlIn#5C^~!J48va1o-gvA>cm_m6AA(2m8l}w8UvUIR&uz8E}w? zE7(pB>=_6~gFVpB-oOAl2<(gw4s;C!WBq)>!8#f;;`!%Mq{A^JE)2kfH|WvIe>2MQu#c-7 z;7+MSBOafM4i3Tsd;b$l@V4@G^$Ye4a`grOdEtY`xcVHi=jhl!<^SL0fjxcQ4`pJo z0WPiq00{_2ArM;Z$hne-3WT@@1bI56eZbN!L_0)qgY&cN#b0_iv+{>u{dzlV+3 zkw@{t^I!G>qG3K*pj4OzJ3G4u9<%?y)dE5|9;X+=#b4?lasNM`_b+GRA^*$3Ay592 zc1ZO9jvxJRdk&)lpO@7<0xK;g;{vcaSK#SLK`_=0>>hv)cXa_{ zgM+|$rT{T^n3#{($bn(t*e3{ICxP|=sQzFbV22v8103uZpt`5CnLVP*$CT0|N2+6NmNuGxrJr?)UR_aRgF5Ak@v%HQ-REqi8|M z9rhOlQwR_`EOkw6fbZd=e@u#pOOM17Ldo%uE&`Zc=O z0>zB=!TN_2@^sW5K|wfqadAAFKx}Y;vnvc6;4Xf&F;Lt$Pz>h-^9b?8ej?6i(MtUM@~$E{bU>i1j$e?7 zvp5<8fryHTIHR0Tqalh&DJ8R@0Kj)JHz4@bJkSAn;3CeV2swznGb{*uI4gpbhCref zJl#b2goR-Nu0UOLb`=qK5QiSlLm-i%9-cnHMlmsni!JaBu}68^I@?D@;a@9wqip|z z=Xwke3@o&dwpaKA`tg*oon5G?aI}Im3a${X@V96H0A4Bthr<1Z!VmC;sjIt27)}J( zh7lIUpD0Rr2^Dr1hCm5B6b?-S#wkRL2+M$xK_Un!5)MURp@=XjA`pr=2UUf_ZJ=;n zD8d~IKLOV<06OAwxtE=OBk; z&cJp{s0maZ5-AP#Kv~1!;UadzaC19hh=KKzZ4oe8dj&wc97+y` za1}W;nzo1>6oLN_gG&SFXvhag160ME??^$wrGPWF@fJkGya1~KD1g`S2!eDEKp})B zU@U-be_6{Kmt z048T}aI^v(BO(pVkhnBShw1ImA1VdOreW7qoyhhk# znyKJfhK0dpQE+eI`EOPMV{Ry50M8L$NF?^ijB0km(fHR$KftC)Ex@RRD@_zX9LsB96;(4mH?^|HtQT-5!e+bg2h`Cdk7sVN5GCptnx32 zRgMs=;Gt;ap{N5;jwGnyC8$Iz$bb>vB5*V$5>Nq-j*5Zu7eq=a5-qvt*G+=Q2 z3RnaL2wAuV3b;Z*fPL@~0u|v1fKG4(z;t97ARb^w5I{<67*b6H4y*$-3G@`!MUp%6k?Z6yLEHViZv8gMuoel&^?ReTZ)2LACQWe6uCVc~eQ zso>2fLogd~=pn_dMDWS+FDY=(BQf}Vsdg+I?sq&Ih|i2iCnDSkqalDwNSFrTH-M)A z=g`nFC>$UVel!F)79WcMi3qC@ZvQrb$Mxre5P*<}8{xpunenzc4(DSLaL<3+0{8p3 z0ff&V0{{mBDdvZ8%z<tjR3F^@-2RqJIWoPgFZk3 zcYsiEDS%M;;lC8ZXB)!6G2Y_=90~(W97%G6*#K_qwPgkdlk zf3yquP&yI=NY^LW0S<5hI1@-pc;VsrAkZhAb8NWdW5SON2P|=eA&@}Ejg*K6m;g6{ zAKjaYh{YAKA^^OI>eSmpC6x`=8 z;7FGv831d6317ngzZiVH|KAVzOCEkbe%rA;JUyeL_}u>q*B|6P-j6vl1pXS&1W6UJ zJHSFwcRW21Fhl@e4kADVxIU`Ux4(#3B=go_|_@N15g!&ietp;~}92*S0G*Qp){fz~0$h$Bf_fJHEee$zq) z9P$ySPEa6NAsUd4*B_`?!NAwCA>e=>a5cO?JOC+hH5ft#66t{=ya09(UP<~9WFaC@ zKvM`5Ff*VwNn-IG7@@!Xqh*1c9rrB2GGMP6(7E8n0!