From 1bfbe6fc59114004c74ea92c7b6a75a1518c631a Mon Sep 17 00:00:00 2001
From: Tim Stone <tmslft@gmail.com>
Date: Sun, 23 Aug 2015 16:52:49 -0400
Subject: [PATCH 1/5] Rename UserOpenIds to the more-generic UserAuthClaims

---
 .../Models/TestUser.cs                        |  4 +--
 .../Controllers/AccountController.cs          | 12 +++----
 .../Controllers/AdminController.cs            | 20 +++++------
 App/StackExchange.DataExplorer/Models/User.cs | 12 +++----
 .../{UserOpenId.cs => UserAuthClaim.cs}       | 35 +++++++++++--------
 .../Models/_Database.Specific.cs              |  2 +-
 .../StackExchange.DataExplorer.csproj         |  2 +-
 .../Views/User/Show.cshtml                    |  4 +--
 Migrations/055 - Make UserOpenIds generic.sql | 33 +++++++++++++++++
 9 files changed, 82 insertions(+), 42 deletions(-)
 rename App/StackExchange.DataExplorer/Models/{UserOpenId.cs => UserAuthClaim.cs} (54%)
 create mode 100644 Migrations/055 - Make UserOpenIds generic.sql

diff --git a/App/StackExchange.DataExplorer.Tests/Models/TestUser.cs b/App/StackExchange.DataExplorer.Tests/Models/TestUser.cs
index 3561e35f..56a90a80 100644
--- a/App/StackExchange.DataExplorer.Tests/Models/TestUser.cs
+++ b/App/StackExchange.DataExplorer.Tests/Models/TestUser.cs
@@ -27,8 +27,8 @@ public void TestBasicUserCreation() {
             var u2 = Current.DB.Query<User>("select * from Users where Login = @Login", new {Login = "Fred"}).First();
             Assert.AreEqual("Fred", u2.Login);
 
-            var o = Current.DB.Query<UserOpenId>("select * from UserOpenIds where OpenIdClaim = @claim", new {claim = "xyz"}).FirstOrDefault(); 
-            Assert.AreEqual("xyz", o.OpenIdClaim);
+            var o = Current.DB.Query<UserAuthClaim>("select * from UserAuthClaims where ClaimIdentifier = @claim", new {claim = "xyz"}).FirstOrDefault(); 
+            Assert.AreEqual("xyz", o.ClaimIdentifier);
         }
 
         [TestMethod]
diff --git a/App/StackExchange.DataExplorer/Controllers/AccountController.cs b/App/StackExchange.DataExplorer/Controllers/AccountController.cs
index 87011e2a..ff584c00 100644
--- a/App/StackExchange.DataExplorer/Controllers/AccountController.cs
+++ b/App/StackExchange.DataExplorer/Controllers/AccountController.cs
@@ -151,7 +151,7 @@ public ActionResult Authenticate(string returnUrl)
                             return whiteListResponse;
 
                         User user = null;
-                        var openId = Current.DB.Query<UserOpenId>("SELECT * FROM UserOpenIds WHERE OpenIdClaim = @normalizedClaim", new { normalizedClaim }).FirstOrDefault();
+                        var openId = Current.DB.Query<UserAuthClaim>("SELECT * FROM UserAuthClaims WHERE ClaimIdentifier = @normalizedClaim", new { normalizedClaim }).FirstOrDefault();
 
                         if (!CurrentUser.IsAnonymous)
                         {
@@ -162,14 +162,14 @@ public ActionResult Authenticate(string returnUrl)
                                 return LoginError("Another user with this OpenID already exists, merging is not possible at this time.");
                             }
 
-                            var currentOpenIds = Current.DB.Query<UserOpenId>("select * from UserOpenIds  where UserId = @Id", new {CurrentUser.Id});
+                            var currentOpenIds = Current.DB.Query<UserAuthClaim>("select * from UserAuthClaims  where UserId = @Id", new {CurrentUser.Id});
 
                             // If a user is merged and then tries to add one of the OpenIDs used for the two original users,
                             // this update will fail...so don't attempt it if we detect that's the case. Really we should
                             // work on allowing multiple OpenID logins, but for now I'll settle for not throwing an exception...
-                            if (!currentOpenIds.Any(s => s.OpenIdClaim == normalizedClaim))
+                            if (!currentOpenIds.Any(s => s.ClaimIdentifier == normalizedClaim))
                             {
-                                Current.DB.UserOpenIds.Update(currentOpenIds.First().Id, new { OpenIdClaim = normalizedClaim });
+                                Current.DB.UserAuthClaims.Update(currentOpenIds.First().Id, new { ClaimIdentifier = normalizedClaim });
                             }
                           
                             user = CurrentUser;
@@ -186,7 +186,7 @@ public ActionResult Authenticate(string returnUrl)
 
                                 if (user != null)
                                 {
-                                    Current.DB.UserOpenIds.Insert(new { UserId = user.Id, OpenIdClaim = normalizedClaim, isSecure });
+                                    Current.DB.UserAuthClaims.Insert(new { UserId = user.Id, ClaimIdentifier = normalizedClaim, isSecure });
                                 }
                             }
 
@@ -213,7 +213,7 @@ public ActionResult Authenticate(string returnUrl)
                             }
                             else if (isSecure && !openId.IsSecure)
                             {
-                                Current.DB.UserOpenIds.Update(openId.Id, new { IsSecure = true });
+                                Current.DB.UserAuthClaims.Update(openId.Id, new { IsSecure = true });
                             }
                         }
 
diff --git a/App/StackExchange.DataExplorer/Controllers/AdminController.cs b/App/StackExchange.DataExplorer/Controllers/AdminController.cs
index cb9f69e3..e1827483 100644
--- a/App/StackExchange.DataExplorer/Controllers/AdminController.cs
+++ b/App/StackExchange.DataExplorer/Controllers/AdminController.cs
@@ -137,9 +137,9 @@ where grp.Count() > 1
             }
             else
             {
-                var openids = Current.DB.Query<UserOpenId>("select * from UserOpenIds").ToList();
+                var openids = Current.DB.UserAuthClaims.All();
                 dupeUserIds = (from openid in openids
-                               group openid by Models.User.NormalizeOpenId(openid.OpenIdClaim)
+                               group openid by Models.User.NormalizeOpenId(openid.ClaimIdentifier)
                                    into grp
                                    where grp.Count() > 1
                                    select new Tuple<string, IEnumerable<int>>(grp.Key, grp.Select(id => id.UserId).OrderBy(id => id))).ToList();
@@ -169,12 +169,12 @@ where grp.Count() > 1
         [StackRoute("admin/normalize-openids")]
         public ActionResult NormalizeOpenIds()
         {
-            foreach (var openId in Current.DB.UserOpenIds.All())
+            foreach (var openId in Current.DB.UserAuthClaims.All())
             {
-                var cleanClaim = Models.User.NormalizeOpenId(openId.OpenIdClaim);
-                if (cleanClaim != openId.OpenIdClaim)
+                var cleanClaim = Models.User.NormalizeOpenId(openId.ClaimIdentifier);
+                if (cleanClaim != openId.ClaimIdentifier)
                 {
-                    Current.DB.UserOpenIds.Update(openId.Id, new { OpenIdClaim = cleanClaim });
+                    Current.DB.UserAuthClaims.Update(openId.Id, new { ClaimIdentifier = cleanClaim });
                 }
             }
             return TextPlain("Done.");
@@ -239,12 +239,12 @@ public ActionResult MergeSubmit(int masterId, int mergeId)
         public ActionResult FindDuplicateUserOpenIds()
         {
 
-            var sql = "select * from UserOpenIds where UserId in (select UserId from UserOpenId having count(*) > 0)";
+            var sql = "select * from UserAuthClaims where UserId in (select UserId from UserAuthClaims having count(*) > 0)";
 
-            var dupes = (from uoi in Current.DB.Query<UserOpenId>(sql)
+            var dupes = (from uoi in Current.DB.Query<UserAuthClaim>(sql)
                         group uoi by uoi.UserId
                         into grp
-                        select new Tuple<int?, IEnumerable<UserOpenId>>(grp.Key, grp.Select(g=>g))).ToList();
+                        select new Tuple<int?, IEnumerable<UserAuthClaim>>(grp.Key, grp.Select(g=>g))).ToList();
             SetHeader("Possible Duplicate User OpenId records");
             return View(dupes);
         }
@@ -253,7 +253,7 @@ into grp
         [StackRoute("admin/useropenid/remove/{id:int}", HttpVerbs.Post)]
         public ActionResult RemoveUserOpenIdEntry(int id)
         {
-            Current.DB.UserOpenIds.Delete(id);
+            Current.DB.UserAuthClaims.Delete(id);
             return Json("ok");
         }
 
diff --git a/App/StackExchange.DataExplorer/Models/User.cs b/App/StackExchange.DataExplorer/Models/User.cs
index 317a1082..8f5d224a 100644
--- a/App/StackExchange.DataExplorer/Models/User.cs
+++ b/App/StackExchange.DataExplorer/Models/User.cs
@@ -25,13 +25,13 @@ public partial class User
         public string PreferencesRaw { get; set; }
         public string ADLogin { get; set; }
 
-        List<UserOpenId> _userOpenIds;
-        public List<UserOpenId> UserOpenIds
+        List<UserAuthClaim> _userAuthClaims;
+        public List<UserAuthClaim> UserAuthClaims
         {
             get
             {
-                _userOpenIds = _userOpenIds ?? Current.DB.Query<UserOpenId>("select * from UserOpenIds where UserId = @Id", new { Id }).ToList();
-                return _userOpenIds;
+                _userAuthClaims = _userAuthClaims ?? Current.DB.Query<UserAuthClaim>("select * from UserAuthClaims where UserId = @Id", new { Id }).ToList();
+                return _userAuthClaims;
             }
         }
 
@@ -156,7 +156,7 @@ public static User CreateUser(string login, string email, string openIdClaim)
 
             u.Id = Current.DB.Users.Insert(new { u.Email, u.Login, u.CreationDate }).Value;
             if (openIdClaim != null)
-                Current.DB.UserOpenIds.Insert(new {OpenIdClaim = openIdClaim, UserId = u.Id});
+                Current.DB.UserAuthClaims.Insert(new { ClaimIdentifier = openIdClaim, UserId = u.Id});
             return u;
         }
 
@@ -242,7 +242,7 @@ from RevisionExecutions r
 
             // User Open Ids
             {
-                var rempped = db.Execute("update UserOpenIds set UserId = @masterId where UserId = @mergeId", new { mergeId, masterId });
+                var rempped = db.Execute("update UserAuthClaims set UserId = @masterId where UserId = @mergeId", new { mergeId, masterId });
                 log.AppendLine(string.Format("Remapped {0} user open ids", rempped));
             }
 
diff --git a/App/StackExchange.DataExplorer/Models/UserOpenId.cs b/App/StackExchange.DataExplorer/Models/UserAuthClaim.cs
similarity index 54%
rename from App/StackExchange.DataExplorer/Models/UserOpenId.cs
rename to App/StackExchange.DataExplorer/Models/UserAuthClaim.cs
index 5a711529..c7922fc5 100644
--- a/App/StackExchange.DataExplorer/Models/UserOpenId.cs
+++ b/App/StackExchange.DataExplorer/Models/UserAuthClaim.cs
@@ -1,15 +1,22 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Web;
-
-namespace StackExchange.DataExplorer.Models
-{
-    public class UserOpenId
-    {
-        public int Id { get; set; }
-        public int UserId { get; set; }
-        public string OpenIdClaim { get; set; }
-        public bool IsSecure { get; set; }
-    }
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+
+namespace StackExchange.DataExplorer.Models
+{
+    public class UserAuthClaim
+    {
+        public enum ClaimType
+        {
+            OpenID = 1,
+            Google = 2
+        }
+
+        public int Id { get; set; }
+        public int UserId { get; set; }
+        public string ClaimIdentifier { get; set; }
+        public bool IsSecure { get; set; }
+        public ClaimType Type { get; set; }
+    }
 }
\ No newline at end of file
diff --git a/App/StackExchange.DataExplorer/Models/_Database.Specific.cs b/App/StackExchange.DataExplorer/Models/_Database.Specific.cs
index 02516fd2..e1a4e6ee 100644
--- a/App/StackExchange.DataExplorer/Models/_Database.Specific.cs
+++ b/App/StackExchange.DataExplorer/Models/_Database.Specific.cs
@@ -10,7 +10,7 @@ public class DataExplorerDatabase : Dapper.Database<DataExplorerDatabase>
         public Table<Site> Sites { get; private set; }
         public Table<User> Users { get; private set; }
         public Table<OpenIdWhiteList> OpenIdWhiteList { get; private set; }
-        public Table<UserOpenId> UserOpenIds { get; private set; }
+        public Table<UserAuthClaim> UserAuthClaims { get; private set; }
         public Table<Vote> Votes { get; private set; }
         public Table<BlackList> BlackList { get; private set; }
         public Table<QuerySet> QuerySets { get; private set; }
diff --git a/App/StackExchange.DataExplorer/StackExchange.DataExplorer.csproj b/App/StackExchange.DataExplorer/StackExchange.DataExplorer.csproj
index d7747170..5e2d7e30 100644
--- a/App/StackExchange.DataExplorer/StackExchange.DataExplorer.csproj
+++ b/App/StackExchange.DataExplorer/StackExchange.DataExplorer.csproj
@@ -261,7 +261,7 @@
     <Compile Include="Models\User.Preferences.cs">
       <DependentUpon>User.cs</DependentUpon>
     </Compile>
-    <Compile Include="Models\UserOpenId.cs" />
+    <Compile Include="Models\UserAuthClaim.cs" />
     <Compile Include="Models\Vote.cs" />
     <Compile Include="Models\VoteType.cs" />
     <Compile Include="Models\_Database.Specific.cs">
diff --git a/App/StackExchange.DataExplorer/Views/User/Show.cshtml b/App/StackExchange.DataExplorer/Views/User/Show.cshtml
index 31c04677..9d232922 100644
--- a/App/StackExchange.DataExplorer/Views/User/Show.cshtml
+++ b/App/StackExchange.DataExplorer/Views/User/Show.cshtml
@@ -55,11 +55,11 @@
                                 break;
                             //case AppSettings.AuthenitcationMethod.Default:
                             default:
-                                if (Model.UserOpenIds.Any())
+                                if (Model.UserAuthClaims.Any())
                                 {
                                     <tr>
                                         <td>openid</td>
-                                        <td class="overflowing"><div class="no-overflow">@Model.UserOpenIds[0].OpenIdClaim</div></td>
+                                        <td class="overflowing"><div class="no-overflow">@Model.UserAuthClaims[0].ClaimIdentifier</div></td>
                                     </tr>
                                 }
                                 else
diff --git a/Migrations/055 - Make UserOpenIds generic.sql b/Migrations/055 - Make UserOpenIds generic.sql
new file mode 100644
index 00000000..133191f2
--- /dev/null
+++ b/Migrations/055 - Make UserOpenIds generic.sql	
@@ -0,0 +1,33 @@
+IF OBJECT_ID('UserAuthClaims') IS NULL
+BEGIN
+	EXEC sp_rename 'UserOpenIds', 'UserAuthClaims'
+END
+
+GO
+
+IF dbo.fnIndexExists('UserAuthClaims', 'OpenIdClaimIdx') = 1
+BEGIN
+	DROP INDEX OpenIdClaimIdx ON UserAuthClaims
+END
+
+GO
+
+IF dbo.fnColumnExists('UserAuthClaims', 'OpenIdClaim') = 1
+BEGIN
+	EXEC sp_rename 'UserAuthClaims.OpenIdClaim', 'ClaimIdentifier', 'COLUMN'
+END
+
+GO
+
+IF dbo.fnColumnExists('UserAuthClaims', 'IdentifierType') = 0
+BEGIN
+	ALTER TABLE UserAuthClaims ADD IdentifierType TINYINT NOT NULL DEFAULT 1
+END
+
+GO
+
+IF dbo.fnIndexExists('UserAuthClaims', 'ClaimIdentifierIdx') = 0
+BEGIN
+	ALTER TABLE UserAuthClaims ALTER COLUMN ClaimIdentifier NVARCHAR(449) NOT NULL
+	CREATE UNIQUE NONCLUSTERED INDEX ClaimIdentifierIdx ON UserAuthClaims(IdentifierType, ClaimIdentifier)
+END
\ No newline at end of file

From 08ebe498857b2be46d46f6e5771de07715607ba3 Mon Sep 17 00:00:00 2001
From: Tim Stone <tmslft@gmail.com>
Date: Mon, 24 Aug 2015 00:06:29 -0400
Subject: [PATCH 2/5] Unify login logic so Google OAuth checks agains
 UserAuthClaims, Users.Email is super unreliable

---
 .../Models/TestQueryExecutions.cs             |   4 +-
 .../Models/TestUser.cs                        |  27 +---
 .../Controllers/AccountController.cs          | 123 ++++++------------
 App/StackExchange.DataExplorer/Models/User.cs |  26 +++-
 4 files changed, 69 insertions(+), 111 deletions(-)

diff --git a/App/StackExchange.DataExplorer.Tests/Models/TestQueryExecutions.cs b/App/StackExchange.DataExplorer.Tests/Models/TestQueryExecutions.cs
index 39348394..e607a925 100644
--- a/App/StackExchange.DataExplorer.Tests/Models/TestQueryExecutions.cs
+++ b/App/StackExchange.DataExplorer.Tests/Models/TestQueryExecutions.cs
@@ -15,7 +15,7 @@ public class TestQueryExecutions : BaseTest {
         public void TestBatchingBatch() {
             string sql = "print 1 \nGO\nprint 2";
             var site = Current.DB.Sites.First();
-            var user = User.CreateUser("Fred", "a@a.com", "xyzdsa");
+            var user = User.CreateUser("Fred", "a@a.com");
             var results = QueryRunner.ExecuteNonCached(new ParsedQuery(sql, null), site, user, null);
 
             Assert.AreEqual(0, results.ResultSets.Count());
@@ -27,7 +27,7 @@ public void TestBatchingBatch() {
         public void TestMultiResultSetsInStatement() {
             string sql = "select 1 select 2";
             var site = Current.DB.Sites.First();
-            var user = User.CreateUser("Fred", "a@a.com", "xyzdsa");
+            var user = User.CreateUser("Fred", "a@a.com");
             var results = QueryRunner.ExecuteNonCached(new ParsedQuery(sql, null), site, user, null);
 
             Assert.AreEqual(2, results.ResultSets.Count());
diff --git a/App/StackExchange.DataExplorer.Tests/Models/TestUser.cs b/App/StackExchange.DataExplorer.Tests/Models/TestUser.cs
index 56a90a80..729f6401 100644
--- a/App/StackExchange.DataExplorer.Tests/Models/TestUser.cs
+++ b/App/StackExchange.DataExplorer.Tests/Models/TestUser.cs
@@ -12,32 +12,13 @@ namespace StackExchange.DataExplorer.Tests.Models {
 
     [TestClass]
     public class TestUser : BaseTest {
-
-        [TestMethod]
-        public void TestUserCreationSetsCreationDate() {
-            var u = User.CreateUser("Fred", "a@a.com", "xyz");
-            Assert.IsNotNull(u.CreationDate);
-        }
-
-        [TestMethod]
-        public void TestBasicUserCreation() {
-
-            User.CreateUser("Fred", "a@a.com", "xyz");
-
-            var u2 = Current.DB.Query<User>("select * from Users where Login = @Login", new {Login = "Fred"}).First();
-            Assert.AreEqual("Fred", u2.Login);
-
-            var o = Current.DB.Query<UserAuthClaim>("select * from UserAuthClaims where ClaimIdentifier = @claim", new {claim = "xyz"}).FirstOrDefault(); 
-            Assert.AreEqual("xyz", o.ClaimIdentifier);
-        }
-
         [TestMethod]
         public void TestNoName() {
 
             Current.DB.Execute("delete from Users where Login like 'jon.doe%'");
 
-            var u1 = User.CreateUser("", null, "xyz");
-            var u2 = User.CreateUser(null, "", "xyz1");
+            var u1 = User.CreateUser("", null);
+            var u2 = User.CreateUser(null, "");
 
             Assert.AreEqual("jon.doe", u1.Login);
             // This behaviour is probably not what we want
@@ -49,13 +30,13 @@ public void TestNoSpaces() {
 
             Current.DB.Execute("delete from Users where Login like 'jon.doe%'");
 
-            var u1 = User.CreateUser("jon   doe", null, "xyz");
+            var u1 = User.CreateUser("jon   doe", null);
             Assert.AreEqual("jon.doe", u1.Login);
         }
 
         [TestMethod]
         public void TestWeirdChars() {
-            var u1 = User.CreateUser("jon&*doe", null, "xyz");
+            var u1 = User.CreateUser("jon&*doe", null);
             Assert.AreEqual(u1.Login, "jondoe");
         } 
     }
diff --git a/App/StackExchange.DataExplorer/Controllers/AccountController.cs b/App/StackExchange.DataExplorer/Controllers/AccountController.cs
index ff584c00..0cb1aefb 100644
--- a/App/StackExchange.DataExplorer/Controllers/AccountController.cs
+++ b/App/StackExchange.DataExplorer/Controllers/AccountController.cs
@@ -150,83 +150,8 @@ public ActionResult Authenticate(string returnUrl)
                         if (whiteListResponse != null) 
                             return whiteListResponse;
 
-                        User user = null;
-                        var openId = Current.DB.Query<UserAuthClaim>("SELECT * FROM UserAuthClaims WHERE ClaimIdentifier = @normalizedClaim", new { normalizedClaim }).FirstOrDefault();
-
-                        if (!CurrentUser.IsAnonymous)
-                        {
-                            if (openId != null && openId.UserId != CurrentUser.Id) //Does another user have this OpenID
-                            {
-                                //TODO: Need to perform a user merge
-                                SetHeader("Log in below to change your OpenID");
-                                return LoginError("Another user with this OpenID already exists, merging is not possible at this time.");
-                            }
-
-                            var currentOpenIds = Current.DB.Query<UserAuthClaim>("select * from UserAuthClaims  where UserId = @Id", new {CurrentUser.Id});
-
-                            // If a user is merged and then tries to add one of the OpenIDs used for the two original users,
-                            // this update will fail...so don't attempt it if we detect that's the case. Really we should
-                            // work on allowing multiple OpenID logins, but for now I'll settle for not throwing an exception...
-                            if (!currentOpenIds.Any(s => s.ClaimIdentifier == normalizedClaim))
-                            {
-                                Current.DB.UserAuthClaims.Update(currentOpenIds.First().Id, new { ClaimIdentifier = normalizedClaim });
-                            }
-                          
-                            user = CurrentUser;
-                            returnUrl = "/users/" + user.Id;
-                        }
-                        else if (openId == null)
-                        {
-                            if (sreg != null && IsVerifiedEmailProvider(normalizedClaim))
-                            {
-                                // Eh...We can trust the verified email provider, but we can't really trust Users.Email.
-                                // I can't think of a particularly malicious way this could be exploited, but it's likely
-                                // worth reviewing at some point.
-                                user = Current.DB.Query<User>("select * from Users where Email = @Email", new { sreg.Email }).FirstOrDefault();
-
-                                if (user != null)
-                                {
-                                    Current.DB.UserAuthClaims.Insert(new { UserId = user.Id, ClaimIdentifier = normalizedClaim, isSecure });
-                                }
-                            }
-
-                            if (user == null)
-                            {
-                                // create new user
-                                string email = "";
-                                string login = "";
-                                if (sreg != null)
-                                {
-                                    email = sreg.Email;
-                                    login = sreg.Nickname ?? sreg.FullName;
-                                }
-                                user = Models.User.CreateUser(login, email, normalizedClaim);
-                            }
-                        }
-                        else
-                        {
-                            user = Current.DB.Users.Get(openId.UserId);
-
-                            if (AppSettings.EnableEnforceSecureOpenId && user.EnforceSecureOpenId && !isSecure && openId.IsSecure)
-                            {
-                                return LoginError("User preferences prohibit insecure (non-https) variants of the provided OpenID identifier");
-                            }
-                            else if (isSecure && !openId.IsSecure)
-                            {
-                                Current.DB.UserAuthClaims.Update(openId.Id, new { IsSecure = true });
-                            }
-                        }
-
-                        IssueFormsTicket(user);
-
-                        if (!string.IsNullOrEmpty(returnUrl))
-                        {
-                            return Redirect(returnUrl);
-                        }
-                        else
-                        {
-                            return RedirectToAction("Index", "Home");
-                        }
+                        return LoginUser(whitelistEmail, normalizedClaim, sreg != null ? sreg.Nickname ?? sreg.FullName : null, returnUrl,
+                            UserAuthClaim.ClaimType.OpenID, IsVerifiedEmailProvider(originalClaim), isSecure);
                     case AuthenticationStatus.Canceled:
                         return LoginError("Canceled at provider");
                     case AuthenticationStatus.Failed:
@@ -236,18 +161,49 @@ public ActionResult Authenticate(string returnUrl)
             return new EmptyResult();
         }
 
-        private ActionResult LoginViaEmail(string email, string displayName, string returnUrl)
+        private ActionResult LoginUser(string email, string identifier, string displayName, string returnUrl, UserAuthClaim.ClaimType type, bool trustEmail, bool isSecure = false)
         {
-            var whiteListResponse = CheckWhitelist("", email, trustEmail: true);
+            var whiteListResponse = CheckWhitelist(identifier, email, trustEmail: trustEmail);
+
             if (whiteListResponse != null)
                 return whiteListResponse;
 
-            var user = Current.DB.Query<User>("Select * From Users Where Email = @email", new { email }).FirstOrDefault();
+            Tuple<User, UserAuthClaim> identity = Models.User.FindUserIdentityByAuthClaim(email, identifier, type, CurrentUser.IsAnonymous && trustEmail);
+
+            var user = identity.Item1;
+            var claim = identity.Item2;
+
+            if (!CurrentUser.IsAnonymous && user != null && user.Id != CurrentUser.Id)
+            {
+                //TODO: Need to perform a user merge
+                SetHeader("Log in below to change your OpenID");
+
+                return LoginError("Another user with this login already exists, merging is not possible at this time.");
+            }
 
-            // Create the user if not found
             if (user == null)
             {
-                user = Models.User.CreateUser(displayName, email, null);
+                user = !CurrentUser.IsAnonymous ? CurrentUser : Models.User.CreateUser(displayName, email);
+            }
+
+            if (claim == null)
+            {
+                Current.DB.UserAuthClaims.Insert(new { UserId = user.Id, ClaimIdentifier = identifier, IdentifierType = type, IsSecure = isSecure });
+            }
+            else if (claim.UserId != user.Id)
+            {
+                // This implies there's an orphan claim record somehow, I don't think this should be possible
+                Current.DB.UserAuthClaims.Update(claim.Id, new { UserId = user.Id });
+            }
+
+            // This checking is only relevant to OpenID…which is kind of auth-type specific logic for this method, but meh
+            if (AppSettings.EnableEnforceSecureOpenId && user.EnforceSecureOpenId && !isSecure && claim.IsSecure)
+            {
+                return LoginError("User preferences prohibit insecure (non-https) variants of the provided OpenID identifier");
+            }
+            else if (isSecure && !claim.IsSecure)
+            {
+                Current.DB.UserAuthClaims.Update(claim.Id, new { IsSecure = true });
             }
 
             IssueFormsTicket(user);
@@ -256,6 +212,7 @@ private ActionResult LoginViaEmail(string email, string displayName, string retu
             {
                 return Redirect(returnUrl);
             }
+
             return RedirectToAction("Index", "Home");
         }
 
@@ -479,7 +436,7 @@ private ActionResult FetchFromGoogle(string accessToken)
                 if (person.email == null)
                     return LoginError("Error fetching email from Google");
 
-                return LoginViaEmail(person.email, person.name, "/");
+                return LoginUser(person.email, person.email, person.name, "/", UserAuthClaim.ClaimType.Google, true);
             }
             catch (Exception e)
             {
diff --git a/App/StackExchange.DataExplorer/Models/User.cs b/App/StackExchange.DataExplorer/Models/User.cs
index 8f5d224a..762b9003 100644
--- a/App/StackExchange.DataExplorer/Models/User.cs
+++ b/App/StackExchange.DataExplorer/Models/User.cs
@@ -105,6 +105,27 @@ public static User CreateUser(string accountLogin)
             return u;
         }
 
+        public static Tuple<User, UserAuthClaim> FindUserIdentityByAuthClaim(string email, string identifier, UserAuthClaim.ClaimType type, bool useEmailFallback = true)
+        {
+            var claim = Current.DB.Query<UserAuthClaim>(
+                "SELECT * FROM UserAuthClaims WHERE ClaimIdentifier = @identifier AND IdentifierType = @type",
+                new { identifier, type }
+            ).FirstOrDefault();
+
+            User user = null;
+
+            if (claim != null)
+            {
+                user = Current.DB.Users.Get(claim.UserId);
+            }
+            else if (useEmailFallback && email.HasValue())
+            {
+                user = Current.DB.Query<User>("SELECT * FROM Users WHERE Email = @email", new { email }).FirstOrDefault();
+            }
+
+            return Tuple.Create<User, UserAuthClaim>(user, claim);
+        }
+
         public void SetAdmin(bool isAdmin)
         {
             Current.DB.Execute("Update Users Set IsAdmin = @isAdmin Where Id = @Id", new {Id, isAdmin});
@@ -115,7 +136,7 @@ public static User GetByADLogin(string accountLogin)
             return Current.DB.Query<User>("Select * From Users Where ADLogin = @accountLogin", new {accountLogin}).SingleOrDefault();
         }
 
-        public static User CreateUser(string login, string email, string openIdClaim)
+        public static User CreateUser(string login, string email)
         {
             var u = new User();
             u.CreationDate = DateTime.UtcNow;
@@ -155,8 +176,7 @@ public static User CreateUser(string login, string email, string openIdClaim)
             }
 
             u.Id = Current.DB.Users.Insert(new { u.Email, u.Login, u.CreationDate }).Value;
-            if (openIdClaim != null)
-                Current.DB.UserAuthClaims.Insert(new { ClaimIdentifier = openIdClaim, UserId = u.Id});
+
             return u;
         }
 

From 6698bd86b5f9af0d42430bfabb6cbd3ea8c4037a Mon Sep 17 00:00:00 2001
From: Tim Stone <tmslft@gmail.com>
Date: Sat, 29 Aug 2015 23:51:20 -0400
Subject: [PATCH 3/5] Allow upgrading from legacy Google OpenID identifiers,
 add display (email) for claim independent of provider ID

---
 .../Controllers/AccountController.cs          |   76 +-
 App/StackExchange.DataExplorer/Models/User.cs |   18 +-
 .../Models/UserAuthClaim.cs                   |   15 +-
 .../StackExchange.DataExplorer.csproj         |    5 +
 .../packages.config                           |    3 +-
 ...tityModel.Tokens.Jwt.4.0.2.206221351.nupkg |  Bin 0 -> 103122 bytes
 .../net45/System.IdentityModel.Tokens.Jwt.Xml | 2502 +++++++++++++++++
 .../net45/System.IdentityModel.Tokens.Jwt.dll |  Bin 0 -> 136448 bytes
 Migrations/055 - Make UserOpenIds generic.sql |    7 +
 9 files changed, 2593 insertions(+), 33 deletions(-)
 create mode 100644 App/packages/System.IdentityModel.Tokens.Jwt.4.0.2.206221351/System.IdentityModel.Tokens.Jwt.4.0.2.206221351.nupkg
 create mode 100644 App/packages/System.IdentityModel.Tokens.Jwt.4.0.2.206221351/lib/net45/System.IdentityModel.Tokens.Jwt.Xml
 create mode 100644 App/packages/System.IdentityModel.Tokens.Jwt.4.0.2.206221351/lib/net45/System.IdentityModel.Tokens.Jwt.dll

diff --git a/App/StackExchange.DataExplorer/Controllers/AccountController.cs b/App/StackExchange.DataExplorer/Controllers/AccountController.cs
index 0cb1aefb..5aa5ade7 100644
--- a/App/StackExchange.DataExplorer/Controllers/AccountController.cs
+++ b/App/StackExchange.DataExplorer/Controllers/AccountController.cs
@@ -1,4 +1,5 @@
 using System;
+using System.IdentityModel.Tokens;
 using System.IO;
 using System.Linq;
 using System.Net;
@@ -144,14 +145,11 @@ public ActionResult Authenticate(string returnUrl)
                         var normalizedClaim = Models.User.NormalizeOpenId(response.ClaimedIdentifier.ToString());
                         var sreg = response.GetExtension<ClaimsResponse>();
                         var isSecure = originalClaim.StartsWith("https://");
+                        var email = sreg != null && sreg.Email != null && sreg.Email.Length > 2 ? sreg.Email : null;
+                        var displayName = sreg != null ? sreg.Nickname ?? sreg.FullName : null;
 
-                        var whitelistEmail = sreg != null && sreg.Email != null && sreg.Email.Length > 2 ? sreg.Email : null;
-                        var whiteListResponse = CheckWhitelist(normalizedClaim, whitelistEmail);
-                        if (whiteListResponse != null) 
-                            return whiteListResponse;
-
-                        return LoginUser(whitelistEmail, normalizedClaim, sreg != null ? sreg.Nickname ?? sreg.FullName : null, returnUrl,
-                            UserAuthClaim.ClaimType.OpenID, IsVerifiedEmailProvider(originalClaim), isSecure);
+                        return LoginUser(new UserAuthClaim.Identifier(normalizedClaim, UserAuthClaim.ClaimType.OpenID),  email, displayName,
+                            returnUrl, IsVerifiedEmailProvider(originalClaim), isSecure);
                     case AuthenticationStatus.Canceled:
                         return LoginError("Canceled at provider");
                     case AuthenticationStatus.Failed:
@@ -161,14 +159,14 @@ public ActionResult Authenticate(string returnUrl)
             return new EmptyResult();
         }
 
-        private ActionResult LoginUser(string email, string identifier, string displayName, string returnUrl, UserAuthClaim.ClaimType type, bool trustEmail, bool isSecure = false)
+        private ActionResult LoginUser(UserAuthClaim.Identifier identifier, string email, string displayName, string returnUrl, bool trustEmail, bool isSecure = false, UserAuthClaim.Identifier legacyIdentifier = null)
         {
-            var whiteListResponse = CheckWhitelist(identifier, email, trustEmail: trustEmail);
+            var whiteListResponse = CheckWhitelist(identifier.Value, email, trustEmail: trustEmail);
 
             if (whiteListResponse != null)
                 return whiteListResponse;
 
-            Tuple<User, UserAuthClaim> identity = Models.User.FindUserIdentityByAuthClaim(email, identifier, type, CurrentUser.IsAnonymous && trustEmail);
+            Tuple<User, UserAuthClaim> identity = Models.User.FindUserIdentityByAuthClaim(email, identifier, CurrentUser.IsAnonymous && trustEmail, legacyIdentifier: legacyIdentifier);
 
             var user = identity.Item1;
             var claim = identity.Item2;
@@ -188,22 +186,29 @@ private ActionResult LoginUser(string email, string identifier, string displayNa
 
             if (claim == null)
             {
-                Current.DB.UserAuthClaims.Insert(new { UserId = user.Id, ClaimIdentifier = identifier, IdentifierType = type, IsSecure = isSecure });
+                Current.DB.UserAuthClaims.Insert(new { UserId = user.Id, ClaimIdentifier = identifier.Value, IdentifierType = identifier.Type, IsSecure = isSecure, Display = trustEmail ? email : null });
             }
             else if (claim.UserId != user.Id)
             {
                 // This implies there's an orphan claim record somehow, I don't think this should be possible
                 Current.DB.UserAuthClaims.Update(claim.Id, new { UserId = user.Id });
             }
-
-            // This checking is only relevant to OpenID…which is kind of auth-type specific logic for this method, but meh
-            if (AppSettings.EnableEnforceSecureOpenId && user.EnforceSecureOpenId && !isSecure && claim.IsSecure)
-            {
-                return LoginError("User preferences prohibit insecure (non-https) variants of the provided OpenID identifier");
-            }
-            else if (isSecure && !claim.IsSecure)
+            else
             {
-                Current.DB.UserAuthClaims.Update(claim.Id, new { IsSecure = true });
+                // This checking is only relevant to OpenID…which is kind of auth-type specific logic for this method, but meh
+                if (AppSettings.EnableEnforceSecureOpenId && user.EnforceSecureOpenId && !isSecure && claim.IsSecure)
+                {
+                    return LoginError("User preferences prohibit insecure (non-https) variants of the provided OpenID identifier");
+                }
+                else if (isSecure && !claim.IsSecure)
+                {
+                    Current.DB.UserAuthClaims.Update(claim.Id, new { IsSecure = true });
+                }
+
+                if (trustEmail && claim.Display != email)
+                {
+                    Current.DB.UserAuthClaims.Update(claim.Id, new { Display = email });
+                }
             }
 
             IssueFormsTicket(user);
@@ -297,13 +302,14 @@ private ActionResult OAuthLogin()
                 //    return Redirect(redirect);
                 case "https://accounts.google.com/o/oauth2/auth": // Google
                     GetGoogleConfig(out secret, out clientId, out path);
+
                     return Redirect(string.Format(
-                            "{0}?client_id={1}&scope=openid+email&redirect_uri={2}&state={3}&response_type=code",
-                            server,
-                            clientId,
-                            (BaseUrl + path).UrlEncode(),
-                            stateJson.UrlEncode()
-                            ));
+                        "{0}?client_id={1}&scope=openid+email&redirect_uri={2}&state={3}&response_type=code&openid.realm={2}",
+                        server,
+                        clientId,
+                        (BaseUrl + path).UrlEncode(),
+                        stateJson.UrlEncode()
+                    ));
             }
 
             return LoginError("Unsupported OAuth version or server");
@@ -352,9 +358,10 @@ public ActionResult GoogleCallback(string code, string state, string error)
                         var responseStr = Encoding.UTF8.GetString(response);
                         authResponse = JsonConvert.DeserializeObject<GoogleAuthResponse>(responseStr);
                     }
-                    if (authResponse != null)
+
+                    if (authResponse != null && !authResponse.error.HasValue())
                     {
-                        var loginResponse = FetchFromGoogle(authResponse.access_token);
+                        var loginResponse = FetchFromGoogle(authResponse.access_token, authResponse.id_token);
                         if (loginResponse != null) return loginResponse;
                     }
                 }
@@ -387,8 +394,11 @@ public ActionResult GoogleCallback(string code, string state, string error)
             return LoginError("Google authentication failed");
         }
 
-        private ActionResult FetchFromGoogle(string accessToken)
+        private ActionResult FetchFromGoogle(string accessToken, string idToken)
         {
+            // We're not bothering to validate the id token because we just got it back directly from Google over HTTPS
+            var legacyIdentifier = (string)new JwtSecurityToken(idToken).Payload["openid_id"];
+
             string result = null;
             Exception lastException = null;
             for (var retry = 0; retry < GoogleAuthRetryAttempts; retry++)
@@ -436,7 +446,14 @@ private ActionResult FetchFromGoogle(string accessToken)
                 if (person.email == null)
                     return LoginError("Error fetching email from Google");
 
-                return LoginUser(person.email, person.email, person.name, "/", UserAuthClaim.ClaimType.Google, true);
+                return LoginUser(
+                    new UserAuthClaim.Identifier(person.id, UserAuthClaim.ClaimType.Google),
+                    person.email,
+                    person.name,
+                    "/",
+                    person.verified_email,
+                    legacyIdentifier: legacyIdentifier.HasValue() ? new UserAuthClaim.Identifier(Models.User.NormalizeOpenId(legacyIdentifier), UserAuthClaim.ClaimType.OpenID) : null
+                );
             }
             catch (Exception e)
             {
@@ -503,6 +520,7 @@ public class OAuthLoginState
         public class GoogleAuthResponse
         {
             public string access_token { get; set; }
+            public string id_token { get; set; }
             public string error { get; set; }
             public string error_description { get; set; }
         }
diff --git a/App/StackExchange.DataExplorer/Models/User.cs b/App/StackExchange.DataExplorer/Models/User.cs
index 762b9003..b16a341e 100644
--- a/App/StackExchange.DataExplorer/Models/User.cs
+++ b/App/StackExchange.DataExplorer/Models/User.cs
@@ -105,13 +105,27 @@ public static User CreateUser(string accountLogin)
             return u;
         }
 
-        public static Tuple<User, UserAuthClaim> FindUserIdentityByAuthClaim(string email, string identifier, UserAuthClaim.ClaimType type, bool useEmailFallback = true)
+        public static Tuple<User, UserAuthClaim> FindUserIdentityByAuthClaim(string email, UserAuthClaim.Identifier identifier, bool useEmailFallback = true, UserAuthClaim.Identifier legacyIdentifier = null)
         {
             var claim = Current.DB.Query<UserAuthClaim>(
                 "SELECT * FROM UserAuthClaims WHERE ClaimIdentifier = @identifier AND IdentifierType = @type",
-                new { identifier, type }
+                new { identifier = identifier.Value, type = identifier.Type }
             ).FirstOrDefault();
 
+            if (claim == null && legacyIdentifier != null)
+            {
+                claim = Current.DB.Query<UserAuthClaim>(
+                    "SELECT * FROM UserAuthClaims WHERE ClaimIdentifier = @identifier AND IdentifierType = @type",
+                    new { identifier = legacyIdentifier.Value, type = legacyIdentifier.Type }
+                ).FirstOrDefault();
+
+                if (claim != null)
+                {
+                    // Update the legacy auth claim (only Google OpenID -> email right now)
+                    Current.DB.UserAuthClaims.Update(claim.Id, new { ClaimIdentifier = identifier.Value, IdentifierType = identifier.Type, IsSecure = false, Display = email });
+                }
+            }
+
             User user = null;
 
             if (claim != null)
diff --git a/App/StackExchange.DataExplorer/Models/UserAuthClaim.cs b/App/StackExchange.DataExplorer/Models/UserAuthClaim.cs
index c7922fc5..44fa80ae 100644
--- a/App/StackExchange.DataExplorer/Models/UserAuthClaim.cs
+++ b/App/StackExchange.DataExplorer/Models/UserAuthClaim.cs
@@ -13,10 +13,23 @@ public enum ClaimType
             Google = 2
         }
 