>pW-m?f}yekL;2%xY7;|NU= zesz8*K|wfPFJMg42Pkze$Ads^h(7Fw;W7YNGeRi_9sveP{_P{+yZ{tJQVAgm*jgR~ z9Lfg|0Lpd1F;DR1MEHV(z({AXq%RmA48!LsXQ0#?9QD(1oCqAKLy{r}Fk=yZQyAQz zA8?G>-?M*?6T*csfRz3ZD~~7sUTO+M0$Ki_WD>>+9>PQekb+QVFiD^%6y+BWf=LGQ zABGn2ju|ZJ50(Vp>jDuLgs=8N(Lj3fhDn-=$cPx>En|cNY$AI|0u8*2fLH?T2L-wY z!a@`LLZ}=Ri0|XYLPCGX%3M)80(@g4o)46s%fFPHEPq!2%R=PnBn z;cr!p2&%wM|JLMhwFxl~Y{$-X{?3_Qw`! zu*DHUB+US@K%5gY6%J(q!x7-)goNZ^I6nL}9*Qhs0_fP>@qPkU{7dHgJ7WOqO6rK{ z0_MY8l3*MRU>pm;+`t3wIOD)A4|RrH0&h#<()gqcKPM!_=MKDQJeBsK`uA_%DXl z0xAR`M;BjQ{z8W^5Rt=&_h0yxOiTf|?#T-#{CH^F6nHG{Li)%dsXVAd|1 zomWdAUVppsm2Hg9kIVPJ)f3lB4a~M9w;jW9E@g%&tra^+l;3*U?EDP1&XD77W6yAF zrNv^g8z4z{SQZMb==|!~twg2&BwPx|gdr%ezU90xf9U0l_4Xd*{FN$; ztPi+#^7Dpu;^!y-`9?PxFoX4I1)z3*X|&%ljlX`mEfTtNM>!8#-@xB~7|X8au3d7`w*X z+E#~}yUpC8Vm$2+jg!2j1Jc$?H6Fy3=9E_SdbSzH3AE zRQx00^i)9m*Z{t=G-$32*4JB|xEbMn#QcCEzQ?#)Xcubt*`x}W3QPZBV_=>uORxU4 z{`iY89t#gzAb^Uq)C}cuJpODHYO2NAeY~{v$^}2So1?EObNf3Q|9$B(xcqHng#)tR zSXw!0+!rx_MdIxY5I%8^>A_cDF_+Et_8qzbbjEt{>(jJRw+3p~789^$V0m-<-&zCe zw%@O>ywNYLxiGK&WPSC)=DG&R75e?M9!{59FaEXtWVt!=VO1h{+Khmv99a3f0HX4jiW~ZJ%8q8w=-e- zd^Sat%U=eABz1n=eP;!ayXrR=l27JyG%>DlCHWA!`DBh*8KL}3B*t?zL-cbtKq)hK zV}bc(+(VB2cAgGqKMvE2?r6*V_|aybUL2hbXS;*3GzW9kE3+e1sdFhps4-;}gGb}O zDFZ@-kB5U%pT3`~Yc$}e0cHy@Oy{|(V2)zvhYP^FF+K5aXOqcjHarhA>|yUHJcY> z9*#o~2%ar>6l;4yI^FcXl6l-&vRGw3k)6Iso!h zP-S3)pxu0Yp;KRqw}Y!)loV=jg3e+HW*!)FXx4EkCG;4K=BXv$6fRQ{R6;!0GJ2U>16tX9w`fM4M!K#fj5K}YA)D=OW=U7Gefi4 z<`V-FsOtriFp3S<{b6_3ogcF!cBWg?0XyQUS*JLDNT)yVo}*9cZ=sUt&wEznQGiW< zz_LxQ=F&^;qktL>OVee4r0Gj7(BK`bIhbwCP>-)5&|oG0=6k$wtjB%D)GDQDA;KTey7ka_e9mV$sy#dJ9 zmo8}DxpU`^rurNd*|$yWZQE=IeQmKVB5 z2V6mKr4u$J+chF*AcQ1Oufn)rPUdGAas`qXS~2cp6O=OFYm9Irq_)$+=Q)o{(0wWFdrEHD<<`)`7MNjH zFw+5OO4@y30p6T(=sJ1GVYA;IW9zncI^Y;`qEQ^zurG9jAdLHwP=-Uq&O%>|;$m-R zt5`rAqXotHfQ2GQhel7VAsy#)nLasOU6;Q*$YO=dLtocE*W_*2W3yc{^tn&JVksqbXD@JrI?(ZLA~C%n;|t z<2c%L$Ray&aJh5L=-_@*b|`yn2!Lh&Xg&7rAl<@HP{TLs_o6#yLeuPQDxkrkvm)9~ zM*bh~?7f(ep-)Dv*@>@ZKQ><#u>vOoxlcE*EMGPYFlDkjoMW>wk2V|;0q3&Va0Hp3 z4bxN;KN_4|z%UslX0M)g0k~fK!@fv#A7;i7!cM2jn4^_h&n8T=H#s{WVeBwJzerE# zr$SF4DqApEGI*@sXp#;Bx%c+fUvD(%PUAjz2o+#I86R)Lg~$vva<)TTEf3Q>Sz3{9-J;J{dFbzL8ct`B@}vQJ`d+I3reb z&bY+4Ev*Js3UKR-12*cW6&w#<4`-)4k&Q%X`NIT5179|6-!6SQ$2Q{5@`sPNZ~v$N z{6GA=#mj%y7B9DcXncR`!D{p8^$*i;?;|QXZoFMSMISrDHs|ZsgZ9#!