+        public class Identifier
+        {
+            public readonly ClaimType Type;
+            public readonly string Value;
+
+            public Identifier(String value, ClaimType type)
+            {
+                Value = value;
+                Type = type;
+            }
+        }
+
         public int Id { get; set; }
         public int UserId { get; set; }
         public string ClaimIdentifier { get; set; }
         public bool IsSecure { get; set; }
-        public ClaimType Type { get; set; }
+        public ClaimType IdentifierType { get; set; }
+        public string Display { get; set; }
     }
 }
\ No newline at end of file
diff --git a/App/StackExchange.DataExplorer/StackExchange.DataExplorer.csproj b/App/StackExchange.DataExplorer/StackExchange.DataExplorer.csproj
index 5e2d7e30..4f206d21 100644
--- a/App/StackExchange.DataExplorer/StackExchange.DataExplorer.csproj
+++ b/App/StackExchange.DataExplorer/StackExchange.DataExplorer.csproj
@@ -118,6 +118,11 @@
     <Reference Include="System.ComponentModel.DataAnnotations">
       <RequiredTargetFramework>3.5</RequiredTargetFramework>
     </Reference>
+    <Reference Include="System.IdentityModel" />
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=4.0.20622.1351, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.4.0.2.206221351\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
     <Reference Include="System.Net.Http" />
     <Reference Include="System.Net.Http.Extensions, Version=2.2.29.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
diff --git a/App/StackExchange.DataExplorer/packages.config b/App/StackExchange.DataExplorer/packages.config
index 50e6d89e..2eb051a0 100644
--- a/App/StackExchange.DataExplorer/packages.config
+++ b/App/StackExchange.DataExplorer/packages.config
@@ -17,11 +17,12 @@
   <package id="Microsoft.Bcl" version="1.1.10" targetFramework="net451" />
   <package id="Microsoft.Bcl.Build" version="1.0.14" targetFramework="net451" />
   <package id="Microsoft.Net.Http" version="2.2.29" targetFramework="net451" />
-  <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net40" />
+  <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net4" />
   <package id="MiniProfiler" version="3.1.1.140" targetFramework="net451" />
   <package id="MiniProfiler.MVC4" version="3.0.11" targetFramework="net451" />
   <package id="Newtonsoft.Json" version="6.0.8" targetFramework="net451" />
   <package id="StackExchange.Exceptional" version="1.0.111" targetFramework="net451" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="4.0.2.206221351" targetFramework="net451" />
   <package id="Validation" version="2.0.2.13022" targetFramework="net451" />
   <package id="WebGrease" version="1.6.0" targetFramework="net451" />
 </packages>
\ No newline at end of file
diff --git a/App/packages/System.IdentityModel.Tokens.Jwt.4.0.2.206221351/System.IdentityModel.Tokens.Jwt.4.0.2.206221351.nupkg b/App/packages/System.IdentityModel.Tokens.Jwt.4.0.2.206221351/System.IdentityModel.Tokens.Jwt.4.0.2.206221351.nupkg
new file mode 100644
index 0000000000000000000000000000000000000000..fdb057f0c10b9e884240842ef91a04b8688fac9a
GIT binary patch
literal 103122
zcmb5V1CS<B(=OQ4J=3;r+qP{RZ`*eFv~7FZwmq%4ZQHipedqh*ZtVWMv3KuQRAoj*
zoy^F5PG-ibQ(1~KU_YTj{&S$(FNyOwgJt~$1p)cb1p|T$V&G(I<IF(+A4*t&2}1b?
z^}mMx-^q1nFRy@ytqq}@sgtv%y&WGh6Fnm_p{bpTJ;2h=oR8Sm#f*-VSb(2b+0@3!
z<=+Tr3rh!Q!ha%m&V0lcE-nt-3=GaD7N)jF&h+*Urgs0HnAtno8oB(tbuwpgFfy?=
zGB;&lW@Kb%_-D=kse|~x>m*e5bTIvYXtcF7ak6)|H*=vkvA6x7%Kq8)PaP8@10x56
zt&yFjnW?i2F`=rFlewu2A2EZ9r?ZQxExi=L)Xv4y#Z%56U}{6JYHw|7=S(l{?m}<p
z>g-@@LQE(H;3HNxV>4rAWo6@FHfA(sW#VEYCS>^EG3)=AqYSpDE=B+&7b6A}dnZ#m
z2d971PA-<F&i@yq{|}g)O`Y5<O-!BtUu77KOiVdhI5?Qh*ciE30RRq87FH&<e=e|^
zFtc%(akA1oINJhD9R8<&rYxpL9P9u_V|FeURyJef|MHLFzs)7T;=e#b1px(t{I5Vt
zqY>1*_!mU?;2<F6{{rcM56=Hpj9sdY+pRMqc43?d&^k%~PH);QfzuWX$b!fuj0?hh
zkyWvdU=yn#MbqJX<aqP`Osuhhattat#`j7PyK-`4ZPX_(%~Bp9;jXRXTE(f~-Liap
zQ&Wa&N9F<*ixF6*5ia9*xH1hWzNu23)3Q$skkYxctzqUOK#(Be=RGQULX&Q}UBwUh
zK}rUm5J9*XxkN2f8iSzOPzfuinBU%vWyRh|!<wsCE7DI@I(~IhY`+>Gv+D6;$BW<1
zg-zCl;Nlrv$kd&?wcUq{f!Mdx$e1Axk+vj6iD>72_4kVLZ!rp4O|?#+j$85#ooE=v
znWE<Ld?|_flG;*)pcu+lSf@=V`-_tk#-&qp;zQ2Mj?0?#xzxIDNP)hn5XH7tSdugS
z+IB#^5T9`g?wFw-i(-zkY2^wCM?id8Fad2f4uBmK)+hfmFiGVHUT-^hXIqwjT^*5<
zJG8qhwRtb1lR~knaUNEeuC=N9$3tkY#_H(H=Zl3$_DxO_Ug|(C+ilk>dWK|#8lt!{
zwr&iRKhp-@^o&etg?gQfIwgWHhH|mQn+-z$?;HH_5IaF_lwjrscS6_Bb0a-UEx}~c
zD6_`SsMTxqflQZJrXb{QjG7;|&SXR@E%Kch1Ji33-(LJYAc<|L0ew}7KavwV?6mlx
ztIIkgMv0V4Qc0y3T;oYR@t*_aRRUVt1&}))A(d5)^P8X}5lMYlK!sFO)YJR=k%v>u
zm=nfzGbU>I9{ka*j@AJ6jV)z-_bsZ$)TF(P$~UAA<V|cIm_KasEP4ZAY33kfY<@Ey
zX`~7Ce&19V$)qf==bA!ovlZQsESpMYem)-?+>~+@-ixnQI8rkRdoA_$_3-`{h$RI_
zsU{-#bU2xvjVGF*i1$;6N?JZ}iZr`nEJm8EeJ`hR%4>P!a}JjLR!e_}nw-9LhRsvt
z#Gbna2-NRm220`kJ8Vr0aLx;-@Wj&zzEgKf;k*v&gk9_MNV&@yy}|tVT%r&XWK=2r
zS98%oLFoSFl8vP?gPo}hE8G8PkpkG*{I61Kp&P<Sb@54{V=5zqg=~~GDOl<kG9=?a
z{t%2^@w0p`N|^8mC=nP76dkE3QGR4WI9zSymi6@tjxNp@J+;@ZHa&4_<w`wAaO=|A
zdo~x*?$*2awJ-nm_ec7*)^_u=e&;hwm}4V71PqAg?ezrK?_t3Y4fyZZUi1%VcmIC4
z_w3ptfs$xnGT*ViOvSZ3LqnxHC#|)>v5pQw-?fjkCPNWDZ8^QQaHypD)L#`9&IJX!
zSaZO^1P~K67+BjCUbR+l+=T~7GSHnO&>h5%zFBHPY-mgBS<F<m1iLqdd9Y~}t={~&
z$k)teY5mjhn|Y5Le~JxiS#YCgjLOknj%c0`XyFh^pACXy;WK|Fa-hGZ_}r@i#N8};
zu8Ki-2Ywz&kCJE)Wvvwi%Dq!y{tjp|mu<59*onI|kN@F|zkFQ>`)_;_p`r}i&$+(s
zI{49O^aSNK)w;g>N|2r|=^w{hU*shbZ(j=EaGw0e??Vy=$mTi_(cx>i9gl(A-uNFc
zdE2zGzOLJEmOQE5Zl!KV<1Ifh9(x{^=4#P#ITxJBnJKIt0TUU=Zf<lfytkKq{&s%*
zG4nFh4>evNs?R^zPwGGWcv^CA*gp>Qx0@p*axe0IKNgy|dvpCQR9&w%@G*I6j~-ja
zuc+I<*e_=mXzaafETw08WdzXFN18M<yFus;Km!fbSjgl^GncZ15f;;;EpChBsj0Dj
z$`1mdwVpTBJg&^{Ho9}nVLa98_-XMq$bnd4x8}PjGFyda!_KTVnm5J!EJO=IKK1m(
z>P9)#E_nT}=cKx=^8LjRjr~?NJkX`Tm_F_%6cwOz5c9$7vf2w8-gv;e6~mj}lbQ*i
zDi34zSGDb*a86?2yStIJ^yx5{BcfPlAP82cah<t7Gg)>-oEEN@12?Jg>1NW9^9L0_
zA{ftz9hBPLRd5*kax+#%npx{-4CEmHM3uZXjQDdb9+#R+3-EkIL$xZd`KHrPCgLH9
zGK`C?p7bn5RuNA4aH-yP`?SA6=7zlm%P{3gC(n=fJaPMe&X6Tb<l25wr3&(^%?w+x
zKX>gYoQPPoOb-h7hwB6!M%a)}oz;8M{b<@>JFh2qpnM9KO{XJmoI9fU1|BsVWwFOi
z)>+EzD9)8k0#INqQP2}B*yjeYDTPhv#Zlv894r@(SbM#=wJ?W&7<wi$)_Ahky4Fg_
zAnvx2$CFz@+UUWcHNJ{Br05aCc9}3Kn?J9N{_gJn(J83~g<-tfz0mLwoTA*XO;sKP
zI?8AsHvm3{7#kB_mzQ#+Q7xW{hYulkYC%v;G8_B%cI}b1HFJ)4(XMFq)G_ggxi^@+
zN@mQ$Q|UsBBlkMD%q57tZP9+!!qz3D^7&mGC9}r+h;9V@&)C`g(w52OHR7~{HAsb@
zSm74-g#F2DvNmiBCa7dRQOv{%o!_p~SK}SL+LL<44K}Cd0pPy61AdO4!CMTpJXZ17
zM7b1+jXy~4P2!lDaj-3@7sLP1Ab+N&V@rrS=%{L<)#%C?B4%LH4zo)S)X2{Zl3%&B
zD$KIj@rkJ)kraMMp|(UE;6{A4QrYm(ge?6<l-?uhcW?_G%Bvw~wPo~qH8Fimn;*fN
z?xty!pKPfl?(4}fLVzvo!IJ^wj@eho{MFTSQ-)q?&lyvu-CykdFEB5*jwVlBg7_Fg
z7q`xJweQsrCfBKA6D}G(aj59wXo@B+JLD#m8RGPfD>OEh?!T3B*<VnAMoEsSA^SUj
zY=XOoe~%fhM%F+X=IV`NbTlP2ZT$f~AtT4Q*)dR8X!eA8d&(K^X^d2r-*=O)vu~Oy
zj<RDMDU6#=M{%viRj1}8>S0pVDHJV#cUYPQJx&Up<A?W%*gxej3z3B}QNRZ3W^&*j
z>NCwWD<*cBH!Dtc9JeUCb(ps*nsrXw=Hn`_%k{NnMTZzmtmoIWCaeW96t3>*Kn6In
zKK-N^BsM^_zCjuEhr9=J9%uluc)9UCmpy_E<UVp4r>_Ei1TlhoJ<$DAUg{b14#n^v
zLiZ{Bm?x}J;+H8fKlJtpLSJ7*59W~vZjl7Ak3N&)<K&oM*aq#Po$Z<LCICUbq95Ii
z204K~8j*bv#l#53*j?@#2PmD`ALe^ccHr9~#y3-p3}>-EPVPbe!nhjU;+_SVK7<qF
z^9j>Z94{J!bbPRW9FcuNM*MXYcT{|EUq2jWLi^nRVERx`96t&7RHXG)cbD^e;e06V
z<%PVm`Nj(@4e#vxjAZ%jK0Jx>_ty5IFehM`Vt+90*@wM0&>rwK!s?$%@B{5{o+I+0
z?sXay1QKj-UT_acoM68g_K@1ax3grv27Dw14ltfrUXBM9LS9RF4_Xhgx(xV>DYkcN
z5x+Ikm(d9AX&|5Dgb#e7;l6&}k{I>mhhJb|`4}@T+B>%KM+l%CiO9rjBx8R3+S?9$
zjZ{9%D+ZsY4La<(WgUXl*A&0Zr`6>j^hdatc_Z1L-QJ-Bi$8{Ee4!g8K)6o~7#W6R
zec2B8Cpgl8749)tZ1ab+oAySW#<jT-K=L2kq2qD5*sHHNWX3Ly04FDmnV=3=^F^^7
zu_wpaAeSxB)&CuzW1+rl!rU%Pr1dCAhA>UwJX}%Q&52$Te&}O?E#}ycNjaqb^}AWO
zzTGlc;mCp|X_cD4h$Gt^_3t9Wr6Zqy+L~gB&?kIzerB$v)qt>%8ASzL)CpE0J8cO?
z$8vmUCgCwPn!{d6cZr1SD4v>dELia=VT-_n&6X5OA8hgm`gNkLoWol5tQjQ6LJgVm
zx2Q@=l#OTF14<7w)}r<{ZRVOI=&Va&21YSoxU-OOAjY>0<YWo)4&pcDB+)B0wPWD?
zS_rH2uDG;yJ9AZ6crw5874k0;yNr2@u^isPbSJK#+*fA{3C*uPHfvb3;Bw<#!ACrD
ze9>fyds#5Xjzw&UpDaRVIS;>OgclD2%63y1wqh*Idd@0~h|>|et{eUyYpNr4T{Aye
zIna~Sw?X!`g0vS$!v{HdJ4It?tErOppsy9zPfSh{jAGL%%GFpQVi=FJA#vBmZw!Z<
zgRBS8Ol79*)`O$pU#$P`)MA?pkYSP7(PG_&Tu>CIq<q_zJKl~H^Q!XWQMM~h4F$1(
z{s@`+i`;Oj5md>@-v=rqRI{}rULq;u(4C7@XuB-56|<L4YVdLk_orZ3?wqLxK?zn^
z>Kq&gK;=`j2elX}t6bD$njCnW2{_2oV9w{3h9O^YrL7%Mw-`tC#X~v0ar)c+)??1a
z5wW9k*l~&)6QP>$Im6PV4DBGtXaDrf`|jPt;vY8g1z+DQlJm-A{Nx_|iFZ1&t<>0C
zcyVnZ;jifcP0%nTwCooz@t($M<IJas5^{)ntxUH9rxBmQS#3nkfc#m(r*eO&R6aZp
z^+V>>%8)R{CYrFvgZNiL#~@2h9`M-7&T9Pj_O{-k1E%F1l};TgaFe47#Xr^gy-^6G
zD*xokmt^e-M%hVZR-K5}QAf{C=cic^Wvs|UdY0|2*-$<`smsI7V$$=Ef*(G*HTLlJ
zKmN#V%(k~k%qlM>{7#i?+SCfwYo1-H)_Q>?<xz%{$AKQF+o-7yy&_)F(kd-w7lES}
zEsmz7Ug{Siz;m};4{9<qpJtZmUNFS-L>~=r1Zwl#%Y6ndO&*A=^+(AE%|y--Hf5uV
z*7Q0;=QnC7SdcvyzCb1bXeq3qRx461k6V5R1)_unscpnxz-i)Bt(;D~gR84_*l1<o
z>lngO%$o4=2&yL^)jO>lMe=)+dLC*PKtv%?#gS(6U5K@)p@EA?1u@ZA;aZJJHfAUW
z%mD@govWs4tEQQ&#Zwmz!xzFjflpgznfpe8rlq%B8DV2~ba6ubx<nQ}s_r~*QHs7X
zs)Sc_5;Hng>#ecsP@KCQj?I-lW<E|zLt6X$Hk@T8mUD|HaQLDyZr&DraJro7ozfcd
zNLb<0c~hBVHN|{?$j=D5E4NVS&i-B@rHGsJeAR@iNkCL;iMVnoz4Q$lg+g#s!RX4y
zz&$%;4%=~;v<Fu}>W%&cjyAXNb}yf#vtrY*YO9vzu4zhF&+pTErz@Ys+7RwD73)L{
z{bWaW=2D?Q{OQe$Z(j#NZd^N@gm}K!<Tw^j0qzYGM(Se0&P58r5)xFK@^;U4@4&gl
z8<dw4gE=MsO=doo?Kv&Z715VH*fcFAiBFiaDQOu8*`$P8uX$A;AV(_hMJ(1X;aMPi
zi2rCm#&;)>;(gFQ#;2b8UaytA0-j<Vb3bU5xi6ZT!#w-l*Yn^SD_OT_SE7vdF`U8D
zChVH`1jM9Ky#N!b9Ax^L3T9K}noE4meQ+yEbeDDGc|iMVd5{jO8CMh~6<3Miffb^l
zmW%Qtz?~;GOtF*`Hr47Bie=p#EHgiN8f01v6shMg;hS#EzS-Wsv4^tRy-2(Iv)1^l
zMY(iwj4=<9V0V3lro@(4;%AG>=-RKC8PGK4#sY3x_zOaeu%m&)_SBFc^o8=(YmTVL
z87#xA@q&|h5`7ngGlx!sF5qr+qA^kA?a5Ac#N+vEc)}#1gI_T9kGpSUtkh%9J`5Wl
zWt76&Dg-5@^SYGE?AVPboq+|<71@N@7d50-7!vClbK9<XA5?RB-8sEUcpv3GdKc4u
z&aqea3pb6QT0R=}0>@7&<o?T;U&uuQmG&G;VZ$B1DL0a56W^O&q6?2ve{DxZtRZw)
ziVZ25+*39~=-q1Iv!m3xA2O^evdaq|5aquaDQbWEXpjWg<eNFtcDG*nOyHoC^b@m7
zZZ{`$W}%z&u?y!dJmJ$YYvgqY?K*4DGdIg3Tt5Pp=@0_jA`qG4rn8iC;gBj_J&8mO
z@6gbE82u}^s@+63@H+gHpP>X;C48f6^!XW5iZiNjbJR*oFytyo9Pmy_v<S?7uZ7lx
zy}*{8zY(!kMDY6Ly@e(&y?M%Gv*GSNa87N~`_?7R!N_I}h|$$3LUAOXeD;OY=#1^6
zv87C!>1HiA+BO8c=U3~1sJy0tP98Lv&GPghYgAp9UjjMN#S}}e_?XN{ZgX!-O~yHk
zMnl?^8dV{0s||1#($aq#tiDjzY~C<zReU*@IxPrq<Cwt{oprr-B?o&BkjgYEwFCE+
z4m%^H+iD>lzbSqDu#D1(E}+mqIn}d)IzH9|r*GKvDIPU0YSHWjFA5y#>!B_QLbl)J
zvlwywG_zOEo99Y_wZz+(DC-aWWTR^jKllb!W34T5=>G({C)i6AtamIYkV-Y+=y}xG
zy~TsBWbzk;t*<>W3D{;2Ok96ytlH*5a(mD0;M2AiO^scCkLLtg)vs-+x6+B~;3yf}
z^`I|sg01l5NMT{pV^<O$XN&@*MtJm^gZ0eD<(zp$j<bBDlla@>Z(j3#{7CZ%#wnHs
z<xk9{pY(U=Lc?nZaXrhMo+A7jKO$hi%4=R0vJ)eYl4Y5bVA|?cbQqG|;R=GUajMf8
zTU4;9Z26z(&}hQ4hoZ+hl7KwgA>{KL3^g_$52v}#LBpxIZ6Od%cx+N!tLE;a_@<&7
zg9$+6Xu1L*>$Pi7pVzNZ)nuY!C`)vEiAx_rl(rP^SBr8_x275@^!gku+h|Ld$#J2R
ziZtH>L5>=?`FOXgt^u)=OSH=x+jf?jMLP2M8XLN|lxmU(^Msq=b06miGq)<<F;6>h
zm#Fd02s<YxT>g>VHlQoCxAvZEPp@JuFiEt~;@V`uGQioc(ZyiAHQvR1+)NLkzOm?4
z#hioAglNb<sQ4RyNb~n?c%R_bXfA?vZkUrJg0-6Q9vYQFk>~>DfK-XN`vxaM^IxPL
zjnKi*L>U-*9I)}A+PH+{cI_L!y@Bav&vB?vACCU1EzaM(Fy!{Qg1Nu^#m#e}T((}g
zq#{Ut1C$*=y=-0+i>9UCB6X8S&?KC!3;6lLvw(9B>4e&Wg@-sDcsMI}eEjedb6dGB
z)N}%KujE2EWDi?>Bn~*1{(oq%)I<!FFLR3uqzm1XGJDACGh|tPhX*z<7nl;W1kNAo
z?pYj>y$V!@QTlK1<?#eCVhvo*UP2r`I#h;hL-y0e@j~9a*6fx%{i{4<iBT?(C{tiC
z>3qqC-@n)0R({h2d=2NH^CU243P>08$q3gNtY|Y&0cf<l^!7Tzgg87)ZKk(J1LDs}
z8l83gKU!N>#N}@yZ#Bc+6W}kEQ_QCtnizCoT7xID2S(p4oyltx9F^pcZMq1w*@(Ib
zI&cWO>H3zST*M*~+rlDkd&oTcL^bgV+S0tD$=YTJIk!9yPnMXK2sW#>ModgIw};`e
zTP=5Y9yf<GZ)PO*H=z=Sb%z~x>K^#Pw`3uje}ow9Ig8A**Hs;VMc={KO{89HX4`x9
z8jTb=yq)UvI;Nft_@<_oda+DeSF5JfHqd>53Z3{-uR|b$A}E)W8am476=6^;HG`ea
z_-SZ~56e38ii#nV<p%gdYPB_@mnOk4YfT}*m`6FdiI=7RCCLtzz#=HztJ49E+h@sL
z+IV}jYw!0qi0h%%DrAsJ?W}fmYo(h)vc`Zx3G*~E{tvS>Vm`PCfr>l7OeN>+YSqc|
zn5eZFMFl)3QH@;fdk1O@HOZ;?wmmOe`6?&_EPpD@N{?0CqF}K3h0)!xru;^>ud*jT
zm?NJ%ny&kmn@?I2$>XOs^Y_w4@{>0FopG}7JcE*_7O+><Wf#@R<+&R^KjBx9xqfwB
z;MMfv(Yo21mU`#X_nW6P*KTqf4{t+z2gGX-LNB7}`Jj%6Pd$!~HBDNe{T1ix!X@tp
zdddG8-uI_<JhrS`Gv)I93S&p;wj4`0jR-@T7N|d(GO;@qYGRvCe*A<UbO<WbiFZ}G
z(^qTeGjz}KAgSvrpj*PJ6-7=9hF76}RtGBp0};C{O=9hn9>Q+oGC-WVr_6+Yvexnr
zGW;DqkHF@4AH<;d?}e@0_;=i~bG4-D*}O5)RQp^T?Eol-Jzp-}fO?71wQ2`22IYKH
zXc(4~^cJ3i5$+3jS-xfa)?oUAH7*GVzX)yz`J3l*@#jNcSCm>}?}H;+;&krKE+xvG
zE&eR#q@by(q7}Q$hEvPD=_eSGs1$H^xJq(K7{XTSpOey$W*f#9E*K@hfGS{3Cbfqq
zL1mg^Ft`hy3H(KpwI(B#VBReck!}V{-P*Y71|guB5>y5LRc!I%(_ed*?tg*;1HaDJ
zKTh9h2Sfsvz8<@JO+>BL;Da0CjEPn=jo~aFaA|X~y9Z=5`qjcy>D*70SYSJwfb*A;
zA$lkFHp`G65Ck=gipwqFk)tjO)_-vL`1Vdk75w9!Q)S3r>37-kx{53VUKavhrOD{|
z;Wa|4>VVo{9CO&Ji`nYhXhzR1;7*j1$-`z)p9sz9vf<+;a{c)J;iV#WG{beDrQ=WE
zE3nQiP|x5r?zI;I#H|cdGa5}t?6|q+&ub_{-qDxZ%^n$J*d8Iu%(4?D`57zC11wjS
zg7#zG;)~hDcrjB94*>(Jr^eFgjpyf8JC<4#164C!ZOu?!eR@aNyIsc3a~W%^zB$gv
za}OVElMDA4hYR<|tj7o(V8s4MtASz1kUi#09^p$T`da%&+{!RjfA|yfxq}By8c;2D
zV-XO>k>KHNkAE|7axMxhWL!;X0rNu_365Jb!9#!R!J=s>2i5(Ocd(!6kvy=%43$}W
zKJJej2`1UCn;gj`nLUeR?heT`MG2FQCC%D4W=S7;Mv@M3a|0y~cBK0~Zag{loWdC(
z1YRpP`pf+zU|Mu-Ol)n>EK6K0m&bJDA(NwpZlZkAmaXmdQx#4EFRUx5p^t*P7akM;
zSyrxXvn{N!fyuh<AXpivrp?rA$g!qQ`CM=-SAu(H%DvH*Cl-%w_1BUhc??qp`S43R
z7tjLnFoIb;h%(`VgKPDnBLH{|p(O8*tjA*^|LOZn=)^aK^0Zcf0mQ-M1%kRe$h+{;
z<7`|1Y@1|gzQD6;>2K}EJzvYkZ(f#k6WAlWxb^e;tH(B!2h?`4$gSgBso-86gghFG
zSD2Wa*<1^F0^8s?_OMnSUiQ-Kf8REkTuhM**by;aw*auwI3|v6*dOa+Ks!z#%Kqbu
z1w!@Z;~=SrOC?i8C@DKo`-Bc(aOLk)yLjM<-vr|hlky=_xmQ;I;PC2eDYzs2twW^E
z+m~$d8~jboVo2`F-%ipFN`x8*d|h$;6a5!W`;JRy_Gf(WmPHgK^Jh+8q`jJxJjk}_
zXHLhBQdX!CKQ`CRdP#+<?bzfr5@Hsq`{=pw`$11W`HYaZpK&4>F>~Q4#YPy#yAehA
zj{FdiRGYPk@4mm0o8MWR-HG!e-WSO_)%J6L;vheiG!{Ku;@aU>{cipfwZ;jVx2b?3
zTDC=wtfrx!&B3aczg5nj8<$BAnmjIrPkdlRihy<pnHUD+i8@LmRWfjJ8|lY^JLtC>
z_9h^KVMHKR$$;zf+fT`r>dWYD2j;a(buj6R_C+I8OaT3iIB{8WNvxBgIx~HZGdL%V
z86LsA7=D&D-UC!e(xLk~!gz(I7=`(iB{%v>T~0PwW?^8nGCL<$6k54B6O*H&r2c>`
z!q@Dukj2r?MDCdCLj>9j@_e-8F#^CRrF{&tVFzE<W0@@wOPoPmr6fn|kiE7A0r1BC
zB?mRkJr(ZS^zTHnuE0O<bXiX)Ho-HGb@k$0QbisAg8h(z5kY#1r;RK9ttXaE<U)@B
z60S=vn*G37><DVv3HALs;~AI$Wa|IMB#GI~VNMv9HibORQF+Ne%NnJ^wJ+0F-G){5
z)EmC2KnTN&sWCOOpvLU&t5h1w)4Q{?A`wf;z<o=9L;d$k+fuk?-lUe6%IaK1T?;s6
z7?)ZqmySKF<|<|(m>=LL#?v#8Ey`o0F6ousML)b)(y|y^Q$nT`kzh#?c9QMSM3&Mp
z0x1h}@q}wJ)XRmy!U?H5w#|Q`OR_=|8`<oQ@bWjynN2Tme<cAl7T%5?u*-MEoDbS|
zx!~A4om*8<J7pQRML1GQ#ENVxoDW1}8qvzJ_FF8GW9zc&pv2H*uCK91h9wyR6^2!B
zlj!j^p8k~7`pGk0S8W@K{S?S3{r)o$I{p)32xt#(wRg9!&mFjBTX%ox9$XufO5-z*
z_ktn(&3}@Pc-T3pI9#zuzd>bD#4*;#a2$2MQJlFlcRbE<N*&`FsZeT}rBFKW*0Z@d
zU2=FW7M#ct`IXDff==nk*|b+=x^L>cgQCh4jKO0-rBkhaqB0gYIaSL%(=mNGSs8!9
zlKb4?wRdpG6_M$)Po%!jVSn3Kdo-5?kN>LELBgrQ<ye#0TjKnN^3Y1k9yTuN&$b7X
zn>?8E`C0lpwiRo1`4)vF0wXqXB{aaz&%k;92|@eg?-VGH>|2|kTU#P`MAf>|{Q%Aq
zLwS5jB*k{{J~=^}zH+^iZVbjMn8E1~#_0_O=gFbWq&>#8>|)<~ysY<*^$v}{pV^$X
zyN{Jgw)T*A$WA>ljJo`ROVd7T@d!t%Q3rn8;8i?nVok|us<A&QJ&)F_6?ERe@8c%3
zdy{*CT%RX~vbZG%2FmMx0gWJ^%?8CjMvO<^dRvjFJq~?I3#BRaau06a;@I*Mu#&H7
ztx1Gn{K15OZh5(0r_-?HP~P=%+sW55zvdpAr8DKlx4+LShs@Iw?(G4_faX~9EI$`f
zlzm0LQIbJV&s-Tsp-h{1aq9>_Y0|ncpEJP2=LS1=%_SD;_DJ3mBWZ(^P+;43=(8jP
zt-a%20av@u+UN-;a5HzY;?$b%_Ho=PcdwwUsvb%aNrAgID+7aX(|!qx@rPhPWRp@>
zC|UAHDrf7ujA&<!U>f8ua^7hlli7*pthnPuur75_<Jy((0cX$OL-W&9zH9Y`&D9#Y
z`4iZkQg$SP(X%`wOUgap(%wonnCL><O@%{sI~3Xn5^{jDa7i(dGV2-tq|2-k!iOjw
zj|^)(XQfE6(<-hPNUcTWv18#N`{lZX?N_bUi8=P0|4~-F!Ed|x!iAaIB9W*iS{`{M
zfe4*_gM)xig}c#@sYZkq-`)tL7Q3F?POd1V2Xn_I`vAftE**lx7{47?Q@KWqfNd%o
zE@JP`ivSf?r(98m(H?=37L?(B3dUQl?hqj?Vh3y@nwCO&ne^Q`+5i^Hqix#fDfy~+
zT&!M`0DOPmCuSKCb7Kugq!btFgZ}OuA1WgMfchX5fdn<QuZSwlMmp%r4^Z_G1E^6Z
zxVLLM3;!_bl2>>&>={{bz{R5)p0RxmvvFys5?@`n$OY1q^U#zEd`1bC1jo(^CQnY*
zNxgRwefio<$}Hi8I~H-jp-{7*Z~asiyuokPti^rU?R_z5jC|rDmm%q+6WCneIWig@
zVInC_K`JeU?)hY|82>*QV#5X-;+OSHzv1v2I&a9j^Pg@qa>h+uLoZ%nIZ;13ZqU<d
z-dJ0sj9_A#MLtMjdSBu;8zg*!>k4n*zw4ogcjM~Tx_^}R>&ZRx3Fl0c<hG4CBp{&S
z(W)B+7kqzxa__Xq?L$xhLQVT>3_`jyhrqPW07Cu6PrxCdVj)KU6Zw-=+U}TulvCJW
z%u`u-p`Q8E915ZNTT3`hR6G+IODw_#yO&QgP)g>({k*E~Kp<7g?b!4nC3~7n&n;sx
zcIc43m{eO8-j^U>mp~>+hEd%hS~!m_K8o9F(Y*Q|U)Q4J@jWJtF;8N5`<COYBu-?-
z*rJM`hCy7MSu9YEARpJSi}<x7PVtPhzDHB6#+>eVGx)1d%aHxyhsJ1A^Lr!+d|R(d
z0i9gwNuS(G@hYezX2g<9=CE~#ht*rqopHiFWZLvM^VBeUE{VJjq`8+ySX<qPU)r?F
z-D_Bzc?pB)3=9n_@r+nP@2Xa~B{iozR$PMV1Q6hfE`!q+;Vxz>HmvOf#oO>&{WM}i
zC5cjQkjHrhWXs@~_t<66Wsnieq6=A|+C$T-h(r3W&uy3IGTHUIil<LGnzgH7$hcbq
ztNf7De^nBZQ*xnFV{Q1(^OCk}p?>p*aHHq&Gx&ow>}PF<r0`gA+KJ?^XYm!o;%Vi+
zPR5Tm+fSa9r6$%DX4n!n?_}=wuTg8AOd)4gEksX-!Y%*)p#weZvY%^i9Ne)xdFLH;
zka&xxNH&Tf4Ot%X+IV#ru1S^BzY+hcGu6!igll;`{=sj2K578s*tmWHaoUn*;1S0z
zg~F<2Iso=q!QJBc%LQUnc7zA=zEv>0q{|YI|JPjKmR25y(m);tlP~n(hbIzlqewzm
zkktrAWeb-Z(q!1K#X@7@>-(OY0j|=30q!dz_vc>tCh}XRF;ZXH5@sd1wpxfi&4WTD
zDelzFHex}m5yEhm=G?9iip<hJ`?l^^vbX@UZGLK+xP%zpg8H0xow{~eigVJz({N0<
z4lIZN?9$|Rq}J~UTJGak<BKK#?;K1kvX2~0XPWx-NOzB80v9L@h8F0kS!(`^Cbbzh
zTMg`UM>+uCQttqSF0M>8iKP{?de3;NwU3-V6wq8}B(TS<+upL1x<&a?J6f6!3ZiZX
zt(0a4Z&&jhzE@yEcj@+?=>e3u8@?<<;BO+;c2YZj!FBN0-bH5=^0CTWlzl>(&#~zD
zXQ_R{%4v4R_%8n?cFI>X!j!S-O>@UhDW53$Ng;m5M|Z+w4)DJBb8F<A9!=eu*=Jix
z!&7u+WJ(bwQ?l+QDTLy!36c-&@NXWvBc@4DivPMUtslW<T-^)aSuD1!Rcz;~I7HSY
zHlDtj)*_@#5eM~n^=b|e-c(M?z3x;nmXiE?Y~}|8+qET`3hHlRhI=cwuz55jti#yY
z+d<%v`z<*sIaz6u+vQTXcWX^K)u>bi)E51%V|{MAg}W*sc>J`^n!WOu_cF`oJbgEK
z^#eCAQsHB<37BO*0P{>LG;?m~oRB-=*j2F%;>?$?T(9%=p`I%?Hla}J;98A!s7_MA
z*8c8>iSkjaqTwF2gh!}j=Xv#1b9D|=3LR4Mn%MW}x#eiZtai$QWMW~ktOQvPy>JN*
zl=g7EtT|Z^Dba8uE(L&l?+;c6fP4DJ6^*(3$IdxDz$+r4LDmT&(Hpv*W7IeJf~37R
z{uF;MjqCt6(Hm-2!Ko$wGzY|>CjLDkn*!j~{a1q!;C0)lK??8^>C+%S_##C>WbSs@
zr9rt9OoV{)WE>R<)|J0gBtjtZ<Rpl@#rEg=5UAi`69RAx9W2u{9H4PYB1R}6o<2pA
zQaD&y!r|18U^MIxflRsPXqi_PQe>_D<oI!iQVbE92rXUZaqbYa+N;AYf%7>54tAhD
z^fB48WjxqPXQ*AQ+0rRTgZh~=Y+=L%P#e@9gq9g<r~0HHk+AI}Aj#!yF`p?HP1So;
z^3Knzd;6FR61X4=<W&R{GRH-D877^qcbS<IpvhNmZ4?c`KO<{Z)_XucA#OZbMAI*q
zoI!(9PAH>6E+&@JAe9npsF6&KMAb_mMl0_iR--mvTUP&an!i<ve%QCXK2|Ujz&|am
zv}>zWb(u%oEGp=%IiW|h>>!q-o^uuJP<@y|<0~pCtvR7W!|EUwq4qkB)K{L>(RfIW
z<nJhmQ+;s>QJ{W1i|kQOD5qgACYI5tt7AXW{xPmoHs$Tau|Yt4Y_HffIO-<zOw(Ae
zmuk#o?QcP+A3dhdym+B>SNSjHEwi@i>gQs*NczV118>{;y;?=1;rllqoRV*-sA=Rq
z`Y~yOFbh3ArTxemDfv+-6*e0%AZx#b_C|B}s<fc+X}qImE}U4*z2kbIO9<j{?frR;
zBYD>gp-SvQ<0exyh;5IiVRCaU>nqS!`(3A3U!PXiOmz)V9j6Al#Y4Oa_gx*Y3i`?a
zzNT#}6mkFEWJ-2bh8X&oipZqezLrOdSi=lF)R#{VKVVbpIuyTsYPyrmru%%Z7AW;s
zWBAFY5`3E$PLbveP{#<Xg54ycM~#(p4ZnLkNgv-`#yz^DwrA{B51~;-l55M(j_B{9
zBrl~Bax<y*=PDBT)7x2oV{i2CuFU>v`koAN(f#P?0S09Gx5=8$U?d&#ZE>qodLhJ~
ztM(~Iyc>{GV&LQI!8i6HJ*ShrVsYC^^(|{TC4j{C5Xt1^_2MJ_qM`CyInkRL_|%)J
z%>88*xvi93OEm65K4O?DS0#t)r4g|ofBJn)J^%Gb4|nRP9CW{z0k`gA5}yQ+;qvYo
zof+*l1v}GK&+k?HVzY9c?rXg`%kQjAh8VfG|J=PIuCz`cJk-C?;p$nnx=WR+@Y&%(
zIx){trv=FBU-7o^nrZ<=m4tgJq6>ZKv9~oh@Euo==2Xpi6GZUpRSC`9vRErD_tN`F
z;&I6KG4P5X3G3ImEcW>&k9oR-usB<dh^Msc20?wpU|lRtgRY_Ck8P)BARy90maDF7
zMHz=`Y7-i7@a<BbY1lNz<Qd1A=HB_BZ{dOQDy47!#$GOY{6wt6vm*y&=_g_urV1_!
z#I&plcXJp*6*BSP3QeAYHmb9_O^Lifh<Ba>;Yx$e;sxhv(X5&$Y;9mHHINtT4eVl`
zTls_TxX1WAcM?QlH;JEh#o5WXuEb6$+{b4FI({v<qddv+w(RCP!8@0uIdJN?aXdjc
z=xd#}7m9jsP*jHB{uV8TZ`4bx{;!8ZgUB3yHNjrKzUrS7gS}dj9vDB9;0*SXdJHVl
zT&1=(c3qd?2tQs-=@RkY>>5<YG*$1)`{2*XE5S9GwkBQ>_t%$7tLb0T9-SWE`3eWb
z)5kQ&+Sb_Tj{<WjtsT;0gfC5a|F*3>vKps_8|Y%cU{Vlv7~1}PCBS-ZT7-)UuXo@~
z^f41xD)TOIld!y@8PCjOM45$Iyh^ac_`sIAjg2IM3ELYv#&J9tMpr=RKe=0`r}tpa
z)HNrIm6ru4do3*jXoj8y>Wvop(|WqAGW&#PYFfzTBvka}E|gY}I>=DJ%3i#wB!b^=
z`dw8B*#ocVC?{u6QJ;qJb=9%5>HtqK%kL(;;r`-Qv>!ms6uG6)gQ7!=y1H%6Y>4G&
zoSd>gJ75^*w&6#h(m2UQuEZA%X4sKq`=Q+Q{LWNYbvQ#q-hQ+{Bl!^uyqRvI0H1({
z<y5Ix7i-?f_CQ<rpJKtFbLcWzep(N>!#o&C0v*XGZx(oft~O^i;%B1|%>EDHGA5o_
za7wfWTEgVJmS4o}I5Blt;9l_FPtG_$Qcw(3mFV-RQCE!p&u9h=m8-A5JNKdFyInF;
z25KT-lzp?M4Q1i#t3zb!%Y8ByWj%+;!$@VP?y}^&hTOwS8LAp@Ex+K~UqE*mDz#D>
zhA>S^+H>WSzCq?lN268pszX;()p3aNveaz`Zxp>=Q5PYv@9nXUzTB?`dHxFprYFoD
z%s)bgAX@9Jh9Fk(@PAeeFnRe5f}X*X{2makVxlnDF|S2sLu<nnX>Sh&$R2->9tMr;
z)pcd-GSKB&dP}A*3XD@VZ-yy%qcX<gN@sr3_5$y+!s};DG!Gar90x{($@aZO8Q+*=
zl<C?QM*3U>V^)Vo$os`6sxDd*wO|^e97(N!Y!PtuM$edSI9j|mf0bhU@c^xpW%fe%
z*Np1{K}cG!*(NIyT%>uWE4CCxe<xWJDU(ZR{@^s)B|d_LY~>4~htLMCf{glD{4#73
zR<HS6A8DLEbwN!TC=>q+m9c(t;z_b4V3lr!l1{^^%{!heVKaCF3_;3`p|O<AJ7G0y
zgz|bAwc^|)F~{(UKbhqnUkkY*sx7<v>~IE6{x3K71d&>Ct?tLq=XwQ#j$#t;@Ks1a
z_l|}~=&Er_)dxI;pwvL3#1h8T-*3iFwFZq0yyOcwGXt3?1T*|7!)s=mgbU1J#%*Cw
z0Wbn)>n26pwdC4%UU!``VD=b-?wvQC>K#(zWzq$PS*@g7<f?ZfQbd3~XDH-Qg`yTu
z_29>tWQcKinoTrvO(E~7=qDO6N#5s*xe`wv*~rPeTGA{X&T$hHt^r;HuMNe&HrqEJ
z7m!!nvgqR@elyDYh%wq<?!FGIif{UZzeY-$eT-$oEa|oxzxvB8g6V;rKvkfAG*>iP
z^kFnwGzR08S(ULaur1M%Z{G}<6TQr|)$hTvKM+05*fZ#nev1c0!0I*p2)IQMpOnX(
zOdm;~N*~qy%Ng%Ty6*uzjlRdU#te#%iN?WVFx{B+Albi+M)=on^Mboi1mwVqWAYpG
zNW9e$UlhXZ!<=48spl}EH=){B1TsY@VI4E7vn(;y7~2?a^n3i;e~fNr-Wqs;+;5DA
zz%nrRNxLNhGGO@wcqc8~k%5flOizXr#<T$3LC#1=(0y2-G>|Ns2<RGJ9nFJTYt|KU
z3lD_A$^-c1-l75h8GEKZ0&jJI+n99p{gOcX=uOOb#wQb66I`GN|2`@Z1`C6b`i6R+
zqeh?TmzVepqJ;Ph(mC-Pkv_f>=H1_#aHqj_;<@_k3-ebvU>uge=>-lKgrgGx&Da`X
zTZRcPz8QX}?e5YILGM0Hbmd5~pkR%KC|5rXurb{D>%q3q7p=hj55Vx-yl4unX+~}n
z$nNO!=%Hwoe|Whw^H02>?^}xZhB*+MfSJJT!vn1`zbF2ICV(km%scu5QOJ@yp2w8)
z4=((DLEt^+w0ZVl&J0KHeH&nVGz=yN6TK-ca}7Xud}ZR_&K%CZTJ$o@zxr(s?8G84
z<^B5tx<4LW%ZP9E4@AuUuo6|@{uf)?=J=7ek!ENg<Zs43joTtFtZ&Y--a1%4NWEx1
z%w-R6R%(ZoR)s<cbW+7i&B?Z$TXJ9+N|_j*u}w^NG{1msdPu&Xd>bSax#JIGgF$0V
z#BLD1N@NV;P~^0Nud@aBB`ODvGpNB*<z5|*^5T4&q0TU+BE=DRw{9ezyPg^bRx}YQ
zj)s=>+c!JFJ;?rXv|a~_Uv}#3MF0chqo0w?Gh3GTWK-&ei}d=6OM?KzC)7hb^C#9I
z-YEl-{`lKEQq-;za9L}+aC-B+-v7}P#L<(0I*;a!H{wpk_lcxuyA;8SwkJ*L=~Z8%
z>gE%ye(70ZP>)}FG%0#mYyU*XX}c%yj}QO23}!3K*5nKIK7%h6A5=zO;dG*GV(Fjg
z>SYDb2oqVe3A2mom-rM1+Hn@FH0DeZ-!n36g%^t5yEBt-*1;q{>X_&YkTGWnW&F*c
zvZ_Qxw(u#rVYK-Pp<n~^XCb*o!v3N5uvUvYE5zOM3zBdh2&66UGKdcT{ukJHpM=9!
zi0+^o0(dWkTX*0~Ummd;f}g!iw$t;>$fe^LLwMM{1za6YZi^>l4$Ay5@5NMD^cC9G
z&XKCRyw#Mtxku+2aFvrrz|7IgeqcPfGim3hDctEda5k#Nm)?BDu5MV5i3mcqaatky
zvt}?}ri0IZ{aRW~ecBEO1))IaXB7&2LJDzbH-^rShEs5V`@Rt~R$SvJ-gq>Gk0qTV
zZf++JN_6D+6B`#wcq=$|rh|}yL{E~^5M;w@g*tppdZZSX^$ZU=0A=z|inaPC+^5qv
zCMUE8{zSepT8V~MVx9ODXz&oFWnvwQ)v_`j;WqQc3;K1ueAE{<3f!PC2F`AaEL2y6
zbTK{DW`>1DL+e6(7?$;UC55mKtc$`j4dGMpciif5Fh7{I;{?S}00Z^5SU1j@ZJo#S
zdp<w7jB_5OX$wr6DfBa2&KTCNAM9afzmV?_52pbx>fn1PvG$Eq`ErKf+eE%Ac@cH8
zRU!B5H)2idRh}za00s<rUg!N;lu;O<w>|1yW`}>&xBy}?t$&;J9F4E52bO<wQAfeJ
zOyI+?F1`74S5?3)_R0|v8)S;N?`_a?86G4K5VT4cvl=zU<w$kX!kM=MZV@gc(vr0r
zHFj(V2^TCNwS+ElQR9=4y6G5n2GMVlxEW%DcrlGoYQvb#sCl*4hp6(W@yj|)P(NRC
z+}pzWCv57)&&GQ)o>7}nKrf>Xt(NM)Ujs-8dnD`VZx2%GwKUAQ5+5UaA${TFY11~v
zWz_raRLF4p?f!|xZGtAs8MeA6P6Ap&R>37qKZqaNbs9h#b)rO1*@4T%Q3uX{*)5_B
zB5eKu(uR&}@Sw^+BlMt_fgII%zj_}KmIpiq4P42e96o@}g+>p8#ux(uFL>58h7W%n
z@L~cYg8E%q!Rc{}mS=C?nCbxW`Vs@@(_wEyUVJm9al{bk7pKkpf;a_@LDmevk-&Mn
z+@L>*(hDUpASXdJ+6}+x4XSf~K_x2LnG1=xk9hk(Wl*eYngtb4x9j<d<`o8KnLu^Q
zrP|S?PbS&urESj~8;`O#t~-soG3n5)>YLFe^8K}GjNUD!H=h}!KQ((!T%Sx-x=#P~
zEWI>&Zk7EjPBQf}M(C*u0M-o^)3{4E3iMP-z)QU#ZsLO2O1f3bN(al6K{tGgGOP>s
zO@&8uT_>4~wApd!6V|sr5yqU9{kH%Mun*Qph!`PfTEDcA(+&AI2^^&0*bIT(qxj;j
z?K6a{l_%^NEmGnn@4Rio4GOci_#5<CG50ABc>wd7YGnQRXz|Zi2g!!PBDR?OU6E0z
zBzj9-5Cds;@^ZKg|02W16ZKyqiPaLV)MW%zV~1-+wlRx!(hc4j)p%56&i->fiflH?
z7kN@~L_8xGC=`?EFuQdCRvp^l7o`H1!bApZ-Jh0)qHX%4oj4dl3Jpf1-tllq{CLhu
z_Lfxv^~@VZW$OuIxuuQo!ZL;dfXc*cYhCDZvQD1YS)l1nvEkU}=rsFM-yZbtlk%Ma
z4vt|v;F^L!g55lNN}jbQ82=dN$z@?Vrt(joA@rnUrO_1U?vwA`bxaJSSJzb4c_s*X
zIJy(}YI6<N6H6!N2Gy2p8px*#YMZp;1{L2@b6@^xKOG&J^`_a3nS)MXRkF}|i^v}A
zuCw4+xNBNJ0?V(gbY{oRLx)4!K5CVc+I1)nNp#tA{Z^Q(cpH(i4%g+s{G&CJmOAcy
zxY;DeZ7inC9XR<n!n;p~V_UAR@fH(x{t3}$D`4k#9GYG4I~_c*sYhS$9i2uuA-nAU
z2+`~-3g=e=Y=K63ZtR;77&300Y*4G{qw+;=A}tEcCz-P@0=%w9Z6O;7U<}Bo7prWo
zr$5q}<FHU&=<K`@pJdo;tUc%XHTB9HBTFQ90L8hf!&&%20rz6C9PS}AD2&EE;k#4G
z=2^MF`R-lwYT5Xpm|$F<+~!&8>;f!;Snu$D#{_bXj{R7n-?V_`0_h}$VeHgr#-4`%
zdl}dlQ1flY4e~|Z7whKRa#~wgL#-P)-6tNTm7r%;SDTp|R+%xo_7GNrv1_K%7UU2{
zwISp&gL-A^F@}0&e^WrUL32~_ACgM7QF#+UwPEzqk9r07vh|N}{;PlPGZh27TfymP
z4sET3_1w5ubdt63Vcs|mvb$R$#42rtj3cO5l+nx~-U#HG{oM$S>6dP(E&`hmKUAgI
zn>*J&eq1Ekpmq2{DoDA}{9_3)zr67_`2#&h3FU0RAS=?l%MMCbvjjr9N5>L;K`Y6!
zveD;#K-rnsp<w2^CiD8_q6R!)kdIhU8i&#xI(JhyKgdw&k!%B>&<zIgM=k7c;U2W8
z*Vr!UdP1;dPPYj+p|DQHCb#<{ijA@a;w>JGbCekH7e12u_BM|>zO5L~hDz5%cub&|
zTjZ7ccj=3knPMEqGf7aL+a$?w?KZhvsdPmehf%LYN7m_e1F1Gbk4RP8&NDlyk6fNq
zk*yyyzjT~Kod8;GF5Xlq=jmMhvi^nbY0M%G26Nlu>Qot>5W!wFY>AI&Mq*3UtAFvY
zIi8j1Q*5l_;u0=Xt7?XiC;1N*5^Ya!!5YHII-7?xj(W!YM)5C<^tLtXAw;uQwg;N|
zRU#5>1f^jc<bLelH{(m4e~y_Z`Yw`yt+FMGJ-D!$(QrtmF0p{G;w7RzUbON{cnUVa
zc%hSc3pWT(3!OWs^hz(S-SYzclP=zJp<+Ihdu5&sr&R$GWZvz^zs~QI<H+9s9NPd4
zq@Jv&&mLdL;u6J7X~o>M8y=!}-ay54=ryH)R)E>WnDO6=`H6(98?ZDDprh)4bP|{a
z8{kgVi)7Pm6o7A!Lu0z5_>(K4HuV5|fQ>b+QmV|8skl{{s1`}alC_RWxl=u0)2ldC
zI;A=h?OD6GN48zKL8`ljs8hc|8+O^CU9189KTM}Vue(M|KyZ~}6|dV)@TmzfZP*qt
z29t;fbO1}yAbUsL1gH9rzc6>fDe7X-0$kh11f?jDop155v1)QrY4LZ!DfuN_@Vej>
zP}2O&3bH$lRB2#4QLh=4Zt3I*4y7JV+}v7^tSSX4JbYPQGLp$OXn1Wm_@ygTt~$bU
z=weZ>O8tjXVLiNBT|$~>19JIWs|fOCO~}Qw62`2|I`f%LZN?=JRTb;ts2a7!X(Ap2
z`O=jaoqCwH8w|(pQg6rB;Q~L?o68SD4@**T!JhV3aZ0GI)g282k}rmE%qZQf<~Gso
z)6043(@7XQ{RU`Fe}0=R5Ku~hch#Au-jxAf!M<nNWmXwhmw&Ben^QTLFgY*558?$W
zlchU37#droD$}e!Pe_--<Z%VX7Np#rdR@fjuhX_`zgsC9TeLJNGutxO(~zD|UFeTW
zXUytdwb^)??+4l>nrAuS?;8WT!PLsk+cR$OAm?nRVk7GRqJ1wN+eW+Bf92a?bL26y
zLgO;NdIsFG0b8+p*^3XXTO6pfzVsXv<TY8?DK4C~;VtO_aw!4Sv{U&WrS)cF^5*<%
zn!c$vyNXM0`RL|(F*r^Wm?$Epo21u<lWgS6VVHS_?+`0rA~xUtPA93ike&E!uc&wM
zD9RbFt*=D;6t{qT0PnZVgx*L=CCuu@+|Y%zr8lUGWW7o?U$A8T@Sx%a6H}&aJC}R^
zm&R?*@n>(}wcMdwq^S(Okqdos1<d%S)3m&fyxnlq(BMiwXDbU&PIJtxjlkN0IjD6R
zEZv4(_1xNpZugM(%3@^AE^03Gs6k`iQ2T+ziAF<+%*rEFjY__~$)}qNW&Sro%_qr4
z(nAN{EcFEcG}^wM3jNiDni7LkYlDdH5&D;8O|1FzFY4DymGXnU3Ap8jO4{BO8e>({
z=#w$0CMkvkKE2Tf3yRL^IZc3O<I&kdokGAhPT3t)F{nWO$NP6*4W3RXKXoo$R4V$?
ziAl-obURQ%MqqB`Ek~~uPiJ`*n`XKBGJAikeNFS&3rA;u%Cg!7hhOJDZ_c@9Yqq_o
z@nPlt^B74g8ciYFg!fzE2hWntaKrx~?3<!1ae_Bv+n#u0+qP{d6Wf~DwsE5yV`AgR
zwr!h}<hQfC|F?bEx9+d{bXT9#r%rWOebv`%yR(|U<bA4N3M-$bvX+WCnK~Wt+oAS*
zVOV$KtTmuM_ZGaB1GiGOxQ|Tijn(eDxrEn$7j8UZ^UsWbmu5*Sck=QG0fwKAc{8rY
zBLe9&q7ynK6FLJt(Js^n<;a|LweDI#tXqUP^8d<Cu$|fZc1N(C5gK905gd`0Mf^o+
zZGCZ)%G*t7Cd74wei&-^V`XGwc^AQG;lzo(7uijXaN4tzI5M|eo6`xXp@~czBVKSj
zs@jB~fOkf_J@{NIz4+8_l-)JOE0MliDeV(q+zlEM{!r1zHtM=Z@lf86Cq!)!GW2P8
z{t*#Sd6zM=s_Hg6lDi)}_?Nr4WMRFZ|LWB0O!aAOBws~O!c}r!ov_~W9ny0f!Y(GS
zINzCX9lsMtFV;*&{QO<vOMTvtP*~lG{=@pP?ZRBLgcUh5MrdelmxeF;&2e66>9hK5
zNlL6mv(dQ+SP@fhx&}1!vV*A*hAe0;YvE%Ijb*l(>c_Zi`DlcKX~hw<ya%lWH#B>r
zOjO4}62dkq3#(+u?KN<s={8wAAZNTptY9bUH6gQhS$NT>Urg5)HWtnn)f^dux(<3#
z0>ISeNv!juX??m|MqE9{zgJ|Q9?1_%sBCI?A@VCw!@j8MOB7yZ`^<cI9P<Y`)xh0H
zT1LdGFJl>h$_qJtrC&?CBD57LmR)Nr6!*lterT#wy3;?mP6tmdIK;aZm2w1m2tqIN
z!aicJ=?t4z&;57Rs#o{wn_!vWEPLFLJZZ{*8o-|!5pw;m>~P7G22h~ssdXT&@JH2e
zPiIuI`Qg~L;_5dbywM6w#3FLo9Ha8&{<}UJh-K+Qdz_{gMM#r&tHR7&yH-k*K8)sD
zu;?6R-XSiSz1w_l`8-=j$aUTP+2MX!4vXgH=u32;qqtk8oVn9=4);;G?HT6g3)joA
zjq8grd3SsEp?=PvYt$C?BI`tQ)OhU0@HLskMQr(Q4(iRVJjQaYYcw$8bAAMO%=Q8f
zO?Wzdf-y1Vwsgb=^wu!lbJ+*xZyx=!|D&*O(CX-x-PC1IdQdpYB#MZdaqXm8qk(HV
z@oLG>!jK<{s>$}(xM$s*@%%UBfitLhBJ8{Qr$N7W@+;TU+?OnJ&CPG?M})Px-`p!$
z$JJuRn?(p^(wUoF>hHok5>%fbCr-hRIumJ=b7Cpa-`~QHN=>~>|2?j-3H@L`Onqe&
z;+=)$1D}TEdsk?CSOfU)3Y$$%S_@mr;}^y%t9?R7IE){1amnHf6qzCJvw+4SsmW%D
zlkg@E8&ZR$xtLDb=+iavFZ+%@zC;s9yinIVErFWN!S&9!TBc=ec@|&xcjx5-Me3`G
z>;KV8{ZkL9(RfX}LguDNp9UnW)TiweY#X7+(ykH{Vqg0eF2)^%EjO4{;&86@UsBkJ
z`{f=PT8>Q*`*DA#+z2DiAVJ3C8^f!)BQ||av;K9p0O!$iZ6L`|r0W+>(^VL5#AiFF
zvX9%?t-f8_p}54PM%z2KZM;uj3c;`zN!PWRos`c(D*;tKk(hovlx_PniUv><Rl~Yw
zZJf~*Dw4Qb<!V*WiI&-sVB+*}RqqEgvvju7sBE1{2cR-Uz8%7d>1QeXUC9<MaM<Y2
zH4PEdZmhT8!1iXjvyH-jz!NbbOmwt92ky7^My0?0_kC-AOu*S`t$tcqvD_x)+2c}c
zX6?@i-`3fEgIU!vtMms$jh7dMC8W)V;PexMK@Fl~rDG@Sueir{2rFd%MT1bciHH>^
z-ADREg#<6^ExxOVYxaE-5bW9m<V5OFo!E5s&<kmSNDcVtop|mK6|;!lNCG}-AXF7P
z_sk;x9t`YOEFSz27B{G07UZo{-ARVNg~MGsNC4t^!()Zi(%aq({ek{<r<_apG0?}s
zjU^T=9!_p8np<`kJcJBsn!Jd7d`Eu(7nR^VWQ~V)9?|H`eIVh@If1NhQnHE6PRhE0
z?6yY>@|j~FLDqD}JTT+AaS>-^i1Qe71;)FH3)Uof4cU65xDZo%xrifjkU56k7;)Q2
zIH9!-1;9JD6aAxbn&MJYb?g&(gS((gl(z3vx5M6R!IgIId&*o~M0D-*g8mi*atU8V
zCB3)>V4TQ>pqa}$OocTp+V_3Nu8$)^S(@4iQ3l=vww&<*{*F8lUe6vwn{zqm5hX0#
zlgOi{dArCz#0%}Y^Ma!Cbl#Ad2H4&)cE(+XWWCu}k%jxG0v+F=TaP>Tu>|s!`{;Mn
zqCAS@7)Cl(n&cXo(gdSed92J0X@p6s>Hbdq1D3xUnXqobY7on8Nms&Cc;PO^ItUsI
zn;ckH!qvE->_mM$X;wlOEO}N!T!-LlppQ?Jbr2^4PE8qUI<Wt>+F2V}WQ(zsR12hi
z=qB0Ix*yF=sVCjiq*Z&9j(sM^8XHx{UDF@fCzctQwU`JaIm^0*N$lh*3xYVy{6pLI
zI&3jk(l7+^?c{u{5mwTgOzBqA)OeBY<g)pR?c~;3AnoKjT&Y*m*i3L%(p+KgsmmO>
z{xuefYG^I5!gbUq=3^Vm(@uPJ)MLDaR?;3uK6SkF7Vpy3T1jyVtbF=hT{IbpOx}Gg
zZ9Evd`yWJ)-O`M$-jh<=X>g28-y7J>To}4%9?&fvkXI^QZ!v1rk7LSoD&))<S1Q>Y
z@c&_w#4F_wCSZ2z*?)-a)ZgLnaV`HM)F@h-qS>i`!Od3%630R3PFPke)s3oYdXdhk
z8jIvrkVx04l@K;OEty8OT!cqWF8hLfTi{(<KClk>mU}Vem5IaKRUIU@YHq}~>UN^M
zJA9cBn4V=pc1!<>Zk6;VdZ&I+9n@YVMzvKZXzKXd8iW2WyMh8PrZgMxSSqerJxC@J
z|9oOyG(Ig6q8Dl_lagrAYnkg-;*yeRF-r&ln56vmk;zCjbI}v4_0fd2yvPbvoJ2m=
zdWi2!KhO?PFW95{fXt)?YN%u($G1^hlU-3Lldw_A8JJP58BS=2jKXBpdfy@nE$u5N
zc5U8h><rOSLh@b`eN;ah3(Jri=h$!>m)I~}ipmfgx0<kA!YnxttS2p_%o*Frm72H0
zd4?ZI50EAgqudyn$!Gp_C+JxE5V|xT2Y~dHmR%=*(yZ!#i+rwO*bj2(R9XeB)Q6(n
z>HlyXd1$_I9C&Dc>BEy>;3K-Ht#*aaDCWe!_pt*%5WS=UiLZ1-Mb=iMC+av!_;2!I
zOnw4At|Exqp<fJ>A-x6`qgICuqg?LpUWm5f^F^=V@iR|EaN<Nef;b^{gbH2Q6r@+z
zSs;#~omnU3P5Dc%*#>JfPetJJtpA{QQaA=dfE>`e52&+h?6=zs?|I|zC`M-Upl850
z?Z{zxr0sVH-`Ebau4iNhdy`8mO=?UTywrg{ag1@?tSIqh0!eaj;D_HFgNJd)f;?FN
zUiyds33jIb%>;Jn^3T&N{#iVjHIg->GsBbSLSjz!|BfIFy=E_GEoVoutg-0My0;qn
zii5>VWDo3z>sdoFCotzT=lvH>@rg_SKWpCn5}1MOS%>%s3XI^4<l?=ull%%3x+-kU
z`!_w}p<>)${6zMU#4q*?_8If7-B&;4FP3skj12ZxmK~7HU(fqnip53xLii{fk-qc1
zW|!@eKF3d+k`m5d50}f2l}WwV=D<aQ<&~c4T`pj4-L<#=PI-8)<JQwyIV#sz!}+V?
z%JdMIw!=>Md%?7mlTZ(@>EsmSW9yPVyyJSuaU|nR?M<zEn^DvAM(yuif<}k2)+z`3
zR)-zW^VVN&J&o6~4jI?On?D`vcSyE+egBqU|K3sR`|BEnfNm0MJ?AWV7({7sN-3^=
zrTZQwUPOo#dc#8Gd-y>~=%;~xvk?1!8B^G~AP#0M?I@*D0*49kB>!f-I7a(gsRk4T
z9&(c0ck4X7+u7H*fc?=8<Y2-)E@Obj*Jk5luZ!Ofuglfxjk!NrBUE{0n}pQ~3_kYK
z6&ieqjH?Iz2hHik+WX@-?t!?`g7D3>?Goo~<B7+};SR*o?}>-gxLsd))kpeCIS5mz
zlFY_mgQV`)nP@ZfcVY8D{6ZEI7tg_U8=f>VD!05wbKS2j*IT}zF^xfzN>p+j78J#R
zb(-<_3~7}=Lyt>*F<&9nV37_&W|pgxQOuI+apYfOT%$~CgbMO@FztEwE+ah|POBwC
zsh@3D|Cm-D*%fF%#+LNJ3Z~*j{Ml0<T4oO<-&3bFK*nseiRijL`e$Bd9gI(Z8^}R0
z39lq0H@c82>UokKc#}MdoYguzY5#1;YJ)+xSbH$**c<MOaPDx&7~q3%;sHJ*(yD$N
zjK!9v>_RzI*-^D|S+4=wE{g8uC!rbn+Pi#_66j{Ft}+q*L<GyW3E!=;mcE@SQK|z<
z;1hd<2gG(&LiZ#sPuKcN2|`~()WD1W5(!teRt|q8C3fMM;i1zIVFt0z!QT6y$+sEu
zz*e%L9IBcMjFb#QZS7XK=P--pg#}25BeE!ApO&(L-k%u#^HO2Rv`mfFiwPpgnLuyn
z#yxnl+z@ybF#&ZDF7P8I2XUMzjW`a~4M??BDv>W5aQzxZPMC_)2H@=Ip*)wgJZ;nE
z>UQmD$1oDuT7w24O%>TT8@xV*X}muWm-x&hS(;nCXhtEd^gI+8t!7hnH&hvbZg_L8
z;&>PKxlyk+(y9h*b1ml^1MsJM^e{B$VIJ&uBy)9BSO5h7dG&wokYwE$rv}ikWbrh{
z(27y0=5!j~Q0m3~B~f%Y++3tWvG>(?L?bl^f#!$@h<J$z%w|Y*-C?Z2JF*R}J&KXv
z#SYkB1loX4+6}FJOew{VoEZRq{zMDVg{3p?QWbLmuWTzQM@9k~kWQ%T$v#5IT|$kb
zI&3(~NaH1{F;M-9e+)H3dCX-S8HG?v<5iS5l~uJBo>LdMo$jZy7|*I$yqi$Y{-Qx5
zqKGO1?MsVVoHwwh?}Nt~fTp=MD-h#qEP>6IKB_unHl<Y{5&uIq*x=YE%?<A_?JR&A
zRW;oI7;FOi-&R5j#5<xIC49g+hocbEXqi<LO|I&@<8r|N$<n?f9!MpyVd(3N1j1Z^
z4+ORo=-7C5-3bpYBQ6uWmDBW2<VvbLgS_U6A4zIRztw(7cgyAn<@8(((d<?UMZe*C
zVAwipmtf;gt+jibtJ#@eo~=~YKI-2(d^K>EILPT+ZUS0YT8SOHHgBB#ny))r7Zi_k
zsU30}ZEngpxv1=wHoL7RhxG$D0ruBToL-mxwIyvNn;+*|yR8Qff7%3_7%lx~uiKcR
zx8{ir<aSjWTBGWzuClyI`ih#(hjt%^{#${$Bif#7?nyA-5R%7@x&m%4k=1AwUf!JD
zR+J`m7IqcXUiK<>>t6@sMGg1ye98|uR{ls}^?B0{a`Rw)Q2WM(uUU)To+onNYZuWJ
zcX&3*>ZaB(?qR3^RCU(%mIoqNRol6hLuF{KhP#f`RLxda)rO;|KQF7>W@swc)>mG0
zfW;xfKn}Pp7poitF3{qtb<vQ*AP_HSA0+pa`;T%YJ<^|%2QH!q`X_R#F82E5p^=bl
zbz5sXg>?QDnYWv!7hfC<Rt{_=dmuuT;u-1d{;{9PIbJ@b%Ve&v)Q6(5rNdo@7JKGI
zd|H!cLS@iVSPzaFUq&Pd0Ul<RYp$$lXs*D9s0@6DTpYKg+eK(I=@=lVR)=z)b>o=h
zsS+ckvKEVMk1aoEP5lcKU?bXl7de_v10qZ;1#O?|1LA6GjUsr5x|d3<0>uMb{<-Fa
zRnHB@A94?o7S`7QuyTicHmj0qdR9M7`p|S8tmT3GH<K^u<yhN>vyf%YJU4OX&s2^^
zS4D@SrWlat`gIYWp{};3yrd3s%@1we#B~&i^=iI8UqwlpB^BbdVGM+&I*yKWsWHOU
z-NBp-((-aLjqQQNs1D+4puQ}$aC320d8ec3^Vl+CRi^s7$Ax_9;qG62{XY$zB-O7(
zy(6$vbw)-M7pFu<64R))RRo&4>iUKrD8^EDpwD>Jr9=ddrR<)9Z7pd{rvBFO`2V(Q
zedL}me0#>vj!kXT^SltkNm!Ih$iu|fN{qlv<2wS(58|w_AcmCT%9U6C{AwPG;d|21
z*0pm@?E#i#;!A!_0MAXHnSnK^(n7AB{MmZ&42X<yP<D1Fla8pEC(M;bDyY~Lwqlcz
z#S`x>%Pe)pI9>LZz(5HPhiCF;*eyliuglQkI}ry)n39A{HzN;X&k5+YO<h%d19s*g
z--;!Ro4&uUKXzMAXJF!9u7Q7o?Oi#k(k9*v!a*qI!7~~<|JYVgshQd<;9Lsgeu0XH
z*m>IV#GahEXp@{CVs&_|6!ky8D-eA;lbFK<wrQ2UCJ_0t&%}zEu+GIAnbP3MjN4M{
zH^*16k1jnQJow)`^FN*M)C_4-#R?o*{!#8L2&Wd2PtIW;-9vqbJB##Z78y^^GafxA
z-#d@}w_ST3d5zoh>h)(<8BZ_&2Zq>o4Q@6l!j%^l7FRDq4DVE_L8R(bsX|<E4K^Zx
z_O-z}D^o4Xl=}a6E;?wI+*C{LVg_^k4Qb}W#SD|qX;;LtF9Tzqudq(>bHohi#Lqiu
zR@_u;P60Z~{*481W`fhhzQ{P2oH{kDCXGg+!|xHqx&;3N86?#sb{_w4{Tw?)+6+h;
zGtYP#=O-&9m<urkZ>fCW)6S070c~L^ff4y?hDo#x^ZH^o!s26#;r@nbsz>L<!pgUA
zKE9*U19$2`M9KfVG13&(B0`2aWSlb?MEB6}wAbXxj6*g%f5<u_dZ`sohH8|BBq3(z
z?id1soH#cfhv&QgCd+i5!BvLp%KADC^&bpXb%n8u@`6ecXl&ygj{_VWjcBlv1+-OU
zkrA4BG(AX0d|o#V6VUSW6TqB{4Z68dE%;l_kGq=0dfuT>yNp#>9BBGXW+TWFdhytJ
zO<V@4mGuob4bt|SCX%0mI@U7z-h`^eo^@3>OVu_>#xcJieHi&0n{40A@(OXC`$Zr#
zwi*&p2I~i6ANj2jN?}$<teo8V=W&8`1P>Q7NQPGC9yG?#^oZbAl;Pu$ml!V^n(M5&
zH&+0ew87&?eWA+cBPd#Kw90jLqbDlr+=VL&SAH6bjK}o9z_n>OgAr1zn}<K(k)Mf)
z>B5Hp49QmKXJ2e7j5h37_8k0Ydn*r?OSdrkvu6PZj^miF6%C4klu<VKNkl{*l|~G)
zIfzDYfx|(3k&@Czet@EO)OSDnfU$^%j;5~NsJgEDv*#Akqi4?0$+E}kzul>BAE%R^
z%+@s5Yvo3t+v%y?_mf<wUc26GTspT1(Rtmo#~Mm5sEn4PZxhwHnEWCUo=ad=@Bmow
zm5rlK2FI}Gjq8tLJ7BB;vWFRu*it$Cbm;j00~8pTtex}X2tZSd7(~F(n`TN3o@P!H
zJQ4iu&ot*D(kFJ*yLSG(GFU3g-k)|SJ1iIAu|Qn!!sxkb^)JYfsdtRv3$bs{H4v>9
zX2q|c&k@RAXq$0a?#iX9NbF>4YTybjen2sUjntIHC(2}SJvu_*)SC|dHBDKYqpTVC
zlQnr=m8CI1NFc<i+$Qs{$SJv2{svHQ&uIPt9^*0*Pn@k|-(@ilzZBc=tFF9?+ACM>
z6rwNFFYy;)yHs=k_JtREoVf!gOgEK87Og@nuNsV+hNha-JinzKl(uw>R835bht^vx
z;kF3bMxI>Z>fxeaSyQjk%sgGU8kvbG$&cW+TvwIB-7Sx7gx_AZ({7>Vy8-6yI+iNX
zIV5Va`XQotE8!xPs*`)wUUiGhQ7)q6F-QPceW=HzIdIv`TW7X%#iS(gy@f##MDA`+
z%86N(3R20!K}r=Mr%G3nH$mW-tgXLJfJekFkFyP!m2URhj@C75Nk>O7HxE(P3N2@d
zn3f}=2QW)|9`(JLyDG;i`lg;@0V8I58v@#iN@kTn*1H5>*`b(q;d~D+fvY#u1zCBA
z?2qsbiZ@z=U4zFtnskAi)C&n9Pv%XNIPsG`XBTL(?A;r7u*b!7bMRl0{VD230f%ni
z0s>k|rV&HPR@7p7pJQ;iX;BsEp!i@?rcMuva&@egn4K*gFs$g?ox<MFejPeq=*4`>
zo54iI(lumX=84joF741CXCDd(;EHuFFLX9^QdR0g`Nnwo%9{?Z{nU>5df+WUOU?1t
z8S}tSZ*ph2BPN0OAI_qFSeC6GUK`bpb9SXV`<V~BbV#4Aoi$FUyd0><k8Mv{NON~Z
z9p+Ms_B@E@u0`fV=Xg%&%uF~U$6te7*(5bF8q5QU@rc5=xySjlS5ATC=7cu8>7$%9
zxj53>+&c5zd0CdznYM;H4|JTd${N=qL+d{PjiIn0___lD&2_FCtUL-YwoS9N9FvZ2
zGIK50%P~hZ9butHrAb#+FEgNVLYHX3v@9Za0Tm4wr4FkhR<#lu0pp!jrBOP+Qt^;(
z?RsuP14)JwVhdKPVXY#@H)%4ag*Hv5E5VXTLrm#{ht4<4caw>w@Qz$#B1czmlv5P-
z@!Y(aRHQ$P_yI{ev@!2W4Hve=l1hnCQB<R}N~^m_BpC~3Swrt34H$&J@r|B9!>@5Q
z?)kCY4u*E)LgnTHJ~8Hh((D0FR!no={Zj8kW*brPFxyu&KF10HCwgfvj3pTBthhY@
zFF8%NHGht&=}+sz`V=c4%|=;#rn_KGym}>hrwxt?BM-&_Yh75SGk6d_M!bZDc|oTR
zlNiU|+!8dyi3XUXO%E}+MLED{{Lm7;KqnlSH3EE<$L0HIH(~)-O5BFALR;ZCLZXHW
zpdtj8@mtfefbC<KRO*E|{}KYz66b$mlX4_C&{RqMp~LS>!CV85!DED`Y|YyK6b8_<
zl4-i^z|G~-b^akk$iBb?M8HWxT;&Y9f6=egwdfxr&ki^yp`|oqM2o4$GNU~~4xx5j
z-nqf~xck4vcw;Y$t1h^_hszDC>62{%o3*5^qompK78WiI=<cm)cuUb!%C&j5B)W{4
zDHew#pEUuh`?*@W9q{)MvbHKt@nQhH?PJ7f!?w4(hRP|A{pbe!B5!V*-J(yqz-EA+
zH8u=E1fe|QaAtUyWLd;dBDzO*h?{rBrTU6Tx%3-CU`GX-yS|D|N5>>iw0gxPMzN#3
zvxhsXkF_$wE6}Q}TChr=R%xAZH7~CyO?U65b09Dom)!>az0nTz)L!TZ=FX^P5_4t=
z6XIILfIzZCodK#Hcg5_bIb$-MKX_tGROXP@kH<u!6PO2%E1$5;2XMstb22f*g*r!X
zhOd(|$x{%K8oGWI5ftuGR>33m{(w&*cL-HWxDv#u!GR7*a-{o%py?6ulp4(iSnW}1
zMzVc4_Z0khEP97OFfj`DW==<_gU!}}R26XAPX;|+9>(*Gl@vDaY|lGL=e-yU8Jckn
z`4(Rbd>(Exnxlwe?hDSm4n(3d-09<V;Y#8;SY~|)%|r{OX)SLClddhxjQ#41(@8{B
zu^b}#wQ~NjE~sIE6X#nKhK@^~qw_L5J~A;Js#xIsj21UB+>C`**|;404{xjm`Lu0X
zg;UC55LPjgx|q0cw7;w@KC(^fn_3eJ;e!0qN=1&2D*G{a3z%K8rT}=37+G0br})Lr
z+-Xv$2%O?_gKTXdIi31>uk|Yx-s4%X1u&QV;~OiVO_lxvU{2s!#0U^JZ#j1VX|rVZ
zIkiMv%8%<|pmadFgrlM?<N$BF<B`lbul|IAwL1TZU)5DzOizb-BFnwbXMJ2QlbOAt
z?STbvXh;^rRuuJpmSQlZ+&ri$9daQ%PQxZ;9CIccLjw?*e&EbAJla>qFB`+q>`pv&
zgOJC(^4Xv}x1re!(>sCQelAE~Ab@hIF!SGY0m!loco!RcXB|43*J*2I{4QE=2GZdq
zcEE?!l4RyWkI!Qm*3XdDnoYZo`FXE97VKWSv{2xB?b1PQRB9=BWXeer8`VBNG{;6Q
z4GEJG<*$ZmZ;Gp7{i1h)@$nDNXgKgsA5?9KKS+yD=1N?xevl7OVqXJe#)S@LQTzVz
zMN=EQeBlfubb%aWjHEX4rV74#_<P~(9zR(Nq78#OYP%Q?mW##!uO^1399#U6G(sP?
zE${lq76iUHKwR}iCj9I#o*w_r_Zeou&`v5tfigHp;gzL=;HfXq#F<$Gu@XaX=J7`}
zJnI#f7yth6=RQ79w^T$Zj>P2Vpc?VQUm*p{wQc;;UYP^Z%!e^S*N7o+jFoxm8A$vT
zgAamNUfYshNw$79L&pue7UbNpbiSF;(0y@`KAo4Ork?A1d%Ly0KdQs~(hkFq$D>ZF
zT}}3QP=#eW91g1IMLVT&0_HOLZ#?ZwoOfN7JYv%xZ-_u!pfxm-GZ9IMs;Z(?7ZRp!
zuJBrEl7cGDkz?I+tG3^uQ5#owF-g_D6@rkh0~eB_VJv;kq83_2&w3@S6l)T-(PlDx
z%-3|R0GTo)>edvFNt0YOuco)n&ZWyod+X70Qc@pPlyvjpHU<h`kLw^&MSU@}l+@pt
zFhPUL(OBZ{1r782Wit38+diD{j++Kd>U#BDbr=s>NI>Mch~M1e959sO>U#*?j;C{y
zumwUfVhP`J7CM2V+QG)!839;oBSPjDZJhR^i{Nm_r=8N3q-HRP3?B~XXDj>JQ9f-=
zs55up-;pG&BJR(t)7$^0FlZgR9Iu2SENS?XWVEbCI3ntj1=@E(QJ^p=XOkfo)qzV2
zvSUIWpI<TSxgwTftg3z-L!?_K(N4YkSx@Z}ALcY=eeXS<QijC}zvz&STrW;Ds{uC;
z#MHooYY*_?z*GIjnpF=w{oK|`@2nozDbp@+@<QZ;TT+!F0)}S|M55$^=cYm6YBmWB
zF-L4i^O`uF5a;P&Yi~!_F~L?Pqhzu2{c4HP*Ud2i6)R|e>g9_HIFur3DDjg$YE&xM
zxRjZO1YX<>Es}Fb*8FGEI4}`nP*r0L<`%d432q71R(PaPnxeD8riSla%^kL9g6uH%
zE4_-X81Kh}?CL=oi>9MK90|Ax_dTDQb{PcHV*c5MgoiG8UH$~RiEnMzyY}D8@8J~y
zK|UC!Gg-F*_(z__kJ(~Ah;Aq(y}=3y2qOhFTQV0~Q6?qzJb8aC@)53<y3=WTW>KPe
zRmJXM!P#?orb$y6&)8hhUI;mk8H`YGic8L=;|uI&$D5onu#Ch4VdcMNA4#U}jHa=}
z*Q!_jv>7#$F}9*vOsx#ob^-EOXO$B9{6knp_y$5(U(0%x7U8QWEmg}H(zxx({jfOt
zeXesy45|3`_B04<XkCuc^_x>{>JJ4x_+kEid(m-5Rs5QvM^x$tP=gLr1LQ&F5Wf|{
z8uGecNxX{M`5a{p3<>;tvQEoL#>oa)Gx3T(brnkM5Tg5=3{5OMr4thwce?2KZrrJ9
zK|ThQA@9>(t%Hs!6+$!??XlKb@Cb|R_RAie!h*Jmo>)6V5I6x{Kl>2s30A`f1_lZ;
zq|~oI4xiY3vV=~0Q_9PpZ?0qqtiPtsXR%;)CUMp;Hzwss<lV)?mr&c$&Ju&FHfx4H
zQP$>ce@g~#Opf-l^-nywlJKZ)AGO|wvMN48O$(r9E`vGXmJ)H1#~*S~VVgCBLx`;C
zlf2ROs0k7{CPdp|w&xt0n(MaxG@{R*iYL7m=n9%iN`!|^uLc7%cL^tq3?xHIpq&ct
zL@q1M8%-sSGYm7AmTFAsvq($(^H76l)U+e-Wq9@1H20k-{>UXb56{av<EDvWruDm$
zIg6ymF=Mn+65)i?*bQ-D!cdIk@3moAV=P}T%O!bqbhj#N^@InL(LT({bf;3v#i#yN
z`w<$iN>|hYo@Sb_7$Sis(~JIGE>3rTx(ByVDQ7VF)R~h*6!=>bck`gB!%V$vA+!Cs
z{(K#9Q>@OfU0rpzbk57k$t0_O4sLL#G`oM$Qp8jg!q-TCGXg;WujwOQF=E{wcYNu*
zH77>}PdTx2v4@kBgigGQu(49dXw{HjKt#RbbY)4!EoCdFoLd&dK`f=zE=BoxYWO@M
zC&z%J1>X4D+7{24I0wT=C6_qI>8XEn@zKt9BWUSyzqO-0g2rR#1%j$XWz3llzeOxU
zejJF&<}2ai$I&E6q^T8`gMPEepiHb$+c2SKT>bOxH931Ue%hb{m7$)`M<d%zY?b#|
z5)(ObuY_8Yo^vTzLLA{4iZ*#>$p?)wclgnyh1?cf?6S!^L%f3Wd^{~gjvz_iY!;p#
zCV|deT9od1ZX&{+A@k1Dfg#Vi9j#fsz%pF?WbWbZZr*GVlNXf~bm^HQv!HLSJsc{l
zguLxd=uv~b9Cgu8ZV6s5hZk$z(>2704yN;X%q<c|`Q^@ZZ;~DwP`^}EstE&(4%c+!
zz?P7rf0-A9F?}ihkIE$3ue<oXy7p!3U~AzMP%~)o)`)w2WQC2Bru*lLH=I}NGHwgP
zuksK}LtQ<5*A0Cb-mXE1x8HMyL&a?*p$vudazdaxa#c0S(tP5Sp^ZC87y21ZE?VL>
z2}?zn&~uS|qti8Q-X7&Gz`Gy`%uIHGB5eeJ^FZn24nr)KL`hF`ZhM0c8?hRG{$*ZW
znZpEWEQMKOCHS6Ac%JEan$X=v%UM;H%;zBk*^x6CrWn}j4$P?g;^+*@8~~y9|3~$%
zg7`2fY+(>zbA}c6p(us}y4eQeL#yDmhzDZ29@<r5%5jqlBaovWafrcVt?MPo&AE)h
z)bIc1wMNiTL(X<=he^Uj;4dyBG;$v5fwq)Wv>5C`eDJ@UMeV@Rklz`XKw>c%RNiqJ
zG=`hlivSNeQWV}YHU6PwTFEnwSfr;yD6&W95CMn9)IKQ{VcJapmL=d{8^Tt-hax$n
z+L;{bx<BC+3fo}>QJL;O3ORdCq_S}nR`jT}K)ewU$88X^Vw-APOVuC25|zv@sZz5Y
zf)SEQ$iwgik4OA^XR@XO4qgJswpmQaSJeI=lL&w?P@l5OI#VS#-YSLdPf<1+hgNBE
zKHGx^75HtKhCw7@ytap12o%$d9R(<8z%x}nZ!1hn&|>e8>H|qXx8#{`6AF=DR0Uj;
zB012JvV|KR@9Qphev7g=Z$-R#bhV(_G`K72$rJ2*UqE5Rqx5%KjuCs7E1W`BU@toC
zjHd`Jlg!27yU+rBtU#BG*M}_)QvR=){MOf|#f@^CU%9df1$=(u`TyCajV>Cp(ZNPo
z1b@Hp2NYl*23LqH?;r7240dCUi4kpmK$Ify3{Y}Fs^N(Fw8c=;QcV5R2E)6%G++YZ
z5}pDn*$*{X*9LiLnJ&HsTGe#mj+{;7CvD_@|D>W3oe>{SjK$eny+!-)la246LgJ&w
z63r*i_<Hht^#$VB18k$O!YS;2EThQ8@}S_c+r{8FVa3BQmPG^+CA?xQl1bha7J8g!
zz7a0grHNdPNW086T&w&nA2Xa4nbMAM7P=`SRtX&757Y}AGdI9srEt4p<Ij-_{MFJS
zcG;3FIzu4EEiX78;-@}CFab54KX8;~D%4om*%Eb0nyg3)f|E#ZkCuUUib)r{j=~vg
zOeD6`KdKo!qp&5#I)*eh1|BKRy`>?1Y)&Ec_Zu-nBH>K}HDnSQN|2fVmEr4p7C-#8
z8h<6e9Jd>Qky2O0-KsXo0JX!8+8u*Bq}%A1XIK{{YEOp~8CsM|v{u$yMm%f2Mr}-x
z1O=@$M)LvIxzg-eXeFjDMM(0hJWF$BPwsd+IZt>`*7yfTW80tXi!h~>i;QM^zDr;E
zB`lPh(8la_u@hV3VA(>+za6~wNsf%7rTlb-V^Y?njwLcuLTn3cXIK%x_@hMrmH)-X
z7^`F&)2pRWA5gA4plp&E;t>xaN4*$C^NY6HPu&F&$+-mdv!E7v$Q0y&E8&}=5j(_N
zOhL?TSiIq;fOObxs0fez*yjVj?udeZeQH6b*@ZTbhrQ|t+fvK-VO<IhLf=aiAhq~J
zuWTwz&@+}S=?(I*I9^gRMUhwB3bLR;#FfDIH(0Tvss<G&FjN5{SJw)`Xp#AgE%GU0
z?^w^CB@(=&0yM;dFtZTNzQ4tAQ_^TEufdT^Ir1%m0l&q_n*~Zm57323*ekA$z44$B
zJlBW=aV2Ng3-|66|F}NiNzYk=hIA0)s*nrp;4x8dz0?2>=Fsq{R0Jzx9P!u^!}~Ce
z$08=k_+RdGodYuL=ps66VQ{eUCH8|MxqfpQKYaW0SU#MWR9!_U$9ir};F43o7t9f$
zZ8yAX!)5E#>A)TE^GlhIZUb^{=NH7@+LYx+<Je_1Fu6NEqKac8Ojh(zeYg^~0hoT$
zHsnxct^tzdf0a}>K%RN1#pZtjJ>f-H8fXe!<_ezd`o5vERkoZM!(ynpWKAG(`PHOk
zDs~!Ik6Y3GpHAS}-9CZ~^m>$x@fj}Y^GbpkB(mxyph)<jjAQ;ta%~a?Qp6(S6LKC@
zOuZr_FlJiR3(KREozQsj)`44#^Gr_h^(1+<gtaF87sK%AgeJ9|DKhxAaSRh9&7V*r
z#Bx9NO6yq76A3ap?O9w;2j+VO!F(X>A_)-NsdjXVsuR73ktDf@k@7Ebrh;o6x!t><
z`-N^z!1N)kqSVBrXn<+<ovLjgBocg|-qR*caB>kOK}}WY9d9P!8Zfl+%i=afxf3ZF
zI2~6ec;3i5Z2e31dz6goY&veFjn&|%Ea-E3pe<^=He3>K73iR&Xb-d)!Y^)U5mfbl
zCo&YAJSOO}u$Kx=bjq-p2v%<vJBL(aBiNwqhr>DuD~@WiFyJZj-#&lPmwwl4T#J{U
znubafmdP@cNKa7-GAzcdAcRZSLNU&afIvSb0KzIyD5;&_RH=p-i%u-c`tx66gsZmR
z=}IW%CrJpuTwmyfwSn&)S`yNdg_b(re7k792JQ;~`!ZAv3YO222_EJbx8GX${CsCk
z+>&9W(of4G_B2OMIV3*PT0xVW<woJMS|+%MPaSxVJxhenUYr!!%b=M=8j*Mx^s;bI
zt=--m3djXHp@h*D*KH7(1|)--57h*@mu?g+8$Ci+1XgbvtRLrJn8N^A9+(N17-hR;
zEYynTl_1*ph)_gp7&9E$Qd2mG#_S~;<$0=reFugU+q$H6p8Uk?DCpaHpGZ5DL3PLh
z*cYD&G()(Kz~A&qesFv3b(4P_ufl1&nLEjXITZ|Jg1ZVcH9dmI`p;{jSiR#3_<ukI
z)UqwC4|6X)Z<(3wHG4v5Vf99kFz#Iw-aRb~qVo`x-==1P!8|j=!e}6q+I(&X4xVqE
z`>K1%4fKMmf|+I!@X-B6MSH;lvw#+XHX(c<mI2Fd*at%g13}b^=FkNkEN-cT;e$;D
z)G~aV$d&Fxtcgo_41&?luW6U>?7(?&TI=MkrmS>ZtPdd5A{h+f*=jYTw<?<lG*4(2
zzMZ|4%j=PPVAlo4+)1Vf6c<lvT*%MclK2g{`TlI;B*hc7D1Egw3FZ?H0$KB<9Vgoh
z;{3u%8;r@;jAZQLN?8b-qYVgVFDQBeKF@peJ!0lQWb<VcKF_B}I9V8GnoybYM<Klf
zZ=Uvh?*6_e&~<@ZNA>n@D&lSR!l*-({Gd8bx1a@}Vvp=J@<QW@+XlVOvqB-ODOh<;
zBKZk<K}5l{%)N{14<X=cwUu&3s_?KJfgh}n0x$pS)<lH0o}xq5Z*_vD5|O)#n55{>
zf+%j%&0lRw1GAu%VaGW#Lej`rN$|)o$-HGn0o3hX$bDCT-)Y;n61N9b2+PjOzd8r0
zTe9b+8p2B^48qFxxv?Hy`v|YF^7sI(k$~W3)LXbG3_!oAw~i6Tp?x!+W@-adw^Uf%
znm8VH*X@^t7yu;~qq$JI0R(#;t50wq80|_dz97cYoYWjSNS-UTQRMamp7vMSIS6p$
zADBwLeFQ|2(Drn^GrdHF@1oO8#|~X#w9t;y-+(?yHCb^iR`+b-rs(um3_Uwn`pt}Q
z6zakoj~i@9sKp4Ure9heOQa)WwS)lu$CJ&8l}pZ2E2PpOzR=1>if&V2J*E#@leD`b
zfjhq`++*4Zn<9R&e`s4QO(MqF;z=~%nKA%7kYrDcb3rLVY5{fYca56aOT>rj0V#Sy
z$w`r%MqJDsQIm}snaT)*j4qglN_>X3`!&}CGvT*uM~BQf@nh}boB^;hCYQxLELlwU
z4_O<AH2FwfL?7*4WMZgFIb?)kHi7l`PTOs=_b<rhHk=oa_zsoMTf5=3UEH4faM!fc
z6zCZtyji}%oHHq`B~~d5W-S{GDEQw<a+r0JR*3NyIkbND;!)RsObHnnnvSNWK48^p
zpaAyTYThN@M^Fy)l3c9+tZ3Sw1>((v0y`M=S>TzGfs6H-qx*=Jud~%)P-WD$eGUo@
zAq`;4GpQIUk$IbXc22z3rFAI5!5MJt2bU(Q+W|tmBJ-6p7b4Vhd7~?^<53p-3Fb8+
zHY(1q+kaSdrw{j=^Gw2>QV*f!N$58@K`avSB}kNZslm}DGmucVv%5*ehFYW=zm*N|
z;GXSjDkMpcR1HeqFoc9YbkmGM-3Af$FQwsy)j@Xa#Dsc#xhK8WFLW-^+W*eMe!n_R
zQRH-G0)Kfd@TVu~AyWpKj)YjMp+a?fI_<dI+;F(E6bFMB3#Lhxq%=E~XygpN!XX#i
zkWbOz+=5CD^BCia`SdJO-7g_M(5&POU~6#ImSOCi)57j29J!Xl$hl*WBxV_N6cKdM
zcBv#YG1?IPlA6v{mhim+rJrJyybA6$Bczq6UEli95Sj^YJ{nLQZPI?o*a+%D=r(<?
ze^D8M{GLVUVRo}&1X`=q@)456fO{?7CNUnEd6sSlfB-N0&R1?E(iaXG(vwloyp_|Y
z9VPolnT<=vf|(aT%EycxARz|KtQg)=O*|cIo+QIY-e~!HCcLj+RA1@hC7F?G!B>%Y
z+m9za4L((IcjDW(Ce2*OI_n!tY+JE(nqj7<n8O;c{6`5H(V1oXazPJo=2SEwUr`Db
z(sZ=Uru9;aNlT=-91c4C*%l>uo3R>Bhhvtiei1t~2_@D>WWomWz{RK<&2W7j2Mcc5
zMK)PpG6@*LjvG@iaTNy!Ez&Cd1CmR8Bej<~=pzVR5;p$8CV>(<%cAZlwkc<2mWrle
zb}eJbFPU0IYt${1u90^a9m;BXImJhgFn~4GQy84l^a0si3SNPowMbH?S2jB(w{#Lw
zC@D#9kw|&8)&N0Ktj3wN`w*<BDH|D$lBp%ersXa6e>jsvyt)g7S9B0*RAnm6+W)=|
zWQBwWmxx%Bd>CUR30uG-6NOcoi56(@>jLo@;NYjCnfakKx%0_&aY-d5eCpswgm;_|
z&<;)vU~xseEMStYO_^B4bwq#j;`{F8n+=-bk9$gQiCC3j-O0)PGAvC8OKH9IGN7@=
zekX9yvj~o}eOK27Zbj9pKBkcvmY|?9=SvsxPR(PT=v3p<!lp!ZLN7N8VrX>V4|Tgv
z+$Ua58%*ccQ2FjaOKH@C{MPwB;pvyoFC~mRaIvfedv@eG*0|D@j*|38m3<V%W0-%+
zlbbru?A9WwCfMK6KtCx%sG^pvfZbzYIL_T!!+aFTg2%(wn1{;fLiZFg7zI@k%6u=H
zZR*F?nx~DGAXsdVQH*<7_Sq^+(DJV&;)ceINMN@pC>^nBJY1W=;Z)kHSUYw1Tl{>M
zvsWe;Ul;R5H(XNchvQRVMB`Bv5LMo~Y>6aqyTi;PKB`)I0i2^gkI{CdU%+WICcl}4
z#u;6!T2G8eq*8u`-G&YFf$*a>HL!tKQ*$`vZR_86p%6>p4r;UnY|ezJJp4hjlMbMg
zU|ncKbg`#0EW*(NY!P<!TbeuP8r9a2)GRfspnT<wA{4WRNZLq?=&G5=1JU6GU;#Yt
zFT6A2;Pl#y?hJ!G8D2lRS||5_-g>}K3E?MZZ8nh|9DWJuvcKY$6G^UU7($0h!Uzc@
zacyw4zk*nUvA-zAEs<+v&thCZa&W@u`G3lvAYJRn5J@N7rO)tNT*^Cfw8R<d-&3Yn
z0X%fgTS_!>FgFM^ModQy(7Vq-E0}i@%-uQ0^P%R;1wyf)Yu}$fofPNRr<T;W!Re#`
zhU`!cam3^bNq4=HBwuCS-W`!SXssI9whOk}0#B$CW?gAYntUIfD}@;&&xm|&86V=?
z^p*)ZpyzVf!xfJ8pX4msahck7+pZ)E)`CY6%G!%KEMQ;VnTOvZ@^J?ObHm&};svHe
zs>%Z}2BRw6@T?+rFTd42OWSEC15N)M4ziDWxSZGWGUgAO`YmKPlSyj1SsBACz8^?!
zh~A}!Tz7{i{_Gu`LE^h1T@In!*!Mu2s4E6PJM78d6Ql9zFab=UhV~*%Do}NIUU)vE
zbMfsh$rU9Zp$Zo+jw;GKG7ooSN{VLqXSS#tTKt8?(2}_HIR-M;HX@CpA48djnrez0
zZ>B4H(^%aLpU(+xo$9^2ZlEExp18Y%)OB=!s4VW^5@rJ0k55Z-ATI`Rev9yeN+a3e
zxvwlaPGZUua=KN9?Uu)IHHl0%daqLrYOXc2-2(d+{AM9-nK^xuEj}Nw>IDYSY#k_u
z<s*J&U56!Kv>QfprzgyR>$)(b*-}?;{jlMQJ#8Fqjh1c(?E;`jLQBUF=zaW_<4_kY
z?RoSAcoR^qQ;uU|>5f)k@}>}q7go~DFn;45Rnf4kxO>bi16ZiVLn+qZmy`_ceCbiM
z6bT*$!4+<ux6X>r13pcZ`+L+u=HG$f+Ow1wtYhNMKOJ>6M$7+HmjAFHdR1(c0JPP-
z<`)o~xoIJDV^cM4Xjf%)+D_&s5|3SvtSvXS+#HA=>uxp5a`<LHbpL|=Sp0c$8~3uF
z)$?8@ro7LKmH2%-uN}a*F>E@qT|cz+td0BK7CAcS5*p=O)%^mMzW(r(w-P%LL!CcT
zZ8h^v5)$ef*c{EKaP%dJU%iv>ocQrx78sJuUI!;B45hI`{wF56$)_o7k5%R&EhUCs
zJIcIqT&+Bd0d*f7NG`eQ-V8dM$6JnK64XF<AYorSR7E{t&ykP;7MXM!HrgxFb=DYR
zDbCs>mfFUmoI*$(mi}$8C9@3UI0GkpaA6>pek_1Ijy3Di$58F7*zp$0R1}Cx^eMMX
zVX{%x?xPa)GUqzY(rByJ6b%W`_@fuV>K=!)T95eBZ+@wvS+FfFauXe1eU*Mr_ypXX
z88H<kkC%K^vQY*3<w$t7Zorn|Uah!s;PFL79k%~OgtR5~3zgl0ZT@wr4YgHSimJCv
z+?Bw9&gd>G2G#njJNWl6<&MD}&)VC!;3yUcyhjQE#Y&@g?0($ZI~6rfmxzs0^q)bW
zGQLe|Y~C!!n)EY2Q5RfCoGz2wR3?dC4QjsQw|MIh{k62`q*F-|w-@v}eA!kC4^qkz
zpcsK=%3p&XAx(v)fub-E%S44tL;>C=&(&9AS2u4>F9=MTdj2_8I!{t#Y>2JJbdY^I
zZeG5JhJv?I3F-dX+T8`i_FxsTta~wB`+WU^J+X*%HAnJ6k&do+qpj{o#R&!Dxx+Dz
z>S!PROg}O?0U{Km@W)0RgjkS!X*x&jvSs}eahrw`<KTt+ka{y>^@_EBo%4?bj>o&^
zvoW)e@!~UzB~9Ew%<FA`8<niUV(!Tkxk<*203Ba&b3oV-4xly8EJEd`!g<7uEr-O6
zwh{TsJMAP{6-i3Amh#5pi<_P@lkZ$e%zF8$(xsY-nEh|eHanB3SN^?In)hr~S?t2q
zZGI{XNPu!Atsu%wjp(kP1ss2mjgfi)i}$a|x-(jbL>Q<%By6{2p2@`b$6)iZ%7=o0
za0cwk*~#dG$vUvn|G#(ej9X!Dkt0B;L*`5+xd;mU?3D#r?Z;x<w6qY`X2ra7EY)kq
z3uGl?6oS0wf>a2}22*X}e^xZJ&b}yr+K-kz?DW{_^q|D00c(?=j=r*n{(+#G5YOw=
zz+0QYenHW^0MSXYLGSsRvk1ds+ee0Wuf`4gY0-BQMt-j_v$6yhFsg@8N1>w<^afpG
zK{>53$XDx>(xx+qlPIHE25<r-^L&f{?jV?@t+udL_0AOKKUv`qs1b0CFly@*kToS{
z(26Z%gOo5vi@UQGGknFP96GSLH!F!xV=!o7v>Pc1LGh*Jh%=&w4jwp{>QJIGQRGD}
zRrzdw7>5h2Z_2xwE3eC}=gO<vvxde(|LT$X?ZZ^)>olLsxg#JY94oi^tvbGry@<P*
z6Fb2ljhO-j&F9w**;0B;)(BC*pJRQ|CFs`AST3%c<{_%kBDiu!$dOgJ_;l?f!hgB9
zC`#8tG(B665S8@RTBQ>&{%26VmD?hx`qd~4QG0tQZId-4*IBj@iS<fca*)7-9@E|P
z;QH&LhGA|UBsQG3-Q<4K(Rpu056<ITkaQpRTQ#SQ>_jIXchosWf%S9s9MpIwgVUI_
z`%|ZX|7i_Uhq4}UR$oJ8(4NHz2#I-+8zj%-w;{V&&jyPHRRO0;2-okj+c-)KBvGC}
ziQ@I<Hx<Jd>|N>1;g*ve#z}~^Mq4*yrAzcFts-F^S+j}STgN^^0}!Q;I{vGDZXFYk
zd~wx3Di=2|=6XmJ4^R|vy)6Fo)md^h%emHL9IEMd80rMCC0LEpgS|F(B7VFF$5{${
z+kxI4QyBX;?dR8o+7zEFIYl_*sU0(lI{#Hcknmp@TzET2ZgiSkA-kVSmv3wUN2-F4
zvfoDA0{Qm*&y#AZ1|0IQK<erReAI+I`WNFK$w*;r{Q$bU4TFpIg-1%{I5x>E9MeX`
zhPx!|<L(_D;C=lwCC#W}qt`lFBnMgmHaGv>zNbg0nsV1aid9qVsQv5QIeO!$k62>K
zYW3Bxg@Wj!M8x~grMmXgjrlOcEbNrP$-8>wmDLwj0TfWYZ{SS#hx@xl5=@}1u~`G1
zR*W@XIF-$X_(3ad1!?v(SG7mtq{2Ce-ZvPn<YeieBsn@HXu;~rj5*;U(vcAiHgjx2
zg>|6lajNTG&cY8E(K7cp5+n8ENX8G!9TDVF7FK^&D_<t{7W3$B0C>l>)wyge`+SVL
zdG!2GH*$8b_K;}Th2P<w8=6_gu990*gGx03SF+T+s|BWfz~~R*>~)H_KjECu20pAN
zyR#y;zfF4aadyn;tL9rlG|e?9z1}cVxuKs`x=c+~?w|tK_X63qx=h3~yl`~EMm9oh
zk4dK%G@6G9hbL7Aky?rA1Ue`0SEIV_tGP$s@;36FbRm)RWMM1mrDLD&#}{)BAL<A-
z4?|=3?<u>}jt91pZ&1it!N}aaW&MpWY2qQL8LGXS3I=LAM%mDt2Q|R>Z*k7Hx0u~?
zsinZrpQOVDm+-`Pm)aR^K&{I|xie@<n_7kmic8)Z9qEg)G^=33`--n<eX#Z9+#1F5
z+{jn4n78pk758p69yZ?Cpt)5g7k5{8sfs9TVnIUuGOS$`VWTv;rZRKFb(i7w94+4_
zowACa@sFyiUmcx-c00_1b~l>^0ZcDbb(`!H9ofHacVAic`~n0MP_}pK$n`+IHzjKm
zMz8jnYk#_#YV}W0F?#wp%A_ozu&$MB<n1Ub1&3=;S_C&d1gLH$Ex0s}@Ea4~4PP4l
z@T<JH#VCpO8*Paw<)y7S<U6xgVtyqlQE?>{I{(sQ78KD6j&(2^IZrMe-T`uQHgfC9
zbbaWcUegN}%L>rqyyghMbYQdkA!nL{V;y!yMK`Co>7{lJ8?voJ##1lQzVtLq_CE4e
z@x&~tZ)=M9;C6<kM+VmxJ`???hpOo`S_0L`qa^jkxD^x3$E|N<et^nPz%0u4zsUN_
zsJMcqVHh18f(3`52^Ms4*9a0c5ZoPtyE70%aCaxc-5GpvcXxLi+?n|}XWjQaKki<&
z_K)3N*4=w`S9Nz4!bLxiJJF4H_yMDFF;t^%W1PpkGrY2k^hy90T3tly{jDb@ORA3l
z@u#~VhiDdwuiHh^09=idPf!TbXh0z+N~vtm`taB?MU%jpT}9G%wq|a`=Y~@EJ@QLs
zSNp%x9p5?X`jJrM2d8#wVHNwgs#kP3B}}UgU%Nv&_PiiYL*rEk^#_?BcMt#B_1Pjm
zJ;kTvMYT~LF)m&X)1p06Xo{ilD2x2yza0MzCtV)kHKxX?;BI=r{tTiTYy(R>NmD%;
z2q;dph({Yn_^@Tw4%#4`8YSpa*Ac%cb6l7z1ZmzqN3^yJ`9!X3xSeOSEqVSyFK<hx
z&FdwA;&l?(+T$dPxQsK*h`)=T?~hZvjrsSzr2PHQ{hHjwdaN`9tI74Mbt&Y6<RWVx
zcCBcyk1W<ZWp*XEOnhNM5}jaTx`+^rXogVP(C=>Yo;Hcd`~;s2dDULc+l9&>jiCE3
zSYcaK?U%CGoh9|^^L_DQ*Q$~8m+0*gs*&@k?H<S1jU~s|jipTx0jG|G#7%hCl-KyC
zFkyclV{oTi#!z(nQfWnWc7;F-te`uK@@;r7HnCiZGif#O<OU1%#=RhAJiL#;f#!A>
z`%SP0m-=kBtf5f)BOPWrR`v%OM;ME`_QI#%?1iy`k)DvvNmBUX2Uz0A`L<(G9Zr`I
z&4rSaRz#UJbca<(0(iT+=r5HFzgzNfd}%`;DLsq6h-%w}lX;b+?d2I)E|kGYG#9K>
zWghm(>zkJF!Y8osORS_Hm-8-`GDvMR8KE|KI>(CZCrBU1NdCSaR3u!Q(U+_}Rel=z
zv~wAFg+xwC^g%bMZ3Fr!WNz;%QeT}h@Zo~F*LF%rUwX5H51X9#UHCWm?gKeZaYl>;
zJR|DzPzKSNT3(W`I;qOW1!TktCUbSA&hHWF6TfX8`4ZZXEq)+8YQxk1sO@Um0;D-?
zyckz9ra;tQ8xn_vIQpObi~O($f2Qf{<QKjdJ%nRY??*n%os7fhz@D@an1PrRc-!IP
zI7Xexl18SFE2Kw{hNmk^g`?gmv4{mWLq+UPWcwl;x^E)X@<^jwKxP^36-LF~M}wc+
zdl1Db)*kD%w}?|uB_kXkLc1*ahxXK%>t!I)YaR!3^+ASXnntq9;(lY?V<5Sk!2I~k
zPh|{cg8jX!tu~g#ren@)(%r_zTnd3w{g1O94@!7ruel}W-h1iFXVS0`YSvZzkuE<6
zGjf7EDZV}U(_f)oNORVPl&JhAgqyj$Qu`Q_+}`x-JiHzE5v<73rWau<n$%cp(W!12
zvNTowgDbrsSjyy+z%x^%rYrs|!AghpeQA{A<WOqXyoWEd7+iMQ@32GLP_5Cj;-^f}
z?HGV=?MJ9dW`=?Xs$(*Pu*9zIn-RS;f+}a!1S$6Rc4*e)|2o@GAZsX|_|=2E@-vaR
z;jfOV<B3k)H$Y?2(78Rc^!u+*Je7J~Z(PlV=%?4Bd&WDM%je^pg2wZHsw!BZ@f(*0
zNabB<0;8lQfqk@j-69DG41CO6gC~<xL0kCa>E;-q*OSbp5}8FY7D%p3%JL;awZznt
zTDxgWry{#xo#}Fd)iz1+tYO6V-NApIf<74Cy1)0{%CwY9myReF(z-MWd<sg#!=Hul
zeFE!OKwAx`#*)PQ^WC@co3g1%%vg^9zE10BKSmI>wzCwFYjN5BY}K!T(+;gZ$V=k~
zBEJS$7?8*AMxJ6LSUx;lv`t`Q_n!+#&$WA>&nd{nBDz!yuuS1J3l~d`G)efbQyi4@
z;rHttTM>*@Vr3nx^Ow8$_D4~vl2HzpKJA7$@kL6lw1-I4ZwumILwz_w<<cj}%=|O?
z!E(2Xp*y?kPaAh?N=ih+OVhL+sb9*z4*dZLnH(Tsv&o1Yg}G|h*3nSgj<)~!z^<p_
zu0nh1jBufsx;m+(U4SWfeZ5AJh}s*KX&BfE4%<9DI``F&g|2QsT_;#IW6(C6hk#jK
z<q50v^$%A07lghznvpmrPBS*D)K$0T7NMw!invA5@>Wyq(%{|B2uIvJBOCmxr@*sr
zdLp!jlMARe7^!AdZv%^|dagx+cCXMDiylnxNX;~l6e<aa#g{rsyo{LN8x6+Y#-fmN
zq~=h#HZiui9t6{AMmHY|EARh!U6Tg-DTX)u%}Z~dT{Ve*?a_xxih*&NS0V`=HL8^8
zp-vAW<)6PUF{7#OIeAg=F)RcR9qr`H^w!}a?RzlV)OC;_N&a}UtMc-pAf<Fxc0sGA
zFm(<>FSZ4~H(M(d^S3ES*NQ^c;!#RmBA<-MJ=vgT{2E`aQo{RjP-RqQQ4z01cTmKH
zSU4ZpD_PkaFt<7GJymC(wX{4)P5sYK<HDDjq2S;}^}KRTm>%@0Ypnd2D_AAR)#A=h
zjYdmQf;$#l?*muLpOkQ{0!>V=UM(zC)nC0ac-eUNbv->BEP3P(Uh*d%reU%np$Z(y
zT?T^Bqd|}dDY>#vk#$0X__yR}uBj0p=MwO;Q%G@f$u7>*@$9*#lzzq?e`;jtaK+#W
zjd_pvKFz#`pYff1XejIZSOy6qPIC*JPhm)Baf9|@v}6)tog9qD3;0i3#-n!ef;GM|
zg4i4K@_-Em<r#bv8EPDQ`NL4<u6R2;#pqzhTC_KL=_4$0Y>wu*x>jDzi}9A;jfRtR
zt#8m=%28k^=NfN=V-|5n-;KEW=t$UMI@nJWpps$H;{BOyjd-3*-NOIN17k}0VArY9
zsByPWHj;ZHAcRCXj%286jl7Mu1Z6Nc0qc#6E5y?h&-)=rVqT$_*&KoD9E-H$RP2%m
zIx@$o2P&am9h7$T9G1!b7Vhxo8m>|Gu7gj*6l#g0{$G^hIAu<}ABFxHd+-d#mo?tX
zdvLaC;z%AU>BUfW&B!NCNVGi*XxfXmgQ{HuPXoR*aM{nXpXoH~EK)O5wSM6bkYprf
zXxph%O0F~AlESE+H1_cIqBWYjcS#yN9|vYmOF(QkX!WvL!&~33Op|etd6@Azv}^Gw
zo4lFa>i!+fqK>2=a7pVnaYm?!JMt-PJwd(kgw6#Ky^+;Lq%{U5!9HmH(|xHV<3HL-
z70dFw2ZBk>gn{SX!F-3n?SEGXw(OP;ZeGU{_cP5qTHgZx15N>7ZtJ^tP`(ZR2b>0x
zy(%n!g<tdk4c*{15;XjaVsH)?!vDyCuinMN?u9Wehj~<qJn`F6Z{Z@zpHq(ge&-8!
zw_W5&Jq=nmn|TGjJo-LoWR*DRkug?i<{?>vME{9Druy&P<%Ad4Z>lZj%2>7ZPVBg`
zt!;b)k-Pw8p}`yj(gYYQiMybdAURzp+J|~7dSvuXy5Avzo|c$@n}|#mnTXQQy}p&#
zsT@dkTrW#fk&c`?5`O_HcB=Fc@>7X-jWZ3#MD7*{PH}eO<7!QH$0Q7-(q!k!{X;R;
z+@Xm1=@1w%q5GFm8efs2m%xF=L6XMj1Enl65}VntIaP{+o{N*4|G@q0+ZEtK_B>0E
zguZ7+<0E17Yor@|nDpCHIdwUb5I}IY$n}iGyHPMFu^GO-Dd@x*bYh&5D&-JMoD3MB
z&`xt~y}tE${x9sFUfkPer2Xj?K|f#kjYZ&h7nbt-i%%QYk!I{~4p>!&5}i9EzH0~a
zr^KQUoOKT@7_1r-!7LoCEE{5d6ivj<R#X;>;hfq4E@#tjBjVhqNo3{@23Ld8z|A(S
z_#fv>9zMJ`X!5H5{HfFUoI@YLF@9+yRxhlMIkggu@_U^QN_8~P$h|oj%3La}j)axU
zA4YxN<aOL{l2pAzB#Qfl(O5B1fRIClXS&%3#;xxm`*FUxLnl`jN=yoP6RL6wAPn{<
zYg(Wn{k<91Ya8cO9Xfy<rij&fOGLViZ`{CO@)fP(M}8>6%^zmH-!U6EbRH2a81C-f
z91(n<=Ywpn4g!ej@(jzO83;Lqv_4pPq~Z+v%H~+6_GAAt4!u81kVH<WW3t`wQ2Pql
zJ=nQ$A~O5AUFfbzQMQvRpI5oPGln2gjVg~ra>vL&<ze)}Uo1+l1DcX4Yq~)#A1Z=a
zmmFdR#KXNb6hY4G4~$o4^^HJ?U__+vH+i!r$)L3(tE^odhm}i_8{rg2zjpGS%7_kC
z8^0<`R+=b_UO)uNLAHrdSvms8HKGG}oYzgB6Q#`o9{MJqvy*}9<@BC1{nYeqMTXk0
zCpYEmV?tt2f!8}T;~nCw{7)Itpv|^ZQalf*l!F{`Ynp3?A#oPx(9ycvQLfJ|nw#My
zjNd}7WLeoFTkC?_>w-jVa&ea*W7YK|f>1AZcm{Au9as=n(mu|9ZXAp>EyMVD@5tQ;
zpfvINyf91rT+1dXS%K|fra*%tZ+f&663WFAT3yLAVt~mMDaPVlJIdAFCh)ykj+RVk
z0NUWUO|;<XJBJXGeJ$~M>f|gqflP$(um+KUkhA*t!0mw4ciR%$Z^XAzkD(sDaU62$
z1vR0__Wn+`Up^@&iCx+R3!k{Au(tMIIw&Sxqqc+*aLRrA+iz?p%dEvG5(N17<@VbS
z^oe}oEfayi@VkgW$^gx#fvH186t4(F{;U0K?C7-b<n-OGGV0^0f4N1{;*A@HzxCny
zL{6Tz4Md`$y`O;6dZ=ld<;6@$MPv(%)NbRee5l-dxI;DXbjZf{6sErv%Y^DU_NjLv
zG{ni)&HDSNzW-gTDr6ITlOvnki2lji(HQHw<LXz*2Xc0Ee~>%eYf_rCkoVclbU6WY
zU9fN?G(yAp%zfQrP_x1GaW`6Ti^}tsH=07!W5B|lx{bcq%^Q;J?C#TK<MMf~c{6*7
zZymPbf73U(?Uv;Pfe!{i*qSyH`6;Q#m_#6T3-=dj(wUAu8&+WPht=J}r+Lwf?h#M8
zKDf?q{`^>O{h`5XD|RnchuW3;VKq1Of^qGa7U-MNH=_?-B+_9>&J$KS&2%Q4aT#1}
zouq;B+ZePoST(r=F=6-vM78xlekZ0xSruF(^a(T?%gWYZP3W*j__vW8%U__U3MUyd
z7@rADCd6j>qi72yDeb9T>L~i{r%91MrDxt7NHsrF7w6JbdAo&x`V;Ulji(98$?YRL
z@6fL~2w)0I!3jNBTl5H87CaK(aZpsR#4r`?l<$Qu83cjQ$el6Me^%Bzb-bLv?F--0
zfpCe(ia%xv`2Klkl8;}fUmT{H`~FW3p)#rrg+#SRNTz5I5+I6D8YK52#NyIms4gXT
zAOvfVh=~%c9M%-?a$(2pCv?^w(m<-R*~MW`Wsy*!Ng1KU`74ZntaWPTA}1ljOkPSP
zmS-D3vYMs@AyzY0_G_RDwqsw4OZ<1^k-!LMLD3mfAcJY%c9gR1?;`xXr>}opgq{yS
zN2=%xeOH*8wsQKH*X|;dqL5sL;b2IP1d~gs<CZOzg9aNUzqw&dl)>$Rn|E=S<r2P4
z6B`#uQL~E+Gkhru<g@=*FH5!;Wig!}5DVD09s_)0<z=J?IKGuB4vm$WM91j4o4YVZ
zoV=Q{5|@P-(7*HnHeg%ww>U9WXZSG61R3DqHU4KHQbgZ<PtQ&Y0>%suqKYgshmt)1
zHw=}a!|PB)Y!9Wcjh0;OKl$EG$6GPg5=6g^Y2ZXPFsvKo;Y{VU4eL(%$dWM95t~rp
zjAaVjDo!AcZn1f1ev*vvF<+HKJ=I56Grk#1`Ep%SS)AVMGTrEd)TjPXj&Dqq;+td`
z&b{bMpRh>38kVLAZ(ji180cm9Xx*$3Ygc%tNEs2C_5HshUKrJPBhw{drG3ftB=eiN
z#z{M*0I=Qg_jN}Ou2?D#%k;C)x^xu^2g~!^a`T5(;^~>IqJHLmpkJU%<KqYu_*AmM
z89~`eI(R`k=(r$3yTFIr#}tFWe<)R;E!*SIrZht292qzosoBJ5RQ_Q6Yd*^A9&|ZT
zM3d5%5}P%`Ak6tgsq>S$@QOz~zNXVZm*CZ&j$<0D!aU%&llR!>URVIiU^47{ZGuFt
z^hdn-r7vY8Fgoci(-k_Ni}(qi!IX$Z%N!35%1}ynN3n0WWY4XLW9WLP^51ip?Rp}Z
z4bMin+?Pfug-0^KsP<^nwacu8-$c81Av(V&<Dm5HwLv-@8n{10_<fxs`)6NIi0bEn
zto)a107_O94Pr+FZ61H5c^W>LQqNg?sB};j6`fD-gCx=lg}Hp6N0TsZmKoD_{6O4e
zcSxlv?u6cm|Dp-j_812POME0MA2j8H#?dJy@R~i}SuAUHC#)J_rykz`0Yyb6Y|=6d
zS3M08{csp(nr7f_4;|k7Oh&{|2IF6HJtf25vgkIgib~%sYGb?NlIW}-Xoyup>yV5C
z7?IL`oAHJ9hhe~i;HcyT9QCTPiXiT(C-QCiOQgT;8uER}LlF|Dgv_nz>27<hh?+aL
z6PzPj9beXDxcUM@B3i#8^GrxJAw&*Td@N_j6iQ#Ug&9ugeLXXLy*#2|U2h?bRkXyT
zImUeP8&TiF8$~4TLYP>vAJMG;-9%Bzt@6TZhMxZZZII~ZZ4*og%-^!KzH=K?V*w7r
z8{*6<J9*<y3Ngf}M@EDhE~r3pwaqou)HR7)tl8A;H00i{)lba7O*51*k&~l{!nd|_
zRF{;rQ%qXbk4fjv&6`LvV_{}tuH7fpxpKBerzcl#T~4mAdh<7m59vsA5?f$#_DorT
zXOOEhf9}|k^4Kohynb(?{9fD}p^0#cv6Oc_?X$gQJ8gfgHF$T)K{n1N7sO3r)*Cc8
z<zubrr={;F*<Q{gE)FirDa)(N;Q;3}cBrcugZD;04mpo}9I0OVc3BqHwKCP!YV2*K
znANSWt*or6YctGNyJ#CVMaE6hWcIa}&$6&+Mktq#pC7#NUHeVW!sVs&w>MX|DEVJw
zG?ae`<@RW+nAY#@C+rG*dvht5gMuZar4^c6l~dQFuaa>5v3@z+851+?6vw-Q7gCqQ
z!|yH?Aj&vyKF-F(%*M{@Ot?q1vzJJ;M?#XYyL?4Cry_0Co+~h}pJu}Hk+oL%+qdBp
zPj06$C-ViTlZUVLy-l7`8DwTrTe{W(M5skYZ{LE1XkZCVR2mc1m-E4DjoBpE!7uC(
z{uUQAQdEQi*6V$mlR!xU6x6@AxTu>-*LU=f!KBI%X7{SuZ6{&twzI|~!*FthQfUV7
z243O*wB-1B+hJEgf0~^{P%rGim&iyPBHR_K1_I5QZqWjSg}OP!7Lz_y&VPCn#472I
ze&jZ9M*G81qUoFK;@GEPVe#?Zn*G_9a+G>c*V|TYY2R}4zTxl5@!9bj=%P+b8R!A6
zov55mvUL2k)f>f8WX%ExSU>K4^I7!H0CvsIoCo%pc%DCIoNhn)^x7AE9^ytap5Qhh
z>nLC^ZXSjYYe9T3$H_E&Rhw_02fhNgNpw|{j2GX&5zsr!4;NjFS=ZRZO}g*yfS*R8
z*i|l*IRUXz^yFGLr{!Mihm&hAS1+z5^w@+vVB|a;Qtjh?cf>DF#1#}Tm8gA?p5x5p
z>w9JAfnD6@)kRl*;NX)9#SFLQx`Yo6j5}rwOZwwK#eNslS=oO0=r71NE9XI)0R4WN
zfbcW>C$%C}Ke@rZx6RRos1-y-SZ5a?+&<qM;c`Zt(Flkk6|DPETJC0pd6rh?leYdB
z3R|-fy9{<l&T79n@uXI@$b&z-Z?y~!OP{VGwvLdk5Tf^e3Odt@Dt*lG+Fb1jB>X#5
z8pp;_r$*ERX_*Jje9AM*v;|Q!=b#$ga68?}zW$2~w??~G;4n?M<|o}eb`>F->+&$0