<|`9i{Ma~X z?3wIhX}__xbnBPK(yw>E{^qw2t>uruO3c%=w>!%pZ{NBtN!FX@>)U@?U;pX$hqvp` zm$sUJM*jb?z4Z3G^?Oo5tTwloZaqWUeA;}me(R5ayZn0N)`O$QX>*rKPrvx$wE0q{ z*Y14r#hd1Z{lO{)Yl(GUfBoy1R^zW<{>Bh5zxd)3Van|fM~xnJR?!~b{xG74)+w3> zRHF|@O>X12Hg91Uh1Jo!W@~k6#N~bI9cDM{>$IwxA3q*7-hV^`4#SKlx0lft5ryo*obx&q7L0u_!+v0#%aBjJ+Dh0!j}oEQ=Y z*t1M71J^aX+7HDy-f?%9(e&I+-CQhG6aWPVLlX)8%jl2`5g;gEfhR|A7y{Fr4*4-D z$K%nYYYe_7wvA+?JK_>Q?}--X5-O&XXjZ8*nQ;myg>|y|#GuI1DP2Cx~ z^q>Cy4E?YA43)*h&&%lJx=Z)5P0{b4?l&>j4e(aT(Bafw zqV8662h#uO;}&IPYq#|C?b{D1%iR+R zTuOoFxrx5NX^@8CyNU9{Ei%wW@rDBCt6L~!Zhf`V{E_nCG+HYv_G2i8)V{geJX*3c zx4-Hjxxb1@|8{Hny~cYbi%(DeoyoL1R^Z*z`{k>zDL|7Q>-kRXxkZ84B-!fW-4cJ7 zF{QGSGH{j7e>-&b*DwEtBb2VTzmpZnH;pF^o2@EQ_0IA(3IiIl%6%$tECYBcU-p(Z znBe-YulAOX)qv0DuV4O!_N*-u)X7)3zPR<( z7#bb>5rsIaQ9HHKqo}>VSo$UtO>ckOdiUVvLV8Lk->MA5gSmOX^hBfHmCfPu?$S$a zxlznFe*iGBCVAH?96A?dM(P|T6=k$2_IeB-M58lX5KA=}%OEBc`+*0g$);H_zXl?{ z%$maZHei;`V_b`{w%>=fRkF%`uX0w+$8bakSb}&%M?8Lf!1G78#R*KQci#7ngpm|W z!M1Dtar;BRdBL7bZ!O=s{lK4R`ST7|m8}gN$~LLuxtGcXoBG~#>x#DF2|?_;>+OGS zy}{f(q95F2cd4h1*8F{K9gRGDu{Bz^6bAo{eorusY5ejn=4X~FTz7-4m|{VAcB_Cy*x+jn5s^+q8>eam za~zp+wJ_D=d4uLCYfH`RasGPz;Mo%SU)^e~Gg`9L=b22NFO62cu`#?gHI{K_tvh$b zp3UdRfkjP$r1d2gR!~X>b_`}N%6u*;IXsp;TOxy~>ME(ITx>lT*E2^-JH2v8g5BJMJ+ZO@VEBG*9B?6ZAp$`4l`sG5mG z`K5VDC{V~*LpxI>PA9G)DgbHB0R$gNez;Op4Xbgfu7)Ojsna zO6>Cl{eZJqE)?{kN!n@J!JHMHjOL>u5E-6nIHs=hb+$qN*hNMqE|5~=t&eXScRsE*SAJh= z;}dXqY4z9D=IPh1-@E`qiWfRP8h?D8s_GribGpK)n;vd|7_Z-2!V6=m7u-?_2It~jk8F%s3S$c8XY&`LzfTf^}%%fh&Jc^>z#@(eC%RsuvzbxaKu@?&5SYmI9tbUW(7a19qd?TM%jM5-nvtmbNeixbNh@5 zGIBLUIgD-3G0|LVGm}EQVn_huuP>Qz3!kUo#0)9{ljsyUy!_3^i;b_AH7~|VywrZi zOvr(K@fxkotVX5y=F(4Dxs_Qgcg_4y;2Ktjjg@0ruDtw;)>-8Y7?{qi7*7EJChMhP z6=5-nuxL-jBV?cqX!A;aycJua=Iw1%dNV7rEbmznnsAR{$-<+;d)GD-lmJaf$a&zU6r4PS+OUZ9vW7_voRez`I?GFa-4LL!ypEg>L z8*($)bn~G1k~+S(op<{Kd$aut{HA96wbcZljwC&dCCKQJ)cj?cKd-%$b}x>v*BBWF z;}SH2Nd?QX@&i3#^u=JdjG6V9p9{~OeOTMh!MBahD{Spp^po{pmPSli;!i5JPqDc^ zX?EBWB%H1Dj61;yDg=lh$kXhnX6Hw0_~Xjm+f3l8Fc?|so5slIqaB(-kZl9OFdCB+ z6oai(6dr|AI1b(Fw7>0iZZVgT*7{vbW!bIYo1Ioj2NZ3=lI0OC>NTDNHpU=|c6aGH z1IEvVzv4+n;j}n2hJ>Ta^Kw6wq6__1>(2!ceDtibO?lg8UdXS=b|YP27+{46(qVPIbm|4<{~dq`1fO8C<1 zHag?R#7w&3ulwsbx%~A@{{N~EDS`MY?Oj7i-lBh8b`8HTe?9(fy>E~0EhR61Xm5V| z2kwzQ?#Q-TC}H_KD*6`aKzs64*lr%geN9gDfOWY2!G96HLe9AF;AV**7Z8mD{XQS) z-`7p+W$4EqXk9&Nw5vZc3BB3@*wpmY?XA@x|N7E-8)YHbLX0o#My9|@dIfaA!`2bVbFjQ?wCl&EZ&)9&kUw!*80q6iYox*Uo2Tls zb>3)qaFDQ$DC@hWFNagC^3|4&^j2#ZOW(hKIm24F(YdejQL}SLHqzKU9to;5&ft3Nb|8v+OsP~BakG``md{6ZJb*3;&e_G-I{Kb4^i zn?gIkwJlTBHfGQ5##v)^r_uhIg%J4qjc>H|d))0E=g!0>{fSjutOuge`)*@(zp*-P z*in6EXj5sb^@9!M*0W{{zt6vDP~rJoduDvffCRLjAUx=tEwz3KlWfz+M6+u>Y3{4_ zm0tpGXmp*Ur4(fjRo<_+etAHd&81YLyk6r;fLQxJMVP^p=I>v8!Jj|T0rZnU>%2K6 z?=)6B>VpK(W%_}3%;MbEp(89#g}K(_J?rsJBTS-matrS9R_FK@^=eY_X-M&&(R^3$ zb9(vOcJ6tbs^FO``(*mMh}k%nfb+Qw4?N&*H?Z3_%w6ki@vgl5_RPjr#%+N zKizW4rO^X+^g&|<+$Tk=)p@{a~f?we(*DYaw2dL=)meo$Ji=I zcB%U6?_S;c23*aqw!AvfpJV>C2XJg(wFe;QGVSSkRnLr8Xxq~B&wBjX5FEb=x@ZHRX6FgS zM~KxzqRHxh6CRtZ(0u$V_Lb2_=&F1>359_zjzio3M>?y4+3KXR%0@i5GsOU9#mdWd z7b!dI$setv5yjOr2|k7Ig}%_Jt`3b{c1}Tp5hN`l!QCZ$zF1#|8=#MfB8R zJL^!Vxkfl@bgs0m?jeek>G?%t<#l7}LP-}S+_tgaL;gH^@J2xbz>-w=Cw!*A6<`X; z*D5v+K^L}b4~byX!hFuES>k}i4z59vEUF_)4Q!lE@m>=*r(Od+LUV*N{;gpqcewh& zuHLl)N>|aDfekQ=8thw+dV16FerT>@3r{MmW2peB(_FnrJ{|GLlK<41LIv2SjK&_? zsfLv;(p&ARb35$s%PWmVYWK0c&ly1-Tp|bMfw#=B=!DMp;VwFm^C2|!9xi8Uy5oF8 z4mf%cgmfKm-|k^=`ct8~)>~R`|1Ki((x&`7&JT9DK-8b>Z~-0ukVC}1 z=KJ;ch_c%t2LOgnXhxexJUEpMRlf1JFmYSXM>m<{_l;HPM?S}m2N@KNGDRqsFp@9i%$){FmTenJ^q1Htrn>E1HSq&X@@e|>XlP^&Nf zna;z>e(P5vfxrvedi{3mBkc9+3;JyRthK$eRl8bRz5U<{VvG~X?>sw*3-+ABDx_09|SxF-mwu7n0>>&N`re3_`}P$Q(OP*%a56qp&JsEVn=P?oOd8=1e`WE?stvV zD*`h9pQCn&5=JD2Rg`^D zw!vD%Wnv1v*CrE1zPrRm)HbA$`Zu&S0;!R#?4misoQDv6tkHW0grCyNid+u4!?eeZ z&M(bI=Vv)tDMQXf62oAr!xb8Zt-|mWSpw0p_0GBNPdgcm%K12ehwi{NkT&3rmJCjv zQ=KfnHrWnpeWM+8zj^l6E$tv{ex)z;fNlbwRv+JKZVllA|Iwz#T=p6(#6Wu1=xjDR zTTE^RecOE_?9BG?);!d^9i=^GeNE^ zKjtjlkJ|ZS+X`&mkK(WbEA1SeQgZHJ``c3@$p&B~`p(bF8Z~Fv#rueL6+nH(K=uUa zJplZcz)9!4{t4!$^Vp&dHBiXtIkKQJk-?fq!}d!bD59MWGu~I zv}Q)p7u9TTeQpZ0%n`uK2HWUN*=r_iHI8{!l}<5U)2y&j#|sRQFB4@H)6rI=xPKOh`{V1q=J(84jsKnfx((^P)^MPez$YUdcY-V$gp*L6vUPEVzZBdVcJFb8_=} zFTVv$8T*6WY~DAOywGH12ukGchPV*SqniT8`3xRZUz}tBzg!