zGmLnNI2)r*l=&fJ^7Cp&pO?icb(`N&l1NQ%2S%9hEBsn^=td;3ISMHn!LdjzHgpiY
zDtj7%yzfRX+vqw}OFH*8?@5A%-n*crA)dZg9B~AaMFM8t(m75><^h*@o;k5e1pQ3e
zLq|J|*x%zz6HD>b2z`u9`owun;LF3OSj_Z$!5!5BX!V5(9npjQ4x++*82dPWet7IG
z!b<BR89mvdQ*gcn`E}Y>7<^^aGka57{3)8a2I0@AM(13g0q0I}VO_^O!YIG;peLa?
z6-=`uSzQAhM;&1rO6rC`(I6JOzpgk%gQ%dCal<9nxQxY7x{->^FV$h^F4DOmSU;R3
z@Ua`pDebOvJ`RVGz=g43#>O%A&OON(vIOI4u5-9ZSbZrsnY3#`d0=BKR2^|^l~2#H
z1q&&77Xw0!?;i$`KWF^q7Vmot_G@-6aV1UWnn)wGmN?$#>-!Sp%5$f`vf&NU%@pNm
zZ(T3x-Ub_Z%$DsIW<AYU&bi|p*17eG{ydFnv-P!!c+bGVOVV-CQX6H>SCA0N2zV?<
zGVQ>+0DK}3_~>S&`|0OM7qd<YFN!!_0RzzO&pXlfKUM1%<fgovUrb6I16nE;p{2Ev
zbp_iAJ2UT_)7ot7TnWdb6(}oqG`!PRwbYC(oIAKG8wZ4(769qpZ^GKysQsLxg8N03
z9~X1$w<~-R7XjAd8S6k^JG<Rhlm_`@fk%NUjS~!>=D?)55*0ZswcZ3{>r_$9k?dAh
zj;J>_+hrz}(NnJ8bYxO<irt$cf3Pn;HcWH8MemBCn6~1`*@sU*pU@IyxA|Vl3Ij_=
z!q~FNgpSt8fNfRxC16P9khS;C$yD`lcH?Q#qte*2<8jAvyI9+aJwf(L>K(jY4=x=B
z@w<}^oQ8Q>bVtKQtxmPT`W$Cb)Re^#S4F?pjl2?2T>;di>7~fFVw@S+#_V_3XT$=#
zfj=6+xWdM>rhQiQ3T?A__^KYA#_6C<Eb(c>m92(D*N?;OWg@n_M#JhrKPMQtpKlyA
z<2N3y8fPHqc{j<FE>!`%pSRGlf2qE&p03oc9iy_2Ccl`SJ8C62Amcm)OZ&EH`0;E)
z?h>C(dT$4#v4tw(xSsW=5HgbNORMKW=ZeZIs!YMk9I?#+0)C}+$4MQiqOD%t4Oe&@
z^L>y-sJ;75k%>NA1VR|!%7m2+VnmM)Hz1#^pz*I`Af&z6r)wyl1dVt`4BngMt*&#z
z4Zk7(`!|BqvAg^;ZD9Wb$j3xdi{>HR#Lwzww}KWddems0Q~!>Hl!$-ctE}GVW#lH`
zf{6c5cK}m7W6Q6#6Z6II8<+e_I6R&XM>`S|2J>5Qf*FRpL!@J|J}8^<5mr+r$DliN
zh^<+2^o&-IHH;aL&!yBBe8aA*uRrA7z;XNTypR^QNl7xlo;Fevq3}atKvSOH`Yi1V
zoSBV#KdfcN=o=!Y?G7y+AD7K~+`z>&fVtg03KOGNlGUEIkA+6#Dy+q(Htz)SmrG}f
zZo^Qj;ev;Qj*+RU)<<@Bu*0m<q;)>u;Rq6`DABFdBjI*PQLfd_+}1I!j;Q6uWroOd
zUz}7oQ9rfSnqSoEli-UzHP=m6wTY6?Ms$4XUdF|Ozs2y9V&?hG4T!Dubj1$zEL>}G
zICpDdYv9Lq^@|!*{<znj628YTdUsV%o$+uUHxMUT$+yC>Ur;Ho3-R5jRpn#NcAZ`v
zM`?%brn$ElH@j#XqC9T@9an_iM1Ps@Fxdw-*~%=vMiK*woNtszl@{vVjplS#Ry_L6
zShr}mH_?e09#8O(jN3PQ9n0-0O@24|a}A<eSlI9A)BnDZ^4?SB>9i7D*=~i&XOA`b
zlW(qFDW#Y6*iz_F`uxGwPA;*q6RqAUf_3~Scz4<P1ZQaA&91a{|KU?$tZc7IE+I6D
zQ}41=92#(E0wsrQFNTw6-q|xh_42xS-70Y#cs*YMsUVkQw0mHY`#o+X0@T8l1BI3|
zYF_8k@dt;q)=cZH)s2;zBrmncQ3EV=xWm=I+vt9{^37CcsV>wP?6xYJ4dJ|!hSu5l
zW%|yq$Gi8e`g9IjjQvz_Pg+g8T_{<)qIxLYo->HLf;!x^)U7NzE*!Zl2{$=CjqIf*
z9=boD1`n%}__(gWu593xUKZ-TGo9cHa^?FG&#QHV$F1)zK+9K8;Ym_czk$y4hK|V@
zyuV{Un$qQz*V%o1-J`FZTHpDqZr<*m+4H_^RD4~l`tZ$kH7=Cu8QaTvxolqXzHQ^i
zS*2zR3XCciq0kevJ7&UJCyNAY{UM2fi~4To2=jCH)nRee{ILJm=d^N^u^w-mO?7bs
zN~4C{Z#~UrK^z;o*X=T+YgM=W4OTSG*}g|BRm}dO-d1JYTcQYxqAho`_A{#JPBR-W
zbvIws^PDSNYF&CP>uS!>PA?rh`p8;^iFJOM5S{I1^)#`KrL<?Uk3;FTo>3Yntwr)3
zRnrQExRFY8Lo46A2M~}H5El?)U5297)W90kuHJ<hy{~B)M3h3)k63sYfg)8bT-Fb@
zThevCXptuKbI(d~c(%A{d4fJ~Msn**T`2_Ww_fxbZHo(ugEs~;d*Q&_)}(PK;KOZ_
z9yX-6wVo;WU*mO8_mH?prPINgDsaWuZAdj!$NqV@K<8(>4)`Q=Hd@r@ayAPn<tlc$
zZUNNvv^jOJ#FYWH4LvXIVzxVpq_}lHny|0Nv@%&A@WNR!8U1eOz{32A`)cW`#C>b^
zUI##K5Ip~49+beo>RQ(%>b|X!DZD1gFnYfmLpi7c3<Wmt2D#3=>XLYORo04=#!^De
z)<y>R;VbRVdAt4h1`Isd)X&ZwXIXyy25NVnL!pWJyVeX51CP5w5PG%Qh52^=>*^;l
zY(X*o=h>%hY+slAZ47tHo7SrcJrIka#VNLhmhd(l=lM)(2pX5!BppGsl%_Dc_Y?h2
zMzMJ(#F_oYOC|HYttBhXTGF2zDRxd-DiWQf8<`=JK4u@IfOXsv1k@o_sH0%Fo!oc1
z#>wd9LUit0ZA>RyLBWPD-Lk}8nP|cL3yI6cGl2zzK)Iv>tz)XO#-FLZT-!r)%+Tv@
z{VVaSYmm6@qwng3B(zPK-sdsIo1t?2;W^qJCYWnHQYv|!Wa4-!sI+Rw1b1`aejVWz
zi`Rxv)hrcRRz6o?N2va?)9n@b&o@Qyw(W9zs%If+A7gS7>^Q1?dX0R&(XMAS{ny{G
zaLR_;?sW?5z+(gJa<WBrug6rB&j#q3Z$Y5$U%ctCqts_}ZOA$hLup}FsOj;vbB<oT
zy{_OET$o+PR6E)N<i6=PDH}&)#Ciw1-+myPp4*piIatI-!LVR2*PIdbGxix1?QhpV
zd_2f6TY@JkK3U3rcx<=nb_HfR!0^<lE1O+!=gr3VmDn2XyqBjGx+`?9T!w<e3&d*Z
ziy3as`Z^U6BPi@CLj*sUbe>D=w(=6QQ`}AM(xqsbVMT-^y%8DysVEay7W4j3qlXG-
z5yVLwt6~>SVoL<1c04nK8dRSYjq<@2RN?L1!)Xj8?<ff7L8e@SKWmAJaz6wlr#85-
z3!8u6YX(Kjy|`{Y4XP!xJ)BD&iwq49m2;QpABWGAWV*VHd!}YkB2V?PhB#FJj0zvE
zK~&vq)a=aq=;YBwIIUg(%+lwdM5ri!8d4)Hc17)MF}6A^&aH53%MRbHO-lmqQ6%1Y
zUCjAG#9w5SPXBO@XNW+<1`Y_o^64V`u*h^0y(`I$0B<mS!Oz|EJoqr1IP-Sq=_S}R
zYt1E+{&?T-ic06&W)7{^;L&>{cNB@Q&rbV#t!<yG<^FisT=#0-zWwnsuvTiZaINK_
zWL3>%EW^XZ;xWHv?j3jgn%c$o19{e?fa`QGkrKu2R8Z$ILxp9#S5Nd|OR2uK$KJVk
zlDSCB#WNZ=eCbU4M~x$_R@~RA+cA8tU8tbW)M*rKzXtne5e1zm2g<#ibB{}dZ8EMW
z2&8eint+X$<xoDDjo61ly{cPCsnn?7M(-Vo?{nACa4^t!inDI-RE~QHIN)Vj+D7*>
zEcsa~hhW|9^<HHY3zgF2rTp|m;%LE4m=&W^imSqTuYIeM=%wezpWb9vF|*UOo8Zwf
zQCRT4y`>C}{m|0~>&q%e7{LfX=osSs^YgwECajsky~sQ7aOE{?pXyyXys1V*pXyfj
z$;5Hl0A@DTk~`LBCwB=fPVKjOIWN4k7c4(P*se)EGwc6hlYZgZOX6PN0F`fG<Smr8
z$#qLDS%=;IF@T9WPs}y5z*6{mo_2z_r7M?QwZ0eZPs#yXPX>8~E2(^+{PX8e);ylH
zA`9;fvTh`-35FVdj^{sXfW)t_tM4*jo-aqaZR0B+=h0XS+M*Q8Gat5`EyO*c=h+IK
zywNKhr%@>;N$}04$4k9HKHQ}&ao|P0bfK0oK|}`xV*KoFnVWeIy+-PUlt1L?0Q%i_
zv@tp14YB>YEPf&mdw%XKPmkDZ!t1`)bMypCc0-EZ@J>DIlSU_4il<Jtx3@>{LV!WL
z$5ps<!=Lh`gz<<<bpyUUpHm}l_NJGx{5jgSFACI^e&<)t5lA48UcKt43=1jIOyOJL
zyx)uM=f^w)4UmglUm>;HO4Vj8=WD>zho<X?JQBs`?I2t3Ek2k_{N2=_`F?n5+0SJy
z;Ip@nmfK!ZEi(!G0o>>$&mhUbC3f~M**;0L^5tP>es1;V;=r{KcCT{8AA0wL7r3DB
zHF;Azagut&luB^KU-@*t`#Wlp93-^8myjA5FH|YM9UjC2;@3^&1YXGV3~1l>ib5lp
zyf>=Lj*g+EO*I2^w<EJqD%Zz+@(fOQ3#`VgdFl#S>1I=RbUAFh@Ln2jb=co{XX_uE
z-m<mU{HLm;4eeruTqUM{`^}J#Fnf(#*`x)8T$f+yPSDd0=jXbROZUl5dczn7<y|=^
z@3QZJ!wXgFng6lm@tCiRm5uD$a<<L-((Rn{>DB(bvk{z1fxk_lBinJ&y2mc>S_4jd
z5lGYRS}&)PhNjBC-otH)i5r{WM$~r2H;{O@!(0-Yx}WbFW;V6iz0>?>5{7>9YV)~@
zRkhD+6|JXnxZ>Ki&$9!xaIGiTt{rX@@g|S0g>EE>5BxZorE-MoJkU{N1KQ0}(U!v`
z=&{&F{-)AuV2N}6+Uj&FH(1{>Yxh8}4^L2B)FgfNXS$nd)jB~oYQc-6xzkY#T;5H;
z>gmQi*jL?g%}SU;I?JWIJNxA&!H-)VqC!ORl7CZ-rrw;KWk{MNvT!|>9$0yAcjSB1
zznaMVkefXwa-8}QF4oRhHP@2wFvhYD7WX+mSF0yzU-Gy?_WraSvcy;zX+t&J)Uv)E
zPvy~mUjc$&KQOt29JcqWw%5WaS^83<El>GfJ0Do0fGkwccP(d2eBjN{V~b}zD{9In
zyO4U=HrZahl!)W%X0E|U*v^0w)xFyscf9^$DnY7qPmh*~brjrXQiH$EdAD9k;X-^N
zmP}FRp~m&PTf<!}PU{6MoU9~l@wwEw#s2e=0`9tyGk6ic+$6XLfx*t68ONxvOkV=$
z&7XU9Nx0dLqv%Q2o;D9a>usk@^S6n!7nOu&<I6Q}%LR$x)q2=v5}v*8W%5i?H{-sI
z;&r+B=CdPiCHyF&PzrLpI55Om`B?MZMvY|$7kp9l?7Hd!`DCxPo(V4h7MB-R)NFP>
zGa`3`i99st){@}ZdU4(SS+~h_T-OxdZV%%mE#p|l$!ITw@_o-3I2Oi!scL7yb5JQO
z7l%foq9+vk@x>>OQ~s)#yfx0iZj9Tn^SfiS^ER1vrMB@oeAdC7ix!1lkd#w`ouJoX
zS6%D~%a<}4t@W~b+Z2M-Q3VSFxj^BJQ(QiI905IrF;ss3_!eBEv@(1}$4t}&PxuXr
zeP*L;7LlI&)Yr=O=Z$2g7Za8KkdEXQu4tKMq1|Xsa0D+U!Osvu!P4j5$5L^9BZY_i
zWqOjf^MPD2%xRZCAhe%f_s(~VTp?Y5J=T2|1&phu=RD}mZ(~q<04pfW_GG*b9uZ#m
zS@edcG{gqepZ$y$+`NHOdu`Uw`~%geD8Zw1Z*LEq>>=05!4<%4(z_F0;rYyq-599S
zl2hkde5I{8Y!cyfyEnX{G%G{YcZS;_Yty4-_Y{RXoq2r0Va;;9p#by6!YBQ*J5NVi
zNz=W%7Eabmf86>no|?&S-SH@HKYm;`8*-9O669uZe;#MnLM>z;3#Z077=i*9>QAOd
z(AuePw7)IxZJIEzHx_MXK~}xbuIHn%Npx=}{*0wu%#Ec~4=FP)2$}qmP<iwB3==1X
z?=PgLbMiKHZd1hUPL<dMYoalOz@A(t)7@}Qo6_y1T$P}qwEXbzS1EXtf&9penfj3E
z1IxG&M636Xvz!8cq*1u$u&Ds;!CADs^;__i?{~M?gWY21yVFIybN=NxC}%?DU9^?3
zS2~OcSzEr?1WwP9ocMTNpfT1P+)oaJyf6Ff?Ww9SRo16EQZYfUitT^*g16`FsNlQ%
z>Fgp5o56+IZN=?&S4Whmd$oJ)SlLbIVKd2vq9PAzTLIhpUOCUZv1+RNBDd4W%<B%7
zsV^_Be#zx8k6l``VB6(~$_r})-<t;$hJt5DJ=fFP$Zc~kk#4XpdFyS(^Ych@d&aUL
z6qa;buw07o=Xn;%zvk02<ng0j^rd*mo?74IN+G%JCA!ou)8`(vHr`~lmu6qVM+xe5
zw&shFjFO$M5c1nOF<Nd|2VHfw`~v!{WVzc-Uv(Gw-Yk>{;6OD>rKWdZJsZk$NXUc$
zL;yN~(0)!TT7*u<Gz<U$C?W#b02BZlD`TLYnF|juP}S4f#mtsn*3`_-#mdD~!QRx&
zhW&@VwV9nW`!{zNb_Y{qnt!B#k2!>|*#G~}i5`Z}Oz%zhx_Rwenco1(E;5c41VrQ=
zbZMHEVBHTNKgiWc(9ykLlu#~{EJpeIHT>oiW>^@p{f{3%%8H7LG$)PgiAvSWe^k#B
z!}a0NbkD2h2V1`uy7Z5tmw|Vl52vjUZB6^5Bi{A}ggc4E$wa_61(9dm%@*TzOx*ni
znM=al+{NFIS5gt9rC}s`Z13lKF&{FFLm&4cJBwGJU#=j}SS3>Af?od!wBXN{O4}q)
zuj#OO%sRN$pU(qH1S&53-?<)TgOdBpVg0l7aQH}VvAY3Fq0j0e-IS>2^C<ng@8$A$
z{%4bs0_;R`gLxj}z=s{(*-HI4&p?lrNAXcib9kXUzb^cFU;O3<4tb%_5%BGC#@1I_
z6Hq-7JXIf`YcpZcgAW?`CAT{M_Okbxrng`KdWk-SQsvkRY=)wMNg{oC;r|A4sVQ9@
z6b>opo#XL<D>uuiFJl?p!iVunB5Q^E>|%dYOF$(rGionS`+PcZpRRql``KD_7CZHH
z!3D<Xj~CU`!ippK7B^qLp2`I0{-q8Yzd@Cm&lN#h@nhkVlHM#FsHgxrO>(=_1cPdG
zClf*Tu*3f$f{c&-fbI3O^9LpUPd;lF`Y;qm9@QJA`t0Tsco6p))cs{@Q{mOamg26l
z>UwZfB!8R@O8*bXCHh?NyEWC<j1*#b8SU^}M&JKK^eb$=lUUyfGq(U%6!mDI=l!2B
zZI$gWgH_``Ee6(4%kAXa5A6c~(@@FEb?x}{)>Wj{=pgRJAd3r@{y#(z6ga0AvCwj~
zt=Flc_%N#VQ2hV+>A>6gN>r0W<tqIgp8|kc@cATy)WXNY$Nwm=#=pXGzjpV8^DxUE
zD{#0n$fjgjaFqR1+*J*pTgE`?R=+CVaAEPZX8p9e9q>PPaJ}O+Tv3j*n#oKjxWF#+
z_-^<A;q_iU8Du<8{l#X>YRk3k+hDWEnvkCrpY=N`f$6-MoCZvdY;L{mLa3HDLn~R7
zOtX%%kN(4tO<$-*HGQ>G!C>uTAY@qV>81bw=}-d4Ww*SYjdahf-<VjGR+-jbt-1Ye
zUIHt=Rn@owS@zo&idI+e|1;O%U%EfFUSw1JpB8sM?(n4a7Px2UI2iQ$8ztM78o=Sf
zBL7iv-gntzv|0_!+H7JFyuVJaEdKv1(Gh}`9E@YOFI^0;EZfVM+#d`7pD5(^Hiw>u
zN6-BgZ7=2ThnLpBL*Q4`m#<?G&U*Y{pY*tQA6y|Lm+8E_cJ=?{aD&Z1kAQ)iZgr=z
zQ2URqPg}|C;{WT}Y#wju3}-j>%TxGOTE>${vQC!p{|fC}trub$fH0=b$k{cNImXbI
z|2FkIQPTkhF~2Q<>7A^dpG*K4A?G~}!UVd6lwPPm9e~M$4{yknhin2%LQ1^u;&V7W
z9-$nNhd%Re0(F9Tf@%UG2K4~_09gPf2Im0l0P*0>0qOycL@j|R0-3+Q|C+y;zr2Kj
zgt!Dqg4hsXNVD++uvmwKiiLoMVv6(!L5718ffQo^Ap$W1bqBEz{nA$whWncoHwBP_
zo`Rf$m4cY^MgW@wn}d=ANy0DA96=Fn1T_O81t|qHC$Op(a0ReH+Cv&cU<KSGU?O<>
z`v54@fQYQ9tO$gFF%(u5Lc}D5Fo3D97NRE3N0bDFU;a)VZ#urchW;S(N3Om?C`B+$
zxZv&x^8eQHuH&nJI6|G#lXC~XzX4zlVGfBMMHh7ekR$u@rX$fm(!Ug-f#ip=fZT|B
z&eBoue+-yMvIDH3FJLudIB;*w`?L9%`|AL}hz$sKNGmvvNL7>$j2rA7_5fjkJJK1#
z3T7j&gZKtQN1%VEe=q<Si3;HaQRIyW*13Q`Y91p%2{8-t1VIG*o^6AyL%*XIkk*)m
zc7oIj@W4CAHx%D6>tONMKtKajBKV=vm;?v<^8@S={cr`4JuuJFI+g+2Z{c|7j2$ih
z-Trp~5Na##J>dNP2GBnmP#18Cu~7-&DiA`v$2u3>_~=h)1IM|?KPTGA_6H$EA+)1D
zQ~M`yKu~<p?x|=Z8zvXo{L$W`og;1`h)Ezxe3n4W!OP*K!HYo_z?eXuAdJDXM76}R
zM36zKL(agmM3F(ML#;!oL#acmLvsP-AqXJ~X$?hd3gvL;gy;K2xFWfrT?4L>O#xmA
zUPzAsE(BkM9p8WAG?*L!j<*iXhHniy4ABig(vWjtaZqp|a^T09#J0bA6g9*$WHqEP
z6fs0J{9uT0$YuCu7q@o~hl2=|jhcd*f|G)ff{}tkgZ8c#!2+-c*h7T<5r6}BU}zpg
z_fK?;6(AUY7E~M#bN-p7p-ekY&Sh`rcsNyq57IYWBSQ%?>-}mHF6SH`_!^6*41pUl
z2mz#JsIO(U)|y&6^ee!ujd2Gp>=#O>nrhe;Qc#-(5fGa&@g}R0OTd22f25Ne$#XX!
zJ%dnlR=AS&<d|i5o`fiQj|46J;5ff;et2dc^VRdQGaq<#yuWo!bnit5@-2S!T4nHc
z$>GtgDxw*u#u~XLA>Mfk?9De}E;%oDWw`w0qi!h{P~!75ky;qZ%rzZG6bsQQy&e)5
zoJ8sUI{lmvGYc@xsfY){b&YD7LPrYJn^K#8l8NbP$MDx0I>w4?>c2}-*KS2DW-ebo
zNw5+#OH-1i6RRIq^5E-xyqZ8Qx$RuqWe_0<|KL!pr|*FtE51n9?Z8_vAkfg*`Vl1m
zRX^vqwlw8_)I&)&j{%nH*WS*rJ^XKD?N@i*rE>BnAk2*7pfX4f$9cSI{g0aK{e55@
zD=17?k&R0AyNWV%%e_);@4qeoQE1`7Ix_EX1$IqBbYfP_XF@GjWme48U8R&^3^TLc
zfT?VbXq323rIhZB%jaJb-`AA1qW#PtXm_2M&1ZeEilbKMY%9V-P^6Tk&-_+&H<Z4%
z6wxRPHBT7m6W=>t{T9cx`Qv$pbxapr5`BU7U0t{FUj+(LCig7ZLqDXWNL>(7;N7YR
z=)0eh-ahJvrJLLbj^gQz=SHoft2(8tN@mvE{dvz4xeq?zhC@o~^Z6zZ9L+7*;!=J?
zL{A!xY;5mW*H#H3aKx9Cko5|+=Kci2eYRAT!@qX%6glIlt71B(Gke7MB(GhLf_bTk
zOHBCdpPg!^J*ZuzYu`H2OI`_O*u0z>L;fN;fsl}`V!3C3az60>u?F3sQf)~(z`=0t
zFh9s7>@w`QRh2!#00?Bm`f~48K9!|<OThN>!f0~}rv*M*Cq1@qnGJ`9@Ab}n6||Fo
zy%Dtc7>Mw0G6W<)a&>|5u4U)}$;Eg<Y^_O0?sZT29Xe;p-?zAk`nDTbaH0bOtaZ6X
zs`qv`MGykj-zjk_u4o>z1n+MV`RFh&=1p&Oa-}}8B6*}EA-(Ix`2Ma?(HaI2nJQJB
zp|UJfj6VEQtMKn_bSB*wuJ-!kptooXs2hOxc%){Hv^SG1i@qdYY+HVD2UK(D>$>Ro
zfC#<`CI#;Ic4&E<-Yf{J@xK=kJO~acIz*-kemC+-zO=pDb<BGQE3&&QA=rkO7mj9g
zm)lwLLK*ayO6OP6%F?LRCR4>S+f-?-XJJuyEftD!5Y<taZK$^$>?c=duxjM!KF72~
z#!u<#z4m64catjRuOH%*w37=mpL_e<LzA>ueQ>y~itj9!$cbSNn3F1O<NvJ?Uch$d
zdYAr1uG~^AIJIs@j_35z&zd_l$!q+-2xdQ*RFn?Y|K$@4XLrkMA33HqT#jlbevuP(
z{BM17p3{DvIo1TLDnhoPSNtcQ(+KcTJM9wEv)&tSE2}S)b(P>}8>Gpp5bpmH*i5^f
zlSD&$B>?&l0VJ%Y7ouz`dhMg?E5VVxQ?mppk@uNzlBL0B!!%2okJZdXo%{H^E5PKG
zCD$u~B|g+sUjv)Q1WPOA^l>AGQ~lgbQD@uI&tK$dcYSc2XLPRKo`zu--hI#p?nidX
zFS+EdnH$`#s=k&V{zoH%2)}CZuCr=LlGObJh56J}NRd@#o6EE0zx-II|4786ZN21{
zT`=fX`$dMoH!ojHY8qyDJ?8dBuJ*r8VwEsg2lVxpYp{W=@H36%<)_L_D;jt$5&z34
z`}to2%a%*C*}T?rbv&5=?FDlt1@A-E@nIpmo;t!;jw3}@7O=7>pH~EDvEUb=KsAkT
z<=VgCjAZ`vjrFA%A!VX=ee8Q!^qQy38(QtKM$<59FYGU+-OJ(EJJVVr6neUvqyv~k
z`P+>W-vLv_2gbjH=YE*wjN<MPK45Aj5+%sOP&3!=57?49%{F3_<ee3e^4%DmIlRmt
z{jcRkJ`L1O`h4-CDwbLjdY`o$65LGHexKp|ChX0x`0%Uepj0mQ!<(2f^uq*7v%>=V
zt+1*_IgN>o{aT}hb1wtZi}`)3jHkWdtC<8M(Qxy9#DD1@obsd6=5vRdgXA4`i=IW5
zDrh=`e>lvz|IqW$`pJ!woa8~7Jm6X_@K(g))8r>1b}kK%nzX27;^Moj?&~iV2Jz6J
zB<+mbu3>|Bb(cBh+nV<{7VXk{_YGagBQg(^I?AM234J~B*99`v3ia5-cF?@_##qlg
zLSr~i<;>qwp9Pki1Lka0*vS=?C42KOxmBgI;!;V!SWe?X3HE|kV2uyFIbtrRgi#2{
z^5DrDbLEX_>1HEM<n$p(g$I0E?MXt;pm{gQ6Q`J0Vn57IB9|EMQ_;a6|K8VXiRrs#
zC2npeS&&<4-YJvoungQ83H(^6+$QrP_YPRRCOaQ}eS!08`H7$Y<+MV->ugv-8|NZM
zAeHvj>vy6yEsyXQE5Pr{!o<;L&MHWB?j-bWDsol|5S#tT(?{*T#<3sh7}Sdy8+NsW
zQJUi@O1RhH_})}|CWCW8(8BacFtBU8<j=5RJ}}su_V?ZP`91nNbli*w|K30U+7((m
zEHlay7~$DV&8$rZr2hTHmap`(w=m&j8q~{znKWlCrlKSQw;Pj2YO=-JVmkKDJ>AK%
z)#YI?vn@iROTFdU!YkaeY`)F7?HsE)vYrbn{MnexzE$$a;;5OX-B~j=lTTPX!hLKr
zkTyZ<W)Dw|Z-#M1@aki-f^@EpR6v1KtMwvja0qkTVhBW7v3K54$k8j9^swB4d3Kg&
zbzgX@{OO4%>yDl8@yT++23rZN4&1nW!MD2UEA>cIpFf`X=sQC2ex*zU?6BJ3ir4iN
zu1xKM$>>?do4l`_D>5ADsT!^kmNNW(n0?g)pEpvUhWu%Y@lRszUk}<w*4o$u;I^8s
zLS=u@$wxD*ujun;hoNs3JwtgRbiyOG{T{<vi~|iO@8GML3Mog`xEzZi8#;-mxW9yo
z@;Fa^7}lUkikIo;OliuxVRi?w1l0`|(LEu>WzSs+51Qr%$c{-km#%!s)05g=m3Ie1
z;@9A&anrx+ri*-{K%m4!8Mq(AnrtD=#c(QK9O<5X@AKoiid}79o78S<Qr)8e${Z$&
zpyZJGV2oc}4^u~O8Qpgb5e=7Qda0X5GH4)z;D^uJp~`wL1jR9TOOi)N>}*;^D&|Hu
z%zaQRO#;_=2z}^gQqq$Qnn7f8lIYr$zzZ9^En>JaWw<e6SO8tVhAhp+EKRwFWwBis
zAb-nDf*8*>__f27<WmjPVo**i%OK1|G?_QCbM{%0k0Kc%KC*AO!~Gn3$3?lQ?(c@3
zZyV2Ax~8j+6d(+^L(|7>O>?AzixCQD(_95UQ0{UP?M@QWFC-3cQ|jO_1V~1PCyDk=
z_1z)Dp5}F_becpO96eXYY|j)8YlNG_hj*!@g`}M_6;WKko@aPoHnk@gvF&Z~o?^Ws
z+2&c^sr$|&S15)hi^=|juhGKUP0E0;^6j`9*6<6W%QsNjBgSX;=yaF{p7Wi5O{yc~
zoGMvfciHgmus~YJSwVZ-v(ArLiP+vZhPF6a<k(x&&v-PQ{s5)D7aP0>Au&9aj|);u
z2NajV5#$>*3=radXT<{s`wmGt7Fqw|s>Q9oeN^7XE{PoCyJ(ZYdwazAApwTh(e`~F
zf|!NiLwSzBact&wdV`wm&Yy^5<vbO6%1!)g>ofpv0XPWlFSu2e_wK%yil_ZoDeXJ1
zzwx4~m)!I91EVpK83|Di^M;e2+&S9{iqEK`v%2yBjW~AUv43gz?MWgDj3EC>r#~Kv
zL#DA0B9C`@jpNWXdKWeZ5!)tcJ?o5qO@KJhBeWX%VW;%b*}j=EcG#fzyOqs=bzOWU
zk7CdBGj68TT5f5m$nw$xiI(Afz8M$^-`@OUU38+73F9>r4HNt5-H-MG9W#x;d)_sR
z6dhLu@8H3&_8%B^EY_#yl&kjSGD>wl7S}@~PDJ{O>vVW$2x_)Lo_QW={DA%M1r78$
z87-eJ6MoiVLN=<3;Y5sgOB&zzXPC#JK_XAS!=nT7)hx`FepV9MgV_tc8u>KDHTBRt
zS-0hX1!i|I?kVcQ)b^tW>8^g_^P-zmYV@63z4@>>`ckjp#nXgP(mwRcO#8}xpMKK6
z!<OXWaL79|<i)wWb~&=i47IKAbx_8jKD4bVfgu?0A}+C40%hqP-G1ZL!V1erUEK&L
z%};Kfq8=|Z0zPe;RgFbCmKO(8{$<!8qtvZxJZinI%{Ga>$+UjcEAnsi3G=?_BX>pI
z>$Qq+%2h>;9K$q|U3mI=@92M4%_%DG+*(9UhB~S(f9!j=KFmn=)FT)aZl?Ale7u?~
zK3acTjf+~f)0oC`jq9P2(2iBabxq7|kbF+Ay_;cNtMq48KXfPejzw(Gd~G@=9W`Jt
zL~e~DZEQs>nkG}YjTwfQ>+AJnNpD}Y4IXEC24Q83Ss(5JpIwz)wCWM;Qzgq%7ro`R
z`HaoR4fk3%0Ybf9xQ57%zpoD}e0CZe$$@-aHz*l<=h7bA7kTkISIj=Wk(CnCxW^o>
zkC134BHv21|9xFB)=EG76Uf}ZodjlG3+GrqeLI0Q=b0Y*HwksFqs(}Us@zZKsA?*5
zoo~;gL90yAmzEd8LDa7KaOk&KBB|yVL+=w`dOnPua9GwipbGV^uvM;?4-PPo+B-BQ
zA^@_D7d6e)Tv-fp$5hV6uzumvM5N<r>!T%qxD(9EN|vGewha>v+m4hJSt=##w{F2`
zmC8hx7vr^rB3~x02){QVnGP5X?!_{M#BdqX^OD9De!I_nmNyjDlog}51O`3J(kSjS
z;6OqT2ZOtP{y&<|0;sL#4fjZk6szJ=phb$iL!rgpic6um6;BA(0;Me!cc*wMh2j>V
z#ob*3MM8iiK!7AzZodD$cjipyY_fB*bLO1ccYp8mKHHhv{mDOan2xy10{FRi*z7My
zXX<3s^Sth7ZO+fKeWdL<ikLn6+j<%kn4@N_U!WFQJuoJ}8Izu`uuI9zl#mAg;^<N7
zYs-QR%1tcH<vn=e@j@_+L=E&}7?V*R7U#y)I(4fv<Gj)sTM~*k+U{s{@r!mlH`m$j
zGb{%)G|qv;$30M1A3**<L#s9_WFsV)RM_p;`tX&4Tx%C%`%)!)6x<jaIjlsw^Hu9K
z|Abx`+q*=iv#Sqc+==*jA+GTt{z7~RNep*O(*H#FZiRaYHDUsTM_nv+Y$J<#(8iIq
znQwXj9k_2cUu+~WY72nmCDB2)yXOOhyg2O$CO`0rEV7}KP)E_3`eb8bHRTs)t(+^Q
zm=jYrESVPl_&}C%P24Z+RyEu)L07KcZRb+{g`4_PV`|A%IHz0Ya-;wE(myT_yncag
zf$=^jrDBV4o}~52sK`X@&ypuk9|@Bh5Sf!M5iOBQk0pdz5|R*>6KWA05(Er@>E25}
zyIfGhy-IAmT^)CvDpSMAi}#NjuP;U@Yfm2>ul&Nvs*)*rZM9*H!?<W!z8^Qe6TjgQ
zqiP^}@@GSgC~lPE2ERJj(js=6c|2enmmivkVrY5KSnJUxNTtcT1#M_YNTS-$#7Yno
zT-nWm^X;p>9!lTmw`BEe5>mNa-lN8b1v;Hw^j_dI3a1sO<@MjLl?#shTYUFwCFQBb
z5<93^lT1TpysTH0T!Z^~Em?kz3ZF|m?bCW^6k7qtN9q~|#|mxj5}+a*Y55P9(b*G)
z)^dxb%n{PFJ0-ij`GTQO6EU}we`24oj5utUq2?sJUev}Eois@Rd?5)jiMCMB_gkr?
zInG>cO?|^=B+<WjwNY0KF?NcsD;>v<#G{t!j$Nbe58@c?Xj0i+_-Pf}6XE_ALMjOK
zxdc|H(#BTQX5n+3ve?+4SFozN@_e5l3pxk*zg+v%>2yx_#R^8rpCi=-;<GxoV%L2B
zH_8!Sz`Hhpe2N^gzkvDjd=J}L8^BvrXfE48wWOCdy2_2*6sRnGa`!J_ImlZiqhzlo
z7Aql%5g^tr9-cJV=dG6P?zZ4k0!yXLYn%wLD(tX8v`Cfm+n7P<R!RAmj$?k3@%}A&
z#})3t(>bql)$JehQ2~0eO$)&?wFi#b?zZWIog>QrCBxbW=y(AE+c$Ey>ehf7f^im8
z!1#*<3A>Q^wIQ8)N?Sf<RMDP9HNd&<aXMF8=d1Q()Wav>^6Arr+69+<Xvc^n2snQA
z<F~#IVNPNIqd&2qcJfRMIolE-<@?PLK1MI8DH(F?BHOZL^|;S&eOM|HfB#qD%tMZ7
z7hgaL*%op9sh8K$BW=*K+wIKL!tEo~u0$^0!rGe^nMq&flQ-!@V9ghHEJ8QW0)x6s
zY+UVD9?|L}@mn?dOHZ_@<+X12Ex%7WZIUYq<4KTG$;&~&V_UMlb?4BGpK>T+c%Lh8
zA7lh6yKSHNuh}jtn0nRuFQ?knD(dqXmv!LK%bS|wJ5>K}ez5oKpaJxSsk2x~>|@q`
z(9gEcVA%xp!N91(6o2wllDKEnuMojp>_PRdcL0jVfjz|v_AA;Z9x|i0#5tfZvNjF7
ztOaZ8DKOd8S=A8lMw}X`VaEl?juiM_`NC~H#<wUX^x3Pu%4gkuSyFs3c`}stbL^E3
zwN6)<8zk)-^BwpmMaX(alM^f#pPjw~q20E4j#agBgVsL87TvTJf4qRF{Qj%`_eEjA
zej4?1Oiu;TBbNM|3gSJY_F+Hvbq*U66H<2t*X6_42N6%+IvET*y?>DT$5JrL?mfd#
zsOS=b&dr(Mh8g&;9?CpZyt)zAcz=>vFV0q9(qwl}W0Wc{W4vdFH1{HOxZ;e~{<KA>
z-E&7M`yynR^b{V%NL{aJPE)0y9zAD#C5&!S@^}OkI%RFESX(W>>E>xn)L1Eytg*Ce
zn?;acc{lJhUOj_9&20{Qyh5B3RHwUI;<W>weU;K2r@JaO5)7djU9ID3jG!vXzyF*n
zBD2xPYsJmbwVSF$f%BdKoI*<daJmsyG9{VbsNlKs^6|<-iezuOz`K<J!Nv-W6*141
zbi)yTPJSvn_2TjRyueVW$1B;i=eY(lYxFS}p4jy+NjQt4E1l+wq9i;@CwEuHiXXi%
zl-|hX+16XX`-IW>1r~Wv8@BhWK27id+mmY2%8U~tDJKsR5XOdg-=W{8fyur}N%WIN
zEmvbSz|(w@!)$m%0+<x;Vb<Qy!^mMNsp(W71k<tJZJU&pR`;2+{b?`wN!Iln2#Gu!
zMsKs9xt0JU1+cppDkTg@ZBTR)VF))_dT5B1$gatR;Y`Ty0fb8TuJ0W?)_azZ`pQ}y
z0QCsZk}s`z>ET9YE<t~`T_Ua*NC14B;+YViWPjy*i3h{q#cma!K=uhbZFm$KC<nrh
zM3UagOCYV9<?Rb96u*cY*#Wf5o0?vc2LAAKe0tN#7FCx*rYx#pyR4%_yhHqEkS{C}
z9;p!d>gQ<TzOf`BCm{vFlgM#AXD7x_5q@`NM<<AM@JRs!2Uq>K+?xcO+a&Jmg(URk
zS;UnDo_CIjm|Zo3{fY`5Q$`7Ph-e935ai;aJ%|uV&~@jTih<_#c~1D)4bJ8|w@q;)
zk-g$o^VMwx`Ru`ae`Kf{Fgc*Fbe`&L1N5_5Gvo8m)cK67EM8Qx52ii3tb+^Gd({ir
z56`nd2HX_~A0`cw3d&ElgjFmM(yX(Y*u?A+G$@rSJC~IMzov;8G2c{b2knI4v2dme
z6M8k^ark*Lcl&v3UoWE@RhUmveCF2YVD~gYuk?lnLv3maB*EPks!FM1RY*BRYC<51
z&piZ58QlsUuvOf)*z!?||NT98GCtql|7c|3GAf++?}3Ot>8wXi#vc8B^F9{<!m&5{
zyM0k(>z!A9Ux{SNrViIX4Yb#Z-{%*49=y3rSbUNHLn<gK#3#=n)?w>%V{Twz)vfvH
z+DIPkJ>(3I+R93Sb+mQT(sNH9chnu_3oa72!@+-L`_IsWmw)pjP=m}kGZdzwk1XQr
zg?emjA}#<;f}eG9X(&55=SRfD;_=h6S7+B{D|X#HiX09NwNx^5WN5T~p@QGCknl)2
z4Xla!i_?)AYRCAkydO4xDGyS}g=2l?s00GO@U-)drJxzA?cz@*mC1b~u^NT{uC_5f
zE*v3N#Nd8fb<*`yuC{4x^h}q~VomDDz1p0kQCT2NEK0~GAd($<HIUosAS?F%bhf?6
zVojWm;ktl$oPRtKOwa+4&$!vAFO#yxul3Jlf^a;N8@{H!UQEc1HJU4?8-v3%GtFpw
zIm>`%AMk-*Jzso)`CAAtMML4QD#Z{0mSy{NRAK}PoRTje_4%rl)$+`Mw(8ndLHTm%
zvEAS_7HKtpy%<n<!|TZU?CPaNxYb3gzW9n_9nIm>izn<L+nE+l&_;sFGWI1RH3(e#
zO6w{=0Llmto+%Kje_fvIr}#YaQzK5(<sN70k(y*?SlPH|iZxTgy)|k;l156i3cPGR
zscldl7M4BR(eoVqNCuoL12&chSNMkD5102LE`A~U(6foXvlKzTW%+4EUTj|u->lr^
zb1)ohQxTlS34Ye_<77Sz;`Cwd3ifW+S+&@P!)?}UrP$CllLD$Z%~KwTLi=^SN8H4-
zF#;oY930ua6Q{y9>IZ3N)q+Y4oFAL{+9ZVuW8bx^Rf3Z|+60HBsDRzY;8^x+J@n~1
znNIMj7hyq9_oTgSyHw)EYnc5_P_b9zAWG3y=^9L5mB%wX%~~V=<UHf6{HN=qQrV+8
zw(ZdUaL<Dx#UAX^FcuJv`W=Tlp<m$SjOnz~E5Cw~!8DUYs%pG|zaP{pSAv^9{>&mA
zx;sXg_P-Tw5Fxer8)%fRi58>%{rr9cErMJ^Il|a+&61o%UL1ElrIGtmm#%WE#hiAc
zQ$HV(G4YdtO7{`m>sq%)N{GbBl8-4>%jDWl7LSQiMVprn+qsRxn?ehgwz$PE=-WI_
zg&N8U?)6l4^q7F@)!TnIJpofvgp}xgFu5tMb}OYMy^{o$lW%3BqPjz&SleBv=lxE%
zF)<%D4)i5{rH+d(yBmeFsAuZ7Z12am#pGVT_1?Oa7Zp@#y?FHs6mFsxFd@RzfEdXb
zFh8IO&{GM^;`sI8fO_QKUhyt(&FJC)&uTW$YN#GfG{Om*C)P~xFLdjN^7kB=Z1)1J
zed4(dj}Ror8+M8dfQ_8J(OraTEK+&HMy_BpO_R@U8j^p-uFX8boXn~^VimO$RWlS4
zrt``JbKMX{z*~*H%F+&Nr8r|n;r-zHZy5Ew(?CL*PCss(9y;<?OfTQ%mI6bDyM59<
zyPlmC1rG~uA500K{1@CFcZxgK3)TrI?o5iX8$mWAZfOB5xbR1~aJp^?>9xWJngI6_
zwh4jkqD%bzAH$C8a1RqhxN+LF?@4fqA0rCKkYe&LZe_0ZcJXG@(>E#^>GkvUlMzq{
zMFsWSn!VZZQy+!G8EgO>FjXK1{krwkBZb}PsO<Q6)(5B`KuAOL;QO#1#$9gX1H<1A
zA@K4&>rqbk>&BzsOKIu>?GiPNulPH3)k?s1B#lyYkr&18Q|=7*0+Y*W+m4tHUMvO4
z7|~;*|M*A{F*O&jP2wkR-t}+ofH7=@1kO2JmhdJCp_{(0uK!-8uQ65#8w1}m&Ni&!
zW6c;}J-aJx&hl+Y;x5Z5Wx6z#S5vhkGV_|8;#Q7{Eyq;d=?rphu&%Rv3F&iu7bCW&
zj%Me}R=1MbOB?6sv9zYAx9RlER+2I>ulxCwerWNYqow4tLW45_mhNBIy^<6S)Au=^
zT>&^&=J}RK9T9i=DPdaK-9j&T1ZG7AYY1Vi_Bs9=kMtCH2U{qw)^p&7e8rq=zoIVt
zNrRRxg7WXbg1d-CEj|bDu9(zJyWvXM4%5z{=j7jHYOpr7%WiqH>5E;B&Xdlv?Q9CU
zi(NOsalP)@jUJ8SYxU%bhYOiA1t$5kL27nmL;*dRicss~_+t>$7@JI_@s1B~mcHyM
zMDyRf=-}iKv38ud1M<d5pCl|;I}CR-UAUc(V|@)eV}o8V;(P$NS0t_(bN|-P>?I~5
z*l8}c4w7P5u}GwH!w+h}zQ1WiJhWTeK^`aY<>Wfp6yK;03$pDKjAy%o?cMJYd1*|U
z0E_hOY2^BT`(Wa>yRYnKJ@Eq7K!~_e8aHZ`?G(Jh#S02rn$)#+nj|s>`XcC-&5p+i
zo|m^aQl7eecAlvJYq{dyo@jQ}mM5mV4<r!proRtT>Q*{p=3U)oMkr6oe+Tx3<2S(D
zsX&hgwIBChE~86_CwKic4Yj)%I$dUaH?Quy7R-l^x{oeebmbr=Gf{)F%BZ$%$ZVXJ
zRve1R$>~FAV_B7}yVE?B>A3ZDm;CqK<`tRiZ538e@B*4BC`3UkM1fSPhj=F%H{<@B
zAr!;zfoIAM0i>UHtiLXfCizojZBVQ{w*@9}Fp7dR%5*~lemd>DiCjh8^I43M@8YHh
z&2_l`VskAtyF{_DX2?Kxu6io|xmkL#&0I-euzPQnhkdqcbz}QS>%9`&8soyS3t8ov
zEE`G@gl@crMnyL%35t!e_5JmH3ltVMmD!y3D62yXT0b#?H#}N($=V84_fVvHBBAI{
z=`;9z&3A&_v;^>2e3aBzVd8~Nf7pEG_;i2SQQXfvPg2)k{x@m1xfL?zF{SG56_L0r
zh4vODv3`DX!P0VV)=ilgX0bW}1bzqq;fWf2>0ji|F!Wn{*S1V<=_M?}2+z3>CB#OS
z<67J?1gN8!0DZKS33R%U`rf(6)@SG$MJCy07}dPugi?Ha-QR!AwSpRhfj+M+5Pq}j
zi!t0sa>)lAv~~#7gXqbf35kOp->Ez~3?^{q{yFfea{v6<@5bR1%)sp(nS`%}G`DUm
zr5PRR{7}JQ^t(1IxKzOVrS|KO+iuwdje#)!w3^ZP8=3UHY3o#Q&ZGo+xX@HrpLy}M
zq3&h__Djm7`Egsy<nlc5*D0awobSNxP~?!y)@<*@cwxK>s9DF+Zk6t!L8p3`VwUbe
zWg}u3>i@PrnWOOaJI;B{-R_4ToUmFshUy=WVT10%!dQcYSoyqn6)+T!n<e{f?X@<X
zE@Y$GlOZxg6of%a<dw(C=w=c~?TUJnbS8{m8|iT_ODETCJ$VayX-2UtW?k@zEbvX?
zB*f}()<vXu66j@qQsLY0*=LlR=VB>=XF?CF8b_b)UptrfmG(l+E@Agzu+*>*IjI65
zTOV$f!(?@7{Y1ZlApe5>&ivEY;njMEP6o@W8et7u^&EgVJa+Rt-Cq%B93akm2xsA%
zm8r!W??)q2Qp-l2B=P6<XCkUyy7=`2w)+xnAo=K>*&I2BrsqarHy0#)+@WH9Cbo$_
z(W}2v@2Mq@;GeS?=kAFhynT%E$vADh`BoO{HOp{f2x1ekLKIhl;ZOV`<Sd$RenskB
zgGm9&Cm^W>_2s+PBi)6Qt&g477mY4?ERLX|NsUz+DoUc~Zgbae%l^Ns^dGrY)hD)?
zEK4<-u<6-@GSo6oc{4RGp7&_>h!2SWP8(-le)<+HXld@Q|GTX0;Mu%r;4@2xkcVjl
zKn;-oLS|(TNDhX|o6!zRAe9D(Y>2~|LH;3PGT<8-@H?xt5qKL_w{b3mYn7zfoRMV2
za*y~YDrjgt0W0^84R^W=Ij}Z%j&#I9j^&c|vVz`)7X&8nF}v61!jI(3;y`Jhi)bB$
zziXJh%J`|2#~)5&&@8}9?`zaQNtiF9MVTI;ITLFm2NZN!$j-6j2Nj4OdJ1O#$+jjz
zwNg&($>vT5Hb)+gO#;V>2k7}v1<Ht<qER8g%C3h6{O2q@GG(oL18H}}^?#$CSnX|G
zPwmvuJip4V90*qlK?Jdcg9JO7!29-uMMQOX>nPsSzo(qK$1r^7zW_;+Fo=M9slnmK
zICXFhhmDM2vX6G$KuO%gN(QarTC&{&0fA^&opv!I3ee;jp8yZ}o8=b?Z;{U%c_<;E
zX<3TPf``VLE!_FO2l79{9w<V8{EDFOuU4lQs`0nCZO<dj5y>&L;P0%D)3pt;$=j;R
z5sG)|5*rU?2-nh94Mel2b%jVP!F|TYn08bkL}ET7C;pR#xe%A3&s~1wLeAaIBW7<B
z>jEP$aCy$hy`7s@C0GU^Cl#uFvnsG#H;nP;XsDG9K+l?C4iW6W<0F{|eMrZ`+IIpE
zg1UjkzQ$BEcewR+xt~iruB=aGa|-;aH`gm`&|0Bj;BhKVHbQVm<dz>Paq!lAA8PP|
zDporOg}uH~AgzC0i1524YzK}2Vy`!r*;@)3V$l2ywQ=Jh<;NTTS!nCMFj`arbaQ?F
zPlx=NS=}%w*&s+OCx~jcylqM_v$5B6rA9OP+-xGV(b#ik-OzPDKeJ+4wCACse{nq~
z%aSb`{U%a5(k=2~k8Dp+4{Oic9+B@KA~W&2CZ0Q<cRWdtT*4AB@pAQ*&DU_VVJC0-
z_(kyY0JCUWQKh{Fwm!Q$LxAFrHpMB|-8bWXOTxvjCLb;|UqRL;A=AEz!ICC)P&tWA
zx-k$S|Ma6^DzP<JdDtMR2q?0e1^r>jRl{HAuLA*23qER+G6CT<-EHN^+zQ9t3ZWd2
zt{G~%sj4jtWt@I}VY9Lxndo>uz7uoYSUPAbp#C#6OyHBLz~Dh?%t#u-y%-b)%e|CS
z3d-JqI#7_bElX9XImt2^AAC1WOI=BGi)nGs4kydOO1zjgu-v&7I?X&Zh2-HlGpjP-
zXJL=`+E8{c{o^JE@i`AA`p?AzFR+|>kUY$fYek}QpC8B7ZVGLv)xm3>R8*pJgE1=i
z0S_f+lxS8f&g}8d;*O`^@r%^LFf%?Mj@yZQCs)xE4*A%IWkWDhoe@lBlE?imq=Nm~
zp)`80J?0Q4;uHNoOp%t2-MTOl%MqQbQwa}j7;6x0$d8-qYSVnAX0+YFZ?n;ibP`0q
zRl6x5On$#j25oQ4fv)B2uv$*6<g!>yFu!o>`_P<+b!eW=7)}#YzZVE$gM*DjG#AQN
z9}bN8Bz2)VJr`+H#O6b{CP3}+nT{xL5q?qR@)(F3r5Fd~V+ei$z-6F^RXU-sx4>Dm
zKY^2pe>;+ZbRx*zu?~}PM@9fLT^7NGwE847siL#7sJSe;Q@t-`=*mWSAo#lGurt-|
z9AJMSi`)(D@mGNbAX0rn9A4mPpwfQoHP!my_?0pmC1tzS)aMb3PzmOmqE=X!;5|Qx
zsjmj*qAwv^H>XPEyQ%xa!prB%&Xt|Um7oW#wC;9Sa>W-7!xvj(TAWCi)b&|96)fZT
z4o=vud%IZulu@wirz1HS_59Y+_P5Xu-R&@sQ<tD}jhKL>_>2@Hw>ZS-Qi<483aJO(
zV4jrcH)hQ@1qU7(>!i9@U}J#p^0!5k02dalJ;&;T_m899TNk@+%4f=B>OdiaF@ii&
z48v2qaQ#}B+n#y?xLbH+lLkeoJh3p%{X1)<OQgpRe->%~YaHD<B4s87SaH}yCP&_l
zyw?*Lc|~w#`IYTPrr?%)r4V^ld?CH}16S3H%Rf`HBhU>MIO9T_zQUnYr=HET(@5P+
zX1<)Q#|N0Gb!4ySr|N1P16#?hi&6Y#p@8EYPDj5E#X((y3nkZ(XF%fL&*8|>m;J;4
zH^j`1U~-GzmV*5GgO4$X@F8Zq2PP+xkX>0alya(B`x2q$e-!d@A#)`{D?VI3DE36A
zFO-WhwBU{|(|GKS!c^fUwMM&H#=gXOA{_FzWg5zNbou)zL?TdZOs?M*Z-O%U4UFN>
z4^Ys^sF3kX((-?f#lg9+HVn)n$W}57GQL?-e)+j7Y#tpTb`LIEe{?DVJt5~`)NyG0
zgy1a!<G1*E3CW!Z!Zaeaf-wHkxh%ITiY3ghi3}@r^kI&i12JBa|K(0N32OC@BDNea
zaIZS;&V*jIJcJKR_4^@l0qTNyL{sRHSetsdt}vib$I&SGEw0}CT#an;Z~;TM6|#O1
zcmLO74HZYUM>m9u^S@8>2Y*SwCPCh}92?8vmH6)udRK6!vIhwZFM+HTT|Rjtg4tc2
zyc5g`{(jax34wXiOwtn#YRvl4(h`MCDhp-F_)=zP8L<4^&uLst;zirs^4mWS?p6}Z
z+nSWyzhi)&q5%8&Q-vSE%9_$Fz<yf=yGv8%pAz!(NkG^ey86kQ;m~B)F*@50C94bR
zm$IINfDO(YY4<DW@#Wm4$BUT{oXKA&@-=GX12#2WysHe_%^MM13Zg$5O7+NVI(+D~
zTHwm;(5eyKql3^d2-Z@$C%IPc0&2G&d?(#yWuZYWEoqYoac%5Tfd_AxWOv!w@=(IL
z)+SSA1aDfm<*5QnJ_31n({AfVRl8=}jY>Dflk|hncbVRj(1}t42$2r@qYtU#Yze}g
z-vxwC@9F*{w@w!>B`ibPNr&M`JY_(&s;{?U;?-ewH?t)HOAkvEGFD|VDz@7s!s=n4
zx>3jI2b;|wFVsyssL*lRCq79hMmvfFu#^cHCpxIpg#g08I6k~{K6GxSu+wt3rhCcq
zBhfqvQta!*iMx@X927bZ?JRWqY-aum@Xd*ACAi2Jrklay3i+^yZfVm^Vr5xLU-Nl-
zBNb>Tzv~fifP55v$|)ZcQRr|OH7zq+lBc$g)(IQx_Gj$g5x<Q?t90#w@1KI#A7DVm
zp%04Tn!wnz4OgMaYp>bxhcK|=uw=7|WvV$Y?rhbSWsQ>F%dFIV3rO$1Q|4h_5E8xX
z)+In%rRcRBww@LxYwj*oT~c=DKFlTsQw}2Gl7sx}$^XC(8j*K0AF)-mXpUhuY7u;5
zr`HeJTNxgOR=GtsCjmtXw+T@M$~`1Kl068V18_eAF0$Jl%DTPExYav-cf##J5I5aL
zfq#^@ha&{m;W+nqbmplY%;#-*Pok5S9a=rdm+<S*+hxC0)folTQF_Pk$k0qtt{Z5H
z^#F9$$@)ru{vFO0V1DUuF`+3kk)if+&oc8Y_?2z$0Pl)N?+j!|8Wv2kSl`C2(wZ^8
zjei-I*O=JltJQYJD$^|#n{mc;3Qf#YNeMr|H0(%o$^jFa9DNEOQ$=&sWsnSZZj*mH
zf6|>!u|$)*?~jYcSSZP-e8SvNzhT;uKNa$=@7^d=UA$jIrS->ZnlW|`MDDS03$-l^
zd2#Z3DXP}GoiYA)yA#3Lo-ZXa$@R+2c11GO8FLS|E8D0j+B?*(;o-e%`mZiQ)3UQ&
zDrE=JJg(AgwNWR1m!6+|&_U>lZAPvQ!k?KUr)+$zUcUC(!bLF_V1o!?Ce2CbDxBWF
zang1lteA?K1WZ|bo-!C49$qsCY>5$yo8^RZkx;mga(BEnRZIehN#WZVkN5foa)n-k
zp<EyKs7VX!8JCngP?|cGBQBz@tm0T5o7T$a(2s(l<&k^5q=gP=dn+fv!5Er1Azhg|
ziejU5137F8T?xT$6%P*mAV^(BiHl75ghvHMty>YW8_#VqqX|=pCH15>7n%H{W0viY
zDWq=kYcY-Kd8PXjRNv;$vUhkKfvNah9G4p-yY=X^Vbfj~QOyRjlk@PmD6$i`Zi7`Q
z7n5UX!AQNrWY*ie2M1OXEfPju8LVnRagSe<zVp|P0~U<t&xPJ*?Fl9MEA-#c#!Wu|
z45ImLB}J3&lxJn>Ttz|FbZz?F+UDdbv<q|meotM|2ldBC29rN6FW!y)yFV`DEB9}Q
ztE%Bgx>_E|meXH<j(#AiuNv1dn6It47|qZ0sb3^4+|8CEsmtX)dzWgZ{KLQhcIk%h
zCUgfpS-twWIPt74_IY~~S=n#HXmR)O$37dHenPK0-H$z(X(#P059}n`dM@0W`83zJ
zHIRi&*AGk5$gwQXB0@~K1}&pUp7CmBzy7##hCccEYQr$PfT0MheGiS!yAEAmmswv;
z-lNrhjL&e^TQpc6iWMMp26{tjhHN>%i7C$(IhixIebZCB3=%gz%TXK69Ot}jh|}hB
z@mbB)TD6(3a;jvF;bcV%*`Pl+)KoP>o+wy;y6kvD3tg-K_kCKed*1OQ9~Ih0piq(q
z88>#N@yKaX9b^P$z@D|21vek`1x^PI9JGDUzPu$Yv2~udu0C|Keo8+w33Ixu8n<g_
zeMgjrP24o--We53V)!IM?ELUq%l!yXn5T=tn4;<9otb;*j$b?Cwg(ECzj~O8Au^d;
zG9N4&kGE!zo2<?12PHt9*JAqnV`S?YTJHP0P2xVL<_EeBj0*|cnbVW4LyT`^$4;^W
zD+As5fQj{~hOrf?@*uxTY8R3lRqU-1R64Rz&-)i1nXH?oa5OH`+;<7}ce3lec?SiW
z8AXc-Wpui=!FaBeLMMh+J*VW~?s%yf8n|ee`wBd4>4^D?dTp*y`uc?Up`FB9hD$(O
zDLs&%>W<mexV~k9#uo$Uj^qLxft|L`0EM3l<*)a*{U~4O<qN#C`I;DCpFk03)_J^^
z6-FMDiRN0Uoeioz%Tx9MzbQVQI433U+<iKWb)qP%Q1=zj7er<Z@**<?QQtDy!XEr>
zy5?ct+Bef!^ekBuGfHD+&#(3T7jVAWF1nq5_w;Mr>8Ky=UE;EmYp0-%0G75>9<fUW
zm`JmU%S%!#nZx0DE7Voq`c+5fd7}=vK&Hqd@5iLKW7Cz1%g?Rrk7JY89b<QOllRnP
zB!v&pX8ww(0!Q+Vbgmn3b_WHoC+>^`O)(6gvP4ej;Nfqoe>jEEx(ZIq=l^v0S9Xq>
zTaI)>2Iq!^=Es=73W{3a$=;WtzUfAl^c{|$T#f+3<yiCY+K!%_-8KSgrSk&w{i07n
z!j_eCt(v3-@&&2k4~92O?E=ybE>#yP0$nKA-E@Qdr)(wy%*IMoV01Tc=FN8PqGg$I
z)|Cyu^<}8hv-8IjAiPQEuiUfY;_EQV9Wj;D;(C*3nuYgAnJ<mqkxT0n{`jdMl@nz4
zcqKh0$Y`ki={<P=+eXswQ?~4B)C$ux+1GM9)o3%ftoh~`sk&Q&^<dq@s$6rQ%|#U~
zv<P(}zG)S6I_b-F_+V`U+7NK7=dsrjsY&NdDvYfzMq!e#^<?1z-RA+t6Whbcp&Jz}
z@~NzBcbPxdKf5bF!j3cTmm>BAV6^9!C9iHK3k?v2Fiky(2;N3(e)Nn3)m?;xt~2iC
zm`vL=ZbMeSz`j?{6%_$JziUV$E)7AY2&YR2b8KzA%2jzO)$)!lbIe8E<Klr>gn5F>
zm76)EH~tsXrC{V|6+V7wFk8He_N~(xQt?TQWWQfVuePD9+^4cFw4p0VbLF=r{L0Xk
zl&MkfNTEDQkP4>kxz#;r`9mlPNq@lkNT5tg+3VzSIJeKrj`pV&d2Gs`rRU}KdVj?)
zW<`mm^`ox?CI{rOr82}AqT=g6)_=DSG5G^64UxmK)Y#ZI3!ZM_L{XN@59XiI5Q<&8
zPXTv^gvMH!l{Sn5N>g9mzSY15@s=$bg*%+B(?wy!(#jB{T@PCCV0<@sdnVsws&yjh
z0e3f)h;7NQ)5{QJw*|d!97VyWk5q$QrBFj4K0YfVTzr6(xm1PHu_{1myacfzcvjib
z6vd1qDqp=5%DaKQ+eL|yNNjh!5=eZ3qsd0_;m@tG?b$p7CpS-O%EljK&lo8*NZ%FV
z_`I@BV3XX$sI=1$^A=}+_eChD=pqUSyS+%P3HE*PfJ4uOpk7!kJ`KMo{AdtuEP<JJ
z`|XiTF=y#~0_Ng=m5n;;-^+M$M}nw7Fpl}4e#xFm!dJ>NS-_2Ztvca+nR*`4N$u=&
z&Q%IkVGl<)97W)j;p1H~&GkOTUKxzFKK}dQvlggO4$WM_CnscV7V6Ip9(!RyH2!u|
z;W_*HmqhDAdL{dh*0}c(-YJ3Ty2<Y@=4?<4?QhV@2E_@*O^Oe8JBr5-h2fb;q+PW1
z@L#8kV?KPxhZ*&O99=Xg$Vq~3x5Ft))iyUabg7bRyIiTGb#yy7n@x)*W4qLI)q^EU
z!goabQl>t<n3_l0V(ocD6*z5cy^x5H&B+%iNQ6C0p^~MR9n401SrF{Q%XS;_d#)4x
zyUepKfnc`y4>aR+_TsKE>|=?NCId99>|HL7c!MbZ))Y%nxBDPnpLmdP7A!?2pN8~Q
z_J8~JEKE6^N3Hcbe>@^MSy47k;H?xd(lwu}3DJDi)KN8?wr_}ra{=dA*mUK!YU`@h
zhe`LLMv59Il@|*mC86bpRuto-Zv5J1S_L~1Q1ZR1#ksi*#CG%IM9I4(@kDq3e0eQF
z`50ipMWtxD<Wv+ya|3>0=(I6j;z@o5zzDKW8RG3|Q|d_vp1P^4cc&hS^pqfsrRPgR
zVbjO}1Bs;)#B1hz)??kq`BZ~)-yU)*{GfV-3*-nen+9}3{vhX^x&N{FC1)KO25NTC
zvZxs={1DJ54*wVtaSuSdc+Su>Hvk2kfnS)Ew?!i8!E;OVtby5hnd7kJ0V~@nd@<ol
z<;8*0S+LSJk`fyne04*KAimi}&*9x3x>L(=9g+#*#S6<BU_GfT)t-`oO<GWztzEME
zGSOpDS|VPLBN3hkOw%7uXDy3sT`4(I5}_HA?MOQG#1~4o+a4L-{CkMkxinK_Y&J(D
zA;ewQ8Kz3Si`=7fsTy2IoT!2qqmx2If^T5vdz?pVGI~6r^{=|jJS>8*KHF(3`g^W?
zpBt(lq}7!BTdp8<5AO5KD_Iw$nI<mJ?=~2X5ZDouI&D)25wNwSJmJHe=M!)e`v1Q;
z+`C7)=fTU~g?<13F|FqWM%JCw@7e6xHib9oi+ErBX0m@~PhE7Uj{1KDlHgdxRGjv!
z7oi0nfIW|F`k!RuCXxofU}`T;O}xWTfY&tO$>aqgbxZ0un?@o^A|2v8giHjht8ut?
zDBz-SKcXux!5<e(jSH^Fg;Izgdc2haRx(}`Mi7jf1`hR(-=e&x)(lAH&$>obMK*B1
z71gdLs~s9~o$UA%yZ%++1JINm4N-zYH#}02Y6vg?*bBISo=7%}+YN*%bLJu5hSr1E
zZ<%k|Rzn`wP}jn5*z!4|3!9Ivud5V|=_KFnv9LYT^FMe#NyhKcH60jt#WG1<gU%z&
zj#4Mp8qN}%6jC_sShrf>J(7B6?+YyM4$x86bSwI)bD$mz(fp1+SbZ(sy%27=LVtC#
z+)G#JucvIN{NB&Epj&uW5%o=HR_fDl*~U2ddBAb&xB08qZ-HVf^b2lX)pC7`1Nq!}
z!4&ZUC)16LwTW)5Mszi<Z+(G=;d)#D9Ol+joQ$s}7GM<64(&rVrcfb*an|vcpUt5W
zJpS9&$XE%~l~`xj+r9r=jFN*Xya&Y(RHECw0<$5Bvf}GPV0Ghab0AustbtW_R<Xru
zyGI3(!++I#!BnodFr)6@CxMeb#&+}9w$Y0NZi44b1Fe!+8)$V7Bu+UsZ_lV(<Roy<
ztnf?NVG5)P08gPU4j-g_Oi~S3TFf>ZH-@M??43i4hBe|0S|t9#Y-`!1Dsv{ak8>RN
z{P$A+%@o<R;sKwwaD~ZY!W`IEs^Na7)A7w+*MV%{w;r>Dlc($2j6X24dh6KF6zvH$
z0uO&=%*)p2ij2B{uWEe9-S)<*NvPP}qK0&wvEe7jae6r0g9zh~Uu(Co&7I0t{Ui?|
zj4ytdTJ3{|_^YRHIjTNtUs44mfB9UKch-ibrYp$&u$L@c;9^fbMd@KI1Uu5-u&(xg
z3i3!T+!1TDH;l~q{^)D@<HzZ#Pv0<g#bzO&Mj>~_2Xo=<M0ReEVlb<W)&C8yDHg>7
zS3U%fYyGr*V-~rWW%0)N`pFKr5m)}rtAnc|2VS9ZIgu)NpbdEr+t}&Xzquox)QX`z
zhGDM;uYQl{ETSy+f*m>6nUwwA)%AkYKnw21W|u^s4ZnU7jaMe@<r&nq4zckIHQ7if
zoTtup{#fZ`vh?mW6Z4scFU=QaPfh31xsR^O(5+n9ahnPt?LO}1C2ZYTxH%5YaCs@n
zEwFbDY&MaLL)~rZEA|;>6a+_PXke@BuluJ1LRc0gKW@<Vmt3i7LNg{DejV(4c6jv$
z?o--W@$t*QTv5Y^?oER3;{nxq=QX2mSr2*jMMt(64{{%juxB(Sdt1fkys3fMeQ<W*
z9@oBnHm{9;ZhZ}l#GmSVIvg0w79!vC(lT_`-W`YOZOG=1kPyJu3x57{m9>Gu6SisQ
z1*{LT<m%F0cFflF=B0uUX4})@%pn2K@0R@}waFD->JMpn{-%=h7xB25;mD@2LrOSr
zKX8C2isYfXVAQ7ve*+nwy(UAtq$z_+D77#%9~P`{otGYV-BHd2GrT#lbAu!o1&a6n
zg<nz1{!VZ<Z&g^C25~RUio1=ZssAHaeZH$~<GnLmaFzypeHd@7BAdd&?`?Q8k`?f*
z`X|o9XDRJl?VtzlEQz&RA>b2p{Jg!lS$kMcZL`1mU|d-yRhLwxbKRZ?CF=~`{TUfP
z)oBk#8y}YM`x7D6pH|_TE5q9zvqq%~xq#2zt1+V;QHC4r9k~qc7DE`&{RqFWb2N`T
zW?!{$y)nN|ciMe)syd{&NGTWWq!XNXuf;Ea?9s8KTH6L0qn!)dZ#}ZH#l31@;v1`n
zo?=2i*h)Ixqh^q4B1&e%hfBr+%I<k$$Yi^UEvg6q#<YGplI1u~2{{l**MIaCm15{T
z7d!Jk%_0hq_B=i4@lsY_?$>0CL6P4$qI1!I%43@3Y%<*@fKF*LwSd2W&pW?+1&s-N
zu~nWgu)OW861sEPTf(eu$;<Qw5<qp%;$tq~y|Pd<52&~rOffkhSBm*zwMLnvpVci)
zo1HemqG9*u2fi4jeN0xZ(!+~*dRm5U=Q8Rx>*`bf?ZN>lm;r{9a4kUY72K+nDpWV&
zyN0YCJ!ZdYuL<}%^+q;k{B20eY>@5N)*dsR$1Pkg4_lv=uXfuK=?o06;CGz>*E4Il
z6n*<z;nt)Rq?M+~$GqiQ`>8O@jVT)G++=vm5<b5!bDMi|c6V69qn9wziXr}8|3yQ*
z=#o}%aAKXvD9>FWQe-B3=}rG^W4qogXWEAXirMvpwbp>5=JSxGNfVqyd~Zu+`KdH;
zL^ZrQz~JP?H~9yN6NWn<OMh%7{Kk~xZzR9>Lw4)LeqB5r%{|&7+ggcrZ1}N7tizTt
z&e^AA8hz;lt-GyW{IrMk^P(SObJ~Ew$xD78=2pp`VBXH~qcYR(sE|sCQf(X~`2`G`
zD@<JOJ9j)40V=!-q-E3dvF;aidfB(UX1iklnU;Zld5NxoyEj||wYsK!VEy@=!4mR%
ze9*a5^=_HdACV`(4-cD|W@Di5pe-{0>7BQ8Y@Es8251vkkNAE3(^H>f|8h9YcX&1F
z;!sw@ipE!8jR*2AA=PI_ZfQ<=nT=KSbX{7j>rf>lFSERB)hfEcO4<LZSfk_+FMpbu
zhJFn-TWvjLoOb*5%R7dNF&HWGh}wrvNkyoB8O);osmS1`o4kZ_HQ8o%7Kn@NKxliO
z+MBOh{(-0Y2ztA7R*c9S(RI(C!9K*}nqe&0b8ffMNd~V10}0&LS2gh&d&`SM)<3LP
zqv7i%@#^Fc{^d%BuYYU4FX$l=BV11k8&UnpbrG0wv!1^l-K!QL_YaPEhHQQ!b}0+h
z6|-$E{M1@^oPJx+>-YISyAo9bW(+BesezXUctH?{Y2>;g#$0nJLB5^gH+hax3_h^0
z?J&-EuL;Ng?{=SZ?kzK65eHCLz8Q~9H-D_a%!+``e^13)$m?Wvd?DX?NYMRzPZeyI
z{~};e>&f#<S%iLH<I_PIKK{_RzP@$*<_AIyHr9{dg+02wRSQ)TuvuRZS>kcgH@~J|
zY#jD>>MR^xn)B))7Vo``9VU@EdZyji45`FA1;3FWJBJ2M#Zy5m65SkjTxyl&%*G-4
zMcJ$qJ|8Wu`|FY4(IC+@nQXus{c4@$aeftWoGk4L-7ot$p)RzLz-NoEG!B1zzvxOR
zfz}lm?$iw6iJ0R1hn&%eCjz`GfC#-s!_q_T((1?LmaCAq#MxOHAv51p{gcJO2mf59
z+!CKjo&_f)I$w9bbTep!38i;o6y9!`LzDkyR7-{bYoH0W3^2aZ4HhokSVN8@)6%v3
zn?6H^`z#yXq^fW{7stVuCm8#1?$*-K<-ZTdz9I@!AU}Fq9(GJi^YzK8<^1dIDqFZf
zKt!(EC!iQ_clq1mZh!fpQhhS@Je&2jJTdW6nc$0f4mMr2y!`c2#<rpHdnfMnA2NrL
z8d7CUm#q(k*tI&_ld5UY3?Md7RVIC2riw;h*)J*F&)#ofP{4DpVhHL4)WUi|T`Wng
z;{UvVRCvZt<f(t1VD<dx)QwjwN^yq7D)n`{57jrWT+VK;?n~9guH+VY9;2fB%M>{d
zD#wl*`~}7Q<JSmtP6>ZG?&y?!>Fdi3_%a;y3RYp+Y|A(8x!283SNj}DtLq{#|L1=3
zQTe`}gpuVq?MQ|n{rj>cP~S|rd$d8bRDk-ig39vOR4=M^)suDu$!&6gu>qwyHQ8~#
zQ9z5y1AKldk;G)FeezxP&j5A-EA^DiW56w_)ZjwUTuC#x%ur=HDp|K(-X|#(bpkGn
zT#iIgTcr+SR=v?x0x1_=49zT?tmT0nwOL0KZk<s{yzq;mS~-?i{B(O^{a|Kv75G66
zT2<6mC>OnI2*7;=*1BvkWubSeH^3~NiE3M6Vdh;pd~O?W21SADN(cJHrTCOpKqszl
z>q5CJRQGO#Q5*f8Y%UueB|9D3k2fZV0SaCl42FR2zD_&m4bm*M2lWO6^@a@o;)Vl<
zjwsf_Mhn4C+*lWpA^}&#KHG1a$i$d-w6Ll**+w??22_3PrYwGObq~yS4_TXymKwVP
z?cGF01+$SNV=*9Bx(%vQ1rT1fpUl&!``4At$x@1`W?@DWJ7)lKvaAVq-1~ApI4if@
zlj@o2&70dgamuvAdCOXi;3C_FnLpmh7PYm@Mbj7pXzVvCM3L-cpvtIVB~qU<f5+we
z&SAMlqh`09Ad|r%Se~~GayYN2(Gt?H1NCgyF6a#!e#fVO<51w#91K;+hQ8Kx>H0Z(
zo04&~H-Z1_C>2o5N|)~wlwu*!OcW`R!MHtKkiT+Zc|rRAOBuq;nl!ZBAn3>=Qi$|c
z=2*=>K79s(5-mPjk~)@KR<Vmh^I>mZY#tu#d8`~#<wD;9aeqm6<jACH-rs%KBzQWZ
z7b7>)_z3(LOdpH*_#JyjI?=KqBjOd=;@^e*7Ygy>jUYqUf5Q@I97M@2FJK>JE1ph@
zJPaKoNktUoP*}UK5*UMdSRSE6mK__}azOenmNk416X4qSm(=esZJ}q(jcIHQPMjMy
zm7v#g1Tm35yDh^THw?GU3xA4ay@n##-d-Ul`JFOD9%u1mhHY~ZO_<EGP>G~<$@R=r
z31O@&X2IxmAh^fJ7;8B~N44w=(%>S}BS_%BGS|MRmL5PSvm6+FSMQjokm}oqSgRxT
zexsnJ#>v+~OTdi!ZfflBwl`B@<-;=@VLvo7f|deep**)>ooB;xfA+)cbh<iH5yA?E
ztFr417x%;E27hsuRc|WVwxBBg=1<q`%jZK#%jMN27fjUOIqC+AN5cmj6#mW3_dGfd
z7dd{G_`<9{y^99$RejwngmG14(tg$TMPg=jefmNeJ2{H^8>hh2n`b5bDg8pbS!JPr
zE2CJ}_ZIJkarrDmvCnXCjv*8>U~Haky<@qg9f3~9Oia(5($KH$9ld%NuI{_<CUq3$
z-h>3O(f<vzXMzj|RXy$4dS}7bA0&f>F}Df*Jc-7W8Z_$R?1BHe_mBJ$mlE~yI5SY1
zc9(~|7Att6WM`UbX(OaTeR#T?gsYa`N@0Y1xTZ&(b{%2pIL^Yl8@#3WE0(24p9n&w
z<97x2489@2d-~82MG#)!7se`u-D!O=bHVdIVw3wrEFq2-Zysc8-@dpnvl)}o`07WW
zG_NhmfHb!)C&*_Lk_?tQR(7ZB@gY*`zxn63skC|Xd{c>#jYN_1TJadvgCn@@DG5yv
zC5!LkQv7~Ocw4QG<-yLCAc)?enNuM|mc;RQHtuysBHLuN9V9X+lY_4+yGe-($)!yb
zM0o${#rsK({+2#lHM)fd+zt>7^QrRx6NyEPD_D)V@8Gz|J?`#CxwoGwt4hL6aPRDD
zCq@MDtof|$T%u*wr*%CXX?TI=&|9y5L|1{JPe?R|x3CMt&$;?|?X152o6Ae3uLz|T
z|6;stVQl{|pSdD*Qk?kHPoA8?>>K?nhT_xJiS1FJrPu|%&G|^(8ScC3`G~lk2EF`3
ztBYk2C!*vmAl?`#`&@6gN;@wnxMP5~kZ657O{gkfT4M6zt8tgaCBZCFhtRQZkA-i!
z(Bo6}>4e#3?ToM#W+`OS`LEfsi3Wiyoi!aZ!3q!l3J-_896qkWDo}WNKW}zGNZ#oe
z2{FBIUJcuGELJXkyb<^P|BYc&2DU9CmkDyZtt<kB(oV0YHZqdu7#f@kjdMk3WH78v
zU+(4=#P}X4Rz&U?kICPXF`veo3`1sJ`pT6`O?};UWR&#2@#2-%j`u``2Gim`z?eO}
z^4g7$puQs&i$al5;@U*xE+$EW+3PUXJj)KBc;hbpaPrP47&G6I#MLHW_n+O0dRW<I
z%4@FU@g5`vup&24+lTO$62K%(mDNHxYun3$@3c&)<G;7=>psy**Gh?Dw;%HU_rQM0
z`5l{iTk>E^^#`^@<KT1!!fTS_0_ojFSE2Xc)i*M^2NR%?R>a)|d4Fy{hoI#4WKKj+
z?uI|1M`cUDgr~uriMtbm+gp%S_DaXd53q@DB?8B;2S@^;yWw;g`Ggim%p{;Y9_#rJ
zf*(-QNbEqfG@SSqT9t7WA4yBb4c1S~+a=iJ_|1kzG`}ea2tn^4CbRwIwf>A%UhjF5
z+PYrbkjdXKqJB7c;~YSPiQ=%B2zGp4ODI3lG~iS9{f>eU*-Ln7sXgU$C3*PM?h1#d
zMZK9FzomCO&*Hjo5)_;btjt`}GQxt~HWmx^O~X*nYTIdQv(3=Isa0xyS}ZP^r|T#2
z+p^mYMg(vA1f2c2%}1ERyW-56t`N4n#I><zHR+YC_1Ju)!Y$Kq=S!ez#6HqA{2d9v
z^oniY6dqA$RzvzJBt5a?Exz8&`I+#rQAs2XaUw~%#E7*0PqTi2{b_~tgVskakbrRH
zU3mrobGQEXF}7#6^FXhQp^ps{P<ud=hM>|>4?Y_|$wB{3MLurl^ip)!&F5@+4D%b)
z%0O2<(Nf~$Jw@KmK#hI?2mn0q2@IYN(LIU@EL)dnZ|x%8=Cf%Hm#Y)%60GFi4gQ2N
zwn^@02+VL<hJGmT&Mvby8*Tlig+IUt8@-~njH#nw_nJ3brjDo=wT!uw=pP+!X2glb
zBGiC;-+XN)T7I6tU{gNq98sSt>)G+Y(W;fHc;^Q~4(!&wL|m1=Ea0-!sd8Q1iKxpz
z)0Wh@glRh9;^(~QvvWIqVwk}0lpFlm@j%Qw`c(+8T+T^zRKea)Ij2r07Er=$FD6?Q
z`YPp?UsKz0B3q|=vbpj|3lI*-7`+7wUeSTwH<t0YH`jKze(@I1z%8ddY@2LvS&j`h
z7r`SgJ4`*PSp^510>7e^0O?0J35&1_Se@B89}<|(kLogmlN(Fd%qyP0V7PItJr%hy
zv$xD-K7WBLjzGV#Q^66GH}#nHTt#-1gi~Rd@Eu-5K#36Cy=#_ZNMtwqhn(ndo|^au
z695OgWTA1O7g;g2Lfy(%1CJb>wWJ2f*6c=3z70|8p0%(LeSg1I=6Di|=F3VL;CnF$
zzrGcI|Ke{jVM{_q`{6;76L->}`?Aa6aaQ>6qeb2$7eUo)qNHz<Ro(!-n7oXyzPZ=$
zW@h!QN$J0x__iA;_U&(s>=rTbIi>#Du`!*>o*}rX4$AO6BnGy88K72GQol&<I;#Ew
z&QsSThQC~$+%UIYp0)kpT?>j<Ec|^GM(*xmDd@pgyJ8;;*zNf3*m-KUK%O=5<qXgi
ze)zEVdM@yr8R!nf$q%ZFuV#*bLVPC?G25oL@RJ`9bfQ`Pm_2rVL1p}T380J9&M%cP
zzpXYE!k>axe`+TaiSX-IMK7KbCSPH*0P~ZBT8da|wih1Dwn=*xDb)0FvOG7P`H?q~
zLWE!3lKcr%3I7vlOo*33QO}<~cw|OvFZz^hiC~F*i3am9>GK~^3SkBV!lflmSS9nF
zBwN)uV_`IrGvNz@(uV(GW9^q5qM~HNRCSDX<aMO)KZ|}=E_(8mPMGF@1exjm{g==&
zDv>9p#Px*Q1ObLH=N`Qt!k)p%a{8VQLN%g2e3j23!74!qVJv|<c1?ms_#wVloN$S(
zm8Op7SmX;^5^|NOo}d9A27SX<5Qate29zf%S3ki!(lP!=ssBH^ep*ve*)Vv9`;KN?
zrQgyWrfcf5%d)ZczzOAM<82`(aoXaA{N7!L?udwIf@!s6UEdq=<aLOXD0H!P=ftsd
zh9&+r=v%&e;KYGK!ba1g{2{HxVvQGL2Esy~bV71wJwDW{wKVraWJdn$1^iK(cMaWa
zM)i&}=eqeS_VQACy^T<-Wp;zk4YyQ+$740P#}UjR+Lq(4K!e+K-yo~sY>hII>WNU3
zRCSj`rbO|J3eo;ekv|W+dUIm8BFH`LeV^$~vr_YwtgOCvq05EM9u}c6dJYPTS%*c6
z)~|Uycu5_8Ic67J{3KbvI$S)K3c!h>7u6}6KK;#68<}y${G@91%NNrN_m@ZV&a%qY
zJhEJIq3}Vq1hR=t(mMNII-{`9ONn6mX`wB~UBA6kt`J#KyP@)SuE5-jB(Ap8HP06P
zQE$lJ%~D*p3n8ks;Z(eMV&n@qW9akszOetp)>{Cz**0OLxJxOtxR<s#6!#WdplDl)
zySqd21X`rU9a`Lq6?Y5n60As(00Dvr2qbv^yx;t1&YYQ(nM~x#%-**9Y<90}H}^x3
z4Xoh=do4r@cO&9YP_1&A9Hgnw<i&oIcl!mex}SfgFV&_lQl3RKs>X}KcSURm&buuU
zwPNd^>FCQSI{wH@ldH@6Cd1xuBqr5XC`Ubj!T0&1=(a-ql#;5M#_RhRY&*oNMPJ`w
z?L--jGeWb<;d2s%mTp-D1~_ck2hu$un7zlO9gv>`q4c4vWFOJ<=Tf=oVO%;~WtL%d
z5hlHGj=o~JZYYm{4B&1;6%azc834jxa~QHp7J7K`jYug5ODNVmLU*qaA2Wl7Itt$a
zv#E>F!vW++o!<jgKM-3mTZmY^_+KVu{H9Jx-VU8N@yagu2??6!7`8)oa-Vm@{XeV{
z+IO>~E@qrgq}|`}{Tp^}vh?bgBXi;(hR?t+6~!On#zVoqn82tkrcRP`4h#dw`!_T}
z%WkrKJH$o3p3ql9-(Y2<+N~?O6>${l!*n1-1Itrp;>GaC6GqPpkWi{>>+_J+bdB2~
z&iv7d&E~gG`-OJa%cYjGMztD%f?lY5ewzj&Gj7!Wqi;xwRKOA{Pb9&NAOZY(&LK7Z
zmUK)ldfdrFd-l3Im?xl+(em^<`;OdEUaBNaczk@HMBJ8=_62H<3xhHV?8ntKMZPu+
zuoU`?w#)2xA35ni3sM-gw$EO@&8Xj6{aEmYhE`eI-mPwFAaW5#XhIMY`zrI>B{=%y
z)TK7xjs{|kE$C1Ek#PKZdM}W(dUbAm%Xj4Ug6CU>Wa($c)EYrS{eQnCWdj}1nG5{I
zG8%_zj2J4Q@d+aNj`#iynsd_6$!s~h#=d58KCF#;Ka)#Z^*)}+H;*Q#VOs8!segA<
zR>?`qfm``)@r}{!lv=J#GDu+m6<^YR4!@%FH=Vb8Zsnw5`>`m~H-LlvkMjGs<4ub7
zt-rwg0%@MBeVV3E{{od@y}t$2rE2{2&I6+s#C+mAevKb13P>1%$#fwp&eiJS?FyD%
zLSRX)O>ee9^AX2v4#Zo>g8QX$N&a^9ocz%j3<FAQ+)it}CSq25i6<3+vwvu{w$-X1
zJ>)Z=B5T|cwU~_}_HB*~tbBVt9#m9Dc~X(Qu&Mm3Ls|9qSx`>N5al?F{)F#>h~n|2
zJn#JV4MH);yOXUrE4VyH9maGkbxat(5VzN7Z~QZu@(pXpNm-|sZEj$!@OX@mvm?_L
z(O;$8CE$|-lS3T=L8q9{QF#ak<ja~FG<#|;VT8^aV9;6VMlMD;r;j<s(Pi9rP76nF
zbT15V(!gD9O=^a)KrS346MkTgUuv2_zPqlZa+25haKwMn?j6OJKMZOK9rlXO`2JNJ
z7n8jsz_7J(|CiFkS;xkpYenPi(c>&S4|9P(P;}?4<=boGW2O&9bw3<@ue3MOn0&sS
z;d@W2Ora<TucB*Ll|DA+$3<JS^<@trX93O#y_qDN;%_EXTy~yCo%Xv!_3Ju8(VxwK
zGhg_p_fLq)?S+6HShn>AF>t!@=x5sL>5W*`zXiMZ-DLelv=L0~ETV!=xwcK4<;dq^
z+OEc_PxQs|<fnrjcIP~Xr+zEXKD0gu;q_miSb#9|!kuOkMi}ve)Z&R@StnJ$Ad&gk
zvq_LX92!qIwuA+_&tu!4ez!kpr-6GsKv_R)_Bmf+i$WyNjTu2xH-BM7<j~697AlA2
zVa!+AEk3)mJ!4A;pAqc|0pw!-Vg#C%!tt{IIvr#+-e&(j<B9)W*>Qg*s=`>ir~s<4
zO;&|QX}y>=`0Q%_b8JDfQ;^k?MV*}GeZJJ(F4b~^BJaT3j*h2T7bt7v^PGMf(2(t}
zI)FF!cVp}H8=W}>Q;y)uZugtN_0E*P>?e_;e}C2<oEaZ^LNSDfpVn4{(?=33pEd4Q
z5gBW>P7kxM5lKJ0>8BLqO2A7Gd5n6K<|@;{cDsVl0kDqd``?|y4rZgGw4%h;*5<rU
zEYG}Ins*q+)1y>Df4!0Z1s8IAQx;>0w`MCETfX6WVC8dz2lCTpqN=~Da}iVFBT*A=
ziu-?(<+%2Tm12{cWqkDBN(UyIZp(!XD(*j;S;p`@mkpCocy_7EJJjsoyAwIW_<W-r
z_?4xVc*AECO2z2cmJQicnTc*3Y-QA|W*l7K+iT<UHR+AlZFfESWS%=!_@UbC_$gNP
z0D33gsNd9ryJPY)y<PB%LA`3f*=W`eu(OtKw8F)vd$4LBO<vGMz5IiW+Q;26dET6!
z-*<U5{Y}IS{o;q;^gZ2|w(U$0rrneqts(R%7<><M(?IdX!L*Suf17_iy<a0F5Be8j
zYXY_jQnR<v_mDH^o~K_@E||KieynDH=VYex@Tu&UM}oMdG9b=bYG!RlE_@aW=UdER
zUp0PkJy@1YVO&PKc6j`21!W$}j*DHk`<>n(Sj@U1;KM1x@aBNxpoARpYF6dVsw17C
zm7rS{FU~wJS^jx?s5_>grC2~PeZ=s1vi#f>L_*`xZUw~vC%=nF5m1nnz|fJ?%^{`l
zbF5NYl0{Ynx`)q1;d&Y}^ARZX@L5{U72SWh52?dZoQlg^$pEG`ZrAf%ObAdRqJDf9
zHe>&)Dz|15;gC?WaOIgUT{P^^cFa)xke}$4y-FQM#tzpQkQMY@8lmtNn){gh%UCU{
ziEE{UJ7j+D8KthhTQ_qZ0^yQ+$CrXkGd-?fRe0_t!{78-hTNzkXEvlaHGxFEWsX>J
zt%-$aJfZLu^eh%-|Iy!ks8bLVnEZ*-rSjL26_YSTX4{@vPUo`yB|gS)rVgaEE@<2=
zRe@XDApS+4U~9tp2iST<U&~vFSuk2iY~c2^gkH#h#~mU3Lx7>qU}HD}y|Uy&L_(w=
zGRwu?t8tGAnD8)WXW(@Ph8g}pTZH=s2Z?%e2?m~Gdap5ULVnS0LfNRhL`Fl<_Kb4}
zrz1gpomey+zk}wi{?ea*uaL%Vz5{z@bF(I>m?``XAYTzoT&`J{N)}8SpPbM6WNWi*
z>x{g&3kKx&AwH^elNOH#K(ZkUIWz%BPD<yDLrij7d;GG=rt+^@<p><2-`XK#OwfTY
z!uJ6Q?Dq{nPA<_UCI1;e&j;h2kWPbtnTSq<T+Tyq1?BhYfU{a?Hf=`)>PZ1&l{sA+
zss?NR9b!T*ve2<(8^-<6$%X$eED<4&2u8gGTK_&H$E4!R0)Qj|>6DQ1d056u>v5*N
zpY_a_lZE^Dw@4~6V^o~*&CJJ+stA|veUrC`{PuMZW959-<Xea&m-Ly@C`v=(L@<-I
zAH$@*>@#SJ0(SD*dsKo=u-c=Xm9#ORa+w`_B3qSrurD@BTGA0V{c7Gwy@Fu)Do3h-
z<=562-;4UUJRUp?GUZpveKw_{YX4prTjA?ow)md6(0DfR$E?bY20U1faTMFD?sy2~
zjq*Xg6FCeiP<0{73Q@TeZt?2Set()9+1HP1*<FImfDavc(0z2*Hvr(!^8)R5FENk4
z<-CUfiCABi`8$oirFLK`Q(|$u0m8rTo=I;MEUvc<m7)FgV{d?z17&EGKjuwK&~fK?
z*O#%TnCc+^K}~*rb(DDh1^5w7WRG5y|D4Xa`P7`3bH!Xs{-@Hvdj&{7hGfTLs|2D}
z(<)QWdg3G>4Hf)l|LS^GLSya)<r;ndoVdWF?5&#VlYlhl*hEmd4U=Xm*yay(DXBGL
zaU%ZNnkTw$N+q(?Nj}jWVkg3i|1Lf_k$hHoD(bh)$Lr}E-sl$F#qRR%*@&GQH^u#$
zL>`4v{;u%ZssdMndf%hrAPDZW5bbj6WIS#RCDbw7t)?JdMBDVsE`t*ud_Rsxjn*c0
z8bmw-8CAVy%qj}Deg(890YV#V-S>o_Coyl&{BwRfl*D!a*KYm4|3_iy{JI@N*(&Or
z;5w`)P0VTj)VBfm(eSFkvZ6lcCGFdNrrckDPVbLy(c&Qe9b%Ar)Sbo%ym9-A$=yRF
z0`5|MIv$%5B$W*Z8vIS|&Z-c)UT5#j?T0mgyy{xWo@!>w9e}`O_B$F}KPxKj&KYcK
zU!f#2<C%uW;HRcj04<br_DR*<+HIT3`UWaIg+>78b+8gW{$t!3tCUwh2{9PF>viqA
z6C6CU)0#c*DVJeAoO10a&|)hM4Avf{HktCnWa41w0pG@5<uX>BC+y{*@g{DpUN^~0
zTGQa2<o+F7&w${;t3ZK_*X~o48N*mpK$R(!&y+R=%$^Je`wcPyn{@lVg4ASrw0Q=N
zY+h(@T%eqKFGnxWOckbRp(}LS7I*B3pHurs6O!e$EsUUVo9sh3T0a`--FNQdEwjh2
z+*i$V?N(#v9EAbj4!fD5m8}mrv4kR8R(C8JFtKbj&QL$y3z3J!mF1$?VGkKC+q<`%
zyTg(_{z6dF*6dP|lRx7*E0c_?@h3LHPoR`-^1lziOzd}Mt$02Lq8%U1!cJf&>*gig
zosld3#v1mXL09oWG$*h|5OE)Wjo-?`?}o;0T{9otXPDRr{_0;85rEyO?jq-MRzmDS
z3j3sP84C9DrQY2<ut3+0!qZfOJDKk8LC9@1;*24x28N{C>%W}&A>4vH%bs@JO$tky
z%c~gAxUPoXO~mO)Mj$-NTUJ)Cg8EyTS0|w(UPJh+HQl>jS$#W@ctn6yH_St!`*%*C
zphuV4;Pp*7!WVn7Xb^6WXg$S41L9aDt~+w1(AuTEozdf)fm1+=3?O!flHi(l!0N%&
zP7pR4AeZoBymfu}6n@wij1g)!buVuSCe5y?X_G7VY6JCj`|X}H_FM<1BkIzC=tP7c
zHq06e26Yht#*8DxPJq^u0FngO_u1g7Y;cVvtDjdO%NF2O#vzK@4F%u#Irq=#xt7U7
zpdNua6TIXzL<AP0oG>`48~9tBJbEbDZ7a}x@Uk@)u@W<<5PEoa9={5pbH2V77oZIR
zLiL#dQW@ja+2GH=fibtsw5t&FjfaQaYT5_6v_k~-!_@L!5Cse_Gnp|Cm2rEKad>Xs
zZZm}%Up0^N47%`clkMHaj0`ISJiZDvhn@$djt_%(K22SWnov4RG7Dmy1kB-_GRKDY
z#=;Ifjll5OTd!`@!Lt@G5Whge&T6ig<UM@fGwkpdCzrK)6aHs0*dMSw2G_Z|_hPZn
z-T8uigetA^58fZVOZN^~1w;E@Naw6-iLHY7AAa4|<Q?t+0KmBMI>FLg;_4b&$vgLK
zftXvA=0rCw0zPsE-o2Z$1puLe%tPnHIVKb}p3;!53odUdg@Jnya%e}JEbGp>;oyF2
z^mU1cy!nRD3r`vJHhQIlVXrm*K(@nZG?{Oi7d=p4HE{Sja!GPZtujw{EA+vdOUuLR
z+M-OobD^3e>92ONE}xQ7>f4gvzA;KlSzjG<7Ptk%^=Js0K9rM0O6P|<Pzw!aOAq2l
zkyu45<yhsTKtYhK+jS7Ckz6mo)G!aelpECDhS;5)$jXxuaRG9bqCW!GVOMBvZ>e&t
zTWwD%M=0z@7Umra>7UC+^R_V`h^?3cK%c7ZwT02#fOVk7b(U0~+1A5+jER}T(Dh$u
zB)rw6#`adGbsha=IA!aUsv4-UgLDfYzxB@UPWTCrK^#|R=RqXKe=f6H+!MIftWR9u
z@U>843jp=cg9LYi4aP5bxTaconjt;cx?{&Z)Y;nFh@fja7)l;6^+^j&Xz0$G0i~5<
z&D-{0{B{2f@IV202zFCIdP=pW?Kn&2<?RIfryu_jyG1cUya3u@?}sCyTmC<2VE{;_
zEqHBgQ#%X7Dgyb5QUZV=8$S2XOJDTvk4oIqXU7jqGGFha=8oJw<k#KeTMQl^t+YkW
zAs&|&#dhmx*RCbhuSs}!8G(V25%BfPQkandCF}M@aM~P#W@Wke+FJ(JPuP|X8n`)}
z00^xJZe8W=AkWx$6(&33-ZvmyBwUJ_*(9O6_j2z&1u*^?ZvsFFq&<P1d&wMjC!j%V
zOh8Y-TK`=d6F{aE6#$reF5rH64S&&UvRlLZd2o>ZVvvlMAnUV#7K!pusuP*HX&HxQ
z6O);Z=d{06?-tuj*N@iE5?-dl`cV~huwh0<B}rN;SBi@745VAqPaklwJGV97DTd|q
zbQ<CJ$5lMKiZJ%DA}=JuQlNX*)n{SwSCl~4hp+5cpQW`m<qgqO+DhfJd`nJ%SfpsS
z{u_uwE$dq;X)MK?w7}vs0REYTc%-hyQ7w<?Y)d$aGu43kmsfu{D9eaOgdg&$K9(gW
z+zCDJUy>s>Co>|U=N8%hsf2Ir@u@ax`&3`_F<B%|*z5NVRGLDq@;K%F*I9M1{eM$^
zdTjFDOT(~eOkbTuc<5U%rn7fk9M4TC6%cRdO7e6u{WS9xl+scwCFBW_0QAC9YQX$^
z2gzr4@K!G=Nu3_&0BaeOh@J4FQNy;izmrWZy$)6U9`&Gu8w)If=gFkP<|>UHNwq@Z
z)2X^mBdDbPqbcJ}GyV(p>`y){?76z%oeMK)ayaAdW1(istFZ5|#4W>ENx$#*9d8tA
za@)S!2X3|vy};cb4<z`2P3b|NPvFh3dfRhGmTQwZwchW2jl?}A`ygBS1nen?or#^j
z+Yl%~7jHWh0IFd6K>Qs?9Ln<PwSBIq)*m%oWkjrq$(f0sthX*R{)X8ccaP`>--hfE
zzAr(@2ru@>9=o2WuU}Y5SkMSjND@inNs?q@u(?{;Q#ez&0@x%4W`ekHu^6$dLR~|1
z@wYv$h%9h~h$V^r2|NgdNLyR6V)#1WyvE;P=+W!Zdi}VT6;q9X$pc3SSCU*ZY7h%F
z%oXbOnv0EOiEIgH5ATSe7`rIc69X=0@A=pxj2Q~ehU~`U{6`07c(qiu<kPq#G%1KB
z&QQ)!;+|(4WEM|7s2+VqN|Kdfnc$XTi{done8C~WMqwjySqPX2m<Y2mWMeH%-xvYD
z;yz=XmxOPzv#^b^azaHd8pEd&G0Aw$d?X3}?~HIs3MNenmWaON8ew-}$%SfgYjUt+
z$>K=jWa4GxWn+hL+|m&IzjBiQqatHd;!@yhVcB89u#EGoPVoL4|F=-<(EpZ^=D&sf
zZ}h)@+gcV~>oQ_{_6WSDWTSpgxQQF8f~A5*9s0gUBvd3cCRFG`ofk_iRJlj*^<yET
zB}#uf54uxH3jz-Y59|*(u8vaqk00T?m?^?`d~m+t&SGRJg%<r^Ieh=g0NqpdD8FW!
zCRrj_!r#NT!6L*;z>3Fuj+GLc5^9fSk41~k?m*R#p-_v3GQ8%r;Kjr!A7R4Y3LBO^
zmOao=Xef0keUDTRzR8lQ7GiHFRP8lQE&Vj{61gg_GB))8Bk;e8{U@?v9P9rPiof?J
ziU$*s|KHYNtz!cppOXFG{V^(dfZSDoIE=kyHwoeulF+2vJbdThNRg3N;pFKWb#caY
zh|~YRx(EpFQ3cNaTl93c`f&O_;oA3Cg87H7ZqH}X$6=!{<aQUG9}K1^0YUE4DfJ~l
zjdN(L!0$Z2rty-L^EQ3znu_NY0shtNPB7c}K9<p+`XzHQkT);fJB}$jFBKE6|Nc9{
zXEZlAay%DMH6sfVUUCC%(*rX7iV5a^gk;+xG@M)V+QctNX=?O=XhKXKuGXXZd~``Q
zXGAO8+Dx9KEvtc{0?A}x+M{D4Wc(8+zkg#dA{ri8s(|xEU^l;br~8UucsJMkqE8w)
zV>Q%;hnZs>O;__y=1YVYs;KsftXk{nr9(0_R6gv*AO*AS4-oei{7T&Y%wkC_>EJhk
z6E$<lA%1z$07an5K@8Gu!4do=qI4Im26BMgDbZ2Dy@H<4<Y|y`T}L{^&_3=Yn3VYe
zm9h==e1q$SsNEd4Jy)IT4Bs6j73!1{&aS9j7EaxrdoPx-J+V@>Qd#uH%-Ly4lz;ul
z_Lu#0qdKg9SDF~5SG&)ScghD!WYcQhTr(DONNf&2(H%znQxZ1#a>x4WaF7QGIF3-a
zueGmci}l5MIn62XUK|!mYoErlEx_DYYX{lsy(>gvt%IBWlyBu(GMLUnqPMe{0{@Qk
zm%n{gGN<CT`vX3Q*#%=O^FX$wRB=kRYKOdOksqxt8Xl@c*+w})xu>Q5c10=&i;j$Q
zMhb_<3j9)+zjPXUw)dihrJh-9nRrteXUjYeD!A4lnz9^qoX$>G?DgE17|rB7*eTm?
z-M%c_KA!1pNRHC{z#;PL*}=Bq=;5p^6ZEn6#h1wc=C6K$JPF_ZIh1e75=s<!V-u*Y
z3Q$8p2b1Az@+mBc4op?->T92vh7DN($;(37bU{%mWng89Lq2#bF;=SSmxvq8hk{53
zn#>7ehQ*yug&qH7_ZO-HnjI`U-$!|Ny0LuV+bZ=~NH|39ZF7)8C?NO6ZZKNnHG-hq
zw)v8Kld*Qw!uxEWnVi)2!uwdf`v2DU-L2F~p^O0L^@pQzzI5bDL3GJGvk#IeZ6>h(
z?s>57pN>-F!!4#Pos2$7=8rS+jGN2H(}v~dC6{MR8LtjM;8baE{xPo_{~KPCXZrNT
zvlq`nc>&__ReZ^@Qey1@c#Gu8Wl;C_-z_TCK!-y(;@#!RVv@0^Nvh}kzU0=BB_wzT
z$>f<RF#OS7kTPbz3K#X;O+<WT#IJMY2>85d(gUl1l3dm2%G^p@y6Js3uEXU$j&!`y
znWh$@a4_QV_N23+t3@G63m#+4lq{^$$#_J$Bt>j&-n;c3x%c5|>G&2?GSdvp-|+10
z)Q2w-c%@UhQ2|?QZ+}JwWW#0%E>QC~Z`Mj(7}hB!4W$3RnqJIs&@2hM4HPMVCgJv~
zI-g!Yt_vXGSDrU+C}C*r4$N*(`P8zo{vi3^>Kz^(V}J`L2Ma569ZOtYF_Xw*wZq@I
z%k4Bn?S*JD>+qn(e)`dvefYB}l;G2Q#$0xxik(FNjN;)thDimta7yr~g21&EQ-m{~
z4NwKWF^%P;9i=mx6SBXuVJyaXRXiLloZvH01R?3lOi$XJcx^uZ8t4Z%<y6`QP&-es
zU0+H=;v<FbDE4HRtFsn66E_B%)_QTs;7tF9!8}X+xJvC)i7W_4pKghUo+*j*Neicy
z;{Mg}-KS3{C%Kq+PwE!`awG(RI2LN2-Vb^!OQ!Kw*NCr6jZ)taYMG!##v)`e2N(09
zJk(J;7CLbCMeRKK7cKcO<Z8e(dowiz1>@#AbfrIeu?m76e;BiEK;2zSA+Ud%DN@k}
z)jF9B64@nEp29U)<(cf->l5oZI}dX7tn>s%0Z=>2>+AnkAS)8HEg|OS<|O}?1zt9-
zuvf=F?5<DLR%xVq%a)hL6T&G4B+jK<{8jUyVfJmg(17O~s@ik4&TlbLj@2KF*NE8I
z2BYCNnLX7NG>6ufSGKS$EDe@)?xpo2N77}W0?H*nY+MADOV98&GKI=LhgSWyy#YOn
zoa;4l1Hbp${kvZ;<_v55mz`!Z6Mr%`d@A#4|Fe~3ldHqV`g(EI{R=6?K<B&<sF~X#
zFqS`nyq$Ta6RW>rMVJJJiOY0!4D4W@N7O^d_jsiz#q+MUDC+G0wx2jip|>2PSg55r
z#xL*Pmt5vLe9ScHH<zuyahK=K-$)WNh~HvL?h=Fp#&XjW)r}PGfEux9T8u#w`yTEX
zZ8Oj>E)u5fzfN>Zq9C!qPhC*33b#jzB&goI1+~+*7Y7wAi$~kPRUj@Eh^VXnP8-67
zk*nM;R#=k&q9nZxHdU5?F`B7UlIN}HVZ;0@@#e2lx2(-R>U{`_eTZ;6-P{f5PnKKR
z`^@d{*Jp;kNeIJ+Pv#R1n|A_--KJCSI+BMm!ULA--L~phttvoZ35c$xK!I?-C2s7B
zJNpu91e~7jmYU<eAS?knm}?o{FcV9mywwh3d=rKg)qw^J+!!%!Czkt=NFAc~Ztlx>
z%)^Ki10WVHPnEoK(lo8F^ZYDCzFuWOf#*`ET_d~hq5(!ar5c~fxnkr3UD_p89YQP?
z$}_b{3V4qva~|~1yrWxB^{F=efEn3Mt#92tEn+Pu0-%ww4~`VR`~7)nTB6zPgf0@E
zdnPFFKKm<=I7V_nmgvTe@50cWT?(;%2l=$?dtskh*iEjEuQKtz2p!%#Gw$*<%4UKJ
zVt)~2ur~+h!fZFH%>zF&s0Nyt9bgqK;sk4}hQ_M7DJnqzP@RC{MR=v+;X6+RT<@Rk
z(yg9__#J4enGU1Y%GE9Z9A1HBe1}V_t(o)=geiE%V21Bj<=$Wpc-~h<zXX;nEym40
ziN0S_Ew^?W>VS;hmR-xM)9m0`YfxrK-h{|;7Kj;1^hY)$SlBNCp<x5b(+-?~FWe0)
z#lujingJ%KXJn!&=0D;70806N;chhq<&I1qWUXZ<aa-S6KKIZW2=K#PFrV0Gdg&4L
z-~!3SO%~ks@euJtBJ2?uU&hJ}V+b0%y9nE5^|lIt3YiRJOE-b^^ii2BIZd-deoPIo
zDC+Fu<$tD9xE$3N)!xuWd==dFpSDk#-2h{JpBQnE_K`+N@?J~Z#&_wLZC2|gbp{>~
zJlnh<dfkNvr^vnFtXls_(EiK$8A_!Is>ArnOT`T6-mGUn@TDAT^*=+;zB{TdC_0C6
zuV{vwl|Re=-Wiv#Itz>CEP*Z=TK%>@kyOoqK5~82O4AR^Wql^M1<fTAA-`3xs&}bY
z`qe*=#A_b99WaWDEm9i}167!$!(zYrNKw?~iZqWP&Em{{{I$<ungQpD^%dN0T>LIt
zom7iA5NWMl%ECAr-)}%NE*`PMol=xzh@Q1__6~FAeJ`d$ZEvH2UOV6GM5eka!0(Cw
z{Zu**P*t+zS6~0JhGF#lZQukg6z3v<Usu}ukNeE40>L4C!t{<qjH1A2z>UWwWGxa;
zpZ|B30D>v<+3!c+M_(R$k<pUJ_<zCNm}04BdAt5|BwE~tXDi<>PrKp%YEeTx?gM*y
zGzCAOY#ef}#II4q<ooV0rZu<BymY~%%|Wfyap!I9^#YNW#>zkD8E_=^mrkad@xZsI
zP8WWb%BR_cFylk9WZqrmshdxV^Tf;3_rlLHCcBc_u`2aC`53N-@q9e{W8*T8{iHbq
ztX8L6wa)89>@hwX!Hl1=%H^QJl7)of_@-w1$5Gl#{&trB23YgU?8|rNQf=%qIc|Wq
z|L#Eo!w-R=`p9?9fMEGU{U5$)Z<ZTaF(56Imbmr51&HyAz5Q~|oZ(~)8Oh%mXpB?M
z-Bo3znYytOa9AY*vvkBd-&Zh1Q4YS!s9S#JZ9>zOF!{e5>6pB@_W{P&(_0y~(^~T^
zXKX0-D^U;B|Am;gT5aS1zKOinBC$68s27j1oQRy^Vo+v(Z^&m}(_I;i5gNSP%cQCn
zBx$@M{A7OB7aO%F)v#_oGFwv-w}P-uQwROAS}XHUXoXGur<}$mha23St56P(q-vdH
z!6DvObJw)R62-3=C8Kqo)_F4rx_u|N5Zt~UBev(C>-azItDy}+%8r9>2c@>?pW85b
z&e&5LI%bMc%<f2rD{O8iYDERKVfve5%vNP@kh`9gz`%drVtkp%aI8mr_D}`xrxtY}
zuO}K(Aq7e+?l-A>9t`RUX1N{Yc@FQ~(ETB{xkfr+?*&WB4k)Y<!RV%a_ujyb9*J4g
z-r)w*8BYf3r){SCL25|k55)@WsT&#g3uorz(=>rglv=~&Q^-9+*&oTiq__S)w<xa6
zqwb^SL9`go1$X%)LR@1oBh8I3vQ@uzpsUZNpBWUXwf4UJ@Kns_za^IrCeLYyep;-1
zpxIEOwhhGHHPTHh3sP>qf234-@;?4*0ebVf$I~L;q@!L^9yYVdlGpW4x0RU*tRz2O
z@z32|CyI564BEe}JM=U6U`eqm0p<8d^x^UwH*-|H`a>RIG7^sepoY^(2v{*iGYFMb
zs{~{r{>i-Ra>UO|b1-ItGv}=6%`ZV>yVavzB6R+x56^68O_Pbg)YSDo^KYD##$JXj
z`0fsQScAnGeyUEMnatC;kNv{`;QN=nu41=+!Q^P6GWpScrO?|ielQ394qBU1HWt^i
z=%!7IZj)J$Z@y>~%Dft(qzQiV__T2Lztc3%&JGF6-u1T(|Lm(B5@Z-;TV*6Vya;?B
zMLEtaI5_i}%_XO-#SJYdT&+}%oGh7uD=A-#Ver((njywPI=&Rh>W^G^*|baR791@w
z7e=PNLasG`O=DkUrjV%JW?CJ`292{@GC!CdrM>csvdF1+X9YDwb~`fNX|-6Wbn?<k
zfmJb>JOld8yNUF-=C~=(I#Z>4MOD@04n5TAg?YM1I`~F1#ro$H0lm6|-#6(7Ap+o*
zH?G^`ECQ!LIbhy@N-e<Ralb3F{{6Ei7jxywfOVSXtiMJ(Z8xNINToBEuJQkPuwgJR
zb<p8kf9m`SdfL+cUenv~m+1JXlj|cp;GCTtKjLOP$4{>^{a@q)(qCOyYrkB4N~6b|
zGOzbll66*CSNF4<v=0B~=H`XL{9*}M`U~F!QR7&z4zV<AL!mjg-DmZyt67ImhsFn4
z|Gd@5n+`t7-#aVhT~d#p-Am3XMl=YR=`XIXuP4VG8~MibTcT&msHH%pS(EV(L3MKu
zQ&vrJUrJ&NC_2;p)s4M%LIfNGO!bTkrFOp=8<oZGr4BG!iG9#G^bUHF)i9UrY~IJk
zzsr|1l7U1b|1Iq9n#_JmOH2Qmks{ba-WW%LoRyBzQuWpRQ`OYPovtL!P(Lf24wV?K
zBM9qQE1+J_-P0^h-Xi}iF4`n6vGdt2tA6%zfRtlhyXl7?Zj2+1(0>(LA9RgfjeVI>
zs&{ib)<?tx5UT3_I4OXPoPPc<C+p+71EyO`i3;!4p^Vd(4&lXDTWk1L@nXYPzExFH
zOTaFpAzECfO>xtmrFc5vSt9kT5MwJMh9<J=`^JHyvq*nmt&ks!6>-5_Q)~+8&+$9G
zzn(Ja9Z$>7H!e!-Sk%lcMa6gL+}#twt~%qh;`tD+MW;RdO|HVLN7AMD5@l;Ht{R@E
z6Ls2Q$erLorN-ZK|JJRx&zti8T_}kp2Yp5g_H5Q55}D6a$uA#@3K0z&rlUbhp(j@Z
z<{$RQ<32?C<v!5Dd~?4oGQ2v`^-Ytbe|2*1ljKXW`pZ2#1U?oN1gc*Xd}#~EHSCBw
z%DRqrCzwdr?WMjik2>PLdF2%4VzZ|a=85d$=1u8z_B@HcCBKfBbmy7*xtF?jz`5d<
zv3#^C73q72#_>ecjIHZfWux5hwoS!e-o6@H2p9o;{)!Miso(kpWx;{!?<IB>d@h~i
zcIFj}f8~|dH5k>h5+(6T4c6Z_dLk$mf99RGNq<=>XOkjs`0|;pIW01psnh-2Q4mXg
zDQy4(RHq87)A=$K6$K!!A#EMk3->fzGL3|d1}*nD5Oy88UM3x1{6I_zO?{lLSz-^0
zN;pb*(=59o(BIIlChI>OV)G){MnwLVto4x`OMOR%KLU9(!g7(+HLQZfW?ha7wqZpj
z-FGD%sms^b+>U^bIfE>JJbaO~g@lcP7QVG?koZTL?c*)SMjheu`h<9lo!-F&{YO~%
z7X5amZ2hX{ZP&RE&G+w*+)+tg<1e&iyKnuj(WK1vPbyPy!lL+qO(66XcfUx#!U6kj
zuTzdz=}~ux4gQn$dM^3;%3vEt9v_gTt*(40V~7p2yr&x?scTdPsmE$KrjlMgZK<_v
zmS^ujt%77>T_(hg^*kx0v#(WVRu_q>eb2Qaa66!TBh&F=XZc1juWhVVfAuO&(jRVW
zy&AX8b34zlX74ffdtp!hn-201B|J;M6CvNpdVBg*xii3)%6;8A*q<@PUsJv_i{s{A
z$`*dQi78gtf6MokrC$4HBsX^NCh_utV<@M%x;{p}Gw=5FVDZ3fKUJ*eGQPo@ziJ1w
zgP65<WedvFmwxjlChBOnvJ1NE+2pBTUU}rr#z@vWZk4tUe+n=4|EHvfg&VFNF!FmL
zpcJ9b*1@wU5cJSA6p~n74-6lBu%uj;JKWc>msoBmA2O}4t`|-W8Rq0)6Ix=jGAvj6
zav)to@zRg}#<B{T*fpnu1ZW%ToDyfbe5;Df7DlFaDD;C1eQ5KuTs}UDy_Xvsh^kDx
zQKDqY<uc!9cTNcCMy-VSyJIhx%FWhy>Op?kXV}iGR{3RjbJ@f&)kDhvqW((R=KcA5
zxyF4Pn{b4P6m01@!e@k^VBq|4QU!wLM8cX<3NTQ@7I}6nH=Vh*-<yTKe9ONK(&Dd-
z1y%L7LYE>IA(tB80<>gvgU*^L=wbDTmm++6@Y-eLkS<S%$hb{5J`a99%L8!f`M2hs
zz<alTr<Yu|i|hHv%K=IC3|V}|&)@{wW}^RszquXuHMb>C<nl}Gz1r5We=*YDBqw}=
zHX1H{z2G!zgkSUWN+jv&INk8iZbMX1cKz&R`;oM*zW>;#9A|OoAa$nBMWP^e7qA)q
z+OsX6^8-0s_P;NW_;)%)HP<!!);|Sh+q%<u3W&MA7PIxcgg1`5*n;@jkNCX@mN}33
zb>15rGGH$21hu?hme11IRWClmwgeyPB)Po2bhC7Ci}TY*D{)NiG|Rh+-T<;D<jqmE
zeYwjuLbj|=k=3<ny@eZ)Xvv&T?G+oOpN~~TH6<@or=Z)y&Od<;nWjDEQIY20+M^(I
zgD*w2+T}Uoxm|KWm6UL>`#iX|PgwctyXNx%cHbjqIX$yYe<V2cC=bW2vv8wVf)2&m
z@q5QH(O0-;mFmTf{?8C{*<q#eb4(u(8+fA)QZgp%a`j6aLtRtH<z!%PvxzMp+?g3A
z&U+|u>t(#6lh1;?Z0;?sZ)8rD+Ej5|<pY--wJ{P;4XM`6c+;WrB)Co&rKDF8)?q7+
zUdz%KU#S>BQM2VwpzkCVH!DeeQkK_vaDEgVSuZXa#5gv#GTkwDPv5-a|06a%LJ@Pk
z*3x57&cx=f13KhZ0*8IFCTO$dE=?K1x%LXD+g(aenu=J<xf?F8$IM9U&0&5WV@Y|G
zt9bYFwqrH`<*}jWz3T?uc=&D+ThMg0&Tp<clK_$H5WDfh84-y?;XWthAo0|jJ^uFK
z>gF?^qEh#nkO-12jdFDBJD6d_$RXPuH+f=u+YmCZWiQL-qJ0Gn1eCPTPLo#1`p*V`
zx4}+*)43DO9t=}2fH%;A7Hv;8jY*Clyk6S#=2KLK!;HzraRqO|?n>VfHY^v8*gtXF
zDd~X1s?Zl3a6u@*(Ld7t$#lr7AOSHq5%^mzieUfGI@roGLJeWXvR3omFWhaURE97Q
zxAVzXU@ZLgemh`sJ*=Q3ijdm0+|>O*lalhHg_5j^!p2SA*2(Eww!pMs$+Tnll<D8j
z#p%ktSTMcy;$d@!gxR<`{9M_&ZNwDm;7UQBA%SGNa}ucO<zt;3XY8u%p1%V<nzKDQ
z2ho;R4xt5Zs>48_um@8_@}PGI(<GSJ*ORz&LU3VMUj__M2?^cp7Pk*Lnskrw_Dt{W
zBnXi`5Db#Dr`-++es5Oom9bdtP1tjn(ar}P8Fx8<!h@Sz?VPa~+i!h%u5xk`FP<>i
zvv_=N8#2C4z!i%%#4mVv6oHk1{rNQ+3Bc`sp<L|{c%Z+7I{jVodT!)_IdeOK5_2<D
z2zh9jgrh&M^b-zIJb1q&jty%@A|Y!t5V`#7!>BFsKh@t{TC0cmj8A%*^Ju2Y$%jsT
zn}b)Kx2;h<AH3M+60RkmoqJ}kn+tYhT3p`S?%j8huR~s@rdR@^{B+o}C1gz7W!Ih4
zhv)Y?e|9d4Cuh=94=KQ#jH2Hds|yQ0t%7gV8ZHvNW0X{Qo|E40D`*EG^9m?to0CqR
zdI-~yXy)c#{yhPF92pDt<@k9dF27h)d-)KS`ga)+p^5smtc9?@&#>-Vq{F`Ra(U6p
zD2HCCo77gMYAM-z(m;SdYPx}&>Y+o-T<3yzNPeq)L0C~+j4!ds1p?n4O_mnCku&)z
zNG-QOws>biH<YeP(F+^YAhE|1k;Ro1e44x<y7)c!+fQ0`Q%S<CWr@s#IqzD8l|zE?
zcP4tZ(hD{(Gcqo~lR$C7mB*C&fSJXqnGJ4cgAXeH^9{;LXeI&6PQ+GTRgHo+ZeAXb
zQ3oG?;bl@cU$Izf6sdzI8F+7~X|$Q`nluCtE*jOXkge?u%_B+%swlBkHEi^e3A`ht
z;kLHLgAPTcxzo%@&;5#M6c2YU+#?J_rJ)(_?oT4NSxqOi3{N4g=@L{Nz|b}9^J_=`
z;wE-k6@tYvg`X+_n!SwJ!-gVKhc$0&5R$N`ix147-&A9#I?X`g9$01+{{Ywlwsyb7
z+2iA4?eA*(x9CCKS?s*=#;-#EsoeE8YX|xI+^AK15E(qH8*9IfrWl3MKD)=~=-5IT
zBcWghvwxql*Gv=8!$A^Tr*1_xC1_T6&Ng;j0Pmi8Xlr`JOP3exrFCDYWTj|}x{P?=
zfJkZ?K47;#_IP5U89K&Rt<O*taHYUf_!w^+e-E@0Jde$XMS~NKHE6Jl<MWiHx`ZEx
zk7C-?(iT$~sU-6^)-iP(PA$i4zcLHvo?ye85pz-$$kNF3p80;yqw6uPrl+}V?yIm4
zmpZ@}==rL8ge~j1$O0=L%0R#N!P2xpFw&Ogka&Td4;HN1@zK5xWX0Tb9`B2PD6-)C
zCqbEc+bjI?(INdpx7xd)I<q2=;b*xfingTM+O1|Y(h@hPMcsXePp(Nsc~)IxN{8rR
zGjzGwt|nUUI4;=vDcCnI1vUG6?}8TGa675S$u_?9FozyTPuVROIMl3WwFY<5pFVx}
zK+%EKUErYkIArz<?qe)jk#5pZ7WqB0F!|5^&73#iHt(_bq9RGR{G-@%m*XEQ{U79R
zo^Ry7yNKxzU^giqmivanLGt`d`5x8X#T=UJfWih)pBhI8^9^C4a9OZqiRcLL#5YVs
zA=pQRoyH$mE`p+irGTubgwe=zCOla@{~8Vj)zy^m5A8s_D{D+jQsE;;o3Y;oy;LZ3
z=-$ZVmUiCz*pr9*fa8I8O1B}1&5FZ>f0xDqTu8uT(QjPbs=)^0W?}`CowkG~@SeMd
zD9+rRy}%yE*5*0yzHcmSy6(meCOAb!pYUB1_Sj?R=`;%NBBGJ?8@W>{p`}>n804u?
zl><3?JhbNJKVF1xj{^3CVG`v-Lud^)h(Z$oieSSW3xbzT5UidAKk4Ri($2-b%PN$6
z1;L=VHe^EKJkq6S0q=sg9&m+7uRw(%Jc2L(u|6pE0C51tdw1!y*a`%9v>O~7Ts=Ts
zK;d3C$DP?jJ%GwVe*vfZLE-Xm;3et+{uff&tq-huFuT9!=tg6IP{+li!NS2J!lH3s
zP}YljB{-suh2^}4gT;@<gyrIBCFo}BBPu4S6X5M*>niZx#@5Zp(I-ID-Nx2M;Iq54
zt(&)inxBt=fvXE!AsyDsd>X9(zsGTiv){@{+6GF_9*wKFOg$z-W81-+@^URV$+prs
z2MJZJ&&gR{#(NgS@sF(sEC1zhZFI&pKVlrYZcIrNierF<ot&ID@%B0KJanPz77&c8
z@e_fx*?v5V=tU8N3A8C6E(g(ftdO{VsyojO1xTCcgq;$QOMcETOvYNUTF<l3?pus7
z>0?2|F5=+{R+Fea!$*_=qvsIjIUTE1=&BH8a)Vl<GGVOS>$C|@S&hlBbbC>MIi6gK
z8bDAsW;llW3um>>@SrXeCi41gIa$*;H2Ow7hph!$J-0v9K?$s*9>n}CkK5iP#1sMi
zCNhlLuOtp>6(pGxC<k@UZ$VeFXwcUt*}7GBvYl2Zg+}JZq;K0uZ#mnki7td)%+HjK
zIkP|OOr4(ay&9;=vn!=X&xL;V7ZUaCYF?3|HGq%wrr_?$3R34KN3sh1TLV7~>c4+Y
zexZ?A0*AS6PvJfDtoTMt8<yc;O?hiSLI2LBa5Ku}uJ?=-ws1-7a=IoQSL<f5+S^My
zm-yI6(&jM-C^c?Wf{syThIV&I3nw&+T&4hvGdJ0UfJ{)uiGCblLHruc*~gXO3PgUb
z<B#kW3MO>NJ9t!l?W#s4nA?yfVYs<-L-tKV$~_pq5dnHD8}`m5u;Q_s6BU*@h$12G
z`js?(HEko2iQv_%(4dg>A;x!>Oj^lI!RDOh0sUJ`U6yrRcYDnCcyRAe^3*jgiX-Ds
zqlvIs3H14J#<uUj<qYY2h|9~6TBhqypzO^0hV<X#LDY^UNkj7D9&a=WvuR`1#1qig
zd>f2?cQS3?9X))d-o3n)V1zTw0l^)MA$(Uf5Kr5~j-XVHdR`mpL7!(cyw{5h4h*?N
zWTUSuU}OZEwHgyy=CZF?+Md0ZQtaC7LnP_PJ+hlJz|oY|&+L4xLf$YFK=+d%O6bFG
zA5&ayn;MODoPGoSw`*nnb<K^wy`vDC^+4;VhPgHVvXSI#cs|jg+iVTQPLIC&Kp$&K
zjdPP`+tP&$!86QWy*qLJhi*@+pW*nLhn~>GDtdbI@p3>D+glEwK4RS0TKo*h6T5Fy
z&|@^4UhB<gQNzjo7ZRSk!2~#5n)?HM?U%}b)Z1!YvM%C^$p!U^ZxhgsT?nB8e__S1
zrLJ6f#cV_uofaU~Kym@WF8@<2qL?3Nky{&wt+?{I8R_eeDU0b}k2yC1Pd)CHEsB$5
ze=te&ZT7XQMxP7eZ%WZ?;{Prm&YB*TExV3uPBQ!3NGLdq-%s>fc~kfizq^Ux_Y_}P