|Finkin(tnt(rZ+Ah zh}^6oGfoJ;wnVNJ1_79ePyNYRbcZ;QiRVNQ z6ksDOLjv==P;_UxotTf{02h)pqOZF&Y8ht}vj?bm7VM7j7sYxbx><^vUng?WVW~uOeV%YKy^wnv#c-SuQ}Dyiw*7=C$Dl!Loli9*&?Z zJL8x%R2cTSEe$en03nY=A}l9eoekF>-` zqwe_ad_!c%K(%OsVaqsRV}k}ez;63to6YCm!lU8afm4QEqtupP^l^7L%rH9~L)lVB z;N$u{y2N{i1@d9hMgNe+oS(`4b%EkAKh_Zg8B9m8@9ys~_V+s7j7S-c5?*ayWm`JZ z+rHWCgsqVK8@U4*IAwKhnrW&rW~5A~Xz&-qpya*x8}VA?$QE63yNl9K#x5gC1Re-4)Pi&m8lwJ38*nN_@b{11gFZSuSSZ92nKpS03fT7Z5Ug zY+m5Op?Ag!z!eu$gJ6~!y`igU&xd%2fgunwTh6(i#+smL6#L7dh-1d- z5EFhs(Ut3Lr8aaIFVgGIT8D2Kk}S6TOxE#g{@Oy?a17`%Zo_Qe#k_DbsGN-v_}Gab zS;YOfL!AA=l8h&F%zoXSjy2-D;IcEuSc1*RX=Wl9jTO@~rp#fuv-{}f_RA-JOupLA z-8+JFidcwnhG;Nhr_pn_^rk#{DB7l-&$piM?5kDVJKB>Xb_?FVa$vBq7LejsAhy>P z;#)8Ypf>!&tm2^E6Y;h>-6j(~un@t6q`iulzPqG|ABkPbxQ=4(E^&k>c4W>pKEY=M zk*7;lRV)P1OsRBj4u}vTLu$CNct}tNY}8pMCL2$AvoVxkit)m#4eFUoFf@bMCW>P* z$6fxy`eVZ~ysZ9){3F5Qg@ZG6Z^N(_buiF#V8WEd1g`bLjC@7J7#L5Oe#n@+@v6GU zU0ga1QtQGzS!eYX__z6MNQ^l_LqXK=BAQ+)E(zshI*;l3pr=^n{W{~n|K)!&nkp%kd+ROgd}_8%zHS|(6mFxCZ@rQ1Znbf|o|Tsj z@VKdfLl#4I72WG53Hyw5xZIJ`U8gx+Uq>{z)R(0l&42O5pYaRCCfkQ)z4QJiv|){% ztKBE-7pU)<#h;#-_nr^)Urx!ZDXk&>3x0w4X|{NLijY#Ux@%T>w?B429A}jfZLBoj zFO8R5cmS^Auh?tuERBP|VjInydSXbL7M2F8Z0{PPy<=#i(BMO6d2jj05vzOFXR=NxM@<&HLm9`bwnaWy!`vF4DjzeIVzi`R|dh03~xc=mh5x{VgTANL!NkU)J*6`e~%K3aZ-uZtcSF0k-N znt8o`@gT#j<=1~AH2(No_13cof5z>g+4`P-Yf-0wDH&S)49q31JFrOs%XA4%Xg*0$O0Uw@9x&akUh5)M zd!b9IltNl$;M6aq!LQMMAT0+GtG=BH%#&5tH zw-t~#QaLaa8JV>p5FH8GTe{4fUI@ZJmGLMaM^ZMe?h zJT_5W$|qjnVibdoOZXG}YL4!!++KTchy8t%^Z|SEnI8Quzet#`w1ch?g+#1wkhk@? z(hs>ma2H-+qhchh8UZm7F9mjkF~`xu@7NJuJG)^aiG{?x344cd3$JEwZ^3hzm7P7- z+GI?BxKS2jbVdF*vZoTPiO(6XqPSt@X~gfU5E$ecLuqT2cN0ZP3Mt)@e)qjcxJn2M4mi^4@}*k z>e0)CM|+YV=-T~4YIweB?MICyiPus7Y24V^bK z2|{*lwuoUaMRSSo{FG=U9)^qUi=%jVRL2T{7bD|MBI2O#a2)#ZsmIk4yhC`M>_p|B(F4tNrBv`G5bLygZ!DUgF5ZjutSJgX93WrsTkIAvsW>wqy+^ ze$@Z&&Ees}Zg-ljAqKe^a;t?tzBaAe4E|R z3n^4Un!iFTBB0AVa9hqoF7M5%&h6rwfVZ4K zq{-I)pVz+o=J0UKguxj=UYJ|qLpCZwMh5Mh73OSNxB9H+2cxX|;k{8{};n~Gm6ipU#_7TWXUgRcm;;J=wT4;&RsFYHKy2XUO zfugl6)O$TRVjCFxqbUQQY}Z?pufPc+DWZ2&858;zn+t;tq`qd%p}-c0=-d6bgZG8$ z?D46~%l*{iQ-YnQyDDVsXzR_22?M^3hyDkY)&$Z*7LO@9(`j*N`_5#=*_5(4PD&sr zyb2(X+hj*TBPfm}c7;yDR00%i>xsQOm^>%sSfL#AlCYhFa&}ehwQeMjVuV|dCpjFX z#Tq|Nhgz2r(!*jh11VD^4TIK+r8~1ge^48k+bD=5)@>ncbAT8feRioMN+`D7Lzqn1 z@BvFAz6?#J><0={d*Oh3ic9zAFt|DwvmJG>%P!!2vC#l_Frm=YE4~8=%g#4s`x$G+ zl0eA=5zaRZf^{9U1Idi5XGEdR3?KnDN+1ZIajcX{!kjbYuzOS$J3{`$AU1U}PaMsB zoS{Sk3Z+cxnd)X;29-($vI>snhe@&2_K6~0(iYzq9`rL5D;C)$iZX;5io)F^AU4s7 z3Ip2EmoXm_Ibio<3QIev@5)M{ot;h~S~QrK$^cnt^O46K%8Ue@lEuvz2vgLv)s}iZ zB9>%*iEZL+U-So$iG+-`$}0s2E;kVhn3c-DVpE|I>=73MI)h^0B4{R|jG3Wmy|6gp z6s<3`g%XFJ7BU06lm;3uAITP!baJ*p?|);bF25SJYa$Y~8V^ zcIUEn*Pc2nm+cjMT4`Ojzp z?_1F}$)PM4!OM2&vvYU#vb}mY33IW~wHj5z!7Cw7cji~R1jMof83kYV9560fd#o?c zX5ot~(=|>zO)kbmFnGJ4tm(KQeu-P_0Q(s%XQkHKPiIxg-H5+yB{MOnH{=FaZpI_s zgLfSrZ>Pjt>ql_e(8se!3If8yCuAmoNFeRiPG_zl6=_y~s6*7PmHdO%dES-$w^Dd!p$GSDd1Y)$< zu@l%Z!g3r~u;>E>4#<11l4OUL9Rw z6%rJ?Cw#j2WD`LPKY?#a6N?92liqj1Oc;9MvYIAm0}Jt9m!<`WNEn}*m?4UXy2S^nW-GV4~C^+r2ma5G##zF9G7$c=h! zwGv$)$Ai(~jmmcpY4~rcu=2N77*OFQit1zoE6Vd3Y=f{UVq*$^+6@&R5PZ}Xvo}bP z!Xk(Q4<&+%S4q32au@d%H1)dg$K>VU{c{A98BHjZsG>l?*zEAHF7KN7_iML$s9$MV z-?8@Flx_JWwLLF9BHq!3QF6~fbmT$E1L6yzQwVhwBYHR^JK45t&~%S${d5d{_)IzN zVmA2TvNF;&%c^M_cDmknwA#eJ!i5gIu$y9~5aRV}j^%P8mx@=KnmVsl0tU3pU{y-I z5k9ZpaGTsvF44N7V4`)yldW~r@pTi96qB|D82Bym>SnvT#hzP>MvN7Ra}1fOrrl$! zx!R{Gd?d&ECo|0s&cqn6X1!0Aw3A%+Z?y&Yd)!g0^&!;*#gMPT(?GB)bvPHNUD*OA zA!3_^1>vMmxJm0)ACDH7J0lQD)}sTO9W~NHpha zy?ricc2lWliMVjWGwiVJHAT?Y6=mhs61ojnQ=^2Yl5^%~t&^bur8G#HJbZ5w?z}hT z^6rY>_XZvgEjCm-%F`=M-X-MmTWFHKOMWnzCd7=71%MUMD5SuQOt0YfNkoxJX{Z_c zpoQ{&0Z#fDDfS0DjAmy%x=PMmO2KtE8F(}BS29n9;J_1@w70-4_XnI#`Bt$LEbNTr z(fOoz8b*-sHI2Ul;I*=vrD;N@b~9jcWRsfPw&jQnYzCVFZJQJ$S^j4G#Tf(5Jiy(lKE z3`nHQjt4)JlC|u-xb{RhYDd!ne&q`oT@S}M=NkgyF|2?ix7GI-EGKr3H{nV+rBGR1 zOl|#K01%9k8EjehUYQ*Q%Ch`wiR(~5aEc{-P1Yp9o}eTRXH>O0VSj01uEq5t_FiA; z01^wry4;*y8wq%&=ku(HU}{=8_!G3<;yN&~b-p6I9w%$hiCiC`^MYfm(%{;4b40Vl zVKj>efL(-4D^j~F7HFu0n{C$&cmo-AEkKx~eJ;sh99E`z4d;^~s$*_-{I+!0oi$*U zjrqF#oK34V%<@iTjw0gm*wAF$%TD_+XdU_&9P&2yG#MLTw8V)it7yCEl?)H7aTlRouF)||&sGSLbb6diRq zP~4wYKuC07qBb_qeQCYIlr2at*G-lDWiXvMn^wP~ItnGVa_r4fzS1v(l~}5pXI(v# z|4B8^L`!vN1n>{wHo0)MCUWgh7FgV-Nq%2}tCNx|pASnhN{$fwO|R_waLnB~L4X>A zG8doS=Vov49)=2piT8GM8R}zsr2V!y^C5ZX;?6N2vI(0W`TI9p}xv`GqUvW6r zf666g{0=5jtIN%W!