z`dc>J{Lhp!z529o1OJ8&#Yu~Ds2j}tJ+EfPo$ZCs%yP0@k=mojVqlgNd|=eX<-I{^
zD0!()>(fYir9m>=!2G`7NkB<P6aHNUQE{TTAlne1IZ!2a|GkW8Q&rWH;wz8HuLFEx
z63==ZJF)iMWUYFa$RGD@3g_VtQa+L~z*~7SPl9VuNdAL=Lz<Q9r`V=5E7cdgQj#+1
zAALVL{Vv~baLR4qw_rsG-^C>@bxgfwdi$&fPxCYG65JW*mM{Dm!sRQ9W${_~!S|!A
zVnDj`Bd1U?YQghQ-xBAfn{|n#zCq%Wg{1%R`(KC@8g<hzko04Z4pmdvauvSaBH&c~
zSnQ%%%!&Iwf{p{<cuG$64Sz{~oLjH`qXDwVCqsqIupo6X>db5IfC{2K<CGgNktCBB
z$f?=Wm@;x1(ea>3G^c5=?EBjD$tB&g@vb*e7s#_ZNZ)J9{NW98TaOZIYe9=SGI|L@
zYnCd7y!b;kh|{?cY~+vk!vNsk8Y9~_nDilfap<uKv1JMOxg8it!cZWC^CtNz>}&AR
z+SXI7O#-bi?^)A^3aa)WWnlMVdgW5H^+FRpD+>%N#l_{z65OOAIL4wZ(jAO-Qd`!5
z!_pb@ve`H1Up8-Rc9a5W_IkJFUb*$@MCg{)8Rvdx_ovk{){MEs8&rHjcK5^~I^SW~
z+wU`tX;uw%jUzy!&F34VUOUGe*SqhDe7{o4eid9`J(ytk4u1^k>vGg1t{xo&n{Jy|
zh6zoT%tZ$Xe9bU>oEJ6oWN}LKu30B>-TXUu^w$`V^+;lwO`pdP;LD5?lEzzZ#;|9L
zIBx~N8b87tf<F`Cjez0fu#seh&By)uOUM~Iqjp!ssI9%DOH-!ECNn`Kr7fuv*%p(H
z+;lT|8RtqhXzFI{O5IF$AoB7x<z;Bqmzzi0$R}CB!uG~pi(T@jZ6&>i6=Q!iW;^@L
z{khbePrzqJ?s_uQ=`AY-_xaYGQVv~ZbB#q>ANL|=ZDDj5iqV!S>TO&~(P;tSK{c<;
zDBBjs7nIfL622;n{7a~;`S|06OIy#$$dy|^c(oVI*ZTgq9PAdJQ#v`c`^Cbtoyl3G
zhszybmuF(3?2MA0H2g`^G6BzCM!wG2owHB(!tbfRrM`re+xyol#418s2Yp0VA2`pF
zi_J(%qZnZ7NbC*SkJ3h9!}e9J8KuDni6url8`bk)nnlC1=Wa=Te|8-r&gj>b1>fk@
z*AEb7rDmkM)GLj3kt^gBv&)roqM720MpnrQT-hWWw1iFGY7R3~^gx4C4{NF+)f*KJ
z-lI*5pNtz*FX!d|(F4eP-JJJmTEtl%l9=Z+%$;YI-;rBpH0BpD+8YdUlJ14$yBzok
zcteaswIWDPU#=5be6!ag82ZWBDuLDXeQ=YbKIWkSF5{!gIPwtbsVivN4FTM<pPLiX
zF*`Eq4d(6ErPk1)TVhvnoeGqF>Es<q=AGBNvmv9Q=*h!B&6d_0Z{HMdNf_eEa?FJp
z$8JZc_P3Y|Hj)>1*ogWLt=se!X6CsKxIG0i{wSSOnR_&T^aqWn$gM4lbr+)$gpg8R
zA?nVQ`J${Nc}Ml*4+OP$LePabg5amVdBW$8m%k}e=Lzs(f~~;HfPHA-t*)qmX~8e<
zFBC!O)gs!!;jR}H7>2#eNeAap5g}!e$`-5}nM)H!go`gh=00aHKvnYk6sF@h^0>z>
z@77n|<l$)Gq&Vr>uCmAATRh&LuecUDsh{8KVA?Etggg)m%=%K*HxlSJd^&xX7<?&<
z==~)ciLDw(Bk))-a?dhy4cpnHXvB208|@*ACtgeR)`#U)A)~ApRz6`(0q|)iEk|l7
zU$$(b($!Z3`iw?wUHo>>@YkQEZ;*$aolMqn0s;m}cuDn>ak|SRwSX;LeyW_wp04NA
zcN_TSC*X`V*n6r|+gdjNe(_MJqU|T+!`BZlm*TLdHR=@xKT?=wS4U;U8NgGpRQpSU
zs8g0Y!RFHbp04Xs_&Pbes4jy0Igi7;-oAgTSJ=t<bCQ`6@P1KG)*&xW64f3yqm4jO
z8gu_jBLdCEcn*t;oM>E}Gu5M~_Er*D3~Y^XfgS9r`*(ljJe3}Q9*`@du>k|s*yrOM
zY~N|HydSz}qfgLByfN1l;DM&aW{sBY<8$5V2k0^B-zXB<DoV3{U4K-SU6<AB|2}&0
zk2aNQ7{GOsXq+n0B5T$A)GG5y)ogf<*!OPR-WXQZhK9sI?c{ac<QwmlL~p{Dzh4bx
z?8L43dq0GAT)LEqKrZbTE2V;<Q?TNHMqha~yU)H_wmu3}ZB@OBqGyd)$=G7r0tPry
zgdsC*zgp1Yc?@4C<W#0zuTcOb6pcT8+t{Mxz8ax2JZ}0HLu!#hHF(W7q5Qfm9>RmQ
z`IR;QA!JQMum6#3yML<}#-E%GRN}p&dNerv2Zt;zCuKan@pG`myEs#<t(=~9O*Tsg
z+~oyn2aA)xqOn4girw6J#YtooUyQ$L7`EYqyNLVfJ{WIzENB`IOlZ;IT8OsazFN_G
z#!@uE8O+m~SNAL4IPY=BEBdu0shiHhF|z9r3V|)}jX$7m7B!7JTeb`iX=UyD$D>i!
zFVYf<TgJ#$3w?BvC-ZTkRkPa^@AOF_v}}WYtVMDo?>KeVDZ<$qW3srv(mDvb$mBSU
z30EeSr<8nRP^;O`f2nKz-A-!dYk>l7u{H@Za%H2S%ZJOQp6_R*wXX!x+)UCt&+^Pp
zcB>;QtJZ6uCu|2~w8RqRgQ=uZi42_~A;*~FQZalsr7H7QejbMoq-+8>@L6R}8M-tO
z-H@f|HY!ziLiBQ)(z1Ih%3wROSl#cQ?pgK9G~@8p^_rn1SgXUQD3tMI7{@bF+yuEz
ziJryb47G474|p3FBf%qMQ<}xEPD^V{8)1Ej#5j{nGK(p)mya#!Yo8}2#>?YcVoh3)
z3=SAZkb24XAZS)&%uiEqFI4R;i;EYMD72C%%nx5G34IEaaGJS4>XhVGLGf60g1qg$
z^N<9_vcd{Kcqc<L-b$4q7PCbu&{FaQKber<TZi|L@kCi&1^@l9g*@=zCMo!3f<{hq
z|Ku>24OvQAex=H#fe4c+WeuuUD?9<-PPW2OeUIYb61PxD^iaCH*&IkwJ?5S$mnozO
z{y_W#9#3u`_VrJaR^}&Noh?p>%@w~zRmzl+cUggiif4xblD|H2XZ&hpg){UF6RKrD
zJtqp7p!T>IqO<;_U{@4E)F~6S`$mrP2TMqg^WEmnL;!La7!Y`IL4OCioTI*icenJC
zf{(@JdYWcl7~8&n!qGPfd?xzQ+DBln^pJr5h(pyw?D~Lj0Xtj>rkz*)qhg1|?&bdh
zcR+~00WY;X#o|OsWG$Q+LSqJWdl8Z5O~;DNiMyjgR-z;_Q0Lik(y&+(zRU|IA(K|e
zkXpV-s^qI&$FSkDja99ik(L*tPO>k{J3U>0eT{I+V}2J#ffO4gI1W>9%eP-!n@-8d
z6zlbP=#&{<(x&Gn0C9zI&@S2AJfv(4ifUaPwYsnkTx1lLj~Myj*3g#CZ+A`)O6DD$
zxxpoK$MkJ88<9!GPjEOAm4@g`b;re+tex#x{EHd3+^-r>9|qWNYP_#}E3=4yvkvqV
zYs9O@VJU*BU2<D+V;L75t&J<C>u;wHL$y(%>@Y+jHTqU0#i3!ej(GuPu~@PpS<^43
zM81HVS^F|xQf7FA28#K(hJ?D-i~3y9-%AW9Se?0`BwAb5;Akcof<SARg?%vQljQsn
zj>XIRxTDX)i2`#72Y)QU&9P?-RecKk99%~$t+-?Mg4LBkU@TFB5FwzWQbUH54!~nj
zv+!C|?l5Z-m}4^fJ24K`G+gp*_sodmxjMyYawA}@cD$fOa#X)oxI)%$S-+~YJokce
z!$2c`coUB<ss{S5j&8y$@-+pthoMW0=0*Lg*?}lhXDcs|OM&|`c?lE@ZoF}&$wRPM
zav0V~R{kl*D9r@zB4Kt_JW3F=<fG6>J0<<#3TLV)DkiGw{dD#2ZIk;4gB-lz(Y{<1
z7qi<qjODXqv6L<j=@pCj@|ZH~${y61WseGvh98nRvBu{_BavTDO>R|M){Smhf|h=`
zr5KcpX1GzZJ~Qf?tAX1%=PY<_Pue3xAv&FzdRH3t(-UZ?>}HcYd>!I1`C40co6~A&
zVz`OAqD^l)rFL*VJgj}+wIYVV`e+FqFuU?Qb`Gj7{`$ASJ!|Sc=VKu_(+lYa+3HJp
zIj(Jii%;tSzCO^wgueoe)I(KA^9$@u)c>R*^7p*_nx{F8g-TL<FIzpOpO(pwpkNkr
zvs*kPYaL51reQv5>xa^8<=Z~M_wLFM-G<_2>nA8yb03dTTY952Y$`R@P}kG?eyvHX
z=+hHA7ypHnU?Hj2<X&|H0zrl75tmyR5!f#58;GbaLEj*RD)^^zn|=ahBEBDIu=awT
zg~7zTS@1l!D|3nO68NjiW8}T#5v;sYLIUFq(K&{T5Pp9TqeXBo5fJ1?sy;(mtPH{V
zFK>SC-l)X^f%GY{-MxCAL}kP&=Mx*YXr8Ke<LN6Na7M><6FadOLy(*)y~c&CT`l<3
zw=Jgna|r0NyCu_iwLvUQI6GW!O#ts~!FYqtu+a4=xzhE{OLoKVYz=d?c%Dmq;`BJO
z4CY*h7^L~=14m`FB7qHwthzoAH|h;~di~E`fB^#osr^U|eEWn{RfglD%tk@CZ&~8d
zaEI}ezBCW=`UJ96hH}3gqMZlhrl@a)G?0l5(I<U+HC-C_J!oc)wB8Po@(6hWNs1|R
z?Nc36tU8;ll;?tMzC5D@U!?_;)+O^lRDh*6tFS!5275(#^|rz;R64RPzxY`M0ID)V
zG3<ezIMXDVpBx`2Vd%#Lk0p~q7~LFClbL@!j@(Idgx?+g62|NZPxWZYhDYfbN6)|g
zUCblBj=tIkrl$KIygqw%b^6z<A5Wiu^Q|Qi9?Fit`oq^>*p9z>_WaA(@sDp#&%P+6
zmK*+Ja9VEoi$UqP@7})tGIo0Tg)yYdFN_^sJ^*H9X|`73OmESKQd7tjYI0gGj~ilY
zKqGV)$utEAsf9<+pDIXvvlYF_1d0LRL;I({cE3B@?wNIV)`QsYpS|&ywB4URFTSYl
zE<b-s+r3`dCYC;k?f&JP(U-MdThr<T+3r0hRcj@#OLhZ-6N?y6=WZf#MQVslhC44U
zN2PUmLBj0Y?ZD`3<DlW31>P9TE*xW?Q!KtX8ihdsFT&r59X<Q&(*aKRyNg$r5v-dd
zmkHW~Q%pa#y-uBgZL6EL^>N?Nvz$Hb?JaC2)O(Mou&^5WvG?;d|6wbl-OKI0^rB>n
znO9#3%AR4Z;4fsauV=33e<^#tt9ecD?M{DSfqhNq`@Y$8cjoyk{P!2K;UBzP7JNbb
zy>P!2q5dMa)fw;mPJc?gFJ!0qzZYMMwEs2?Mqdh9dOMtaAv=8^89EC;$ems-hF{1|
z?cECZeWxD+@9zut1<6aF*f93)p|)<DjAyqmy##MDE3;7!peVDgl2#}<S!VR8dhIHN
zIc-1Wjhs+6f`Zk|=f1})R#NK9r)ypiS%i>d6^no>S$O;l8S#uw?nIeJcqd=m74wNT
zaK;o6Ey~>E6nqz=k;{Zd5nq8D%U_hM#^Gp`uN}(^b52<-b8_B%xT5NM3%Xz`+L}Vc
zV`sLA6a3ZK-HPV|9=|w@pA2}vm=G2e&%=O<DT*O%)=DwkWhF5?NHCY^z+0}if{V4v
zL1*w$)Pa7*s0^$O!XIG@L<Ac$rL%F+pNU5X@1ij_nX=34Y!`Nw?P^6g&NDc9{MGei
z+tk;NVf{&_8RRiB*4jIr81K%n&aar4(5LJ8TOU5T{!QO`L$xUn?UN6Suo<XaluUQH
z-|`hUuh6Ng9&to5Yq+JbX!|RqcBJ>N%r1zRH?U8qRG3lR8}BylCMs<sjGQG_!CZ(2
z$~b%NbIl|R^3>qkMT*a1CCmkeU_G(cdYS(|@mK_$d%;`L0ktlIQi3G&PDRmM+47b~
zb$Eef>jfg^AHz&*7FwXfzl!;2fWG{2F$NUOWa(5@>m_jVioLvFUOFQ7&+L8n#=PTL
zIy!z0OO03p3;p9Cdz_bOY#9~?uk{`6AzYHGlf7<D7lGo#eM6h|&9J)O(fs9`r++NF
z9r-=qeUtPH{U|aNW=*$5oa_umj)^zIl6(0tuz)IlL{Eug=5-F6`c+cdHrc$Fse<q>
zPo0ji1!8VqSpvLj=<oCYaVj1z5W}_xZl9WuSv-oop#WCeN?x{B8hh~wyA8WTpUJZ1
zXFp%cI_K4=0hB_pBbhb+n?v3H#<EqChzAyB!DA&?%Cg=h+?GsI<Hne>xK+0W1rO}D
zfIL}B;%=tnG3RO=g>ad2OYRWhqi{5d+#vP=sm6{w0{L?+nyrW~puEq630h|&H&IUH
z#U-W1>AU~_FaF=2P_&lI<zV?0DOt~-K7Drl^y}lhnLmd0A7PpF-$k)|6i?mf-+bG1
zzW@DA@+YTvd4-=^oMSq3NBK#9teC`5#J4qBFju3geo-bmFD2vEENzk2RniBkDy<}5
z<M2Qh+g^b=(3rv*7U|4ny~>N#;ThyuMa^cg1=tljAvHM>^B`Z`iD;!oHY){0cf|-)
zQ5>kDUL+5`NnM~}ZaF_`b%JuOcI8^_s_v<>L2cBm>J;Zp^$T}~b*&*=uI|(hP)jd4
z<(O(tJz|e7_SkAU_DNN$LqaOG<>XncEFl$q(W5@|ygfJJ+r5~S&gbzO7F6E0PnD8*
z?G8LNQA@ZpkQo%Znh<PF8x_UWg|t7yY9i4B?R0fPO{yKQ4>EICC~1r8Qys$5-kYTW
zH>3U+SSI8U-hLvDgXGz0h+XNBdw^3J(@m|~@f+H+l)+BZ&f2n&O{B@~Gh2y*)HRPP
z`!!6%-3*?bj5>Nz>owlhsdtGa_7=W3x=DI`6>0lnPIa-2S6Uw^t0J2eIP$mvevCpm
zJFJ8QYdUd$`Ml`E|1A65h;{ePsLxG1ci${3w80)c(?b(XZTr&obTJ#wfoUcs@JAxS
z;exx>gj8W+;sth|NY|E5MXDAI8}0QS__M@6Xy}7Kuu1-B)Z=H)E8Vwk%T#rPes#F<
zlJDU+Nf5<WOt!P8(`Nl2*)9N5-clxMBg6>P%dM6Zpgwp-IBp9ngmsx_^JLY+^_C_S
zji9w<Hn1+|xot0ST1K>{8<?kZiKkNzOD^2kh}XP{Cs~7aGp=Ar)NU<@n_KbKi4E`2
z(W!x)yl?!j0%~)Zw&nQDIqTAfPBpJfX2n}SAxTcoLSOW4q&RR8|3`z1*SsLx&}Y9E
z?EV~<^yjzTI9bi-Y#L$B=Kl7K&a)GLxUO7s{NuHZ#r>}Cj<UVuH*u4G8>k@%!8)`0
z)3R;N`Umz2xx}gQ(t%2<OpBcekquZ|H$=wDhT+BW0%dnk^l#-#mC!9vslalGzrq(W
z$VvQR^xJTLVsgb*7Qc5FV~<hz?wa}FL6}cIUNWP_gz^@ZPKRe5q^DzyBr@SDo;5DC
zN1p~%(XlT-eU$DkPaOXMyV#BwbDw({C1yy$i7%o!9A<6*-cSC-xi$GvQvWA6S&U^j
z5?Ap2be3B^Y^f4T0F0LmV8G7>J`L&9;72$9C;`^P&OJR^WH6lQKD<=6utfvWl!<1O
z4Vp^kf}iWpC1pZ>Nj$7FimqT@i?i09D)VH1o!;a4L|qIWW#QintoT9fvxi;9u@f2_
zv2nnV-rQy{`dYj@jGv%@*W*|u0un?xoA!Mg%mNcc9>7bvPD?vxuB`x`tNyJvg;@GM
z?U<uZuW2Q4YmRg}=JBY9RnW3!2d7+-)kWiikX?&36g9e5<vKH+J9trx9%c6{yKkk+
zY9OLwj2FhVahg>`i)@>mNrb*)HS}l$I>jx?xWbS$X0Q`K#_m(oaM@mzf+{yGq7*z8
z@@q8w*<J2jd4EnwHm>czvm>Z=_0#^q+q>s71^`(qsouBBEaXLvI)_Pdr>Q(ctHIgt
zvt%RDpL6Ti^}!%&eZyj=?ycGVv4;MYhW(_WL&~Px6-^i*YLg)q<^h<5w_+8Y5uxlk
z5CGlDgc@W?c7mEs7+_?R%rZdXjIgFEf-W$dNJ@{;E05N-QSVi}8&^mqUV1k{7^RlT
zmI-aVJxconOY;55>-pf7hfDSSPRr_Bccef3aDDcq0g?O6RtGQ6xFW#MS+q{z#}-d1
z^cL=!Bl}S$?1n|_$i>AZwWa2qYh)u`1cWuhAPrK#-232-7Z6=sZ<?+~k4ghMeawpA
z*eVcY`-u;dMLMX5CliIsKn7^0!I>tk5-><x|EVKY60mBr;Bx46(x)uN&c|rI9Y*QM
zLwF3=+utME(|A2iuzjcjdu#gqwT5>45wRx`Z!bdjTEeb%Z6Y7>#~OduDi2DruTwNr
ziI&pnD-?yEi=*^}eD<qD9}~?s+%TXjJMK<`s!}-B3ZgOtDFdRY75MB4bgavDmP2Qz
zLub|sbY^=3oq9De%RvO={1w#&4N&r{Ho%o1e#bzwjq#~~mvm94;2P^5D;KScz9_#e
zy3{p?UUsr9@Ko>>Q`U@a!qU1xX*n$aG1tKOk9iyTmJYd7OsiAxli-tw&FHUF7$F4@
z|J(wEvIFlFNcP1uOHqg%k|filpvt<Co5HC$vJNZf-K8@kyAysjq_EUm76~i1QA7-q
zubzW!wsk1mm&GfEGUnu7yh<VbOX9Tv;q0h8#YFpZkfkuXz>t8kbDE@J^4vD$)xy99
zJamJ)NVs+QS{I=-5<?k>qyS6NNt*&TJL*pH&%W+oElQXT+-VA@G|1zA6T&)$B#meo
zgc-q)KDGkiQW0;<5V9{-NbotJogXOp#0&E7rVxTJT7XY(*quV?qw9O)^C+BchDW&z
zRSdDyFOk`9CfznXt^j67f1DhFqTjePF80uF^&#-?UeCkPl)P|7=iHM{h(n);18B=X
z&o5s&(?nFuHqY@o+~gG3i=OxB7^|h-{XNGs5ddR<jOJsoi4v$4k)R@SOaVW2PpNiH
z3x<r!6VM`C%94BcDZ1q%*luu(dA>q43qQGHu7Dj3jR~6eqg?QyeIyaEef#&`Mcxet
zHmC2)&=wIJo!MC(Q0js`40~v#4czZCc#TFXA`25@*H5YfYBo>i%a-A@3<|8Dz$mNy
zp(n|^2}H_ACW_ci6L;xp=MYq08xp;_D=)K3Q#MaKi8Gs&N918buFQeKH0MuO4#nid
zom2iSg6qsp8ae-#iEt`Q7vO3BNGOD8>c(&>;FC7%+Vzxp4QmI3<rldwEX;0}>KRm?
zX&Cq`%sow54BM=X8QO44Ax~I<wIXWC6ko+l{RRoFK-4mZsWw7P;+0&T1)R7=Q4zUc
zKdt$a;*TsjxB@yr`yDtR`3nRoH=yjL5ynCKUOa_;^2oV5G3!RYC1zptr8!g2I3E2;
zmzdU?t$Zu9gnxTtNLuJ3AfbYaRTr$N+)K*7%qflL<oPzp<)#&7WwxQJLfEkEu)O_g
zN%6FHO`(>!jJ#<!S59E56EQ(IJ5NY>xFZHD#+X1!Kn-K2)k1H=D5jzc{MlZVVYkSr
zo6Cv?wkz(SVt~amBX=na?5j{N70D&h#BLl_qro(g_|a}8RYb)+mioCZ2G5bJ9k!ky
zTi`)AgX^$rUn)_!(ZllFz4VCHR8*FGoourIT;`E?Jo1i5-eJW%?jvp8g0jAsr8lbe
zg+1xDQ9=cIDUKClxV&Flf`1b#@K{&lv93mSor}iREoxQnXr*398_id;M9rcHOS`>S
zoVtYpHfkf3%l=2U40xpZN%Dmru}M`^9=Q9O9NDwI4yAR~ioj<Q_nL~K%|%0N*BejP
zI8AFb1?o)G))lx8nT;w7b#g;yH#w78$nzSRO>=Z)>K;o?@B&-;=K5-9xJy;$xD`9R
zN<vdA0$+pSQf%%l&I0YUM(x3SlAPjn2rVHx)Gi_|L*Um&%y$zUFJj_}j!F(g(efPy
zBxIphKP;hc#Ub?YBg-LatWkmKf)lzyRKeSK*Ih&wbmY|E#O+)Y0R*|L)m>EKK_Nr8
zA&-pXaO4qmMU5vdNxKa%bTgRLE4JGXP%<@m_6sV_P~>4?gmn-5nwbd?AvGZfDPdmN
z3|bF1jy?;lh7{(35R^-I`N~b)y1NfWte6wIOJ@uNs8|YRe_Nt;#p8`sgw>>eBM)sR
z(w0giL9}A|VW5nE$uiVi0K~O)e2b{4yn+};ZOyRth=t>=NII9Pi}w-X9uaOU2-lFn
zKVsY?#x=w^EoS5q=N@scdz{ny<g{W(TGxyRwiTxarMeZDBs^YX7%XpXpsG`hl$(0%
zih!Z%bxly3n)_`k@Mj>#8^A}b(7C-82V3P*(L>DrxP{(Jj`Nn{uW)HgFJ@ait?e}~
z+!%a2Q0>w-e03lLmpa~%G;mL?$aC2U-y1u1g=rUkyE61$UGKxeVDLn4Qbi{$c`!iJ
zEqiIV(0DN#u{fSAFbYfN1LzInw|PIfi+fw=uL5V<XutS~Nqd4xJfr?G*WUtGj~V~>
zJLBJQnvZ$^`<nOPjF8(MX44$slwD*~eMwc9Dd~cg<45Xnpb`XQ9*H(hlKIK;aT11p
zJn&dD8HCZz@idwF$K%MIBuDt&QHbRdkFaFz(UJ|1$gO|$^k3SLG|!trb|CuH(RV+4
z6NZ%>F9JC7MPeNhB75EW;(fYEG_A6BIG+&B6hQf}eJ2y$hEUdN4+eb>L+ss2!LB0m
zQ)-{tJoghBjp=-!R`LIkjNXRJei}qs{L%Sm2R~iS-C%$$Ky3Wb438aTcFS|xT|d>b
zt3q+sy93D2p*udK3dm<+F!62{oXAO|(O+gh{{LGT3S)z9W9Hrs<Irayu+3O94S_u7
zYBpCxi~g80Z+ZV;z~6ZkqI8(v0b8<O8Z-JfOs*F5d5FwNiyLik;e)c3Zzc9r9`~6W
zTrzh|-{sEulI(!?QIW7O;KkTlulzD(h8B!(9>$cI1Kc4*O0;A^fzad%UtnbJOD}-w
zGOMRRbmlV*>TQy95DCAV)e^P!fdY0n^VgL<H%$COG-?!};q&J<?{d>0-&NJlb2}Dc
z_qa1k_d9WVf@zM!Q9KCU*o%+CImmFxIhS#K{QT+DuaBQTJLW&(ClHC?2mF6A*%ADM
z-6coQ22Tff@wivfbLbNqcwpsjl0@DR=s5*1l0ZgT1P=TA!u3<L`AJo`^#A@Z{@(+D
z<O#C&69RR7LLB~tGxh|AJ^5vs9Q2)opFUk5R1KK@?i|xB?%dhj2QVRsamObHI6G?n
zz}#pO!Z}cK^XO)nr8jZ?7zJNt1<b#+rlLK1C3+ODg=Px^VhUZr8ku@SoZd@B&(1#n
za|X1VLN*1^Pn?6M*bs;A{0NXLc5m2`LJYu&-|>(#4z`09`{+ehNoiXog>@st^E5D4
z>62NyrbJyrXy-8ARMKtI9*W+TaphvAdSfV+&&bW)-Z)pnV_l!94>2>l!>)m{3@+Kt
z!gr(BcQ^@e#sFWjyTL{L#!W`kszg5YB^`3u^__n^_<#R#di3w^(LbIZ{qg9p|M}1V
zcToBHpZ@oOQ<OMMP}rWP^OGdA9EZ~==Sbus)tMSN=3xc(@PxEK_?ZPaKw|&NdF~Jq
z+C0kljeF<K7Bl+p3gp>~;N=SS66&^LT38vus(r&XoZHnkC)FwQ(<Pg*2qWUF)0gyD
zBtE``+sfR)mO`9KO|6MVl>a{QSajyQAcqS135^cAwAz{Ii+O$oyoMHC!}@n|^ce!b
z{-j^AcocbaP!nq%GOK0kHznL+i478oMaODYDX_UaBHfFjw4OD~&_+o!;c-!EBCs;s
z3xrVwa-Hm4!`5U<UR*0#<uv*lwfjl{S>gcA<P$gduF8;9y#OH@(ro!xGXkA%Z>L1s
zAc~bln3$4fVmag1Gxpa$P7bU0QF!as(6C9I%H92Y7XPD1O7)$I7lE#l8ZUQ{(`qa)
zdQqc1<Bo2BiIi5O+yX+I|64_}Rncd24F!Bne#$4+*<{O0Zz`!u;UcQGq}Isjt5*<!
z%qPm2O{Vse@tleQRSg5G-=o|^mE%<b#}L$`q6o6Ja6q9T9fM}M!Gb2jzmoBeTg{lE
zOb0JijgMLvB0GpuDykX^Tc<!OsxH!z^S4d7GfMM|vjse4l>w2jJ=nauB<EbTHuCNr
zT5YCK2m$bB8ZNam!(M5KD^UVjv;oj0tWQ8oX66s1R%>z{W#Gp1-K(_OCJWPYgsNa-
zSdTo%b&ba*ohOuE=;&&|Ca+j(LlbMYK*uZ_s>YwfJvk>-T?qs_4<o@^tTYwSt_<9k
zRvn1$BChY3GLEjL?-nX^yxeAG4tbe>VBCX?CfHPatsPy-O+#q4c04r-a;;dZ*}MZe
zpx#u>Y#o&#4^9gfPTS{kbDo%Um98b<cN(kh@|o9bP~>rr*ob+zoX2dW<Sv1Q&8ae4
z49kSks*Lg(w+|JnvwfPI#Z|)nM`hek&FZ4Cdm7pwOEOb%w}cTA3dPdJnc>?2mk@64
zKbU}gLZC&nc1FbNyyUM$;C6g___Qifw^UZ^!r6VgI+Ck!Og@#nncs%j?%LM5I1fEu
zjL+q*2!2_X79Up^sd>xdJZ`VON#|Vu0m8gl+3k$y!o=vVQ<tN350&~I5!B<83Wjbt
z*xoKYlG!OK%G`B&A5*tudbJA<$XedTD(R-wyV#v`(KPYB@)z3damyY>yRoxE%I2EF
z`p^rYVS<J@<P_Sj^s}KiRB{c@EM&DR=^bmeT}8%|dFu4Ce##ziAL3*?R>%dpx#Ft>
z=Z(8cO)WW%pZ6e0C(z0~!z5Rwwdu+`Fkr<DbqU3q_$;|nUsQ9GTSq=zpCA1p_0PIe
z>=VUhPlV>yciwAt$kb8?PH`34J`j9Ws$vnUS*S*+h7Nd&SW|cDuKHQ$XTGJwhnUH>
z4&0oJWLSmo%VM}Sow1v#DO;#7SJ`S}y?3FlsJi>vA7fjgd-oJNTV(;e-EA#Clg5&>
zEpeSVLs;78J54!_zQS8m=xOS+O@G#1w_LB?u!^kx;@DWguS~78wk7bQxNe;Csn%Le
zWsbUDn}uc*noh3$P7;}Ii8!Mk4>IaD#;BrGRTYaj8`0kbIU0F$*H^vKq_Xe43YqMl
zHS!l@rdOclHL#5aua2ncC-^2yN`<^nKUBM18wm(BZv7fv6;?V6D-S1JYa+n;jvGdy
zEcwe-;oE9_WwNK2?A>okt3*k-4{!}h`TVu11P4SnO&pR8scVhoXv2mWSc?C<A*Wf}
z_HN@tgpUy#$CQ?Y8j)b+gIZBUmh}_zPN-A^Bvg{+_BT#{Zi|lXAIVC^tMY<AqH=aq
zgM*m>*;9rvT~a->fpTAVQo2JZ`}J_IQzPDkAVplp*q9U%UJDiB(AzjtiQQoqU$K__
z)?^|Pj;+c_*z1_3zVB|r@8J3IV#Hz{@tyFNMWU8#Fkd9SHNuZg%?ngy(~?QN-;QS=
z)t!m;!Zqa+Ji=7Rv=D<nW5t|}>feMYfmwx>rKP4Qu1vweeh5PZ6I_uw{~+4XZWPH>
z-gAYB$r|V4btYUy;m#2CA}1V*CSjz(e7HXUgLLR%7y{`|hYHP}toPH`qBO?6W`kYE
zxo8(pTk>#4Zp>QkdAAS%(_&_tfcqva=prDc9=3Y}IHC={PasqNrtQak7fTAYU~jag
z?jM!ukQBBIs*~50XI~(3K6a>G{ofZ}getKxH*FwA?xn+Oy&18c^!;pgED`kT0NW|;
z8&>!3!W2=s45%oE@>6wdzSE~P0dF%pvR2nhVQpTMn<e9_YE3?Zv09%fJ=Vb`zZ_SD
zkNjz&)MCbDN1IlN4Rq~on4IH=%-bh<O$h%}x=ny?T4Wx9A<$~PHk5rZ!cWQ`vUMsc
zPN^R?F89e|z^{wZNMqhik1h&dDy#&CoARnboDQ`BR0Y6~pp{N=Qh4Ru^?X(WM|YB-
z1QSs=NSAjq+yGX64)bzA5x$<jeU&-Dv9$0~a9{o?ZB(+&&3lMMS>Z_Yluu-|oEu9D
zy{&7uMncS(5j1U>ud-j1_tIUlTSh3*=`Li*OKA{PZt3Q=iXiS*OeI36$<|1sp%Lw}
z1sc`5s)ErwRjOgNTy(M(2OFru7+-}cbF$I_IuGd*_PP21*O)~Sd@16>8nuXxHB#|n
zjgGZ-(?vFsV_kBcF^PN|0&aCua&>l!@~dqY?A_$(F%Gi@Ck$B-xa3@`!7fiqvyqWy
zUfs3I*dhCFVkA1o`DCl2<1!RqFOsK%bk3izRoUAx6?;9V<obO!C%U2+U`b+0r<b~Z
z{#LzPsP~wX@fM`ZbFcJ?%v{qF*BV?NmlwBdc8qvg@cngYVjP{@9Lby@ViYAh$T8Q*
zCe2a;Uxr}<jL4m1hzq+*a;~%!lMsQ`rbsoUuxWU@$5~mgFKi(QiA;}GqbyP!CchX_
zi823mR*T`U=8?0i{Fbbkg_D<M5ciz_^}TTDh&_oP<c{Q!RTD6f#^mc8htV~2A*S_d
z)-4#JQGm37a2^)D>x`Uc8d6lpJlWmGsovz_Mr`m<Tt0qjoF`qo?L<r7ofMFe_B`2z
zR|5M?rOCyEA23te8x1aA^Om<-<p)l{*3^A4iE`ZtZ^go5GV5L|3$tM+o-5VXCSsbK
zHaosHuWlO=g}H#tjm5?xL$0+pns8gDQe|`2CAx5J8Mc_!2zwTDhf#cQu8_zQcgJH-
z6e|!3<J%00k-(C*jU}+UsyVYg+M|0$Sf&>B_O(H+W=GlO*2}|lJxsL{7*15FcFKaI
z*oRmWryi)9J)0}8>U`8+0=(MF5*`ViiO_9A<nGhG-7A8}jTQ~UcD61yp)-XSJZej1
z+Qj#(+l$1qw9L32&;VYrAinpsAPu!i!HUMeWwuj7gBnv6QtVoDiiJ031M0P#OSl(w
z=#s^ue=8u6x@kIrg|U`tw<PRRgyU?`HcUhRoEcb)MVrW!xeel2N-syz8kosg=Kj$Q
z=ueIm(mFDyT1DNm588!9rl;RLI8qyfE|R7vSDNS76W$u>(UqjPDeY|yXK~tsPn|EI
zrFzt8Cd`~?C%H6bVL(=sX%=yGGEb-!8kHI%!YAC@`3`S8lLWPstQ&>6YjH8F>9!Rt
zfVKYvtOv<P7&$=-;l@tzdcnQ9%asdLXx!Oy7n-UjBR40IxNDix)lM&;^#v~5Mk)J+
z|K*#fe=MMYh={@8&RCT2crW%`g|?)jK0JW5g+L!|9wow-1!=e3y-<>>i(rU+RyDPL
z<IYQIgH;Duqb>B6N8i98e|xUS(a+quBUa#?WeT{e1)=D?rUBuVUfOR=g}ULq%El96
zgTOvvRyc(u3`Ma)=0uBtOnEBfi(w}!H}ZV`dkm14l{RHC4^?c5!{8Ge5@cn93Xc{v
zmL~mFvj?o{+E;{jX^A3UK8wOo#1uX2{!Mwq)oaZ&Pmy$P5c_ly+|ekE#v+G?3je`@
z&Sf7%lH1aUwIK*}yw?|tF!K;!$rkVp=ZqH%j;oxIvLB$F){Cp^v`M$^<<;|VzIDE*
zq<&G^Yq?wwmS0gpujfynK0AK;_3_=z9|Mq&W?{sB7sc*TJazFsiwS<LKf!e7j;d#9
z%?X*F!zND1X5{AGBH1;)kxSSf!D&cmn$Z>tlb%O-f09)i{UmM(hhsivD{Ba<N0_oT
z=i#W7F1?n_7>aJmA2CeKlGfN)2y8|z>Qe}D^NGx~H-Sze_yj+ePw*g!g^&!$a)>1y
zt7t{`>nh68-dZ#hamvy38(<&kh(k*2A+N$x-?o}5`oiwu?vQ$wH*;<1qcp}BT{qe+
zuemAX#d(J?@&xt}YkDf1g3|z8yUZolZhyVL56$p@x4g0e{_|65{}vdRWV{9qxk*9H
zC84#ZTcS#0yf$K*I%R>6^>MiaTusxKHNhGc-TB=2s1FuM3k2+fLb}#$C8}T!PRIN#
zD`R@euK{?p$pmrTSQ*noexrCt2gVd8Yt+NWUIgPIC}eH_G+#=cM`*4we(z|4&W6rC
zKdI<g-&}gWV#(j0>0<MQW|EAFD{kR@;aA;oi>P=$9O{4V2F|phUT2kRxpOS3jp59h
zC_c|ztGpVtdLxQVzmBH9)K(eZjs(7|X&5Dnx4aihOjDUpDM7fTT<Q8XR9#H%F_DnX
zvW0%|3sCNEJoNAuxe4VHOM)Ga$gV2bViPC(l0{5boUrY5)2fh*LMf^sfbP6ZRO<0+
zP3|hKBwqBH4ld%07}54!^a*p-uP|5rP$2G;H96HCVJ<4^_W*GRZ&AL%D*LK3sOZlT
z{6nIs#=J#XyjCVmbs9o)g_!?{ko$>{XRdTPFyUyb6<i@2IWMQ)XsQzKO+9i{;quNy
zU%LZTnt;*>N_`73@lu=j6GHSsMuT1iZ@gfERcmVyH(?pnTR*9&X`o6oKH|nz&gInw
zE%n{x(hY8yL9p>zOorRQdA8jfSyuhGDI8~fJSWE9N&rQwnbns?F{FtXcnO-8Tj+tk
z-_R{91hq4RVd;XTm9Ku^b3;Wkw01NxC$PH&hV+J>53}&DP(-IRrvT6|kR+VZB2G$7
zFq^EB*MDfQ%okN?S#4J6i|Wf@Pe5vnG!!*GH{CgxsshHwY<(BTd!???2Qq-wxMXD-
zkTj%i(g1MnKC2J#EjIeXI7ABDqAx`(ZMl^t|FtEqR86Hvg<@DswvQooBja?cPB*q<
z9VT98jNf?>p+{2=a(BZW8RI!YfCsW7orE%py!qhS5Pjw3Yz~b!kgJ-6Rh&3)LT-s-
z7lD^>Z47Y(Q=s+ke6^z2)*#`?cjLI=@7V!lDow|!t3R7&*{^!(XD?2EwM3BLs`Hl&
ztG11<-0@Mq=O)~Oz9Je2azc|OJ{yo5D&iYBHQHxiF`OBbIx^Q@-&dxUfZ*LrZvAaY
z#!AD{v;L0;gQPSNh_0~wiiqV#=~7q_GLLAdEuWe(wxYV|PY|qOou~G)broeO!E`Ln
zi-q@=yeBXIKt;GPM!fHce)h65@6e5lfyb3$tJ$wbtb7`^PI1k%IR)OR6HxdmOt`I|
zlH}stkAOUUggT#$LQv+!R^YD99-GV(tq0jxE#~LY9iNecaux;??`FYc26Me+-okK5
z@vV!wX@s$cCRhV%+^u~F%WH7)1F@Zh7uY=*bxEP*r!MBr`>4oCY9(a6LyvSt3mQBK
zsT3iTF@aV*`dTza{yBupijYO9egD0q8Z-eUdj>0q^C3_l9Na|AA5uOx*YROn#E#^(
z8HvY@mFk<HxwaCqcRG4`9lJ;gtXd8>g)^k0WZ`YylZ1T03hk(mwO6AEQk$0=qn+H*
zv<mUW?lR>`Ya^d?kik6+vvdh>rs$x{-NOd=TJ)Pfc%k$egsO;ICCue)qamYc(op5p
z!Oi%UeXBIsl3__?_0R=h%(+`TVp?DM_{90Om(Bi(d%sl$?O^9<4fYl>mGNpeV=&(c
z9(R6~S$n@(yh%Pc`JY;E>fNSMTx9y^U!~w%H4;X3t^vcb28T6|Urd~XYzJ)e{9%-n
zY@tChL^eUNjk}fGb-=c%=GLqI!qD;sjKT(qFkFg4#8fv~g<;Q_8?32xCjw3~Nau+d
zk-h^|49HqCI0v53_aJJ}3Qy`2J*Z1Hmyk7dyDmv4sLp0to*6=&{q!1Z-NxFCX&d&Q
z4lvbqh@jT_DpVDk;v%>Jzj-D6hCmT9B)b8IntT^PNSDDfWJ|z;7Z&NHW?q#zaviP2
zzcqe(7N*TO>Y4y-3o2N*`#tx9G1pZlUKH0z;LPPflDngznv%do2I9um><vbch8B;)
zNV(^mW&xYbG-*aTm%bW;wYCX`8cY?pC2d8G<-ZLK9XwlC_Qv4YAkyr+H0DrsSmfe8
z%9IiYK0wnj8XFu!B`ncg7y&~!(163cM{v;gd4YW=#LX@}gK?<!qRV!ahrVw{b2?}*
z&go6-7UEV3P1e^`D?8lM*|b?}kB#YH^NI&qAZ<+LBzWp|5N=M*R6tY%eYV09-4J|e
zLz2;zvxT2{^Ac^j0S7`f;cag~K%ItTZpjkfQ$)WCUd=WY2n_2nF%Szd-w)<dN6D(<
zD6v%BQULNQG!K`>)DUYQ9-}dZHatLfBgO4UrejgoX5VPtT0$m;VIG^y(*lHNy1T++
z9HlyrU9)z|)eK?l*w5a2aCcp#+B|G_gQyPOhrd^m8^uy{HW39|P0h0#S|3*QOub|i
zAY8$Sz5e?GM3h5{3hHwk^^;z=SuAzks5LL^Lh}jRxu^4K=iBsV)(z<1mD5$iH0GJ;
zRxUy%ekmWzrZE6nkH6jNlEa6`$Y7&BWZ2ET@tcRl+F|mhnyO~h)S`aVsz^zR`@ELG
zy1f|Miall{Mzf)yGSq)((V6Sw0(q1s)j{Hp7)o@+(-9q@wLY%7MlzYIl8vH@@P57c
zAd^4%JgXArtEw4wCK_;j@ZvNrhOMP*X13N=)RL!ru)6JMjZ=B!l8HL?QB@)T8*ch(
zs=_zyBG4LfN-bAfJn|l?t{LADEp}buXQ5b?w%Nn~J{vfO_0}wDYDZ$$wd=$GJ|D>5
zeo_!Ltd8dE(?N-Ua^iXx&R{Sv4uiovtk&lGmDPCa&3Q2vGvYrQ&G$}P-AG`MxwtMb
zjqwyJTEexW74J|bt|BBPZ8cDdTj&p8T2N&Z)|w_%Z7+>1D<5?x=#|(DH*!X3fs)ih
z9=E-H@s7(fYXv&nc#1s`{M1>IsFyo2w<_4OiG$x->f;Fss_kye0j7C@5T{7xSTQS_
z7wEWc10<TMMCB&q`zmX;J<(?wiq~0#(haY<WdXUhX?^=o4y>z+rMsu%Vz%OcX%4U@
zx$ow7Ta%<#L19UEsFzGDR{uvbw2lm|Z3fc`9TFB%gB;nlR;>hS3fkC6Y?F#~YpQu$
zI(VD@c3U0%dgH*@LRd{lL9nD~^1ej|KeApt#Hf366}QY5zlr*U26Mq5O7!8q(0iNQ
zccK07;J%**@e=L0UUQY%bXH_H;s~>cmNPqhnTBlZdPK@RwFUWeCJSG<GpO!nT<{^c
zWE$a)sK(=R)Vmn3G0AP~F1MFWw0moo0&PvE>y4#2FI_3t-5)#IK@$tyTg?KuAG@F$
zl$iKdcPqR+8iuq|pOi9DMr$lyzYZF6#-byL7oQj}vmAc#AsM|5mmT%yssP<}SQl{A
zi@hf3+JoGA0djBLyN?(`vQ^k^64|xeD6Sed-;01U;!YQ1kHU6RGHkVBQ3p^GcnVyO
z!ezi&X3rJF_Owp86d9PN;&pBiw%YEls%P1qg>vif6R@&owjCJ4T8ABdugkF_<($F~
z4ABRmI}WjG>d0S=(>8wTZNPxqu@}#Mcf|uDK#++Hisr7)Od3PgLyw2p{16NCQV}bS
zo|=6PnLUz;Kr7owUEabFt*hup7O+)o+Y3~><X!0CRbJnn=V)g>T>!ZI)sH72sm;h0
zA0+I~x`NETLPW&6a^saH98;%i=!<-9t+GCk!ga=O;@Y6-h(nv}=HkO5cR$==xJdXs
z;UXGQQIau>6E7%hTHb+p!h=m)7EU}Gbl*gi+*bEVFv*|7Zp9KKp!QNI*#K_z{lgGR
zEY53R1(JJsfQ5M<ia1h<Mh{sSX%h(_MUlp$i0om~vM?fBne3Z5QrPZ32_(g{*sVxX
z0<66hN;ZNWeg81T600-YSHa|79%5nMha#G+L8XT*oV1IGkK##v@#JmzS~>07l}+5#
z4UAQUJYKBX4V-jBa?)*=<r??97s848Bz7d3RDfx}#FCAnM&I9anZ)|E_D&$Vx5rnQ
z_ufk*7D)6UMUnPV@KFw_FNa(*ymD}7&t1=F<CaB{0DExAF8A7eXYL3Cw6U_zmKki>
ze)mEYDLsrGNh8(3+Ao2m4cO85_gp5ab7p%dmfYt<EX;fFB@;VTdXU0NCy4kcpVXI6
zRD<O|v(?)$Imh}(o!Lvc8%Jd0Vq=(G{Uv88Ac0>?Zx1iYM2(B#vWi38E}yOh(q2e5
z)yKFa@x}sd`z7PF21WY*o(np)PjBy}oqK<rg?aD2$WsHU9;DpU9ZEh5KX$^8Jb?F6
zcngw8bnYV36}khJ;KdpBk*iTlt1uscI7VrP_X}K+@2GJSJv9LLZ$kKLIx}XzUoGbI
zFoJtO43ir5NKaJ<H^Yqft2GZ&R{pJlG;-ePum`8ZIP@0@d*cP(Y%x34`_)|mu3rQ%
zy(B&lBOC#asE!~kx>d~h(3^vNAlAgCX`aIgNE6GwwIbDZ4abi_MF`pV2a>mPNqY&(
zD<dSg0ll(IYeqw)2VFsOja*R%Nlv5F%WGS6qFG5}$r0)haRX1_Y&VwFdV{3dYNlXW
zucECUfTE@hN}5=9D&{9**EUaIlG=}HVd}@mQ`N1>kbON{-z`63YbBg=ld4^JF}2mS
zs;nB-s@LjPwYQFUi{#zp(hY9P1B`nc^92H6Ji`VrSQ*W&QQV}I2w6)Oh9V1l0<IE9
z&>^%+m|m+OY6CDuc%Y%O1_vk=uYqvYVI(E2+8SEs5;fZD@&|@ZjHr9N==H!`O}&r2
zTVR4PJCWY264G0%^IJWRW8kRWH-TF(fhe)JTN&iCeup%p45Dltk8()Kk{;!dM>*tS
z$sws`{wRq&N+LUyL>`(DaLIh;#_H>82_Qd+E$9D)#+V7<Y>Z{5mp~6U76PbEV4`(M
zMlLpjy#$LnZ=@valnvR`z4b!s#Vh*@S~pHB%sqJJ#q%&N5&AL=andKvD&@w7t-aXL
zK0`jeh#%^>iDRM@ie!f-g`SdaTLlk}e}9wwskJVRM(&~YYAhrAo!VZ>abY509iMz#
z-ighTV69=DNJS$L#eKjFD`U={p-5fF%a)MD#$|ACu^}T;SI9ga)Uqr!+*lsJcs!PB
zYtFwD&KXZAi9x@u>$<M+DC^Gfpq9~KQ|YY~VA)_4>mBX9FJ=V_WSgQau*<Alrx|p~
z0ix(f1}{3wV@F+Y?QT0Ed<9!`qsU$1o`$Q$o-Y)PLiO~5l66z7R^3EX&;EmJP#Y}R
ze%flkY12EX*}w+7O<UcsZEQ2G8y7Y<CrAdh6SG1SaEM|9?<7&yfMKtO8DKF0Apric
z@sDmiJ(Xvf57i}~brde+`?+>u2xyM@UG6}~leK{Ejs@a3N*xD+{U85n%g|tm@nXby
z13pP3i3cDv>v_R^k@SQN(U83rr3jtw%-vYDU2bp~9mxXC+6fY@4qgz$#Qh*V*R|)t
zXQ=HMywhG=RdH&PTeM~T<l_#0X2DG|?O_j)r_IKGNAan`j5OZtKGv{KIa4=wh76;k
zkY|iLq$cWdiDiScXf;p5o5-C{SA!zq6U}S*c~MvxcBZ2~F1*b&Y|XpHi?W)dVb5oX
zWnMyYxFO@_WFg&o$<_%F*QBx}sNaYn(MTQ>vae2+`0mC<>ZCWPQjZUu4@9&c36?d%
z;>v)HbgiI#@FG1QR4=F_H3-=^C`u-l4Z`WQ1s-iWnDI;<8V&oe_nnFBV^)OhX<gnd
zX;bRirYNs=(!MBfpv`R!o!+TO(qBUQMH@3O0NlhRqc4~hlpTT{`4?};XnIi4MEVd0
z%&viXfmn@cNV2RV!RZslAuMnvQ8<%R9zGF7g&y#NTi7Y4gvGEc0Q$rW$nMicHeWd~
zPb2pF?+e#&gR`D-;tVu(8Ir`wjXW`#Rv6BL$mt+10?GXcwO^cgcL0O{(|~+`g-8Zp
ze)ZgF6{5(R1lBcA9NE4RE1tNY87Je|po`ivAr=SttULM)Fp8&PlmH-d#Qxo-Gn%69
z0F?Yt>+QuwX3A4)h!JicV($XXpGuUyOXFqrLyv~0kRxJLWpj`}*lr>-laq`T;ll^V
zQRz&JoU#Q^`x?iBXg@(syj=U7>sJgN<V1N9B@4qeI%+XU%<X{cqsUel8K2E^1TEXX
z$C-DU^^=tI0S`l=_LhUh=-w{OFCGT4zL(-tT*Jvue?FSVAma=LnR4@NI#K)SfV_&h
zaNhyX6rGA2qE>M<AioTT8}L94xs#0BtDgzBSbDxMY*SPPL0FR;plHJJq6`nYjL(5B
zl7o3lrl5zsRs(5EUfcvfa`;K>$l%?J($Sp@Yz@4^fD0kaW?!`HD}JHsO0>}<86lOq
z+yo%QQt!#dp=C)L-2t`ccVR<Xog1W)HcCTq`pExHI;p_5trOY}F4P|4O%|va@|?{M
z#CvjZ=DXhP;4prIH^&v9W4Xoyql&#D^2z$k8=_xfm?j7aYST*wqluo+J@vWArPl39
z4AjO{iY&dfsp-}i@+i8rfaB$>u+`gyXV#VagEE6jD=7&3<Rl-in$#$uk3YJ>*yr4H
znG=DU4rynW+%QkO6uN^~Jo@#GdxsufQPqQ7xu_x86B-JkMI@mpD;#Ymgf7&Q>vmp#
z?!0;F9M0H{%Qdwp%^Cx52$a(WYzE#N@iOSExox{`J!2gdOMeI|JZM$=Xk?ZW)_ZHj
zxyWEn$_@}6QPM`11qv?E<SC*gI{sO*2iSGyhojF|pV_h@K8^5wCx!v)BGOk+pJKtb
zFc`<q;Wrrmw`h(|)ds3^D6Ds1l)h_kwwkZd+7l<y0%s%8wZa0rk6K#;xa|j>RdU4Y
zl1B2IEdU2DRbWey(v-?PVA=r+rD{;9Y7AI7_oUUBYyrH`lKsu)((@@TwVmaOQcoo-
zD|L#c-RwCz2hm~*)I3}|1pDn05uSyc)i$j1aOq<g)j(2L4J~Sr(}XA{5hgn^h^{ZJ
zW6;V0V&KllFU+-==)2xqc$3zM&ysI(<oct9k8<{jb1`u;4=8JwOd$eR&Co`SOg8i6
z0N<rTbSy@$MVNx-6ZAEqp?~GXyrdw#YYN@22Bl=9nOW1#8Y^Y>E<?Y1x0wejcbj=~
zYrD<NTE5%$bfg*X5=qPASU-F26!ef;C5c;&3;@k9K{GExCNaV#|L6_6Lh0a1mK+Lg
zNi#3eu}kMb#<Ci>ASAR%2O7Wtw^AG_UmmI<E{zuv*^fvc(zIwxRIVFAfjWSeI3h3S
z+HmF0j_8a<Xm$p;Zic9KQrs0FGYXFJ;4j}i{iAVivVKRp`ks6A`5`C?J4EU;A1+z)
zij6P|0+EqkXcJ~<p^sp~>=zMl!k2c*-0{1>U!}kQ?U`=s<(Z=@+h8n~i0WoAB%2$j
z2wfp}5x2LF%{8^z!f~YPEESxY&ncH6YfeHNrUg~C1EDd)AV(#9##3p6(wL~u0Gf9+
zZh=M=ePb0ko^y0Eh2qW*DMTJ<kFc_bRZYKmEnx|SzleFajRA|EB?ZmVl#M<&%RZK>
z>1%gXqf&0}kn@|P_2ff{xp4tkIRmlXoBO=u0mkFOt5fFBCkvkwxQ%=<THGEt_7^%X
z<dG~F7pRsXoO~GWs4p1~_ty1%cjz+_Q-~o|M2Yzbv6SR++6WjVMp-vA1GI(8oyi10
zuz*G0XmIg503H${P&7fn<)O^?>*fmw-InNN!AXAKAoYk^7699x;w^}lu6D};Hew8!
z1eoOG7<Q@2G!0&84k%yDm;u!eA&@oOwRoq}pttIDn>F^fismP#Pn1Ywaq;MTbCFDR
z)&u+GJ0lgun3TL`-3V7L_mzUz^ngS1zIsud*bhGVh>H>K{fOluzvg9OsN^BVvGK)?
zP{&vRY-^H7)*kyX(0C&(=7#nRE?b)ig`m$dRr;jtH~k)VF!JWE4_xRXz>_KFgqQTC
zpzlhRg0jV?E2SGYb#GbL8d~RS<PNwUge-5wvBf)L_8_&%@kCAzKrkGV4uoizbxRmy
z7hNZNU9wXbgPFK|u|uwT$s^CwuFu!N(wjk&a~LlelVu;a2iv7g6D~!94hTGgqjZps
zB&0X@018(m^){EvD`2oe+?rJJ32{W=kr2>#3Nxc)v-3-s^#neQOLzsBf~$m$b!XQZ
z^5jOI%0<jlW?_YqcY_&&!ZU^j7Z-CjRj183_IL|Uk=8yCGaMfuujkgN8<_*<(r7sf
z1L1cAi%}pA;0xpH;+|}A_->qu%iSVdp<lFK==IN`o(bckFrie=)eS&HAin}=;KMlU
zF|2izC~yhvO>>HSFguXcAw`St5~;<P?6gL7nKef#Q5cL%{ArnF@N>Xd1h9^$;ldv)
z+DaI=4-gZ+|F-FXiYbujrFLE0buPczB2+F!PENZp5eA(0AhH9<NZU`_uu&GCdkvj7
zJa`(Ekm!!2G75l7H{ZC)r|#;LhF5B$sSzy^S?2Enh1!ff>AYU+FzX8OR?(=U0kU~`
z&vxL^y&>NiETW1fW&s%ABM5Fn+N(`nWoRbt_V)}#`+;H{cw0uWYEr6n4qFHnB05`G
zVs*@Uy2OH@cUW~IsrT;J40`|8w>BbFK3R%*)@5?=>6sU>I4@{wl`S^0f1s<9km<4L
z#y!qlrDZjYu`Nv9Nl7%COd&`b)SGKx-I{vGYinV>oMt7!*5ZpO5+*0iZMCf}<@QsI
zgKiaoskEh)Cff!0f-q3NZyjrRwZO5%JTg^u0cC)$n7j+9RzXu*<4yzT^<PfUuK8~9
z93&y=B3;YCI=MV#_CxL$Lv#ZvZMMP;y|_6qtS)QvSk+`NtC}=tWn1N&eD5WhFm1C?
zp)hWXf%54(VxO74bPPJFMQ)3A8Ud$JW#W3mzt<7ZOhMZ|$4o(akNBl#aje^1c-Kr-
zZlr~D3SndIwv<dM@BDN9UNqHq;z!-}Vd<{zUw-Kzl6M{#svDGE!7~{5qfAO`AJ{Ky
zpob!F`Bpy`YI`IZyC)gdldXsJ+b|6P%r8ga)!;`r{;1Mec^&7LL{oDN;<ki)NgVV0
z)^0Ma13T3!SoAtOhUEXSgkWT`8cCD~ACl4AaM{tC=u}u?JrWYM8o%CZlu(Q%P>?q9
z(&Ju?Eh2fIb_-aQ=8qHE+J=x#zwmf2vt_CoUu}_FQqKnNo>LKH5iQs%uwd_KJ<G){
zQ^jmbVAUfi#Ev=6K5!O-mosxJ^@@`;p3?-fHm7dP#M&{{XjfZ>YI;0PTKR~w$fy{m
z;+LYJyX)i!6D1`3GE!ck2%3)5F^N=m1UkN!R}@;Bq4mO{Yrv?CJUPN$bh@_F@%Ws~
zMe7$gqM%MZnIV91Jmw~*S|Ovg@Sv%!U2AL<RTSO=h1g1vr$8%Q7euhznceNS-O}x1
zp;TI6+oq)@L5j08ce`U}XNGy~b_ps%G=PH0Lmo;ZD9_SRkT--@2pE2#A`naoBqE4Z
z<&g^b0QKByyL|xV5qC4&%-nmv^WF2Ed-f(x&JHZ;J}0lFS4`RSeS1x~5PM?Ide79?
zH}@HSJ_P?ivB%b*JpJJ(wc(VCx;N%#?_1Mj-sR9idYEte^_AP=7Od{Su>7ZB&57;G
zxUJXfPwl)karxWAYgO;<SbzM~&DpotTw73l;G5N3*1qFCb$in@U3;xKZ2kNFiwS22
ztox;4(9rX>o?YG(gA3-F7N+N9?YUVszdo;_OU3mb%jVbW`n1D4;&<#lkk#+pj3L8f
zC(SELYdCAlnCV%UI53^PRC+04FSq-LjaN)1)vw<AqT;P?i8Tq;THw#qF~|6#uG0#K
zn4e47>8u;zDy=zPur#gvN$pDS?i)<Fk7?xB@vC|Bjrc`_D!#pOWJ$0g`N|(hr`+vo
zzw=Ub!ktwa(fbZmJJC{k$+KTxHl0tfZ0TId9XY<N?ih17ZsYRBm0O>#s!W<({@1&=
z#{3qu!n)~Pv~SglEr*Zx+w<wwJ=N*)FD%ZF8<Hy@%B_`)KkGTk6Z_Qu-G}_Y->OTy
z`rU}xrSi6;m9+(NsXebPIhV3fntwr?xxF;E^XHWxoo)CkSp4Sx&E^ef&h-CzmgC|s
zYSh{z_4|LE?wnoo?_km{Fve)`N7@D2;t%fY7Hu+-s{q;s$_!i1lwn%MN|0x<N(ZpU
zaE!*#tfb&XS&?L{XgmxsEOsWPrrLbT)-(slr8<)wwq%DR*}>YAQ+-YcC946Bl{;!F
zcx``;Yg7fa9SmYc<s~u0Y@@7Zghf{3c(E+QtZTkRr+JjyMV#kHd?T<C)sY;VVfJg9
zJd&nmT@ffrDWf@-#sUsNi$j&RQ8wBfnX6$Xpx)QO7>UfRQ2EHLP$)!&k_=$G)oP<B
zPn=N5`f-3s<V96uL>4#UM=VrhSfwCLBCzyHN`TSe7N|9c7LZaN7*?~}#jzt<1v8qY
zxF_<gBB_#3Lt`XGmJ~*VD7j#fkr`w*hgDYLWisY2^7ATc@`OOGAP=L65fP)RIN%k+
zh?PW*;YElqVg>S4MIk@W`Vp?su*f0Jj}he=TZFO|CV)edQjQ!{G79mU-xw1yq=m{T
zVI)XpJc~4m_#w}X;oQPJ4=TZ4WOSB9!*ffDMxe$pP^ieyXoweCK_{$&jKD)`0TT;Q
zh715o3@|9eA|^|PTd)QPq(x;qpi3%7EF&{sUf@X%!i|W$7%{Re@R&nh2{;m>yl8MK
z;YCggsi?W-CCZj`k$99~oS-%{C$3~(#sV(_8c-nOa*QB}*kS-mx(3g~h{K>OG|*(j
z2rx==vM<b92{a_p$Cv4i@=%68tu-MUfeg@f)5l}Q{g6JKhIy;$uBOf5c2HKzPT8#~
zcDpSp+2*2~2ME5vh-Er#TsIaIClwkPkw>m_90naZ)eYgaptcHG$SUCD!J)FCyi8s5
zH~q0&&}hskSg|xJJPraSkh{zox`I(AtMNgMvUmlvkilUK8Y3`#K($0ffSG_sqQN$$
zbA%pQ2(%^@u)8fs)Z_&8Qw(8S_66m^TH8!D*4~KXg8bH?&nbyJH#+S0=&xYSf{L4}
zjh%8*Db^&LlS)l;08w4gU<nx_)-{C@EGS?13OqX=hmBOu5OqOFZ}Hq5F;5Xn0bSBy
zTT|Bbdv}hDZpXr9l+u=J=5AY&zyHTNJf)M#M6TXYk*AD-4GZC#Ruq=8I+Y^zvV%6Q
zk6u#^yvFkQ*yW295#W@l5l&FEvapYV@S(A!hBTIP1q-Sf>XtE)_{uOF`?OJYIw*4O
ziezF_*`mPG$PCrb%W49w*No`<x)60$#%u>pBv!-PgRD6LfFH=OLsOaaKB?(svYaRM
zYJ8z~VBJAX+kJaSqDmWC04W&NDaO=tEJ#;7f7}HUkX*6%bOWA7w55qoDlzP1YH2^b
zJmKZ3zk*RiR}=h1ZR=MKJbg&%qZ$QmkNINe%htjTfYq0@G;aM`2B(%sZ*UBPw}<|~
zHFO*|A0R#Lq4TO92O1KhJ#^bf%&l1ubVfY}Ye*OZ-CCWthql(xIdh}_|07&`_iZaw
dYxidtMBT4m<&Tesbbv!9yh|YsN*6`J-G6=g8ZZC=