-0n^E#agw4RB({TA-v1NgfVR2EedsEL?<+r8szDIX)-$tPKd$ zOG~KW*kXa~6D+=%-O;GJp>MXN_iniKH?;R?-O%8pbwinK>xM$v_6>!yZG^HnGM2fa zRH}VLsT7K>oArA`sZ{&!4coin`nGSlzNqDHHjf)x^t5kCQrb5pDeeBv#@D&wx^-5P zHDi?mS6$heaw`tB)QLf^S|S-$Q>BI-&@NQHUiq{ZiB6z$l~zW>qbX-(a@Fk*qmo8s zvF92D9ih_vq=_yhc85t5$;Cyg^pUDGflgtIo=m#1Q*gd+7@lBiyn<=1S9E+7jdLH>$t@nSLrhqxXuByBFD`3lL+5YG=<33L1X&qMN==9-0P?yN+wa5D1$3 zs4{zCD2-$_-8t4;Ui$zA(nz8=XR|7Gcj5O?X!feyE4LOXKC*#HFFla+V*-gUl|?9) zS&~VC@RQ{FU94djkCwIF^I^do9KOf2XO(g>Bi?<`gTMfC=txSF-~qq|qu5R<8{I)> z`xI|6(OwIgM%mh_dT^u**Fu*eW+U)dSvUl-;`H1=<92kytA*Ff5a7YnL9%1`hnCDA zpx{AyRJfpTW8-9C&5n5qI{+O!t5QWVyQU+s8) zTS$jHm4*lYByOS%3bqcFY)98}A;4+oJ@z?S*xO+@b?iuHumkXG2NO$t(LGO)?{wkW zG!QbB($g&n8ssUJS*+O{s(7~XlYKvj> zsPe@s+EqRoa%1cEt$jm)D8T`tvFAXp!TiM^>JD4!GSE>wq%y=yjt%HoG9uk@U+AI@ zTC$6q6W&W`WKvcFwljGFOFHzWBKIoA!f#Ycb15H0l6iMWxrtfwYX1qrY^GzGj&h*k zilP11f=tB1BffP=Cbwx3PX!MWag>zR1bMUJk%bho<*{SNTF?%|9ifMOPu#OrKrM=~ ze?r6dWn@~DUPt0~-%=?@M|uH(dybsQ5%3ZQx#dWY=cIaFN-M~K(ocn#;0>TAD3W&x{I@? zRJJ-0h%@5CNEWLD2*`>coih$}s!s)98N8WNKF=ZWG-9PDzc7|g?yce#)L@I>KV88oUh(rV4YZPPLTWsD~W2({?!k2sfF$VNtC@xB?jvI4mqUl zZkn9iO6cS49JXd9Gh&+ux#l>mMKTcR6QZ|_v@}T{AEXn5AobIkF0OvKK$?knW56)E zJKI^v%aryk^DJMP(h$u2e>r$VR)nxRWJMCXV=qzDgjq&;m_1{i1~7rhamH1o;}|aP z(`d9)>DAXg2>3Wl#6EK7_$8!Ly2w68W+BpI0V2rFEA<$SA%8U^@=4X4pw)ngU&rYe zn91vkh!wfMiwd(`9fe^;JfmtzOgHE5&7J`Lw2Xv`z9ZE}_mK;7#tC7onI5?a)m=3! z-24g#6O}SBly)5I@DtI8zce;AJO5!Au2n5;yEryG`a$KAMj_*ME8Q-(>5O}g_T1Dm zSqEM$Tx6ThH)bQ4qW9Y6u%LBGq4zYZP)g2p41#U zYf`6~Ygyf){C=u%JB2%9FnrIt2)u>tBr=V)&g6uEn)}^Ra4bpI~3}ih}ShG{w{EBHG|mYfHt<= zV8azPDI4a;*B^(hk<2MngnNXW;Kqk-t{2X_O`&XW;l%e{6&$}#NXiR+v)a0H(h+Yw zMM;M1s$LIAeZ>rTi1@*5ayc>)M2yikpBp1f&_LAMSi0ls2#L^3tW$+R#B`1`_g$?@ zNCG{o)a?&p?1>^c8gZ>JP}ekZJ&Nq~VAGS`*3cmU|OCDaF9VMVXh8=cr*vblbj-n%4uyx5i6D!a!9(Y#0QX)*} zr|2gDzaAgC+kzU!^&{m1H=;@-{ctEDXeXPy?