literal 0
HcmV?d00001

diff --git a/App/packages/System.IdentityModel.Tokens.Jwt.4.0.2.206221351/lib/net45/System.IdentityModel.Tokens.Jwt.Xml b/App/packages/System.IdentityModel.Tokens.Jwt.4.0.2.206221351/lib/net45/System.IdentityModel.Tokens.Jwt.Xml
new file mode 100644
index 00000000..817f5bfe
--- /dev/null
+++ b/App/packages/System.IdentityModel.Tokens.Jwt.4.0.2.206221351/lib/net45/System.IdentityModel.Tokens.Jwt.Xml
@@ -0,0 +1,2502 @@
+<?xml version="1.0"?>
+<doc>
+    <assembly>
+        <name>System.IdentityModel.Tokens.Jwt</name>
+    </assembly>
+    <members>
+        <member name="T:System.IdentityModel.DateTimeUtil">
+            <summary>
+            Helper class for adding DateTimes and Timespans.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.DateTimeUtil.Add(System.DateTime,System.TimeSpan)">
+            <summary>
+            Add a DateTime and a TimeSpan.
+            The maximum time is DateTime.MaxTime.  It is not an error if time + timespan &gt; MaxTime.
+            Just return MaxTime.
+            </summary>
+            <param name="time">Initial <see cref="T:System.DateTime"/> value.</param>
+            <param name="timespan"><see cref="T:System.TimeSpan"/> to add.</param>
+            <returns><see cref="T:System.DateTime"/> as the sum of time and timespan.</returns>
+        </member>
+        <member name="M:System.IdentityModel.DateTimeUtil.GetMaxValue(System.DateTimeKind)">
+            <summary>
+            Gets the Maximum value for a DateTime specifying kind.
+            </summary>
+            <param name="kind">DateTimeKind to use.</param>
+            <returns>DateTime of specified kind.</returns>
+        </member>
+        <member name="M:System.IdentityModel.DateTimeUtil.GetMinValue(System.DateTimeKind)">
+            <summary>
+            Gets the Minimum value for a DateTime specifying kind.
+            </summary>
+            <param name="kind">DateTimeKind to use.</param>
+            <returns>DateTime of specified kind.</returns>
+        </member>
+        <member name="T:Microsoft.IdentityModel.ErrorMessages">
+            <summary>
+            Error codes and messages
+            </summary>
+        </member>
+        <member name="M:Microsoft.IdentityModel.Utility.SerializeAsSingleCommaDelimitedString(System.Collections.Generic.IEnumerable{System.String})">
+            <summary>
+            Serializes the list of strings into string as follows:
+            'str1','str2','str3' ...
+            </summary>
+            <param name="strings">
+            The strings used to build a comma delimited string.
+            </param>
+            <returns>
+            The single <see cref="T:System.String"/>.
+            </returns>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.AsymmetricSignatureProvider">
+            <summary>
+            Provides signing and verifying operations when working with an <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/>
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.SignatureProvider">
+            <summary>
+            This class defines the object model for types that provide signature services.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SignatureProvider.Sign(System.Byte[])">
+            <summary>
+            Produces a signature over the 'input'
+            </summary>
+            <param name="input">bytes to sign.</param>
+            <returns>signed bytes</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SignatureProvider.Verify(System.Byte[],System.Byte[])">
+            <summary>
+            Verifies that a signature created over the 'input' matches the signature.
+            </summary>
+            <param name="input">bytes to verify.</param>
+            <param name="signature">signature to compare against.</param>
+            <returns>true if the computed signature matches the signature parameter, false otherwise.</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SignatureProvider.Dispose">
+            <summary>
+            Calls <see cref="M:System.IdentityModel.Tokens.SignatureProvider.Dispose(System.Boolean)"/> and <see cref="M:System.GC.SuppressFinalize(System.Object)"/>
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SignatureProvider.Dispose(System.Boolean)">
+            <summary>
+            Can be over written in descendants to dispose of internal components.
+            </summary>
+            <param name="disposing">true, if called from Dispose(), false, if invoked inside a finalizer</param>     
+        </member>
+        <member name="P:System.IdentityModel.Tokens.SignatureProvider.Context">
+            <summary>
+            Gets or sets a user context for a <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/>.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.AsymmetricSignatureProvider.#ctor(System.IdentityModel.Tokens.AsymmetricSecurityKey,System.String,System.Boolean)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.AsymmetricSignatureProvider"/> class used to create and verify signatures.
+            </summary>
+            <param name="key">
+            The <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/> that will be used for cryptographic operations.
+            </param>
+            <param name="algorithm">
+            The signature algorithm to apply.
+            </param>
+            <param name="willCreateSignatures">
+            If this <see cref="T:System.IdentityModel.Tokens.AsymmetricSignatureProvider"/> is required to create signatures then set this to true.
+            <para>
+            Creating signatures requires that the <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/> has access to a private key. 
+            Verifying signatures (the default), does not require access to the private key.
+            </para>
+            </param>
+            <exception cref="T:System.ArgumentNullException">
+            'key' is null.
+            </exception>
+            <exception cref="T:System.ArgumentNullException">
+            'algorithm' is null.
+            </exception>
+            <exception cref="T:System.ArgumentException">
+            'algorithm' contains only whitespace.
+            </exception>
+            <exception cref="T:System.ArgumentOutOfRangeException">
+            willCreateSignatures is true and <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/>.KeySize is less than <see cref="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning"/>.
+            </exception>
+            <exception cref="T:System.ArgumentOutOfRangeException">
+            <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/>.KeySize is less than <see cref="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying"/>. Note: this is always checked.
+            </exception>
+            <exception cref="T:System.InvalidOperationException">
+            Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetHashAlgorithmForSignature(System.String)"/> throws.
+            </exception>
+            <exception cref="T:System.InvalidOperationException">
+            Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetHashAlgorithmForSignature(System.String)"/> returns null.
+            </exception>
+            <exception cref="T:System.InvalidOperationException">
+            Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetSignatureFormatter(System.String)"/> throws.
+            </exception>
+            <exception cref="T:System.InvalidOperationException">
+            Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetSignatureFormatter(System.String)"/> returns null.
+            </exception>
+            <exception cref="T:System.InvalidOperationException">
+            Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetSignatureDeformatter(System.String)"/> throws.
+            </exception>
+            <exception cref="T:System.InvalidOperationException">
+            Is thrown if the <see cref="M:System.IdentityModel.Tokens.AsymmetricSecurityKey.GetSignatureDeformatter(System.String)"/> returns null.
+            </exception>
+            <exception cref="T:System.InvalidOperationException">
+            Is thrown if the <see cref="M:System.Security.Cryptography.AsymmetricSignatureFormatter.SetHashAlgorithm(System.String)"/> throws.
+            </exception>
+            <exception cref="T:System.InvalidOperationException">
+            Is thrown if the <see cref="M:System.Security.Cryptography.AsymmetricSignatureDeformatter.SetHashAlgorithm(System.String)"/> throws.
+            </exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.AsymmetricSignatureProvider.Sign(System.Byte[])">
+            <summary>
+            Produces a signature over the 'input' using the <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/> and algorithm passed to <see cref="M:System.IdentityModel.Tokens.AsymmetricSignatureProvider.#ctor(System.IdentityModel.Tokens.AsymmetricSecurityKey,System.String,System.Boolean)"/>.
+            </summary>
+            <param name="input">bytes to be signed.</param>
+            <returns>a signature over the input.</returns>
+            <exception cref="T:System.ArgumentNullException">'input' is null. </exception>
+            <exception cref="T:System.ArgumentException">'input.Length' == 0. </exception>
+            <exception cref="T:System.ObjectDisposedException">if <see cref="M:System.IdentityModel.Tokens.AsymmetricSignatureProvider.Dispose(System.Boolean)"/> has been called. </exception>
+            <exception cref="T:System.InvalidOperationException">if the internal <see cref="T:System.Security.Cryptography.AsymmetricSignatureFormatter"/> is null. This can occur if the constructor parameter 'willBeUsedforSigning' was not 'true'.</exception>
+            <exception cref="T:System.InvalidOperationException">if the internal <see cref="T:System.Security.Cryptography.HashAlgorithm"/> is null. This can occur if a derived type deletes it or does not create it.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.AsymmetricSignatureProvider.Verify(System.Byte[],System.Byte[])">
+            <summary>
+            Verifies that a signature over the' input' matches the signature.
+            </summary>
+            <param name="input">the bytes to generate the signature over.</param>
+            <param name="signature">the value to verify against.</param>
+            <returns>true if signature matches, false otherwise.</returns>
+            <exception cref="T:System.ArgumentNullException">'input' is null.</exception>
+            <exception cref="T:System.ArgumentNullException">'signature' is null.</exception>
+            <exception cref="T:System.ArgumentException">'input.Length' == 0.</exception>
+            <exception cref="T:System.ArgumentException">'signature.Length' == 0.</exception>
+            <exception cref="T:System.ObjectDisposedException">if <see cref="M:System.IdentityModel.Tokens.AsymmetricSignatureProvider.Dispose(System.Boolean)"/> has been called. </exception>
+            <exception cref="T:System.InvalidOperationException">if the internal <see cref="T:System.Security.Cryptography.AsymmetricSignatureDeformatter"/> is null. This can occur if a derived type does not call the base constructor.</exception>
+            <exception cref="T:System.InvalidOperationException">if the internal <see cref="T:System.Security.Cryptography.HashAlgorithm"/> is null. This can occur if a derived type deletes it or does not create it.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.AsymmetricSignatureProvider.Dispose(System.Boolean)">
+            <summary>
+            Calls <see cref="M:System.Security.Cryptography.HashAlgorithm.Dispose"/> to release this managed resources.
+            </summary>
+            <param name="disposing">true, if called from Dispose(), false, if invoked inside a finalizer.</param>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.Base64UrlEncoder">
+            <summary>
+            Encodes and Decodes strings as Base64Url encoding.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.Base64UrlEncoder.Encode(System.String)">
+            <summary>
+            The following functions perform base64url encoding which differs from regular base64 encoding as follows
+            * padding is skipped so the pad character '=' doesn't have to be percent encoded
+            * the 62nd and 63rd regular base64 encoding characters ('+' and '/') are replace with ('-' and '_')
+            The changes make the encoding alphabet file and URL safe.
+            </summary>
+            <param name="arg">string to encode.</param>
+            <returns>Base64Url encoding of the UTF8 bytes.</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.Base64UrlEncoder.Encode(System.Byte[],System.Int32,System.Int32)">
+            <summary>
+            Converts a subset of an array of 8-bit unsigned integers to its equivalent string representation that is encoded with base-64-url digits. Parameters specify
+            the subset as an offset in the input array, and the number of elements in the array to convert.
+            </summary>
+            <param name="inArray">An array of 8-bit unsigned integers.</param>
+            <param name="length">An offset in inArray.</param>
+            <param name="offset">The number of elements of inArray to convert.</param>
+            <returns>The string representation in base 64 url encodingof length elements of inArray, starting at position offset.</returns>
+            <exception cref="T:System.ArgumentNullException">'inArray' is null.</exception>
+            <exception cref="T:System.ArgumentOutOfRangeException">offset or length is negative OR offset plus length is greater than the length of inArray.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.Base64UrlEncoder.Encode(System.Byte[])">
+            <summary>
+            Converts a subset of an array of 8-bit unsigned integers to its equivalent string representation that is encoded with base-64-url digits. Parameters specify
+            the subset as an offset in the input array, and the number of elements in the array to convert.
+            </summary>
+            <param name="inArray">An array of 8-bit unsigned integers.</param>
+            <returns>The string representation in base 64 url encodingof length elements of inArray, starting at position offset.</returns>
+            <exception cref="T:System.ArgumentNullException">'inArray' is null.</exception>
+            <exception cref="T:System.ArgumentOutOfRangeException">offset or length is negative OR offset plus length is greater than the length of inArray.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.Base64UrlEncoder.DecodeBytes(System.String)">
+            <summary>
+             Converts the specified string, which encodes binary data as base-64-url digits, to an equivalent 8-bit unsigned integer array.</summary>
+            <param name="str">base64Url encoded string.</param>
+            <returns>UTF8 bytes.</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.Base64UrlEncoder.Decode(System.String)">
+            <summary>
+            Decodes the string from Base64UrlEncoded to UTF8.
+            </summary>
+            <param name="arg">string to decode.</param>
+            <returns>UTF8 string.</returns>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.ClaimTypeMapping">
+            <summary>
+            Defines the inbound and outbound mapping for claim claim types from jwt to .net claim 
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.ClaimTypeMapping.#cctor">
+            <summary>
+            Initializes static members of the <see cref="T:System.IdentityModel.Tokens.ClaimTypeMapping"/> class. 
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.ClaimTypeMapping.InboundClaimTypeMap">
+            <summary>
+            Gets the InboundClaimTypeMap used by JwtSecurityTokenHandler when producing claims from jwt. 
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.ClaimTypeMapping.OutboundClaimTypeMap">
+            <summary>
+            Gets the OutboundClaimTypeMap is used by JwtSecurityTokenHandler to shorten claim types when creating a jwt. 
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.DiagnosticUtility">
+            <summary>
+            Provides common code for services to use in generating diagnostics and taking actions.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.DiagnosticUtility.IsFatal(System.Exception)">
+            <summary>
+            Returns true if the provided exception matches any of a list of hard system faults that should be allowed
+            through to outer exception handlers.
+            </summary>
+            <param name="exception">The exception to check.</param>
+            <remarks>
+            <para>Typically this method is used when there is a need to catch all exceptions, but to ensure that .NET runtime
+            and execution engine exceptions are not absorbed by the catch block. Use of this method also avoids FxCop
+            warnings about not using general catch blocks.</para>
+            <para>Please note that use of this method is expensive because of the amount of reflection it performs.
+            If you can refactor your code to catch more specific exceptions than Exception to avoid using this method,
+            you should.</para>
+            <para>Example of use:</para>
+            <code>
+            try
+            {
+                // Code needing a full Exception catch block
+            }
+            catch (Exception ex)
+            {
+                if (DiagnosticUtility.IsFatal(ex))
+                {
+                    throw;
+                }
+                // Perform any needed logging and handling for absorbed exception.
+            }
+            </code>
+            </remarks>
+            <returns>true if the exception should NOT be trapped</returns>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.EpochTime">
+            <summary>
+            Returns the absolute DateTime or the Seconds since Unix Epoch, where Epoch is UTC 1970-01-01T0:0:0Z.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.EpochTime.UnixEpoch">
+            <summary>
+            DateTime as UTV for UnixEpoch
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.EpochTime.GetIntDate(System.DateTime)">
+            <summary>
+            Per JWT spec:
+            Gets the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the desired date/time.
+            </summary>
+            <param name="datetime">The DateTime to convert to seconds.</param>
+            <remarks>if dateTimeUtc less than UnixEpoch, return 0</remarks>
+            <returns>the number of seconds since Unix Epoch.</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.EpochTime.DateTime(System.Int64)">
+            <summary>
+            Creates a DateTime from epoch time.
+            </summary>
+            <param name="secondsSinceUnixEpoch">Number of seconds.</param>
+            <returns>The DateTime in UTC.</returns>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.ISecurityTokenValidator">
+            <summary>
+            ISecurityTokenValidator
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.ISecurityTokenValidator.CanReadToken(System.String)">
+            <summary>
+            Returns true if the token can be read, false otherwise.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.ISecurityTokenValidator.ValidateToken(System.String,System.IdentityModel.Tokens.TokenValidationParameters,System.IdentityModel.Tokens.SecurityToken@)">
+            <summary>
+            Validates a token passed as a string using <see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/>
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.ISecurityTokenValidator.MaximumTokenSizeInBytes">
+            <summary>
+            Gets and sets the maximum size in bytes, that a will be processed.
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.ITokenReplayCache">
+            <summary>
+            Interface that defines a simple cache for tacking replaying of security tokens.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.ITokenReplayCache.TryAdd(System.String,System.DateTime)">
+            <summary>
+            Try to add a securityToken.
+            </summary>
+            <param name="securityToken">the security token to add.</param>
+            <param name="expiresOn">the time when security token expires.</param>
+            <returns>true if the security token was successfully added.</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.ITokenReplayCache.TryFind(System.String)">
+            <summary>
+            Try to find securityToken
+            </summary>
+            <param name="securityToken">the security token to find.</param>
+            <returns>true if the security token is found.</returns>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.Serializer">
+            <summary>
+            Definition for a delegate that can be set on <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Serializer"/> to control serialization of objects into JSON.
+            </summary>
+            <param name="obj">Object to serialize</param>
+            <returns>The serialized object.</returns>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.Deserializer">
+            <summary>
+            Definition for a delegate that can be set on <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Deserializer"/> to control deserialization JSON into objects.
+            </summary>
+            <param name="obj">JSON to deserialize.</param>
+            <param name="targetType">type expected.</param>
+            <returns>The deserialized object.</returns>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.JsonExtensions">
+            <summary>
+            Dictionary extensions for serializations
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JsonExtensions.SerializeToJson(System.Object)">
+            <summary>
+            Serializes an object to JSON.
+            </summary>
+            <param name="value">The object to serialize</param>
+            <returns>the object as JSON.</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JsonExtensions.DeserializeFromJson``1(System.String)">
+            <summary>
+            Deserialzes JSON into an instance of type T.
+            </summary>
+            <typeparam name="T">the object type.</typeparam>
+            <param name="jsonString">the JSON to deserialze.</param>
+            <returns>a new instance of type T.</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JsonExtensions.DeserializeJwtHeader(System.String)">
+            <summary>
+            Deserialzes JSON into an instance of <see cref="T:System.IdentityModel.Tokens.JwtHeader"/>.
+            </summary>
+            <param name="jsonString">the JSON to deserialze.</param>
+            <returns>a new instance <see cref="T:System.IdentityModel.Tokens.JwtHeader"/>.</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JsonExtensions.DeserializeJwtPayload(System.String)">
+            <summary>
+            Deserialzes JSON into an instance of <see cref="T:System.IdentityModel.Tokens.JwtPayload"/>.
+            </summary>
+            <param name="jsonString">the JSON to deserialze.</param>
+            <returns>a new instance <see cref="T:System.IdentityModel.Tokens.JwtPayload"/>.</returns>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JsonExtensions.Serializer">
+            <summary>
+            Gets or sets a <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Serializer"/> to use when serializing objects to JSON.
+            </summary>
+            <exception cref="T:System.ArgumentNullException">if 'value' is null.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JsonExtensions.Deserializer">
+            <summary>
+            Gets or sets a <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Deserializer"/> to use when deserializing objects from JSON.
+            </summary>
+            <exception cref="T:System.ArgumentNullException">if 'value' is null.</exception>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.JwtConfigurationStrings">
+            <summary>
+            contains the element and attribute names used in config when parsing the JwtSecurityTokenHandler from XML.
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.JwtConstants">
+            <summary>
+            Constants for Json Web tokens.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtConstants.HeaderType">
+            <summary>
+            Short header type.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtConstants.HeaderTypeAlt">
+            <summary>
+            Long header type.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtConstants.TokenType">
+            <summary>
+            Short token type.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtConstants.TokenTypeAlt">
+            <summary>
+            Long token type.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtConstants.JsonCompactSerializationRegex">
+            <summary>
+            Token format: 'header.payload.signature'. Signature is optional, but '.' is required.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtConstants.JsonClaimValueType">
+            <summary>
+            When mapping json to .Net Claim(s), if the value was not a string (or an enumeration of strings), the ClaimValue will serialized using the current JSON serializer, a property will be added with the .Net type and the ClaimTypeValue will be set to 'JsonClaimValueType'.
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.JwtAlgorithms">
+            <summary>
+            List of algorithms see: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-26#section-3
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtAlgorithms.ECDSA_SHA256">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-26#section-3
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtAlgorithms.ECDSA_SHA384">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-26#section-3
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtAlgorithms.ECDSA_SHA512">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-26#section-3
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtAlgorithms.HMAC_SHA256">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-26#section-3
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtAlgorithms.HMAC_SHA384">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-26#section-3
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtAlgorithms.HMAC_SHA512">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-26#section-3
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtAlgorithms.NONE">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-26#section-3
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtAlgorithms.RSA_SHA256">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-26#section-3
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtAlgorithms.RSA_SHA384">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-26#section-3
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtAlgorithms.RSA_SHA512">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-26#section-3
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.JwtHeaderParameterNames">
+            <summary>
+            List of header parameter names see: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-5.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtHeaderParameterNames.Alg">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-5
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtHeaderParameterNames.Cty">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-5
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtHeaderParameterNames.Kid">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-5
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtHeaderParameterNames.Jku">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-5
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtHeaderParameterNames.Jwk">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-5
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtHeaderParameterNames.Typ">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-5
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtHeaderParameterNames.X5c">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-5
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtHeaderParameterNames.X5t">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-5
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtHeaderParameterNames.X5u">
+            <summary>
+            see: http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-5
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.JwtRegisteredClaimNames">
+            <summary>
+            List of registered claims from different sources
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            http://openid.net/specs/openid-connect-core-1_0.html#IDToken
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Actort">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Acr">
+            <summary>
+            http://openid.net/specs/openid-connect-core-1_0.html#IDToken
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Amr">
+            <summary>
+            http://openid.net/specs/openid-connect-core-1_0.html#IDToken
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Aud">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.AuthTime">
+            <summary>
+            http://openid.net/specs/openid-connect-core-1_0.html#IDToken
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Azp">
+            <summary>
+            http://openid.net/specs/openid-connect-core-1_0.html#IDToken
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Birthdate">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.CHash">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Email">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Exp">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Gender">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.FamilyName">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.GivenName">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Iat">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Iss">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Jti">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.NameId">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Nonce">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Nbf">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Prn">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Sub">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Typ">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.UniqueName">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtRegisteredClaimNames.Website">
+            <summary>
+            http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.JwtHeader">
+            <summary>
+            Initializes a new instance of <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> which contains JSON objects representing the cryptographic operations applied to the JWT and optionally any additional properties of the JWT. 
+            The member names within the JWT Header are referred to as Header Parameter Names. 
+            <para>These names MUST be unique and the values must be <see cref="T:System.String"/>(s). The corresponding values are referred to as Header Parameter Values.</para>
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtHeader.#ctor">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> class. Default string comparer <see cref="P:System.StringComparer.Ordinal"/>.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtHeader.#ctor(System.IdentityModel.Tokens.SigningCredentials)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> class. With the Header Parameters as follows: 
+            <para>{ { typ, JWT }, { alg, Mapped( <see cref="P:System.IdentityModel.Tokens.SigningCredentials.SignatureAlgorithm"/> } }
+            See: Algorithm Mapping below.</para>
+            </summary>
+            <param name="signingCredentials">The <see cref="P:System.IdentityModel.Tokens.JwtHeader.SigningCredentials"/> that will be or were used to sign the <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.</param>
+            <remarks>
+            <para>For each <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/> in signingCredentials.SigningKeyIdentifier</para>
+            <para>if the clause  is a <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause"/> Header Parameter { clause.Name, clause.Id } will be added.</para>
+            <para>For example, if clause.Name == 'kid' and clause.Id == 'SecretKey99'. The JSON object { kid, SecretKey99 } would be added.</para>
+            <para>In addition, if the <see cref="P:System.IdentityModel.Tokens.JwtHeader.SigningCredentials"/> is a <see cref="T:System.IdentityModel.Tokens.X509SigningCredentials"/> the JSON object { x5t, Base64UrlEncoded( <see cref="M:System.Security.Cryptography.X509Certificates.X509Certificate.GetCertHashString"/> } will be added.</para>
+            <para>This simplifies the common case where a X509Certificate is used.</para>
+            <para>================= </para>
+            <para>Algorithm Mapping</para>
+            <para>================= </para>
+            <para><see cref="P:System.IdentityModel.Tokens.SigningCredentials.SignatureAlgorithm"/> describes the algorithm that is discoverable by the CLR runtime.</para>
+            <para>The  { alg, 'value' } placed in the header reflects the JWT specification.</para>
+            <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.OutboundAlgorithmMap"/> contains a signature mapping where the 'value' above will be translated according to this mapping.
+            <para>Current mapping is:</para>
+            <para>    'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' =&gt; 'RS256'</para>
+            <para>    'http://www.w3.org/2001/04/xmldsig-more#hmac-sha256' =&gt; 'HS256'</para>
+            </remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtHeader.SerializeToJson">
+            <summary>
+            Serializes this instance to JSON.
+            </summary>
+            <returns>this instance as JSON.</returns>
+            <remarks>use <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Serializer"/> to customize JSON serialization.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtHeader.Base64UrlEncode">
+            <summary>
+            Encodes this instance as Base64UrlEncoded JSON.
+            </summary>
+            <returns>Base64UrlEncoded JSON.</returns>
+            <remarks>use <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Serializer"/> to customize JSON serialization.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtHeader.Base64UrlDeserialize(System.String)">
+            <summary>
+            Deserializes Base64UrlEncoded JSON into a <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> instance.
+            </summary>
+            <param name="base64UrlEncodedJsonString">base64url encoded JSON to deserialize.</param>
+            <returns>an instance of <see cref="T:System.IdentityModel.Tokens.JwtHeader"/>.</returns>
+            <remarks>use <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Deserializer"/> to customize JSON serialization.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtHeader.Deserialize(System.String)">
+            <summary>
+            Deserialzes JSON into a <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> instance.
+            </summary>
+            <param name="jsonString"> the JSON to deserialize.</param>
+            <returns>an instance of <see cref="T:System.IdentityModel.Tokens.JwtHeader"/>.</returns>
+            <remarks>use <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Deserializer"/> to customize JSON serialization.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtHeader.Alg">
+            <summary>
+            Gets the signature algorithm that was used to create the signature.
+            </summary>
+            <remarks>If the signature algorithm is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtHeader.SigningCredentials">
+            <summary>
+            Gets the <see cref="P:System.IdentityModel.Tokens.JwtHeader.SigningCredentials"/> passed in the constructor.
+            </summary>
+            <remarks>This value may be null.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtHeader.Typ">
+            <summary>
+            Gets the mime type (Typ) of the token.
+            </summary>
+            <remarks>If the mime type is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtHeader.SigningKeyIdentifier">
+            <summary>
+            Gets a <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifier"/> that contains a <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/> for each key found.
+            </summary>
+            <remarks>
+            Keys are identified by matching a 'Reserved Header Parameter Name' found in the in JSON Web Signature specification.
+            <para>Names recognized are: jku, jkw, kid, x5c, x5t, x5u</para>
+            <para>'x5t' adds a <see cref="T:System.IdentityModel.Tokens.X509ThumbprintKeyIdentifierClause"/> passing a the Base64UrlDecoded( Value ) to the constructor.</para>
+            <para>'jku', 'jkw', 'kid', 'x5u', 'x5c' each add a <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause"/> with the { Name, Value } passed to the <see cref="M:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause.#ctor(System.String,System.String)"/>.</para>
+            <para>   </para>
+            <para>If no keys are found, an empty <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifier"/> will be returned.</para>
+            </remarks>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.JwtPayload">
+            <summary>
+            Initializes a new instance of <see cref="T:System.IdentityModel.Tokens.JwtPayload"/> which contains JSON objects representing the claims contained in the JWT. Each claim is a JSON object of the form { Name, Value }.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtPayload.#ctor">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.JwtPayload"/> class with no claims. Default string comparer <see cref="P:System.StringComparer.Ordinal"/>. 
+            Creates a empty <see cref="T:System.IdentityModel.Tokens.JwtPayload"/>
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtPayload.#ctor(System.Collections.Generic.IEnumerable{System.Security.Claims.Claim})">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.JwtPayload"/> class with <see cref="T:System.Collections.Generic.IEnumerable`1"/>. Default string comparer <see cref="P:System.StringComparer.Ordinal"/>.
+            <param name="claims">the claims to add.</param>
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtPayload.#ctor(System.String,System.String,System.Collections.Generic.IEnumerable{System.Security.Claims.Claim},System.Nullable{System.DateTime},System.Nullable{System.DateTime})">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.JwtPayload"/> class with claims added for each parameter specified. Default string comparer <see cref="P:System.StringComparer.Ordinal"/>. 
+            </summary>
+            <param name="issuer">if this value is not null, a { iss, 'issuer' } claim will be added.</param>
+            <param name="audience">if this value is not null, a { aud, 'audience' } claim will be added</param>
+            <param name="claims">if this value is not null then for each <see cref="T:System.Security.Claims.Claim"/> a { 'Claim.Type', 'Claim.Value' } is added. If duplicate claims are found then a { 'Claim.Type', List&lt;object&gt; } will be created to contain the duplicate values.</param>
+            <param name="notBefore">if notbefore.HasValue is 'true' a { nbf, 'value' } claim is added.</param>
+            <param name="expires">if expires.HasValue is 'true' a { exp, 'value' } claim is added.</param>
+            <remarks>Comparison is set to <see cref="P:System.StringComparer.Ordinal"/>
+            <para>The 4 parameters: 'issuer', 'audience', 'notBefore', 'expires' take precednece over <see cref="T:System.Security.Claims.Claim"/>(s) in 'claims'. The values in 'claims' will be overridden.</para></remarks>
+            <exception cref="T:System.ArgumentException">if 'expires' &lt;= 'notbefore'.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtPayload.AddClaim(System.Security.Claims.Claim)">
+            <summary>
+            Adds a JSON object representing the <see cref="T:System.Security.Claims.Claim"/> to the <see cref="T:System.IdentityModel.Tokens.JwtPayload"/>
+            </summary>
+            <param name="claim">{ 'Claim.Type', 'Claim.Value' } is added. If a JSON object is found with the name == <see cref="P:System.Security.Claims.Claim.Type"/> then a { 'Claim.Type', List&lt;object&gt; } will be created to contain the duplicate values.</param>
+            <remarks>See <see cref="M:System.IdentityModel.Tokens.JwtPayload.AddClaims(System.Collections.Generic.IEnumerable{System.Security.Claims.Claim})"/> for details on how <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.OutboundClaimTypeMap"/> is applied.</remarks>
+            <exception cref="T:System.ArgumentNullException">'claim' is null.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtPayload.AddClaims(System.Collections.Generic.IEnumerable{System.Security.Claims.Claim})">
+            <summary>
+            Adds a number of <see cref="T:System.Security.Claims.Claim"/> to the <see cref="T:System.IdentityModel.Tokens.JwtPayload"/> as JSON { name, value } pairs.
+            </summary>
+            <param name="claims">for each <see cref="T:System.Security.Claims.Claim"/> a JSON pair { 'Claim.Type', 'Claim.Value' } is added. If duplicate claims are found then a { 'Claim.Type', List&lt;object&gt; } will be created to contain the duplicate values.</param>
+            <remarks><para>Each <see cref="T:System.Security.Claims.Claim"/> added will have <see cref="P:System.Security.Claims.Claim.Type"/> translated according to the mapping found in <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.OutboundClaimTypeMap"/>. Adding and removing to <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.OutboundClaimTypeMap"/> 
+            will affect the name component of the Json claim</para>
+            <para>Any <see cref="T:System.Security.Claims.Claim"/> in the <see cref="T:System.Collections.Generic.IEnumerable`1"/> that is null, will be ignored.</para></remarks>
+            <exception cref="T:System.ArgumentNullException">'claims' is null.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtPayload.GetDateTime(System.String)">
+            <summary>
+            Gets the DateTime using the number of seconds from 1970-01-01T0:0:0Z (UTC)
+            </summary>
+            <param name="key">Claim in the payload that should map to an integer.</param>
+            <remarks>If the claim is not found, the function returns: DateTime.MinValue
+            </remarks>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenException">if an overflow exception is thrown by the runtime.</exception>
+            <returns>the DateTime representation of a claim.</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtPayload.SerializeToJson">
+            <summary>
+            Serializes this instance to JSON.
+            </summary>
+            <returns>this instance as JSON.</returns>
+            <remarks>use <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Serializer"/> to customize JSON serialization.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtPayload.Base64UrlEncode">
+            <summary>
+            Encodes this instance as Base64UrlEncoded JSON.
+            </summary>
+            <returns>Base64UrlEncoded JSON.</returns>
+            <remarks>use <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Serializer"/> to customize JSON serialization.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtPayload.Base64UrlDeserialize(System.String)">
+            <summary>
+            Deserializes Base64UrlEncoded JSON into a <see cref="T:System.IdentityModel.Tokens.JwtPayload"/> instance.
+            </summary>
+            <param name="base64UrlEncodedJsonString">base64url encoded JSON to deserialize.</param>
+            <returns>an instance of <see cref="T:System.IdentityModel.Tokens.JwtPayload"/>.</returns>
+            <remarks>use <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Deserializer"/> to customize JSON serialization.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtPayload.Deserialize(System.String)">
+            <summary>
+            Deserialzes JSON into a <see cref="T:System.IdentityModel.Tokens.JwtPayload"/> instance.
+            </summary>
+            <param name="jsonString">the JSON to deserialize.</param>
+            <returns>an instance of <see cref="T:System.IdentityModel.Tokens.JwtPayload"/>.</returns>
+            <remarks>use <see cref="P:System.IdentityModel.Tokens.JsonExtensions.Deserializer"/> to customize JSON serialization.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Actort">
+            <summary>
+            Gets the 'value' of the 'actor' claim { actort, 'value' }.
+            </summary>
+            <remarks>If the 'actor' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Acr">
+            <summary>
+            Gets the 'value' of the 'acr' claim { acr, 'value' }.
+            </summary>
+            <remarks>If the 'acr' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Amr">
+            <summary>
+            Gets the 'value' of the 'amr' claim { amr, 'value' }.
+            </summary>
+            <remarks>If the 'amr' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.AuthTime">
+            <summary>
+            Gets the 'value' of the 'auth_time' claim { auth_time, 'value' }.
+            </summary>
+            <remarks>If the 'auth_time' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Aud">
+            <summary>
+            Gets the 'value' of the 'audience' claim { aud, 'value' } as a list of strings.
+            </summary>
+            <remarks>If the 'audience' claim is not found, an empty enumerable is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Azp">
+            <summary>
+            Gets the 'value' of the 'azp' claim { azp, 'value' }.
+            </summary>
+            <remarks>If the 'azp' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.CHash">
+            <summary>
+            Gets 'value' of the 'c_hash' claim { c_hash, 'value' }.
+            </summary>
+            <remarks>If the 'c_hash' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Exp">
+            <summary>
+            Gets the 'value' of the 'expiration' claim { exp, 'value' }.
+            </summary>
+            <remarks>If the 'expiration' claim is not found OR could not be converted to <see cref="T:System.Int32"/>, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Jti">
+            <summary>
+            Gets the 'value' of the 'JWT ID' claim { jti, 'value' }.
+            </summary>
+            <remarks>If the 'JWT ID' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Iat">
+            <summary>
+            Gets the 'value' of the 'Issued At' claim { iat, 'value' }.
+            </summary>
+            <remarks>If the 'Issued At' claim is not found OR cannot be converted to <see cref="T:System.Int32"/> null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Iss">
+            <summary>
+            Gets 'value' of the 'issuer' claim { iss, 'value' }.
+            </summary>
+            <remarks>If the 'issuer' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Nbf">
+            <summary>
+            Gets the 'value' of the 'expiration' claim { nbf, 'value' }.
+            </summary>
+            <remarks>If the 'notbefore' claim is not found OR could not be converted to <see cref="T:System.Int32"/>, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Nonce">
+            <summary>
+            Gets 'value' of the 'nonce' claim { nonce, 'value' }.
+            </summary>
+            <remarks>If the 'nonce' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Sub">
+            <summary>
+            Gets "value" of the 'subject' claim { sub, 'value' }.
+            </summary>
+            <remarks>If the 'subject' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.ValidFrom">
+            <summary>
+            Gets 'value' of the 'notbefore' claim { nbf, 'value' } converted to a <see cref="T:System.DateTime"/> assuming 'value' is seconds since UnixEpoch (UTC 1970-01-01T0:0:0Z).
+            </summary>
+            <remarks>If the 'notbefore' claim is not found, then <see cref="F:System.DateTime.MinValue"/> is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.ValidTo">
+            <summary>
+            Gets 'value' of the 'expiration' claim { exp, 'value' } converted to a <see cref="T:System.DateTime"/> assuming 'value' is seconds since UnixEpoch (UTC 1970-01-01T0:0:0Z).
+            </summary>
+            <remarks>If the 'expiration' claim is not found, then <see cref="F:System.DateTime.MinValue"/> is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtPayload.Claims">
+            <summary>
+            Gets a <see cref="T:System.Collections.Generic.IEnumerable`1"/><see cref="T:System.Security.Claims.Claim"/> for each JSON { name, value }.
+            </summary>
+            <remarks>Each <see cref="T:System.Security.Claims.Claim"/>(s) returned will have the <see cref="P:System.Security.Claims.Claim.Type"/> translated according to the mapping found in <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.InboundClaimTypeMap"/>. Adding and removing to <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.InboundClaimTypeMap"/> will affect the value of the <see cref="P:System.Security.Claims.Claim.Type"/>.
+            <para><see cref="P:System.Security.Claims.Claim.Issuer"/> and <see cref="P:System.Security.Claims.Claim.OriginalIssuer"/> will be set to the value of <see cref="P:System.IdentityModel.Tokens.JwtPayload.Iss"/> ( <see cref="F:System.String.Empty"/> if null).</para></remarks>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.JwtSecurityToken">
+            <summary>
+            A <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> designed for representing a JSON Web Token (JWT).
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.String)">
+            <summary>
+            Initializes a new instance of <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> from a string in JWS Compact serialized format.
+            </summary>
+            <param name="jwtEncodedString">A JSON Web Token that has been serialized in JWS Compact serialized format.</param>
+            <exception cref="T:System.ArgumentNullException">'jwtEncodedString' is null.</exception>
+            <exception cref="T:System.ArgumentException">'jwtEncodedString' contains only whitespace.</exception>
+            <exception cref="T:System.ArgumentException">'jwtEncodedString' is not in JWS Compact serialized format.</exception>
+            <remarks>
+            The contents of this <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> have not been validated, the JSON Web Token is simply decoded. Validation can be accomplished using <see cref="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(System.String,System.IdentityModel.Tokens.TokenValidationParameters,System.IdentityModel.Tokens.SecurityToken@)"/>
+            </remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.IdentityModel.Tokens.JwtHeader,System.IdentityModel.Tokens.JwtPayload,System.String,System.String,System.String)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> class where the <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> contains the crypto algorithms applied to the encoded <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> and <see cref="T:System.IdentityModel.Tokens.JwtPayload"/>. The jwtEncodedString is the result of those operations.
+            </summary>
+            <param name="header">Contains JSON objects representing the cryptographic operations applied to the JWT and optionally any additional properties of the JWT</param>
+            <param name="payload">Contains JSON objects representing the claims contained in the JWT. Each claim is a JSON object of the form { Name, Value }</param>
+            <param name="rawHeader">base64urlencoded JwtHeader</param>
+            <param name="rawPayload">base64urlencoded JwtPayload</param>
+            <param name="rawSignature">base64urlencoded JwtSignature</param>
+            <exception cref="T:System.ArgumentNullException">'header' is null.</exception>
+            <exception cref="T:System.ArgumentNullException">'payload' is null.</exception>
+            <exception cref="T:System.ArgumentNullException">'rawSignature' is null.</exception>
+            <exception cref="T:System.ArgumentException">'rawHeader' or 'rawPayload' is null or whitespace.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.IdentityModel.Tokens.JwtHeader,System.IdentityModel.Tokens.JwtPayload)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> class where the <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> contains the crypto algorithms applied to the encoded <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> and <see cref="T:System.IdentityModel.Tokens.JwtPayload"/>. The jwtEncodedString is the result of those operations.
+            </summary>
+            <param name="header">Contains JSON objects representing the cryptographic operations applied to the JWT and optionally any additional properties of the JWT</param>
+            <param name="payload">Contains JSON objects representing the claims contained in the JWT. Each claim is a JSON object of the form { Name, Value }</param>
+            <exception cref="T:System.ArgumentNullException">'header' is null.</exception>
+            <exception cref="T:System.ArgumentNullException">'payload' is null.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.String,System.String,System.Collections.Generic.IEnumerable{System.Security.Claims.Claim},System.Nullable{System.DateTime},System.Nullable{System.DateTime},System.IdentityModel.Tokens.SigningCredentials)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> class specifying optional parameters.
+            </summary>
+            <param name="issuer">if this value is not null, a { iss, 'issuer' } claim will be added.</param>
+            <param name="audience">if this value is not null, a { aud, 'audience' } claim will be added</param>
+            <param name="claims">if this value is not null then for each <see cref="T:System.Security.Claims.Claim"/> a { 'Claim.Type', 'Claim.Value' } is added. If duplicate claims are found then a { 'Claim.Type', List&lt;object&gt; } will be created to contain the duplicate values.</param>
+            <param name="expires">if expires.HasValue a { exp, 'value' } claim is added.</param>
+            <param name="notBefore">if notbefore.HasValue a { nbf, 'value' } claim is added.</param>
+            <param name="signingCredentials">The <see cref="P:System.IdentityModel.Tokens.JwtSecurityToken.SigningCredentials"/> that will be used to sign the <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>. See <see cref="M:System.IdentityModel.Tokens.JwtHeader.#ctor(System.IdentityModel.Tokens.SigningCredentials)"/> for details pertaining to the Header Parameter(s).</param>
+            <exception cref="T:System.ArgumentException">if 'expires' &lt;= 'notbefore'.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityToken.ToString">
+            <summary>
+            Serializes the <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> and <see cref="T:System.IdentityModel.Tokens.JwtPayload"/>
+            </summary>
+            <returns>A string containing the header and payload in JSON format</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityToken.Decode(System.String)">
+            <summary>
+            Decodes the string into the header, payload and signature
+            </summary>
+            <param name="jwtEncodedString">Base64Url encoded string.</param>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.Actor">
+            <summary>
+            Gets the 'value' of the 'actor' claim { actort, 'value' }.
+            </summary>
+            <remarks>If the 'actor' claim is not found, null is returned.</remarks> 
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.Audiences">
+            <summary>
+            Gets the list of 'audience' claim { aud, 'value' }.
+            </summary>
+            <remarks>If the 'audience' claim is not found, enumeration will be empty.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.Claims">
+            <summary>
+            Gets the <see cref="T:System.Security.Claims.Claim"/>(s) for this token.
+            </summary>
+            <remarks><para><see cref="T:System.Security.Claims.Claim"/>(s) returned will NOT have the <see cref="P:System.Security.Claims.Claim.Type"/> translated according to <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.InboundClaimTypeMap"/></para></remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.EncodedHeader">
+            <summary>
+            Gets the Base64UrlEncoded <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> associated with this instance.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.EncodedPayload">
+            <summary>
+            Gets the Base64UrlEncoded <see cref="T:System.IdentityModel.Tokens.JwtPayload"/> associated with this instance.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.Header">
+            <summary>
+            Gets the <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> associated with this instance.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.Id">
+            <summary>
+            Gets the 'value' of the 'JWT ID' claim { jti, ''value' }.
+            </summary>
+            <remarks>If the 'JWT ID' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.Issuer">
+            <summary>
+            Gets the 'value' of the 'issuer' claim { iss, 'value' }.
+            </summary>
+            <remarks>If the 'issuer' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.Payload">
+            <summary>
+            Gets the <see cref="T:System.IdentityModel.Tokens.JwtPayload"/> associated with this instance.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.RawData">
+            <summary>
+            Gets the original raw data of this instance when it was created.
+            </summary>
+            <remarks>The original JSON Compact serialized format passed to one of the two constructors <see cref="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.String)"/>
+            or <see cref="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.IdentityModel.Tokens.JwtHeader,System.IdentityModel.Tokens.JwtPayload,System.String,System.String,System.String)"/></remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.RawHeader">
+            <summary>
+            Gets the original raw data of this instance when it was created.
+            </summary>
+            <remarks>The original JSON Compact serialized format passed to one of the two constructors <see cref="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.String)"/>
+            or <see cref="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.IdentityModel.Tokens.JwtHeader,System.IdentityModel.Tokens.JwtPayload,System.String,System.String,System.String)"/></remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.RawPayload">
+            <summary>
+            Gets the original raw data of this instance when it was created.
+            </summary>
+            <remarks>The original JSON Compact serialized format passed to one of the two constructors <see cref="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.String)"/>
+            or <see cref="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.IdentityModel.Tokens.JwtHeader,System.IdentityModel.Tokens.JwtPayload,System.String,System.String,System.String)"/></remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.RawSignature">
+            <summary>
+            Gets the original raw data of this instance when it was created.
+            </summary>
+            <remarks>The original JSON Compact serialized format passed to one of the two constructors <see cref="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.String)"/>
+            or <see cref="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.IdentityModel.Tokens.JwtHeader,System.IdentityModel.Tokens.JwtPayload,System.String,System.String,System.String)"/></remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.SecurityKeys">
+            <summary>
+            Gets the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>s for this instance.
+            </summary>
+            <remarks>By default an empty collection is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.SignatureAlgorithm">
+            <summary>
+            Gets the signature algorithm associated with this instance.
+            </summary>
+            <remarks>if there is a <see cref="P:System.IdentityModel.Tokens.JwtSecurityToken.SigningCredentials"/> associated with this instance, a value will be returned.  Null otherwise.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.SigningCredentials">
+            <summary>
+            Gets the <see cref="P:System.IdentityModel.Tokens.JwtSecurityToken.SigningCredentials"/> associated with this instance.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.SigningKey">
+            <summary>
+            Gets or sets the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> that signed this instance.
+            </summary>
+            <remarks><see cref="T:System.IdentityModel.Tokens.JwtSecurityTokenHandler"/>.ValidateSignature(...) sets this value when a <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> is used to successfully validate a signature.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.SigningToken">
+            <summary>
+            Gets or sets the <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> that contains a <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> that signed this instance.
+            </summary>
+            <remarks><see cref="T:System.IdentityModel.Tokens.JwtSecurityTokenHandler"/>.ValidateSignature(...) sets this value when a <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> is used to successfully validate a signature.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.Subject">
+            <summary>
+            Gets "value" of the 'subject' claim { sub, 'value' }.
+            </summary>
+            <remarks>If the 'subject' claim is not found, null is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.ValidFrom">
+            <summary>
+            Gets 'value' of the 'notbefore' claim { nbf, 'value' } converted to a <see cref="T:System.DateTime"/> assuming 'value' is seconds since UnixEpoch (UTC 1970-01-01T0:0:0Z).
+            </summary>
+            <remarks>If the 'notbefore' claim is not found, then <see cref="F:System.DateTime.MinValue"/> is returned.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityToken.ValidTo">
+            <summary>
+            Gets 'value' of the 'expiration' claim { exp, 'value' } converted to a <see cref="T:System.DateTime"/> assuming 'value' is seconds since UnixEpoch (UTC 1970-01-01T0:0:0Z).
+            </summary>
+            <remarks>If the 'expiration' claim is not found, then <see cref="F:System.DateTime.MinValue"/> is returned.</remarks>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.JwtSecurityTokenHandler">
+            <summary>
+            A <see cref="T:System.IdentityModel.Tokens.SecurityTokenHandler"/> designed for creating and validating Json Web Tokens. See http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-07.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.JwtSecurityTokenHandler.DefaultTokenLifetimeInMinutes">
+            <summary>
+            Default lifetime of tokens created. When creating tokens, if 'expires' and 'notbefore' are both null, then a default will be set to: expires = DateTime.UtcNow, notbefore = DateTime.UtcNow + TimeSpan.FromMinutes(TokenLifetimeInMinutes).
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.#ctor">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.JwtSecurityTokenHandler"/> class.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.LoadCustomConfiguration(System.Xml.XmlNodeList)">
+            <summary>
+            Obsolete method, use <see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> when processing tokens.
+            </summary>
+            <exception cref="T:System.NotSupportedException"> use <see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/>. when processing tokens.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CanReadToken(System.Xml.XmlReader)">
+            <summary>
+            Determines if the <see cref="T:System.Xml.XmlReader"/> is positioned on a well formed &lt;BinarySecurityToken&gt; element.
+            </summary>
+            <param name="reader"><see cref="T:System.Xml.XmlReader"/> positioned at xml.</param>
+            <returns>
+            <para>'true' if the reader is positioned at an element &lt;BinarySecurityToken&gt;.
+            in the namespace: 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'</para>
+            <para>With an attribute of 'valueType' equal to one of: </para>
+            <para>    "urn:ietf:params:oauth:token-type:jwt", "JWT" </para>
+            <para>
+            For example: &lt;wsse:BinarySecurityToken valueType = "JWT"&gt; ...
+            </para>
+            'false' otherwise.
+            </returns>
+            <remarks>The 'EncodingType' attribute is optional, if it is set, it must be equal to: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary".</remarks>
+            <exception cref="T:System.ArgumentNullException">'reader' is null.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CanReadToken(System.String)">
+            <summary>
+            Determines if the string is a well formed Json Web token (see http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-07)
+            </summary>
+            <param name="tokenString">string that should represent a valid JSON Web Token.</param>
+            <remarks>Uses <see cref="M:System.Text.RegularExpressions.Regex.IsMatch(System.String,System.String)"/>( token, @"^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]*$" ).
+            </remarks>
+            <returns>
+            <para>'true' if the token is in JSON compact serialization format.</para>
+            <para>'false' if token.Length * 2 &gt;  <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.MaximumTokenSizeInBytes"/>.</para>
+            </returns>
+            <exception cref="T:System.ArgumentNullException">'tokenString' is null.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CreateSecurityTokenReference(System.IdentityModel.Tokens.SecurityToken,System.Boolean)">
+            <summary>
+            Creating <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/> is not NotSupported.
+            </summary>
+            <exception cref="T:System.NotSupportedException"> to create a <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/>.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CreateToken(System.IdentityModel.Tokens.SecurityTokenDescriptor)">
+            <summary>
+            Creates a <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> based on values found in the <see cref="T:System.IdentityModel.Tokens.SecurityTokenDescriptor"/>.
+            </summary>
+            <param name="tokenDescriptor">Contains the parameters used to create the token.</param>
+            <returns>A <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.</returns>
+            <remarks>
+            If <see cref="P:System.IdentityModel.Tokens.SecurityTokenDescriptor.SigningCredentials"/> is not null, <see cref="P:System.IdentityModel.Tokens.JwtSecurityToken.RawData"/> will be signed.
+            </remarks>
+            <exception cref="T:System.ArgumentNullException">'tokenDescriptor' is null.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CreateToken(System.String,System.String,System.Security.Claims.ClaimsIdentity,System.Nullable{System.DateTime},System.Nullable{System.DateTime},System.IdentityModel.Tokens.SigningCredentials,System.IdentityModel.Tokens.SignatureProvider)">
+            <summary>
+            Uses the <see cref="M:System.IdentityModel.Tokens.JwtSecurityToken.#ctor(System.IdentityModel.Tokens.JwtHeader,System.IdentityModel.Tokens.JwtPayload,System.String,System.String,System.String)"/> constructor, first creating the <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> and <see cref="T:System.IdentityModel.Tokens.JwtPayload"/>.
+            <para>If <see cref="T:System.IdentityModel.Tokens.SigningCredentials"/> is not null, <see cref="P:System.IdentityModel.Tokens.JwtSecurityToken.RawData"/> will be signed.</para>
+            </summary>
+            <param name="issuer">the issuer of the token.</param>
+            <param name="audience">the audience for this token.</param>
+            <param name="subject">the source of the <see cref="T:System.Security.Claims.Claim"/>(s) for this token.</param>
+            <param name="notBefore">the notbefore time for this token.</param> 
+            <param name="expires">the expiration time for this token.</param>
+            <param name="signingCredentials">contains cryptographic material for generating a signature.</param>
+            <param name="signatureProvider">optional <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/>.</param>
+            <remarks>If <see cref="P:System.Security.Claims.ClaimsIdentity.Actor"/> is not null, then a claim { actort, 'value' } will be added to the payload. <see cref="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CreateActorValue(System.Security.Claims.ClaimsIdentity)"/> for details on how the value is created.
+            <para>See <seealso cref="T:System.IdentityModel.Tokens.JwtHeader"/> for details on how the HeaderParameters are added to the header.</para>
+            <para>See <seealso cref="T:System.IdentityModel.Tokens.JwtPayload"/> for details on how the values are added to the payload.</para></remarks>
+            <para>If signautureProvider is not null, then it will be used to create the signature and <see cref="M:System.IdentityModel.Tokens.SignatureProviderFactory.CreateForSigning(System.IdentityModel.Tokens.SecurityKey,System.String)"/> will not be called.</para>
+            <returns>A <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.</returns>
+            <exception cref="T:System.ArgumentException">if 'expires' &lt;= 'notBefore'.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.GetTokenTypeIdentifiers">
+            <summary>
+            Gets the token type identifier(s) supported by this handler.
+            </summary>
+            <returns>A collection of strings that identify the tokens this instance can handle.</returns>
+            <remarks>When receiving a <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> wrapped inside a &lt;wsse:BinarySecurityToken&gt; element. The &lt;wsse:BinarySecurityToken&gt; element must have the ValueType attribute set to one of these values
+            in order for this handler to recognize that it can read the token.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ReadToken(System.Xml.XmlReader)">
+            <summary>
+            Reads a JSON web token wrapped inside a WS-Security BinarySecurityToken xml element.
+            </summary>
+            <param name="reader">The <see cref="T:System.Xml.XmlReader"/> pointing at the jwt.</param>
+            <returns>An instance of <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/></returns>
+            <remarks>First calls <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.CanReadToken
+            <para>The reader must be positioned at an element named:</para>
+            <para>BinarySecurityToken'.
+            in the namespace: 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
+            with a 'ValueType' attribute equal to one of: "urn:ietf:params:oauth:token-type:jwt", "JWT".</para>
+            <para>
+            For example &lt;wsse:BinarySecurityToken valueType = "JWT"&gt; ...
+            </para>
+            <para>
+            The 'EncodingType' attribute is optional, if it is set, it must be equal to: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
+            </para>
+            </remarks>
+            <exception cref="T:System.ArgumentNullException">'reader' is null.</exception>
+            <exception cref="T:System.ArgumentException">if <see cref="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CanReadToken(System.Xml.XmlReader)"/> returns false.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ReadToken(System.String)">
+            <summary>
+            Reads a token encoded in JSON Compact serialized format.
+            </summary>
+            <param name="tokenString">A 'JSON Web Token' (JWT) that has been encoded as a JSON object. May be signed 
+            using 'JSON Web Signature' (JWS).</param>
+            <remarks>
+            The JWT must be encoded using Base64Url encoding of the UTF-8 representation of the JWT: Header, Payload and Signature. 
+            The contents of the JWT returned are not validated in any way, the token is simply decoded. Use ValidateToken to validate the JWT.
+            </remarks>
+            <returns>A <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/></returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(System.IdentityModel.Tokens.SecurityToken)">
+            <summary>
+            Obsolete method, use <see cref="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(System.String,System.IdentityModel.Tokens.TokenValidationParameters,System.IdentityModel.Tokens.SecurityToken@)"/>.
+            </summary>
+            <exception cref="T:System.NotSupportedException"> use <see cref="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(System.String,System.IdentityModel.Tokens.TokenValidationParameters,System.IdentityModel.Tokens.SecurityToken@)"/>.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateToken(System.String,System.IdentityModel.Tokens.TokenValidationParameters,System.IdentityModel.Tokens.SecurityToken@)">
+            <summary>
+            Reads and validates a token encoded in JSON Compact serialized format.
+            </summary>
+            <param name="securityToken">A 'JSON Web Token' (JWT) that has been encoded as a JSON object. May be signed using 'JSON Web Signature' (JWS).</param>
+            <param name="validationParameters">Contains validation parameters for the <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.</param>
+            <param name="validatedToken">The <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> that was validated.</param>
+            <exception cref="T:System.ArgumentNullException">'securityToken' is null or whitespace.</exception>
+            <exception cref="T:System.ArgumentNullException">'validationParameters' is null.</exception>
+            <exception cref="T:System.ArgumentException">'securityToken.Length' &gt; <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.MaximumTokenSizeInBytes"/>.</exception>
+            <returns>A <see cref="T:System.Security.Claims.ClaimsPrincipal"/> from the jwt. Does not include the header claims.</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.WriteToken(System.Xml.XmlWriter,System.IdentityModel.Tokens.SecurityToken)">
+            <summary>
+            Writes the <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> wrapped in a WS-Security BinarySecurityToken using the <see cref="T:System.Xml.XmlWriter"/>.
+            </summary>
+            <param name="writer"><see cref="T:System.Xml.XmlWriter"/> used to write token.</param>
+            <param name="token">The <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> that will be written.</param>
+            <exception cref="T:System.ArgumentNullException">'writer' is null.</exception>
+            <exception cref="T:System.ArgumentNullException">'token' is null.</exception>
+            <exception cref="T:System.ArgumentException">'token' is not a not <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.</exception>
+            <remarks>The <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> current contents are encoded. If <see cref="P:System.IdentityModel.Tokens.JwtSecurityToken.SigningCredentials"/> is not null, the encoding will contain a signature.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.WriteToken(System.IdentityModel.Tokens.SecurityToken)">
+            <summary>
+            Writes the <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> as a JSON Compact serialized format string.
+            </summary>
+            <param name="token"><see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> to serialize.</param>
+            <remarks>
+            <para>If the <see cref="P:System.IdentityModel.Tokens.JwtSecurityToken.SigningCredentials"/> are not null, the encoding will contain a signature.</para>
+            </remarks>
+            <exception cref="T:System.ArgumentNullException">'token' is null.</exception>
+            <exception cref="T:System.ArgumentException">'token' is not a not <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.</exception>
+            <returns>The <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> as a signed (if <see cref="T:System.IdentityModel.Tokens.SigningCredentials"/> exist) encoded string.</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CreateSignature(System.String,System.IdentityModel.Tokens.SecurityKey,System.String,System.IdentityModel.Tokens.SignatureProvider)">
+            <summary>
+            Produces a signature over the 'input' using the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> and algorithm specified.
+            </summary>
+            <param name="inputString">string to be signed</param>
+            <param name="key">the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> to use.</param>
+            <param name="algorithm">the algorithm to use.</param>
+            <param name="signatureProvider">if provided, the <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/> will be used to sign the token</param>
+            <returns>The signature over the bytes obtained from UTF8Encoding.GetBytes( 'input' ).</returns>
+            <remarks>The <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/> used to created the signature is obtained by calling <see cref="M:System.IdentityModel.Tokens.SignatureProviderFactory.CreateForSigning(System.IdentityModel.Tokens.SecurityKey,System.String)"/>.</remarks>
+            <exception cref="T:System.ArgumentNullException">'input' is null.</exception>
+            <exception cref="T:System.InvalidProgramException"><see cref="M:System.IdentityModel.Tokens.SignatureProviderFactory.CreateForSigning(System.IdentityModel.Tokens.SecurityKey,System.String)"/> returns null.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateSignature(System.String,System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Validates that the signature, if found and / or required is valid.
+            </summary>
+            <param name="token">A 'JSON Web Token' (JWT) that has been encoded as a JSON object. May be signed 
+            using 'JSON Web Signature' (JWS).</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> that contains signing keys.</param>
+            <exception cref="T:System.ArgumentNullException"> thrown if 'token is null or whitespace.</exception>
+            <exception cref="T:System.ArgumentNullException"> thrown if 'validationParameters is null.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenValidationException"> thrown if a signature is not found and <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.RequireSignedTokens"/> is true.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException"> thrown if the 'token' has a key identifier and none of the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s) provided result in a validated signature. 
+            This can indicate that a key refresh is required.</exception>
+            <exception cref="T:System.IdentityModel.SignatureVerificationFailedException"> thrown if after trying all the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s), none result in a validated signture AND the 'token' does not have a key identifier.</exception>
+            <returns><see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> that has the signature validated if token was signed and <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.RequireSignedTokens"/> is true.</returns>
+            <remarks><para>If the 'token' is signed, the signature is validated even if <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.RequireSignedTokens"/> is false.</para>
+            <para>If the 'token' signature is validated, then the <see cref="P:System.IdentityModel.Tokens.JwtSecurityToken.SigningKey"/> will be set to the key that signed the 'token'.</para></remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CreateKeyString(System.IdentityModel.Tokens.SecurityKey)">
+            <summary>
+            Produces a readable string for a key, used in error messages.
+            </summary>
+            <param name="securityKey"></param>
+            <returns></returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CreateClaimsIdentity(System.IdentityModel.Tokens.JwtSecurityToken,System.String,System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Creates a <see cref="T:System.Security.Claims.ClaimsIdentity"/> from a <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.
+            </summary>
+            <param name="jwt">The <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> to use as a <see cref="T:System.Security.Claims.Claim"/> source.</param>
+            <param name="issuer">The value to set <see cref="P:System.Security.Claims.Claim.Issuer"/></param>
+            <param name="validationParameters"> contains parameters for validating the token.</param>
+            <returns>A <see cref="T:System.Security.Claims.ClaimsIdentity"/> containing the <see cref="P:System.IdentityModel.Tokens.JwtSecurityToken.Claims"/>.</returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CreateActorValue(System.Security.Claims.ClaimsIdentity)">
+            <summary>
+            Creates the 'value' for the actor claim: { actor, 'value' }
+            </summary>
+            <param name="actor"><see cref="T:System.Security.Claims.ClaimsIdentity"/> as actor.</param>
+            <returns><see cref="T:System.String"/> representing the actor.</returns>
+            <remarks>If <see cref="P:System.Security.Claims.ClaimsIdentity.BootstrapContext"/> is not null:
+            <para>  if 'type' is 'string', return as string.</para>
+            <para>  if 'type' is 'BootstrapContext' and 'BootstrapContext.SecurityToken' is 'JwtSecurityToken'</para>
+            <para>    if 'JwtSecurityToken.RawData' != null, return RawData.</para>        
+            <para>    else return <see cref="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.WriteToken(System.IdentityModel.Tokens.SecurityToken)"/>.</para>        
+            <para>  if 'BootstrapContext.Token' != null, return 'Token'.</para>
+            <para>default: <see cref="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.WriteToken(System.IdentityModel.Tokens.SecurityToken)"/> new ( <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>( actor.Claims ).</para>
+            </remarks>
+            <exception cref="T:System.ArgumentNullException">'actor' is null.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateAudience(System.Collections.Generic.IEnumerable{System.String},System.IdentityModel.Tokens.SecurityToken,System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Determines if the audiences found in a <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> are valid.
+            </summary>
+            <param name="audiences">The audiences found in the <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.</param>
+            <param name="securityToken">The <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> being validated.</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
+            <remarks>see <see cref="M:System.IdentityModel.Tokens.Validators.ValidateAudience(System.Collections.Generic.IEnumerable{System.String},System.IdentityModel.Tokens.SecurityToken,System.IdentityModel.Tokens.TokenValidationParameters)"/> for additional details.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateLifetime(System.Nullable{System.DateTime},System.Nullable{System.DateTime},System.IdentityModel.Tokens.SecurityToken,System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Validates the lifetime of a <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.
+            </summary>
+            <param name="notBefore">The <see cref="T:System.DateTime"/> value of the 'nbf' claim if it exists in the 'jwt'.</param>
+            <param name="expires">The <see cref="T:System.DateTime"/> value of the 'exp' claim if it exists in the 'jwt'.</param>
+            <param name="securityToken">The <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> being validated.</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