`0GREs)))PK?K0hwy{ zb?J-%54{?r#64XKYxz<$D@wMHxw)i6$rHDaH$2qmBd#)--(XDFM;yjr6C?7K$RHUN zH;TPi5cm~0aLyWMEW!q1G)pfpxUp{z{8X0g+Q~uPi2{+!NU&`9svue*z?A~q1?mTD z6ez9$D2tq%8OF3RsQqWOBXj%h81C0Sw2^`Xel8NSBIKv$;u;T}%G5SS@4HusACBW; zpWkfOuBCMaaIoGPa8t98L{J-C;47UW@{jiei(z6m6daesW66C>*nrVNZHCSWI~;m$ zb!gEE@)4lgboy-k8N?yHKDJn}l>rrr!*!aHAGzWFh`9GhB)vi8E95m1kF@>_(`8*e z?+PCzg31yDaf$Y?2`(ae?H^fwKbU7h*is6iX+6sP)d1wyPwM4$#SFZPN{Mgd+NHV zlmeF5yGO_2h>l?#XUL&t?|j} zREyV7tWu6GW1%oXBBaH{p~n9ZI|m6iqCr%iwf1<5n6#gZXU&3JtP&pj1(DQq{JYaPHVm5`}JFbcPoP606BeNI$XiYN~(h45;vVp({u@Ef9#Xp#m zO3zmG+^$fu0LckJ8_T|+90mnzk3KBBB zmE;K#$vmjg;BvNqb#^3!5W+D}&>nP0luI%}HZPSP%nqK3Z^>E0f`L@!J{kY(>RApV z;Dh!on7GNr+V7&(){XYbu^xZdW9gIP;F9-Q#GQyllOraA1S#BJFn9G&=Bm~>{hRJ#WvuQ$ga$$Kim5;Ex;0qOL> z0%3(K>29&(YEly=a3TvSP<)zn3w6@)5UnbjS&V&-y8XjvT$WF$89ChOQD<+zIeB#fk?_^f&1Pei9v6R zqRrht2&t~vT*a5e&>m_hgovl1gbyt}9F7q_TEzLoKK_l8C{D)Sqxv387J3dVDEFu2 z*mTyqTn7iC?CEfZbjC*uEQqu1qY^yBQ_-F@3NyVH@jb^ge=LWGh=*cjz01W=#^~cI zl~RF`&8|Wy1CIuMhz0jo3uwW$hSOdk9f2aLa zcSmgD&PIPG-D!G9Es1k-ib-kpAykzFJSmF78Bf;k_=w3@q}{zRvh^v9zvk{CXa zfGTJz(dBd&Uu2K6H%Ly+O3p^gTlgLbPc)aUkzV*@MZ88ckvc6ns|d}h&nsS}g&m4> zRT-=TGH?UQJ93SwpZ|HP(-^%+9)%WBcVj@s;ZlgYmtBx8MwVL^B##1)KFdtiBeu%m zLxw6$B4@$3Eaklber zx`>zNRT9H=WeGmv>=m9kADNG**wI4Yz6u%vs|~AzelT7*;{*`9#iW|HV;07lJ7bv( z#RS-zk>ZrZcbj2+$*-+3CBGP#^a$CgN~tyDDCK8^DW%2{EhJ{b#Zr2{rln+?MJXkp zN+~&CgS;j2aUK*d&bp}9-gysySkmFgkT zxOk;REo&)30e(sep{cm!S${D>EyU+K$i}<~iTGXwS(X+pu3|!*a(vh5;&XtNA=^S) zj!O#}0gVxJ%z*qm3`hl8jOndv;^?d z{bCyYg!A0R#B4I9_45f9ItbG!&p6lvz^XpsvRMFxSO1ZlIJcrW>Ks1TX2hb5G_*az zQb8A0RKDh_6vF2gAXVNHrYrGjmom2d1P|l3K=7bo|G7X8iU8Y}+2&;;Fl|mQz?@uWl zpMOKOpj`r6Dy4NpbcW4T6EcP~Zjw2aR#6=0Mjx(_SdA7RHey93qgoAT;Ei#LTWzUM zmRhPH^l};lPGgbI|*QC?s|bsB+p5ug2Xo>;m@f0#Q1__w39mvQhxeqP7W) zanPQIHDgRLNq6t6uvJ4!xY)#UGIb`3NZ%GSOO)%%)DP8iT70v4NZ}L{%-f}Wl6sQ2 zQUYT(*iveVm~sIt+K*)2l~VIL)+L9Dma;Z3`p7AIYy0wM+v~Y^n{rJu+$ zZ}6FwoWRAchsHI|E|V`9L!BvC%gHcVurOxIh0es~FHz$C%x=HLTK22_v;D`!bCe** zK1@-QZek0`J4&-OP%+SU?;2qpWp2&Edrlx5AX zxF?1(ObJTnTE0BCLUp9O)va&&KhUiZZvI@%ETSIGM5vfio!; zDYxdlUR_i9Zi(DTU2B^c=~Z2A8;E$8Qr{6or9>}!-DJe0>&&U^BuUoHMt-`Y1v|t4CXPRusAX4+EtAO zitvkR#T6>0Ei6vV%Rn6yt^r}p{`q3~Tpt9ViuFoLZDyvmeKJ)~;4@bao(DPn&Y#5;kZk_6>4&f6x