+            <remarks><see cref="M:System.IdentityModel.Tokens.Validators.ValidateLifetime(System.Nullable{System.DateTime},System.Nullable{System.DateTime},System.IdentityModel.Tokens.SecurityToken,System.IdentityModel.Tokens.TokenValidationParameters)"/> for additional details.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateIssuer(System.String,System.IdentityModel.Tokens.SecurityToken,System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Determines if an issuer found in a <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> is valid.
+            </summary>
+            <param name="issuer">The issuer to validate</param>
+            <param name="securityToken">The <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> that is being validated.</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
+            <returns>The issuer to use when creating the <see cref="T:System.Security.Claims.Claim"/>(s) in the <see cref="T:System.Security.Claims.ClaimsIdentity"/>.</returns>
+            <remarks><see cref="M:System.IdentityModel.Tokens.Validators.ValidateIssuer(System.String,System.IdentityModel.Tokens.SecurityToken,System.IdentityModel.Tokens.TokenValidationParameters)"/> for additional details.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ResolveIssuerSigningKey(System.String,System.IdentityModel.Tokens.SecurityToken,System.IdentityModel.Tokens.SecurityKeyIdentifier,System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Returns a <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> to use when validating the signature of a token.
+            </summary>
+            <param name="token">the <see cref="T:System.String"/> representation of the token that is being validated.</param>
+            <param name="securityToken">the <SecurityToken> that is being validated.</SecurityToken></param>
+            <param name="keyIdentifier">the <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifier"/> found in the token.</param>
+            <param name="validationParameters">A <see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/>  required for validation.</param>
+            <returns>Returns a <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> to use for signature validation.</returns>
+            <exception cref="T:System.ArgumentNullException">if 'keyIdentifier' is null.</exception>
+            <exception cref="T:System.ArgumentNullException">if 'validationParameters' is null.</exception>
+            <remarks>If key fails to resolve, then null is returned</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ValidateIssuerSecurityKey(System.IdentityModel.Tokens.SecurityKey,System.IdentityModel.Tokens.SecurityToken,System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Validates the <see cref="P:System.IdentityModel.Tokens.JwtSecurityToken.SigningKey"/> is an expected value.
+            </summary>
+            <param name="securityKey">The <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> that signed the <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.</param>
+            <param name="securityToken">The <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> to validate.</param>
+            <param name="validationParameters">the current <see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/>.</param>
+            <remarks>If the <see cref="P:System.IdentityModel.Tokens.JwtSecurityToken.SigningKey"/> is a <see cref="T:System.IdentityModel.Tokens.X509SecurityKey"/> then the X509Certificate2 will be validated using <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.CertificateValidator"/>.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.InboundAlgorithmMap">
+            <summary>Gets or sets the <see cref="T:System.Collections.Generic.IDictionary`2"/> used to map Inbound Cryptographic Algorithms.</summary>
+            <remarks>Strings that describe Cryptographic Algorithms that are understood by the runtime are not necessarily the same values used in the JsonWebToken specification.
+            <para>When a <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> signature is validated, the algorithm is obtained from the HeaderParameter { alg, 'value' }.
+            The 'value' is translated according to this mapping and the translated 'value' is used when performing cryptographic operations.</para>
+            <para>Default mapping is:</para>
+            <para>    RS256 =&gt; http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 </para>
+            <para>    HS256 =&gt; http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 </para>
+            </remarks>
+            <exception cref="T:System.ArgumentNullException">'value' is null.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.OutboundAlgorithmMap">
+            <summary>Gets or sets the <see cref="T:System.Collections.Generic.IDictionary`2"/> used to map Outbound Cryptographic Algorithms.</summary>
+            <remarks>Strings that describe Cryptographic Algorithms understood by the runtime are not necessarily the same in the JsonWebToken specification.
+            <para>This property contains mappings the will be used to when creating a <see cref="T:System.IdentityModel.Tokens.JwtHeader"/> and setting the HeaderParameter { alg, 'value' }. 
+            The 'value' set is translated according to this mapping.
+            </para>
+            <para>Default mapping is:</para>
+            <para>    http://www.w3.org/2001/04/xmldsig-more#rsa-sha256  =&gt; RS256</para>
+            <para>    http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 =&gt; HS256</para>
+            </remarks>
+            <exception cref="T:System.ArgumentNullException">'value' is null.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.InboundClaimTypeMap">
+            <summary>
+            Gets or sets the <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.InboundClaimTypeMap"/> that is used when setting the <see cref="P:System.Security.Claims.Claim.Type"/> for claims in the <see cref="T:System.Security.Claims.ClaimsPrincipal"/> extracted when validating a <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>. 
+            <para>The <see cref="P:System.Security.Claims.Claim.Type"/> is set to the JSON claim 'name' after translating using this mapping.</para>
+            </summary>
+            <exception cref="T:System.ArgumentNullException">'value is null.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.OutboundClaimTypeMap">
+            <summary>
+            <para>Gets or sets the <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.OutboundClaimTypeMap"/> that is used when creating a <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> from <see cref="T:System.Security.Claims.Claim"/>(s).</para>
+            <para>The JSON claim 'name' value is set to <see cref="P:System.Security.Claims.Claim.Type"/> after translating using this mapping.</para>
+            </summary>
+            <remarks>This mapping is applied only when using <see cref="M:System.IdentityModel.Tokens.JwtPayload.AddClaim(System.Security.Claims.Claim)"/> or <see cref="M:System.IdentityModel.Tokens.JwtPayload.AddClaims(System.Collections.Generic.IEnumerable{System.Security.Claims.Claim})"/>. Adding values directly will not result in translation.</remarks>
+            <exception cref="T:System.ArgumentNullException">'value is null.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.InboundClaimFilter">
+            <summary>Gets or sets the <see cref="T:System.Collections.Generic.ISet`1"/> used to filter claims when populating a <see cref="T:System.Security.Claims.ClaimsIdentity"/> claims form a <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.
+            When a <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/> is validated, claims with types found in this <see cref="T:System.Collections.Generic.ISet`1"/> will not be added to the <see cref="T:System.Security.Claims.ClaimsIdentity"/>.</summary>
+            <exception cref="T:System.ArgumentNullException">'value' is null.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.ShortClaimTypeProperty">
+            <summary>
+            Gets or sets the property name of <see cref="P:System.Security.Claims.Claim.Properties"/> the will contain the original JSON claim 'name' if a mapping occurred when the <see cref="T:System.Security.Claims.Claim"/>(s) were created.
+            <para>See <seealso cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.InboundClaimTypeMap"/> for more information.</para>
+            </summary>
+            <exception cref="T:System.ArgumentException">if <see cref="T:System.String"/>.IsIsNullOrWhiteSpace('value') is true.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.JsonClaimTypeProperty">
+            <summary>
+            Gets or sets the property name of <see cref="P:System.Security.Claims.Claim.Properties"/> the will contain .Net type that was recogninzed when JwtPayload.Claims serialized the value to JSON.
+            <para>See <seealso cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.InboundClaimTypeMap"/> for more information.</para>
+            </summary>
+            <exception cref="T:System.ArgumentException">if <see cref="T:System.String"/>.IsIsNullOrWhiteSpace('value') is true.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CanValidateToken">
+            <summary>
+            Returns 'true' which indicates this instance can validate a <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.CanWriteToken">
+            <summary>
+            Returns 'true', which indicates this instance can write <see cref="T:System.IdentityModel.Tokens.JwtSecurityToken"/>.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.TokenLifetimeInMinutes">
+            <summary>
+            Gets and sets the token lifetime in minutes.
+            </summary>
+            <exception cref="T:System.ArgumentOutOfRangeException">'value' less than 1.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.MaximumTokenSizeInBytes">
+            <summary>
+            Gets and sets the maximum size in bytes, that a will be processed.
+            </summary>
+            <exception cref="T:System.ArgumentOutOfRangeException">'value' less than 1.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.SignatureProviderFactory">
+            <summary>
+            Gets or sets the <see cref="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.SignatureProviderFactory"/> for creating <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/>(s).
+            </summary>
+            <remarks>This extensibility point can be used to insert custom <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/>(s).
+            <para><see cref="M:System.IdentityModel.Tokens.SignatureProviderFactory.CreateForVerifying(System.IdentityModel.Tokens.SecurityKey,System.String)"/> is called to obtain a <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/>(s) when needed.</para></remarks>
+            <exception cref="T:System.ArgumentNullException">'value' is null.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.JwtSecurityTokenHandler.TokenType">
+            <summary>
+            Gets the <see cref="T:System.Type"/> supported by this handler.
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver">
+            <summary>
+            <see cref="T:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver"/> represents a collection of named sets of <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s) that can be matched by a
+            <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause"/> and return a <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityToken"/> that contains <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s).
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.#ctor">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver"/> class. 
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.#ctor(System.Collections.Generic.IDictionary{System.String,System.Collections.Generic.IList{System.IdentityModel.Tokens.SecurityKey}},System.IdentityModel.Tokens.IssuerTokenResolver)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver"/> class. 
+            Populates this instance with a named collection of <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s) and an optional <see cref="T:System.IdentityModel.Selectors.SecurityTokenResolver"/> that will be called when a 
+            <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifier"/> or <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/> cannot be resolved.
+            </summary>
+            <param name="keys">
+            A named collection of <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s).
+            </param>
+            <param name="innerTokenResolver">
+            A <see cref="P:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.IssuerTokenResolver"/> to call when resolving fails, before calling base.
+            </param>
+            <remarks>
+            if 'keys' is null an empty collection will be created. A named collection of <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s) can be added by accessing the property <see cref="P:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.SecurityKeys"/>.
+            </remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.LoadCustomConfiguration(System.Xml.XmlNodeList)">
+            <summary>
+            Populates the <see cref="P:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.SecurityKeys"/> from xml.
+            </summary>
+            <param name="nodeList">xml for processing.</param>
+            <exception cref="T:System.ArgumentNullException">'nodeList' is null.</exception>
+            <remarks>Only <see cref="T:System.Xml.XmlNode"/>(s) with <see cref="P:System.Xml.XmlElement.LocalName"/> == 'securityKey' will be processed. Unprocessed nodes will added to a list and can be accessed using the <see cref="P:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.UnprocessedXmlNodes"/> property.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.ReadSecurityKey(System.Xml.XmlElement)">
+            <summary>
+            When processing xml in <see cref="M:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.LoadCustomConfiguration(System.Xml.XmlNodeList)"/> each <see cref="T:System.Xml.XmlElement"/> that has <see cref="P:System.Xml.XmlElement.LocalName"/> = "securityKey' is passed here for processing.
+            </summary>
+            <param name="element">contains xml to map to a named <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>.</param>
+            <remarks>
+            <para>A single <see cref="T:System.Xml.XmlElement"/> is expected with up to three attributes: {'expected values'}.</para>
+            <para>&lt;securityKey</para>
+            <para>    symmetricKey {required}</para>
+            <para>    name         {required}</para>
+            <para>    EncodingType or encodingType {optional}</para>
+            <para>&gt;</para>
+            <para>&lt;/securityKey&gt;</para>
+            <para>If "EncodingType' type is specified only:</para>
+            <para>    'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'</para>
+            <para>    'Base64Binary'</para>
+            <para>    'base64Binary'</para>
+            <para>are allowed and have the same meaning.</para>
+            <para>When a symmetricKey is found, Convert.FromBase64String( value ) is applied to create the key.</para>
+            </remarks>
+            <exception cref="T:System.ArgumentNullException">'element' is null.</exception>
+            <exception cref="T:System.Configuration.ConfigurationErrorsException">attribute 'symmetricKey' is not found.</exception>
+            <exception cref="T:System.Configuration.ConfigurationErrorsException">value of 'symmetricKey' is empty or whitespace.</exception>
+            <exception cref="T:System.Configuration.ConfigurationErrorsException">attribute 'name' is not found.</exception>
+            <exception cref="T:System.Configuration.ConfigurationErrorsException">value of 'name' is empty or whitespace.</exception>
+            <exception cref="T:System.Configuration.ConfigurationErrorsException">value of 'encodingType' is not valid.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.TryResolveSecurityKeyCore(System.IdentityModel.Tokens.SecurityKeyIdentifierClause,System.IdentityModel.Tokens.SecurityKey@)">
+            <summary>
+            Finds the first <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> in a named collection that match the <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/>.
+            </summary>
+            <param name="keyIdentifierClause">
+            The <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/> to resolve to a <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>
+            </param>
+            <param name="key">
+            The resolved <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>.
+            </param>
+            <remarks>
+            If there is no match, then <see cref="P:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.IssuerTokenResolver"/> and 'base' are called in order.
+            </remarks>
+            <returns>
+            true if key resolved, false otherwise.
+            </returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.TryResolveTokenCore(System.IdentityModel.Tokens.SecurityKeyIdentifier,System.IdentityModel.Tokens.SecurityToken@)">
+            <summary>
+            Finds a named collection of <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s) that match the <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifier"/> and returns a <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityToken"/> that contains the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s).
+            </summary>
+            <param name="keyIdentifier">The <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifier"/> to resolve to a <see cref="T:System.IdentityModel.Tokens.SecurityToken"/></param>
+            <param name="token">The resolved <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.</param>
+            <remarks>
+            <para>
+            A <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifier"/> can contain multiple <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/>(s). This method will return the named collection that matches the first <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/>
+            </para>
+            <para>
+            If there is no match, then <see cref="P:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.IssuerTokenResolver"/> and 'base' are called in order.
+            </para>
+            </remarks>
+            <returns>
+            true is the keyIdentifier is resolved, false otherwise.
+            </returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.TryResolveTokenCore(System.IdentityModel.Tokens.SecurityKeyIdentifierClause,System.IdentityModel.Tokens.SecurityToken@)">
+            <summary>
+            Finds a named collection of <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s) that match the <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/> and returns a <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityToken"/> that contains the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s).
+            </summary>
+            <param name="keyIdentifierClause">The <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifier"/> to resolve to a <see cref="T:System.IdentityModel.Tokens.SecurityToken"/></param>
+            <param name="token">The resolved <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.</param>
+            <remarks>If there is no match, then <see cref="P:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.IssuerTokenResolver"/> and 'base' are called in order.</remarks>
+            <returns>true if token was resolved.</returns>
+            <exception cref="T:System.ArgumentNullException">if 'keyIdentifierClause' is null.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.SecurityKeys">
+            <summary>
+            Gets the named collection of <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s).
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.IssuerTokenResolver">
+            <summary>
+            Gets or sets the <see cref="T:System.IdentityModel.Selectors.SecurityTokenResolver"/> to call when <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifier"/> or <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/> fails to resolve, before calling base.
+            </summary>
+            <exception cref="T:System.ArgumentNullException">'value' is null.</exception>
+            <exception cref="T:System.ArgumentException">'object.ReferenceEquals( this, value)' is true.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.UnprocessedXmlNodes">
+            <summary>
+            Gets the unprocessed <see cref="T:System.Xml.XmlNode"/>(s) from <see cref="M:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.LoadCustomConfiguration(System.Xml.XmlNodeList)"/>.
+            </summary>
+            <remarks><see cref="M:System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver.LoadCustomConfiguration(System.Xml.XmlNodeList)"/> processes only <see cref="T:System.Xml.XmlElement"/>(s) that have the <see cref="P:System.Xml.XmlElement.LocalName"/> == 'securityKey'. Unprocessed <see cref="T:System.Xml.XmlNode"/>(s) are accessible here.</remarks>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause">
+            <summary>
+            A <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/> that can be used to match <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityToken"/>.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause.#ctor(System.String,System.String)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause"/> class. The 'name' for matching key identifiers found in the securityToken.
+            </summary>
+            <param name="name">Used to identify a named collection of keys.</param>
+            <param name="id">Additional information for matching.</param>
+            <exception cref="T:System.ArgumentNullException">if 'name' is null or whitespace.</exception>
+            <exception cref="T:System.ArgumentNullException">if 'id' is null or whitespace</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause.Matches(System.IdentityModel.Tokens.SecurityKeyIdentifierClause)">
+            <summary>
+            Determines if a <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/> matches this instance.
+            </summary>
+            <param name="keyIdentifierClause">The <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/> to match.</param>
+            <returns>true if:
+            <para>    1. keyIdentifierClause is a <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause"/>.</para>
+            <para>    2. string.Equals( keyIdentifierClause.Name, this.Name, StringComparison.Ordinal).</para>
+            <para>    2. string.Equals( keyIdentifierClause.Id, this.Id, StringComparison.Ordinal).</para>
+            <para>Otherwise calls base.Matches( keyIdentifierClause ).</para>
+            </returns>
+            <exception cref="T:System.ArgumentNullException">'keyIdentifierClause' is null.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause.Name">
+            <summary>
+            Gets the name of the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s) this <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause"/> represents.
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.NamedKeySecurityToken">
+            <summary>
+            A <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> that contains multiple <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> that have a name.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeySecurityToken.#ctor(System.String,System.String,System.IdentityModel.Tokens.SecurityKey)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityToken"/> class that contains a single <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>.
+            </summary>
+            <param name="name">A name for the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>.</param>
+            <param name="id">the identifier for this token.</param>
+            <param name="key">A <see cref="T:System.IdentityModel.Tokens.SecurityKey"/></param>
+            <exception cref="T:System.ArgumentNullException">if 'name' is null or whitespace.</exception>
+            <exception cref="T:System.ArgumentNullException">if 'id' is null or whitespace.</exception>
+            <exception cref="T:System.ArgumentNullException">if 'key' is null.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeySecurityToken.#ctor(System.String,System.String,System.Collections.Generic.IEnumerable{System.IdentityModel.Tokens.SecurityKey})">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityToken"/> class that contains a <see cref="T:System.Collections.Generic.IEnumerable`1"/>(System.IdentityModel.Tokens.SecurityKey) that can be matched by name.
+            </summary>
+            <param name="id">the identifier for this token.</param>
+            <param name="name">A name for the <see cref="T:System.Collections.Generic.IEnumerable`1"/>(System.IdentityModel.Tokens.SecurityKey).</param>
+            <param name="keys">A collection of <see cref="T:System.IdentityModel.Tokens.SecurityKey"/></param>
+            <exception cref="T:System.ArgumentNullException">if 'name' is null or whitespace.</exception>
+            <exception cref="T:System.ArgumentNullException">if 'id' is null or whitespace.</exception>
+            <exception cref="T:System.ArgumentNullException">if 'keys' is null.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeySecurityToken.ResolveKeyIdentifierClause(System.IdentityModel.Tokens.SecurityKeyIdentifierClause)">
+            <summary>
+            Gets the first<see cref="T:System.IdentityModel.Tokens.SecurityKey"/> that matches a <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/>
+            </summary>
+            <param name="keyIdentifierClause">the <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/> to match.</param>
+            <returns>The first <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> that matches the <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/>.
+            <para>null if there is no match.</para></returns>
+            <para>Only <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause"/> are matched.</para>
+            <exception cref="T:System.ArgumentNullException">'keyIdentifierClause' is null.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.NamedKeySecurityToken.MatchesKeyIdentifierClause(System.IdentityModel.Tokens.SecurityKeyIdentifierClause)">
+            <summary>
+            Answers if the <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/> is a match.
+            </summary>
+            <param name="keyIdentifierClause">The <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifierClause"/></param>
+            <returns>true if matched.</returns>
+            <remarks><para>A successful match occurs when <see cref="P:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause.Name"/> == <see cref="P:System.IdentityModel.Tokens.NamedKeySecurityToken.Id"/>.</para>
+            <para>Only <see cref="T:System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause"/> are matched.</para></remarks>
+            <exception cref="T:System.ArgumentNullException">'keyIdentifierClause' is null.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.NamedKeySecurityToken.Id">
+            <summary>
+            Gets the id of the security token.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.NamedKeySecurityToken.Name">
+            <summary>
+            Gets the Name of the security token.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.NamedKeySecurityToken.ValidFrom">
+            <summary>
+            Gets the creation time as a <see cref="T:System.DateTime"/>.
+            </summary>
+            <remarks>The default is: <see cref="P:System.DateTime.UtcNow"/>.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.NamedKeySecurityToken.ValidTo">
+            <summary>
+            Gets the expiration time as a <see cref="T:System.DateTime"/>
+            </summary>
+            <remarks>The default is: <see cref="F:System.DateTime.MaxValue"/>.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.NamedKeySecurityToken.SecurityKeys">
+            <summary>
+            Gets the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s).
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.SecurityTokenInvalidAudienceException">
+            <summary>
+            This exception is thrown when 'audience' of a token was not valid.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenInvalidAudienceException.#ctor">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidAudienceException"/> class.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenInvalidAudienceException.#ctor(System.String)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidAudienceException"/> class.
+            </summary>
+            <param name="message">Addtional information to be included in the exception and displayed to user.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenInvalidAudienceException.#ctor(System.String,System.Exception)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidAudienceException"/> class.
+            </summary>
+            <param name="message">Addtional information to be included in the exception and displayed to user.</param>
+            <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenInvalidAudienceException.#ctor(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidAudienceException"/> class.
+            </summary>
+            <param name="info">the <see cref="T:System.Runtime.Serialization.SerializationInfo"/> that holds the serialized object data.</param>
+            <param name="context">The contextual information about the source or destination.</param>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException">
+            <summary>
+            This exception is thrown when 'issuer' of a token was not valid.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException.#ctor">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException"/> class.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException.#ctor(System.String)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException"/> class.
+            </summary>
+            <param name="message">Addtional information to be included in the exception and displayed to user.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException.#ctor(System.String,System.Exception)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException"/> class.
+            </summary>
+            <param name="message">Addtional information to be included in the exception and displayed to user.</param>
+            <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException.#ctor(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException"/> class.
+            </summary>
+            <param name="info">the <see cref="T:System.Runtime.Serialization.SerializationInfo"/> that holds the serialized object data.</param>
+            <param name="context">The contextual information about the source or destination.</param>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException">
+            <summary>
+            This exception is thrown when 'lifetime' of a token was not valid.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException.#ctor">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException"/> class.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException.#ctor(System.String)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException"/> class.
+            </summary>
+            <param name="message">Addtional information to be included in the exception and displayed to user.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException.#ctor(System.String,System.Exception)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException"/> class.
+            </summary>
+            <param name="message">Addtional information to be included in the exception and displayed to user.</param>
+            <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException.#ctor(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException"/> class.
+            </summary>
+            <param name="info">the <see cref="T:System.Runtime.Serialization.SerializationInfo"/> that holds the serialized object data.</param>
+            <param name="context">The contextual information about the source or destination.</param>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.SecurityTokenNoExpirationException">
+            <summary>
+            This exception is thrown when a security is missing an ExpirationTime.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenNoExpirationException.#ctor">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenNoExpirationException"/> class.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenNoExpirationException.#ctor(System.String)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenNoExpirationException"/> class.
+            </summary>
+            <param name="message">Addtional information to be included in the exception and displayed to user.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenNoExpirationException.#ctor(System.String,System.Exception)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenNoExpirationException"/> class.
+            </summary>
+            <param name="message">Addtional information to be included in the exception and displayed to user.</param>
+            <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenNoExpirationException.#ctor(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenNoExpirationException"/> class.
+            </summary>
+            <param name="info">the <see cref="T:System.Runtime.Serialization.SerializationInfo"/> that holds the serialized object data.</param>
+            <param name="context">The contextual information about the source or destination.</param>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.SecurityTokenReplayAddFailedException">
+            <summary>
+            This exception is thrown when an add to the TokenReplayCache fails.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenReplayAddFailedException.#ctor">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenReplayAddFailedException"/> class.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenReplayAddFailedException.#ctor(System.String)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenReplayAddFailedException"/> class.
+            </summary>
+            <param name="message">Addtional information to be included in the exception and displayed to user.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenReplayAddFailedException.#ctor(System.String,System.Exception)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenReplayAddFailedException"/> class.
+            </summary>
+            <param name="message">Addtional information to be included in the exception and displayed to user.</param>
+            <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenReplayAddFailedException.#ctor(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenReplayAddFailedException"/> class.
+            </summary>
+            <param name="info">the <see cref="T:System.Runtime.Serialization.SerializationInfo"/> that holds the serialized object data.</param>
+            <param name="context">The contextual information about the source or destination.</param>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException">
+            <summary>
+            This exception is thrown when a security token contained a key identifier but the key was not found by the runtime.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException.#ctor">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException"/> class.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException.#ctor(System.String)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException"/> class.
+            </summary>
+            <param name="message">Addtional information to be included in the exception and displayed to user.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException.#ctor(System.String,System.Exception)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException"/> class.
+            </summary>
+            <param name="message">Addtional information to be included in the exception and displayed to user.</param>
+            <param name="innerException">A <see cref="T:System.Exception"/> that represents the root cause of the exception.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException.#ctor(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException"/> class.
+            </summary>
+            <param name="info">the <see cref="T:System.Runtime.Serialization.SerializationInfo"/> that holds the serialized object data.</param>
+            <param name="context">The contextual information about the source or destination.</param>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.SignatureProviderFactory">
+            <summary>
+            Creates <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/>s by specifying a <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> and algorithm.
+            <para>Supports both <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/> and <see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/>.</para>
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning">
+            <summary>
+            This is the minimum <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/>.KeySize when creating signatures.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying">
+            <summary>
+            This is the minimum <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/>.KeySize when verifying signatures.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.SignatureProviderFactory.AbsoluteMinimumSymmetricKeySizeInBits">
+            <summary>
+            This is the minimum <see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/>.KeySize when creating and verifying signatures.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SignatureProviderFactory.CreateForSigning(System.IdentityModel.Tokens.SecurityKey,System.String)">
+            <summary>
+            Creates a <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/> that supports the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> and algorithm.
+            </summary>
+            <param name="key">
+            The <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> to use for signing.
+            </param>
+            <param name="algorithm">
+            The algorithm to use for signing.
+            </param>
+            <exception cref="T:System.ArgumentNullException">
+            'key' is null.
+            </exception>
+            <exception cref="T:System.ArgumentNullException">
+            'algorithm' is null.
+            </exception>
+            <exception cref="T:System.ArgumentException">
+            'algorithm' contains only whitespace.
+            </exception>
+            <exception cref="T:System.ArgumentOutOfRangeException">
+            '<see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/>' is smaller than <see cref="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning"/>.
+            </exception>
+            <exception cref="T:System.ArgumentOutOfRangeException">
+            '<see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/>' is smaller than <see cref="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumSymmetricKeySizeInBits"/>.
+            </exception>
+            <exception cref="T:System.ArgumentException">
+            '<see cref="T:System.IdentityModel.Tokens.SecurityKey"/>' is not a <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/> or a <see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/>.
+            </exception>
+            <remarks>
+            AsymmetricSignatureProviders require access to a PrivateKey for Signing.
+            </remarks>
+            <returns>
+            The <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/>.
+            </returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SignatureProviderFactory.CreateForVerifying(System.IdentityModel.Tokens.SecurityKey,System.String)">
+            <summary>
+            Returns a <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/> instance supports the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> and algorithm.
+            </summary>
+            <param name="key">
+            The <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> to use for signing.
+            </param>
+            <param name="algorithm">
+            The algorithm to use for signing.
+            </param>
+            <exception cref="T:System.ArgumentNullException">
+            'key' is null.
+            </exception>
+            <exception cref="T:System.ArgumentNullException">
+            'algorithm' is null.
+            </exception>
+            <exception cref="T:System.ArgumentException">
+            'algorithm' contains only whitespace.
+            </exception>
+            <exception cref="T:System.ArgumentOutOfRangeException">
+            '<see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/>' is smaller than <see cref="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying"/>.
+            </exception>
+            <exception cref="T:System.ArgumentOutOfRangeException">
+            '<see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/>' is smaller than <see cref="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumSymmetricKeySizeInBits"/>.
+            </exception>
+            <exception cref="T:System.ArgumentException">
+            '<see cref="T:System.IdentityModel.Tokens.SecurityKey"/>' is not a <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/> or a <see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/>.
+            </exception>
+            <returns>
+            The <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/>.
+            </returns>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SignatureProviderFactory.ReleaseProvider(System.IdentityModel.Tokens.SignatureProvider)">
+            <summary>
+            When finished with a <see cref="T:System.IdentityModel.Tokens.SignatureProvider"/> call this method for cleanup. The default behavior is to call <see cref="M:System.IdentityModel.Tokens.SignatureProvider.Dispose(System.Boolean)"/>
+            </summary>
+            <param name="signatureProvider"><see cref="T:System.IdentityModel.Tokens.SignatureProvider"/> to be released.</param>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumSymmetricKeySizeInBits">
+            <summary>
+            Gets or sets the minimum <see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/>.KeySize"/&gt;.
+            </summary>
+            <exception cref="T:System.ArgumentOutOfRangeException">'value' is smaller than <see cref="F:System.IdentityModel.Tokens.SignatureProviderFactory.AbsoluteMinimumSymmetricKeySizeInBits"/>.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForSigning">
+            <summary>
+            Gets or sets the minimum <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/>.KeySize for creating signatures.
+            </summary>
+            <exception cref="T:System.ArgumentOutOfRangeException">'value' is smaller than <see cref="F:System.IdentityModel.Tokens.SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForSigning"/>.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumAsymmetricKeySizeInBitsForVerifying">
+            <summary>
+            Gets or sets the minimum <see cref="T:System.IdentityModel.Tokens.AsymmetricSecurityKey"/>.KeySize for verifying signatures.
+            <exception cref="T:System.ArgumentOutOfRangeException">'value' is smaller than <see cref="F:System.IdentityModel.Tokens.SignatureProviderFactory.AbsoluteMinimumAsymmetricKeySizeInBitsForVerifying"/>.</exception>
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.SymmetricSignatureProvider">
+            <summary>
+            Provides signing and verifying operations using a <see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/> and specifying an algorithm.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SymmetricSignatureProvider.#ctor(System.IdentityModel.Tokens.SymmetricSecurityKey,System.String)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.SymmetricSignatureProvider"/> class that uses an <see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/> to create and / or verify signatures over a array of bytes.
+            </summary>
+            <param name="key">The <see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/> used for signing.</param>
+            <param name="algorithm">The signature algorithm to use.</param>
+            <exception cref="T:System.ArgumentNullException">'key' is null.</exception>
+            <exception cref="T:System.ArgumentNullException">'algorithm' is null.</exception>
+            <exception cref="T:System.ArgumentException">'algorithm' contains only whitespace.</exception>
+            <exception cref="T:System.ArgumentOutOfRangeException">'<see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/>.KeySize' is smaller than <see cref="P:System.IdentityModel.Tokens.SignatureProviderFactory.MinimumSymmetricKeySizeInBits"/>.</exception>
+            <exception cref="T:System.InvalidOperationException"><see cref="M:System.IdentityModel.Tokens.SymmetricSecurityKey.GetKeyedHashAlgorithm(System.String)"/> throws.</exception>
+            <exception cref="T:System.InvalidOperationException"><see cref="M:System.IdentityModel.Tokens.SymmetricSecurityKey.GetKeyedHashAlgorithm(System.String)"/> returns null.</exception>
+            <exception cref="T:System.InvalidOperationException"><see cref="M:System.IdentityModel.Tokens.SymmetricSecurityKey.GetSymmetricKey"/> throws.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SymmetricSignatureProvider.Sign(System.Byte[])">
+            <summary>
+            Produces a signature over the 'input' using the <see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/> and 'algorithm' passed to <see cref="M:System.IdentityModel.Tokens.SymmetricSignatureProvider.#ctor(System.IdentityModel.Tokens.SymmetricSecurityKey,System.String)"/>.
+            </summary>
+            <param name="input">bytes to sign.</param>
+            <returns>signed bytes</returns>
+            <exception cref="T:System.ArgumentNullException">'input' is null. </exception>
+            <exception cref="T:System.ArgumentException">'input.Length' == 0. </exception>
+            <exception cref="T:System.ObjectDisposedException"><see cref="M:System.IdentityModel.Tokens.SymmetricSignatureProvider.Dispose(System.Boolean)"/> has been called.</exception>
+            <exception cref="T:System.InvalidOperationException"><see cref="T:System.Security.Cryptography.KeyedHashAlgorithm"/> is null. This can occur if a derived type deletes it or does not create it.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SymmetricSignatureProvider.Verify(System.Byte[],System.Byte[])">
+            <summary>
+            Verifies that a signature created over the 'input' matches the signature. Using <see cref="T:System.IdentityModel.Tokens.SymmetricSecurityKey"/> and 'algorithm' passed to <see cref="M:System.IdentityModel.Tokens.SymmetricSignatureProvider.#ctor(System.IdentityModel.Tokens.SymmetricSecurityKey,System.String)"/>.
+            </summary>
+            <param name="input">bytes to verify.</param>
+            <param name="signature">signature to compare against.</param>
+            <returns>true if computed signature matches the signature parameter, false otherwise.</returns>
+            <exception cref="T:System.ArgumentNullException">'input' is null.</exception>
+            <exception cref="T:System.ArgumentNullException">'signature' is null.</exception>
+            <exception cref="T:System.ArgumentException">'input.Length' == 0.</exception>
+            <exception cref="T:System.ArgumentException">'signature.Length' == 0. </exception>
+            <exception cref="T:System.ObjectDisposedException"><see cref="M:System.IdentityModel.Tokens.SymmetricSignatureProvider.Dispose(System.Boolean)"/> has been called.</exception>
+            <exception cref="T:System.InvalidOperationException">if the internal <see cref="T:System.Security.Cryptography.KeyedHashAlgorithm"/> is null. This can occur if a derived type deletes it or does not create it.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SymmetricSignatureProvider.Dispose(System.Boolean)">
+            <summary>
+            Disposes of internal components.
+            </summary>
+            <param name="disposing">true, if called from Dispose(), false, if invoked inside a finalizer.</param>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.SymmetricSignatureProvider.AreEqual(System.Byte[],System.Byte[])">
+            <summary>
+            Compares two byte arrays for equality. Hash size is fixed normally it is 32 bytes.
+            The attempt here is to take the same time if an attacker shortens the signature OR changes some of the signed contents.
+            </summary>
+            <param name="a">
+            One set of bytes to compare.
+            </param>
+            <param name="b">
+            The other set of bytes to compare with.
+            </param>
+            <returns>
+            true if the bytes are equal, false otherwise.
+            </returns>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.AudienceValidator">
+            <summary>
+            Definition for AudienceValidator.
+            </summary>
+            <param name="audiences">The audiences found in the <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.</param>
+            <param name="securityToken">The <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.IssuerSigningKeyResolver">
+            <summary>
+            Definition for IssuerSigningKeyRetriever. When validating signatures, this method will return key to use.
+            </summary>
+            <param name="token">the <see cref="T:System.String"/> representation of the token that is being validated.</param>
+            <param name="securityToken">the <SecurityToken> that is being validated. It may be null.</SecurityToken></param>
+            <param name="keyIdentifier">the <see cref="T:System.IdentityModel.Tokens.SecurityKeyIdentifier"/> found in the token. It may be null.</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
+            <returns></returns>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.IssuerValidator">
+            <summary>
+            Definition for IssuerValidator.
+            </summary>
+            <param name="issuer">The issuer to validate.</param>
+            <param name="securityToken">The <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> that is being validated.</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
+            <returns>The issuer to use when creating the "Claim"(s) in a "ClaimsIdentity".</returns>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.LifetimeValidator">
+            <summary>
+            Definition for LifetimeValidator.
+            </summary>
+            <param name="notBefore">The 'notBefore' time found in the <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.</param>
+            <param name="expires">The 'expiration' time found in the <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.</param>
+            <param name="securityToken">The <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.TokenValidationParameters">
+            <summary>
+            Contains a set of parameters that are used by a <see cref="T:System.IdentityModel.Tokens.SecurityTokenHandler"/> when validating a <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.TokenValidationParameters.DefaultMaximumTokenSizeInBytes">
+            <summary>
+            Default for the maximm token size.
+            </summary>
+            <remarks>2 MB (mega bytes).</remarks>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.TokenValidationParameters.DefaultAuthenticationType">
+            <summary>
+            This is the fallback authenticationtype that a <see cref="T:System.IdentityModel.Tokens.ISecurityTokenValidator"/> will use if nothing is set.
+            </summary>
+        </member>
+        <member name="F:System.IdentityModel.Tokens.TokenValidationParameters.DefaultClockSkew">
+            <summary>
+            Default for the clock skew.
+            </summary>
+            <remarks>300 seconds (5 minutes).</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.TokenValidationParameters.#ctor(System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Copy constructor for <see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/>.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.TokenValidationParameters.#ctor">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> class.
+            </summary>        
+        </member>
+        <member name="M:System.IdentityModel.Tokens.TokenValidationParameters.Clone">
+            <summary>
+            Returns a new instance of <see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> with values copied from this object.
+            </summary>
+            <returns>A new <see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> object copied from this object</returns>
+            <remarks>This is a shallow Clone.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.TokenValidationParameters.CreateClaimsIdentity(System.IdentityModel.Tokens.SecurityToken,System.String)">
+            <summary>
+            Creates a <see cref="T:System.Security.Claims.ClaimsIdentity"/> using:
+            <para><see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.AuthenticationType"/></para>
+            <para>'NameClaimType' is calculated: If NameClaimTypeRetriever call that else use NameClaimType. If the result is a null or empty string, use <see cref="F:System.Security.Claims.ClaimsIdentity.DefaultNameClaimType"/></para>.
+            <para>'RoleClaimType' is calculated: If RoleClaimTypeRetriever call that else use RoleClaimType. If the result is a null or empty string, use <see cref="F:System.Security.Claims.ClaimsIdentity.DefaultRoleClaimType"/></para>.
+            </summary>
+            <returns>A <see cref="T:System.Security.Claims.ClaimsIdentity"/> with Authentication, NameClaimType and RoleClaimType set.</returns>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.AudienceValidator">
+            <summary>
+            Gets or sets a delegate that will be used to validate the audience of the tokens
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.AuthenticationType">
+            <summary>
+            Gets or sets the AuthenticationType when creating a <see cref="T:System.Security.Claims.ClaimsIdentity"/> during token validation.
+            </summary>
+            <exception cref="T:System.ArgumentNullException"> if 'value' is null or whitespace.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.CertificateValidator">
+            <summary>
+            Gets or sets the <see cref="T:System.IdentityModel.Selectors.X509CertificateValidator"/> for validating X509Certificate2(s).
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.ClientDecryptionTokens">
+            <summary>
+            Gets or sets the <see cref="T:System.Collections.ObjectModel.ReadOnlyCollection`1"/> that is to be used for decrypting inbound tokens.
+            </summary>
+            <exception cref="T:System.ArgumentNullException">if 'value' is null.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.ClockSkew">
+            <summary>
+            Gets or sets the clock skew to apply when validating times
+            </summary>
+            <exception cref="T:System.ArgumentOutOfRangeException"> if 'value' is less than 0.</exception>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.IssuerSigningKeyValidator">
+            <summary>
+            Gets or sets the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> that is to be used for validating signed tokens. 
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.IssuerSigningKey">
+            <summary>
+            Gets or sets the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> that is to be used for validating signed tokens. 
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.IssuerSigningKeyResolver">
+            <summary>
+            Gets or sets a delegate that will be used to retreive <see cref="T:System.IdentityModel.Tokens.SecurityKey"/>(s) used for checking signatures.
+            </summary>
+            <remarks>Each <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> will be used to check the signature. Returning multiple key can be helpful when the <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> does not contain a key identifier. 
+            This can occur when the issuer has multiple keys available. This sometimes occurs during key rollover.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.IssuerSigningKeys">
+            <summary>
+            Gets or sets the <see cref="T:System.Collections.Generic.IEnumerable`1"/> that are to be used for validating signed tokens. 
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.IssuerSigningToken">
+            <summary>
+            Gets or sets the <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> that is used for validating signed tokens. 
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.IssuerSigningTokens">
+            <summary>
+            Gets or sets the <see cref="T:System.Collections.Generic.IEnumerable`1"/> that are to be used for validating signed tokens. 
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.IssuerValidator">
+            <summary>
+            Gets or sets a delegate that will be used to validate the issuer of the token. The delegate returns the issuer to use.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.LifetimeValidator">
+            <summary>
+            Gets or sets a delegate that will be used to validate the lifetime of the token
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.NameClaimType">
+            <summary>
+            Gets or sets the <see cref="T:System.String"/> passed to <see cref="M:System.Security.Claims.ClaimsIdentity.#ctor(System.String,System.String,System.String)"/>. 
+            </summary>
+            <remarks>
+            Controls the value <see cref="P:System.Security.Claims.ClaimsIdentity.Name"/> returns. It will return the first <see cref="P:System.Security.Claims.Claim.Value"/> where the <see cref="P:System.Security.Claims.Claim.Type"/> equals <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.NameClaimType"/>.
+            </remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.RoleClaimType">
+            <summary>
+            Gets or sets the <see cref="T:System.String"/> passed to <see cref="M:System.Security.Claims.ClaimsIdentity.#ctor(System.String,System.String,System.String)"/>.
+            </summary>
+            <remarks>
+            <para>Controls the <see cref="T:System.Security.Claims.Claim"/>(s) returned from <see cref="M:System.Security.Claims.ClaimsPrincipal.IsInRole(System.String)"/>.</para>
+            <para>Each <see cref="T:System.Security.Claims.Claim"/> returned will have a <see cref="P:System.Security.Claims.Claim.Type"/> equal to <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.RoleClaimType"/>.</para>
+            </remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.NameClaimTypeRetriever">
+            <summary>
+            Gets or sets a delegate that will be called to obtain the NameClaimType to use when creating a ClaimsIdentity
+            when validating a token.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.RequireExpirationTime">
+            <summary>
+            Gets or sets a value indicating whether tokens must have an 'expiration' value.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.RequireSignedTokens">
+            <summary>
+            Gets or sets a value indicating whether a <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> can be valid if not signed.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.RoleClaimTypeRetriever">
+            <summary>
+            Gets or sets a delegate that will be called to obtain the RoleClaimType to use when creating a ClaimsIdentity
+            when validating a token.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.SaveSigninToken">
+            <summary>
+            Gets or sets a boolean to control if the original token is saved when a session is created.       /// </summary>
+            <remarks>The SecurityTokenValidator will use this value to save the orginal string that was validated.</remarks>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.TokenReplayCache">
+            <summary>
+            Gets or set the <see cref="T:System.IdentityModel.Tokens.ITokenReplayCache"/> that will be checked to help in detecting that a token has been 'seen' before.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidateActor">
+            <summary>
+            Gets or sets a value indicating whether the <see cref="P:System.IdentityModel.Tokens.JwtSecurityToken.Actor"/> should be validated.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidateAudience">
+            <summary>
+            Gets or sets a boolean to control if the audience will be validated during token validation.
+            </summary>        
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidateIssuer">
+            <summary>
+            Gets or sets a boolean to control if the issuer will be validated during token validation.
+            </summary>                
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidateLifetime">
+            <summary>
+            Gets or sets a boolean to control if the lifetime will be validated during token validation.
+            </summary>                
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidateIssuerSigningKey">
+            <summary>
+            Gets or sets a boolean that controls if validation of the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> that signed the securityToken is called.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidAudience">
+            <summary>
+            Gets or sets a string that represents a valid audience that will be used during token validation.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidAudiences">
+            <summary>
+            Gets or sets the <see cref="T:System.Collections.Generic.ICollection`1"/> that contains valid audiences that will be used during token validation.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidIssuer">
+            <summary>
+            Gets or sets a <see cref="T:System.String"/> that represents a valid issuer that will be used during token validation.
+            </summary>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidIssuers">
+            <summary>
+            Gets or sets the <see cref="T:System.Collections.Generic.ICollection`1"/> that contains valid issuers that will be used during token validation.
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.Validators">
+            <summary>
+            AudienceValidator
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.Validators.ValidateAudience(System.Collections.Generic.IEnumerable{System.String},System.IdentityModel.Tokens.SecurityToken,System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Determines if the audiences found in a <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> are valid.
+            </summary>
+            <param name="audiences">The audiences found in the <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.</param>
+            <param name="securityToken">The <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
+            <exception cref="T:System.ArgumentNullException"> if 'vaidationParameters' is null.</exception>
+            <exception cref="T:System.ArgumentNullException"> if 'audiences' is null and <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidateAudience"/> is true.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidAudienceException"> if <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidAudience"/> is null or whitespace and <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidAudiences"/> is null.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidAudienceException"> if none of the 'audiences' matched either <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidAudience"/> or one of <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidAudiences"/>.</exception>
+            <remarks>An EXACT match is required.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.Validators.ValidateIssuer(System.String,System.IdentityModel.Tokens.SecurityToken,System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Determines if an issuer found in a <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> is valid.
+            </summary>
+            <param name="issuer">The issuer to validate</param>
+            <param name="securityToken">The <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> that is being validated.</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
+            <returns>The issuer to use when creating the "Claim"(s) in a "ClaimsIdentity".</returns>
+            <exception cref="T:System.ArgumentNullException"> if 'vaidationParameters' is null.</exception>
+            <exception cref="T:System.ArgumentNullException"> if 'issuer' is null or whitespace and <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidateIssuer"/> is true.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException"> if <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidIssuer"/> is null or whitespace and <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidIssuers"/> is null.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidIssuerException"> if 'issuer' failed to matched either <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidIssuer"/> or one of <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.ValidIssuers"/>.</exception>
+            <remarks>An EXACT match is required.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.Validators.ValidateIssuerSecurityKey(System.IdentityModel.Tokens.SecurityKey,System.IdentityModel.Tokens.SecurityToken,System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Validates the <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> that signed a <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.
+            </summary>
+            <param name="securityKey">The <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> that signed the <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.</param>
+            <param name="securityToken">The <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
+            <exception cref="T:System.ArgumentNullException"> if 'vaidationParameters' is null.</exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.Validators.ValidateLifetime(System.Nullable{System.DateTime},System.Nullable{System.DateTime},System.IdentityModel.Tokens.SecurityToken,System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Validates the lifetime of a <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.
+            </summary>
+            <param name="notBefore">The 'notBefore' time found in the <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.</param>
+            <param name="expires">The 'expiration' time found in the <see cref="T:System.IdentityModel.Tokens.SecurityToken"/>.</param>
+            <param name="securityToken">The <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
+            <exception cref="T:System.ArgumentNullException"> if 'vaidationParameters' is null.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenNoExpirationException"> if 'expires.HasValue' is false and <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.RequireExpirationTime"/> is true.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenInvalidLifetimeException"> if 'notBefore' is &gt; 'expires'.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenNotYetValidException"> if 'notBefore' is &gt; DateTime.UtcNow.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenExpiredException"> if 'expires' is &lt; DateTime.UtcNow.</exception>
+            <remarks>All time comparisons apply <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.ClockSkew"/>.</remarks>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.Validators.ValidateTokenReplay(System.String,System.Nullable{System.DateTime},System.IdentityModel.Tokens.TokenValidationParameters)">
+            <summary>
+            Validates if a token has been replayed.
+            </summary>
+            <param name="securityToken">The <see cref="T:System.IdentityModel.Tokens.SecurityToken"/> being validated.</param>
+            <param name="expirationTime">When does the security token expire.</param>
+            <param name="validationParameters"><see cref="T:System.IdentityModel.Tokens.TokenValidationParameters"/> required for validation.</param>
+            <exception cref="T:System.ArgumentNullException">if 'securityToken' is null or whitespace.</exception>
+            <exception cref="T:System.ArgumentNullException">if 'validationParameters' is null or whitespace.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenNoExpirationException">if <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.TokenReplayCache"/> is not null and expirationTime.HasValue is false. When a TokenReplayCache is set, tokens require an expiration time.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenReplayDetectedException">if the 'securityToken' is found in the cache.</exception>
+            <exception cref="T:System.IdentityModel.Tokens.SecurityTokenReplayAddFailedException">if the 'securityToken' could not be added to the <see cref="P:System.IdentityModel.Tokens.TokenValidationParameters.TokenReplayCache"/>.</exception>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.WSSecurityConstantsInternal">
+            <summary>
+            Defines constants needed from WS-Security 1.0.
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.WSSecurityUtilityConstantsInternal">
+            <summary>
+            Defines constants needed from WS-SecureUtility standard schema.
+            </summary>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.X509CertificateValidatorEx">
+            <summary>
+            This class also resets the chainPolicy.VerificationTime = DateTime.Now each time a certificate is validated otherwise certificates created after the validator is created will not chain.
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.X509CertificateValidatorEx.#ctor(System.ServiceModel.Security.X509CertificateValidationMode,System.Security.Cryptography.X509Certificates.X509RevocationMode,System.Security.Cryptography.X509Certificates.StoreLocation)">
+            <summary>
+            Initializes a new instance of the <see cref="T:System.IdentityModel.Tokens.X509CertificateValidatorEx"/> class.
+            </summary>
+            <param name="certificateValidationMode">
+            The certificate validation mode.
+            </param>
+            <param name="revocationMode">
+            The revocation mode.
+            </param>
+            <param name="trustedStoreLocation">
+            The trusted store location.
+            </param>
+            <exception cref="T:System.InvalidOperationException"> thrown if the certificationValidationMode is custom or unknown.
+            </exception>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.X509CertificateValidatorEx.Validate(System.Security.Cryptography.X509Certificates.X509Certificate2)">
+            <summary>
+            Validates a <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2"/>.
+            </summary>
+            <param name="certificate">
+            The <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2"/> to validate.
+            </param>
+        </member>
+        <member name="T:System.IdentityModel.Tokens.X509SecurityKey">
+            <summary>
+            Security key that allows access to cert
+            </summary>
+        </member>
+        <member name="M:System.IdentityModel.Tokens.X509SecurityKey.#ctor(System.Security.Cryptography.X509Certificates.X509Certificate2)">
+            <summary>
+            Instantiates a <see cref="T:System.IdentityModel.Tokens.SecurityKey"/> using a <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2"/>
+            </summary>
+            <param name="certificate"> cert to use.</param>
+        </member>
+        <member name="P:System.IdentityModel.Tokens.X509SecurityKey.Certificate">
+            <summary>
+            Gets the <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2"/>.
+            </summary>
+        </member>
+    </members>
+</doc>
diff --git a/App/packages/System.IdentityModel.Tokens.Jwt.4.0.2.206221351/lib/net45/System.IdentityModel.Tokens.Jwt.dll b/App/packages/System.IdentityModel.Tokens.Jwt.4.0.2.206221351/lib/net45/System.IdentityModel.Tokens.Jwt.dll
new file mode 100644
index 0000000000000000000000000000000000000000..384dfaf1beda25b0817f3a853e27bcab44748c25
GIT binary patch
literal 136448
zcmdSC33wD$+BSTuy1IHv(n%+wvjPbOXgZy+1VX}^un7nXvdE?oAwUo)>`qv+5rl*-
zqA22qBce0zJMJ5diujHTIyj>aBJSvjgS*Z+@ZHaIPIo#W^S<wY{nzz>e_wFdb3bQ$
z&VK6Dsmg?zR|%UC!odGir-XO{SNfGP{%2@{v#0Y@9<j&uTJ96t_}6l$EUF6UEDu==
zLlsMN=2a|PW>x20QkfH~S(a0^ENA5TlXI3@^D7Gz65M$z>WQO-7_ZqxdCkVDk<^X~
zJvUB^6XJv>gi~sVCh9`uK+eHch$NOFlHK$(<wc0OP~zXZ9y;<hx0$@szqYHQ%KtHs
zE+&(Vcz=#WM*N>hI}6t`UBu(^V1h2PN&i3n<wQ;A5KizhF<}d<D_2#6kNgMHfg9(Q
zv)1Mb>bZrXaA+P>Y#VIkjDCwSF~2fcSs1EZV!<QXN;V6M>*q844JYT=Uk;Tkeq@_2
z?Bd0hLVR_tCS0s-gNZppG_}#QO2b}^Yh8ONA$^uHXk^0HH;oJa)%Cz9fBVOR@bL%M
zOxwEjjl0cLU$qRnxce2immHtB@71PL@rC(|;*(Cju&raU?Wu1L{B7e~Z=JmKRQLH$
z{@QtvU36)E_^!>zd^LY~<X`5*Lr-@xKY8Yc@80bD>gdYuuRSz=Zq=KA9kqSHO?Q~D
zPQB)i7aFGYpKI%_i_4UCwnm>2ZhsmesOtem(~0IZX5gaxGl4cg>e(GkNECk5u-lIU
zF(aNkl1olwCtM<)JGb+UzGDV-n?DEI0MboC`uVt`<h^=9DktMk7XDngr-i$aFV@8+
zYpm0y?u>Ah;_2Z?cY3(2-iBC(^k6j7Gebysc_7@CLZ`*)7P^@`A%CFD>INa+5zI70
z=vT{~-3rX^?APiJhwi?(e4iOg`3)DB)dL<1o;%`p1x=Ub2RZBrnjw_J@_=de1P^HF
zU%E&aqc0Y2m?Apqb(f=O2D<3B1{MbDX%<{e-H)Pi2RiBgAYHS1JH$^g9A)U${jkfl
z6~u+$WqG&&?zIM3Q5*9YLK*Dl?}ba~9O%=oKyI}JmydnzcKLh5CESOC+JjSUR$oZ|
zPY`Xdb3#ADztptOKp+{3M-$7_Ig%8^YxryyQgiS28fhGgJ%Y(-`%$zi&d>fsoHw+^
zY4_TraoW@T6iUTukBJk7v;n21>veQ7to}%-VLiknBi$x7P&25X%#;S_=wf+>G}!c-
zK4Z7nOq1cbCP33o0LN~Ii^*iYj^ZjPk`cUXi{{wjbx;J3_7OOwWdkUvz4U%+SrNlZ
z$S@43hF&L;BIY9F#H~`e9~l|vIL+qQji}8|ualB=wolTT?tqTdbwq5Y1R^$1bwq7;
zd0iBNt9=Bj;@Re?wFAl87PeO6Y1R&6YvY}#S$nTDYOUMrro`Os6LY6Kp<`>E5o;-d
zh_(IQQETJ8aTGyZ`v~G<N;rU)NIgc=QaflPF*2b+->CI^B_fZ}d#%)2Z|iLnHRKgP
z>LpjjMS6*CYZdrT;@tH0x^*xoh#p0)nX4u|7!q0nmug(d9S^^<v}EIm3vEegQ?*sD
z%^E^c3<c2GMmB6`3r@Fzdg|St_7*)yoGmig!cmD4{vRyll8g%-BEM(1u&qL+g@!eZ
zOngj6T##oA=IUt;R1C892b1O1DuXvYm3voUnO@+~<v`;vC%rWs=ubw6LuOMju8u}t
z4H}zlhJOUy+-BMpb5KWd4qxL&INj{9Mndho(QP(v25)QySfkiy;}%j}(WX#wPK(5e
z66@xTl$h?*w^seXl!jgW4r$nVK8OqTZ%c#CV?)`-B%!l?Y-vPeA<yp2i`?cYWSk42
z8?G3mg%|(xyXuXbkR?AxUw4wo@2_(?v{Iq?v4S97t{iBFAYC~=qqOwhYFHTyKef7l
z94>*;vef;UbxiAA(xmjZiwQ`^L~5OfG*J=D$exZy<~C)~bCSE|K-WYjb<S_1D(Kv+
zi3+}RK@-(Q=Q&MO11Nftg|?fCLUADO@OY#a=Lo%mXhVMmSV-0F2%Vn{J`bSyG2-91
z@wyc7YXHhUF%`TcK=JE{-`B<qI)D!XDEIxR@z;qTX>*_H0}lZr=@UQE#+RglR|Ay$
zd&EC#<L9M=PXk2KBYwDz56l1`4^Zyc6W`UweVO0^fO3DC`1@^qRTlVmfN~#_4ITz4
z-n}FEM1bNy5qETo^6d~qcenBWoxvvql>g6&i<~IG4r1t`HeQwsJ{zF?A17|>66N<o
z3>|3WgS&!H0Vw|;61U|=`BsRbXWICjZs02c%D>SaJOEJqapGUJ@#}klKLJqg6a3%}
z0L9CCf?onqJS_m;AE5XX#NTP-OY_0E0hD`55PTd!@ehcfYU8&TfIkIL?x}^~BLRwk
zN<6Mtl<$TZda8{N>kWPpK>7cY_^)kzLm%)v0Ls00U+{4N#a|=-X&YZw1l|Hr?uq@t
zdjJ%Fiuj>6zOFy`9RTG%u^4<dK=FHtKi9^~2Y`<SDEF6$f7iw@D*?X-pxgtcV!8i3
zbZy1^frq956#ta?zuNfa1HrcflzY}7@LmALZzKL>8y_$jd;&nZ|B3i_ZT#vX;5z}z
z-8Zy7??OBPQ0~7Y{!ElNZN=EdV^!0YkQ#|v=Oa7u`9;aPe<CDzBe~%AViM)@0zg4}
ztO_oZ$z=)vL2!rdE_m^XCs{w~!&sOlm-AuFN$#er5D^ASxt8B&lxcPkhE0*l$p$hx
zR$P=f%#WJD`jT$Xy*{^IGao^NPQ9j*t~q+m0$dBy^_qorP10)?(G~7h<gTZ=<s7RE
zOx$#@>DArp_A9N>3F$(ZM7KY5ZQKUa{L>)?ZN9|;Q*yd<qnjbD=G}_}eE&pKm7C)7
zE$%IS1=z2?#6J@*ek`ucNTh*_a~{TAke24dFD*O^?oE_V;4k6XBwr1=k>I3x5qLNc
zVVkaLQ(jC;KPj;yGEgw&7MP}ETAw^DI<0dEII^EJ99i4fUw~M2x<NAom(zS_>IYFG
zS$@o_ynHiji2j}+uuOTtQc;ibKs4%xJKI<{qJh4;zXH+uF9G1b%O<`=S;bLVwdwWH
z99SM&2=LE?KU?V&@PylwBgmS~LJhm!{wCNbWo~Z4c-EK}>fP<uLs*C{H)UuGO~4%-
zXXC4dcHmAi^7Figg{FYnx26-~j(1{d=Cqziq)w{}dJYOdJs=nS`AEFi2s%Jf(C)*w
z8Vijl!4>T1vKB)T4C<kkNKZ2BQVLG1H;yA9Z3(T3<R;p-mx(^N$Ze9o(vKgv0w!)s
z>nNWnDJ}-7M3G}nl8=THkFp9cK@!L$CF);F7My1)Mp5ueCcF%K3x>Ln^f}{JXcGd;
zMNz!d$I<ML-1jU;h*~}LOj#uAER%^+QT*ZO035X*dNI}?5v4la->b3yi0C0!o$l{Y
ztUn@ph*hWiI~?neh#q29dw=NMG>%{uEjsoVeb73!6tuZ6&?KN7Q{B1^efu&h!4$Iw
zqY{?XLERBB{e7q^QfY^PrM|j_TNl%h$V_U(sYHs1zz1JbdYim2=b^Tonwpv{PIf@M
z&N7oVDLDLC)|*&cw)2Pd&*slAI-tH2+xLw`yFWzch7%1bEcO^~k3A0AAU(z*y38rC
z`SMes3rihc{MCTqAi0qJ1SKXn9MAv|C+_Inttb+0w=)ef$545bh(e&f42N!~vD>uq
z7Dz$79-3B;?F??{MpSn(bO!4p*5>J<1yHJl5|V8^p3-)g*$R6#=~?Bdn;u$5o~0Qn
zMzZl+zNvrEx|!UlN<y^gj1pQ=MhPt^B|*K@m~$nrs7Y^l1+wK%jnhM9GRlrxLV<1u
z9NZQ#D7Y{jtb~$OD4r~I`g2{@Dri#d`2nxpT1_JMY)%i5pI~CchT0B?hff|!UOSTR
zMKOZ%NMbtLyr{OSi=kpbO>|sX0mGshX^bUQpfnkA=38T3w#T|q1w|vEa*c-B8S6r~
z1ns?HKI5o49VRF{llRHIRCcw<Irbtaz#DJk-HGVpbblQch^OQ++^Qve{Pke*nD85L
zO~ADgS1zg)BQ?d2K{dxzu3jT_05Lcm;WhAMH33R4qexUBD*Y7fHI?3g%JZ7C4ifXL
zy@|38u!|%k#@<e_V>DLh8L{S<M^co9A4(q{O%^8Et+hznzZu!`I$}1JE{E2HD;b6~
zxi;6m{|0)fHxU(@C@VB#Z8BMlO`_6A$y%3%EdX~)QVC)e-Xv>1F}Ex03iKr{#q0I@
zLS10QZm%~j+0A9e%>q0<)LlAcz<~-c;*c2%NC$s2v}e!5L9!$|LA$MX*+}AS3|xHb
z)T#IFl#?XnB&mH)Fmz}s*gz`1g=~+rTFCZflzXzZfy8)kye#(wZ$eDDC;W$UkLOIB
z-DYq6*~&dxmHUyI-sBoI4lO0cn*y6tq|Gi>{Qph-%GX&EL95+}j13(6?^CC+LiL>V
zVW?0mRP@nuEI*L4KsgB1qj00#Femem^!>nh;d<ya{Ymh((651~4!F{f{CC3tS0H?j
z|Cl@YM|(cGkWhDC+G8t3Rm%+`J?)AdWE;B=Hf%c3P>kgSk7+OBnxgy<jQY1(o2ZiP
zC0pT)){6#+-J{Ybu+%s|>^Dto3v|hv)rw1jL((|Yx&oBzFw;U<cY)LNPlNY-1i<j=
zj@KO+#c8|@7P@NEsJUYlEJzPu1r>=dYa1jTizXi2y@rz&`A*&8lo~lC4qSlNhxJv=
zsHpbwed5-~Wzo{JjDut{@}Nu0#vqISt0{S(&IVz!yN0MkZfysYzZ=i+rzw99-U5&K
zJ8_0T-H&B4;&bv074bKE#OdkU{MWKSS1V={E#mL`sJ}F2pW)v@{+wQ;6*CHXq;kZ1
z;D56ok#)TvWq~&2rL_ZYKeDijk#kq+J#cYwbzt&Z;f%~wQ&IIaQzb+~xPrr7yb|zV
z2X***fcr>p_lWZmUz-@$CZa+5G5orNb~6P}1rR9@gS(IPkF7q(84;f)HZx!bynL@W
z9%hRnB4wh8n~Snxd6tO7JS*h|A`a$jy6}rjHb=VK4v}(K#6RRc(htp1pCC3LwUx-~
zuE69cX8|)(G}%t;Mr5QQp7kll`wt_C(`Vg81!2kz?1YS!b2eH%JfJm;1Xm52SCHhY
z!NiN(NLLM+7#tuMRmV{0>Y)ffaoO#)r^&f7VHAz-_H-9OE~sus<h8CE%2gzI7Cgl~
zQ?b!AmDu1W1(!RGVGe#W6Qw8Dw_Y)9qS%&>*kV?!xYs;w#o7-VTCwt#_Ll8}rX+M<
zuip4OnAGqoZas8A#(FmmJi*bCfk&?R&V1;Fk%)b%El|17ZVR1<fc{;GrJ$!Qn+Ktg
z3r=jq$`Fn;TVy-750wTUUSdr_0~*=&HS9uue%r3GV<L9ZhW~|8=COk=j8gkqp45@i
zYvHS%(H^;gJu{1B@U`Sy?Hwy)8$O_-G8#Uli=4`_mbPO79lD2nJJUVJZfAxfnI5?C
zT;1>y1+X`KOc#&QfX0feol8FO?Qd4Y*|LjU;us@n@4*!Jq1-ZltK1@M@&7OG9Pr@6
z?lC;}@NiVHEHMv17Bo2nSiaX$F<N-IL2FJ)&WR<H6`}mn!=N^AvxwlPnOve_&yDpl
zLHVF0$R||*U8x4>N;N=NYWso0@U3W!;oSg=jnf;TVq;RGV*8AI)01Tu5d8Cqf`v#f
zCdOJaDVAJ7gxfm0BR^}9UF89^9@$mUPL&08^SPTIv2rm{$5w3@dnl%$RcI#a+$J9j
z(JI#0x$tJMJ=3}k`EZ+Ct1=1;PVb1cnpRyABMl8VG5319>ATTC6zRwoCd;7|95=`_
zd8@|38#LDKNT6Vh(mW5-rKVV>b_xnLrqN?w4nmK5L*x?zJ#kgtiifl#WoJAHy>o0d
z3VLiCqRv2%ZebuU>9AXFT{y$PhbgtXnRcUpHW^Mub)+o8b=rf~nE2=^E{`7cBp2au
zq4?xuT$hZ`Ouy0p2g>7lB&8za?ng$@0_W_}((_t=3Q5mwIa)VGE1%VR4P~cI4g|=C
z917r3js-|Z4hFa{M#B*2iq$WQG8)^FAuTCYQ}V@HT$MJ0^wbKEQtN|nT2CCp75CQi
z`I6fVEggsLv^N2~ziWoxCqClb2yZ%uu#sm`<c$NUy<qaj0VHqw0)FWvi`n!gNl4yo
z`a7i1`S95E6-i%`bevo<5SdLF$&GZr)uGL%hVe8urpcDzZ2AWrI}dL94wr-R$O_-8
zH2nbDNDz7%-aF@6cc2EEzK0^PTMr`<v*84Yo+Ct#X!wT2Mv9{0TN3?u!Z$WM$<#A<
zLRp*HNO?Zfk+qqPl(jP*S)18Nxjoa7wV92S*)ttko7qUEBkRa6B7I(OH%EPd?8=Qf
znxkj~x7{42a{(i3RJ!fQj{jvm9DzG6fPWaesMuf_%^w)vcr3D|^$N;9ym&&4O^F&S
z{db{=Bc|OA8M8MRKE+1$!TVfi#`W+2X<QsfVd(1fFwx&b@grWU^1w`5m&ELB+qfkJ
z3J+ocl)KFVz8}J(oc81R{%Pg;k>!HTx)+gkw}qOa3f%{=?t>zDi7j-&M6o>8x*yDK
z3oVEejCVdYx-~&5M>oS4f27n5`q{zcHZ2`|{s$0&88bAJS5I2}5%&=c9JcO9gfHNv
zHlV>cy5nouB5Z58Z$sWHY?#h8I^S?EIpas!9X6@W{?Uj(eWvce3f0s{_XT3tTG={3
z%C_+Vg7Aaz>3;}dVR7pYqy-8?7g9uAoTzK3ScdpJsxmqflg1<PA55@WbhY*X@^NP^
zw<(=&sg627DxGc8*%hbTtjD0TS&uV50W=*p>q%TwY0Vv3-z~>zhI?OcWLdI0vZ1-$
zW287d_7rEbLvCq0W4AONa!b?67rCW5Og7U`qFb7@@zQ=%6T^GET}?H_%hjr~prE(1
zprD8UDOl@HwBwxER#?2m|1`Kihu|4NqG9qCi<+R*ZaoWCzLpwY-^8h<O}ssrXSbe%
zYcN|r<JTp%Fg}^#=ixxl!?43h>zM?HMJt&UgV*6Hb{8)kG0p6SzZBEs2zJoDW@@U(
z;m6v<<OdAcgY4=tgPq~vF|B>@h|7GswDaV2xV(nf9-f167&~alr9NU8uc7`spV3E9
zgVbOODrLEzM8oLVb~Y{MG!Gq6vsr(HUr6cPr66Q*w}Oz#T?#^$9Q3_LwwnLdNwz)+
zS!?sZfD5|Jm6IbqlKLQa63cNhtrvlOD#LmSQVsQT93ON$abxbV>X0L6!V$L_#I}SV
z?uT96w~}aYWt|whPo4v$`w3Jj-{(+&x)w>v{S+IYGl}-6Qkmsj;T~OqNiXue99Cf5
z@f3?)FWId9NWUN;W0*cA5(Aw&;R8^+Pru)Z>A69NEqpQ6&RII}%ZM7?_g_<^-Iv#m
zophT2FviI_BrcSFVI*U8UsMuhG7oCd7;<_hc_A2^O*+gMlh5`GLz_WEor$Um;S%)d
zQZNk~JEKoKOnNeATIT^$9O%h6AP2#OWX-e=K;rHb8B&zjapcvR?2LFtyst#O+MI@e
ztR|2~2{1U`uyW`+P+lEQIA~Brj=o)jjLTV+hXQ#zG_tM>{}~C@>Ky29h=zqNJ2N=N
zuuQrRl~<F_Fq?41D#R>MH~0zDqw&%jFA}d@*oFVZ@kRq;hD4*R0wx$%F-6_gusYEd
z&k^bBLhS!0=X|$LGR9@{+LyfKnARnr@{vkPYKno<AO#+VShwKXT{m3@t%}SPyI~bl
zkOZ&Y7XB}km<2=Jc5@PX{Hu@x@_zaV+JCO<>rWsbZ6{mXdV|5;t6;EfAp7A<uH9qX
zaN9h)+mS9$UADV1=5DJS7RDAg&qJ6^!!yve+h*L?;bd5E0E1b|G1~d1-Z}_JH6_d0
z^-Wgrv>f7jm=&fEw>H*W<Yu8-BY8!&(lb7u``dD7<J`H;Nd6jNmCPSb?y5fON{h)K
zZU%UdxZQzX9-gs3T8XmfA=;$p%BFuWl8-m7%OD5ybf=VfOjaU|%c*T+cbt<$J2;@K
zBTTiTtFk*VGg3z$Bbb8C2^tRN%x*c52!@Jla53x_)~x7_1sBU&8;)?9JX~Y7E&a$$
zIMWW=BTFP~P8dP7wIamH2Q%~SA>N~MX4r!^dz8rm?ht&{nx`9p5t<AztuKKNJ~M|2
zOyt3S>4H0c>kDaHnY1lsR?Mi#b7xOPjnp)Og{~tFIW;^+l*`m{^NrLo>NpXXoVPy1
zxYv!!DKhT0RdV}r4^vrm)^Mu{WeK8D6}J>3mp?aDRO&KPqyXZb7(c&-xw4x$ad5QA
zumb33^mtI_CTVtbG{Ccu=xC52&3>EBrsD>tMf(SMa+pC+aBz100yyEkf+T21?gUf%
z8wh8*wY2^MrEh3=6bqh`8J3Uw_b7R_;klw={X#x*n_pl_TONQda>h#Wcs)KZPWyV&
zBIA=sTJ!<JV42S0u?m*qd&%%8FN%gw^d@rn#Ax`$*zgXg*Y5J)hVa28dL9;rWTwQw
zKN-g2##rv1hW>PMq;I7pd6RtD_51_;?e-?6;n5vcI>hv-#PNI0@L%CjD-FWA%1DOj
z`B*dpZ`3NUwCWuSlbYh-R}E5}^5T-&^#2}-TJORKo>*OkCsyx~h=&qRue&V|?r0va
zMEgC`ot}0@Z|=R00>c}Z;_y20?28Py{szD@-s{2*J!MKN5P1(c6x@hM8OeAel`NMd
zGBX)-qosl8RX#iqltqw|=5<EIXlbO#(s0Pq@Wx|okoy2(t@G9LeqV?Idgp0+_jEYv
zBB(Fkp~u5?tO<011}D0sZ}?H&ZoO`(CXAvEdfgCQJD)6y(|rvj>hAm$UwA6omD|+o
z&V{Cd0CE}0!=yZ%<Z>yGBzc6CN0U5?WZdrg&qFNKFHI3bzeFi`WpZ(jQEnJx$N#DL
ze+B--KJj;Ttw4hzPXBHAUy={dJ4o~DD0bQI$KWJ=l<9S3nqEgn>2+j|a-<H?Fqn86
z$B^cJ|1%_@;wzyYGUYRsI#c&Zq{L*n^hmh-+rp_J=@evsBnUBXR1M=Py$lYQ-xtor
zxs5fPLoRw9U1aQ;k=Q3v>@tiB!0l$A?w^KuRf3t6U{xeRV%AY=dmjQCCQ#g2ZK)EM
zsg9AU(nY449Z3}pU#Kv89S4Y{dSP3t*$_+7W#~-{E^$&=A5og9V?*yK(+tCzxb-o)
zU|B{vrAv&B=aaUR^xqrK#HEenq<^|d8#}v{kw;2Y2<4qEd_nimU<)}#RyFDV=}`IH
zM;y8z!;X2F?kUT0KW)Hv`c<JN(SL`e^d1m3jX-Aj6PR3!wyKL(xcQ@P)oo_X7=;kH
zZIJ)-T@*W2$>B(A&iXAMRD8-uytCtsQ8t7}4M+b6WatD}r{4-qSvyP#QHBl&w0@L$
z25L&0u8ToJ9}<yQqXkFgxgu}9lp}dtAm3%eHVpS~?*0wb`|*B3q*GD*492Nuhs?WU
z+^A8I8#j*A+^Foyjq5<U$;Ke7irlz{*-ef^g(w6XhdQ5(3^Q_su{F>LV;T)KxR~|^
z8dpp_2B9&<3=EIHI;Qi$D94qZC{c`<yq-IPu~e;HBeVZ!q~e=NJC+Gv6eSi)SZ<l}
z;kTm%X$TzV*o+*<`CH)N;D_GUr%(*+0mrli|K(A2vM!&6yQHspUxJel=gY^<mzwgH
zzONkGH&sOEDc+ra#VdEG9sG1RvNx?>A(2YHQ4Ds~6?+Lr@X9m=!!PD`J1^_4&!EN~
zE~X^6gCBVth8g}GEXD4y*5XR*KDV#WSjD~|Cs%$~OfFxNNOLoJOE&rBEiRM5`1}XF
za7Q|XxypsPO1(|z3Z|(rbO0h!Mkp6P_kv;DjWVQw10OuekL(=?>yY!D87Swri*+}O
zvp4Gg0$h1gf=rzXYaoHnBDTipQ}Es$){p|-m+N-)C6T(dSzjTc;8c0#117l1$I?qF
z)}x1EXRg1)Iu3twSHKxebJF2U6I%m(4d6s4-G&4l*4Gr9LtX<oo@e7-o8-u@Rk9(s
zue?TTxB@ZAVBN97<HtZ~1`7H4l^+AE8DK41E6;g`cpCZ1hyC>A@q(!Rp7!fdyF7Lp
zS3)aYEF>1e9Gp8dYqlUCcv7F}JZWNE#vOhDiO1!iZ`NRVq7$Zxu9N18Hiu%f1~(WQ
ztr3GsUK|Pjrp+zWticqk(W)@$@!C(C-$vcA5a(I1Yif##zQ)9X7I7aHmPaX4-0veL
z0mjqaSS85iQ+$3GoXX+llOr|7iK9^t+^KVTm)C)y*aj5v!R_j8w5xcujd<BM5E0L3
z-IQQj-@&q=Pf_bAn9uqinBqQy-9L+_o#44j;Q1#d0S9&yc*3DOdKH5gEw^3ZBKTno
z=)i6QEJ%<Rpv1Y|UM|~h99-h0OKQN2o5u3-vW;TNBzob$C#H>3+nocB@kLy9n!X!!
z&CuN)qo+04T<C+;CQ>IE!RfY|{)isUx1(WN7+y{5K`Qq$yJX=Xkn>4t0b5Nxst=92
zM<dF@a9BS=UxTJa4J5^I%1~~*GZMfjn<Ca2Xq0Hv{ym5`@JBuT69P5>@Fe7Ch_-?R
zJ&g5{y8$s8`3_7GB;e6CT=~H#QQEj?e)s7c?EZfuY%nggj9NE}f%p0&K`9wN!-CBq
zQGh&C=p)g7;B)6svzgYv5UK_<0%fna!}=98bON3-{n!9;2VEEopMvrE-Ss+(P=&Bg
z!ZAPjOr4oF-HpTFr{LW8Rtz4rzvn_lAq7s~IWIDfq@tJEEX>9@A_pby61j12rw%3b
zg-Y!c@qrCXhja9Zh7F|FX&JcSNC@I~2i2heKEkQHEq;bdQRDF`HbZ3u>Om?;pi-}%
ze@5z!P^r}E*=QuNdK?;)Iu4<nC3T*1C~A5j8i_zY4h_eqPWvX2ynB^J8I@68DGkE@
z3gl2`H&jG!w}Thd$Ew>NfK<k+Cq#XpCnv>)P-I<!PNDJs8%IZvSVQEK9<uTl4ulMu
z9;D2O_39m3w%+6y^b%<MtB%^J1G`^#R7XLF@U1W|s>U6&2{jI#g&nwBP5_z(+J#Nb
z!4-X)+r{t&k#=FEPO|aAe{{<(H~`Gin|%HsN8u=qV4UIbSuRNEo4Wro>ay6_peq&`
zZt|hS0dHi+accDb`;ABob04SGHWyG@k=G7J!c-po&0wj?2B1guN{v_flLqM0fOL!j
z&m%bpzmVVz{}J+}w1gw2h=WJDM=;98yq0i=k?}D`CXkV|IZo$=XpK2(apY{BAr}9)
zWmNFnW#q$%Mkew;r`w@SJhQkkphk-;k&6rO@am!r>C#UREk@1wli(8F(xFy;+B)yy
zX!T(T!=QvA%#YO`y~kfil*gfQh!2C*Y4shgY<wz!4A%XGYWTs{O%<Ax?k7|_u3LYy
zw3XTsYEAS-yy|dNWbOGM&7?H}25^-R47eBv4cLzH&(OIEyG^^5f<(*)jCB~VF$%gH
zFeVxSDxbMXlYal(G@ocIsP<{v!&nEn&qxd9N0w1Jl4*2h8#4I|5p)cOth4Ysf_!IZ
z0c<Kddl`>YWz3PO@+?+y_z*`zej?6}ra?mEHyrUtvOuxua2FiIfm_>2ADXE;aGS~x
zOJ$oa5!qAZ5m~B_k+9)E*E82CXRNKBx$a}_LOuJCUq4nTZaU55e;YM`=@k7si&QLO
zLBb!4`2VM;%tlOM^mrfRp@YlKq;}khxzOm<pP!}c{6I?%-hV{ni5@{<Pwk#|VVREw
zKoduq*@*cLF}IKR6xzyf#5-$YY`o;@x8mgpGaE7dpAj!+@!yKqy(l(b^7LEra)emA
zr}_Vmj!!EmpOgZ&AeIs?QgS}t!nB1v;u|KheV0}>Xz{8ipY1Rtoo{&-=BSsc)MBY7
z6{9W=U1QaU+vtgA%;!Kx@aI6JCZ-D7KHWi2Ce$;C*l&TTNs{YA#fSUF$md1Qh!4YW
zWW9nrhe(X{c@YXFiwjShF?G4aGESQj#%dG~8EP=*(W-5>Lz?|jTQWLpV$A+CvaXgz
zw473g;}EQ$LaAh8zc_-Yo?lZcvf-6iMOO{9s%m>$p|(iPw1ast#y<yUVzrfikjgc}
zG7gfV5tbQAJN8K1k2%7LZwFD!%b~5JCTc4=O{kS7>I#kI&_wO8ksO++#c=bNZ5?9-
zmh|#lG4s$yu%^dc5C`+AZM2Q@MuEd<H*cNsofv8*)Rx+{67@kBE?(Ix&iF`7Tk)b*
zM4n8=mThdSzyM}-#IV(XwUBXS;29rqaW0N-NmG-+^8!4}2he9*WJ`#CwuNGdte79T
zv|SY=n4N;DN*%ysLmdUM(IZZ`)fsSP;2G~929`!sr>aIY@&F<o2b5K&KEQ(a_pq-g
z#7!dcZZR+&Rg9DGT8dv|ndZn@<cuHH!hiY}2^NM%u){$toZ8+=bw|EO!dZ+9y|D~E
zyj>=SP?hudM%Kt=PD_Vw^Zz&B8~NW^fn~2OOESa%Ep-)qT7=>#$iqH23ASLS^hBQ)
zA<tGB{NmFhB+D`1;CGvg(O&U>bTH0_x1+aK;bSd@o<=NmjkrdvosIZ>LyxmzuPfhU
zI$YbFu5A@_-LACh2`<Ohs=i;DzLOfohMz`<c}<7Y<&KL_@FXUAlT%VV_|nodGPANf
zcIw=@Q^)MA%#8FjUx(C`WN%WUCm}x0?Q%LyyJ17`daiTM71tw{ZU?awZuoQ2K$^&m
zsCrUVO?L4*=zi2X{qT({c=vY&G+<1_p+Bshj0UVI4V}MN(SRi+M0(Y|0V_i+sHo3U
z(>TY94BmJqh=@%;O3&17byy@D4Fu3*Rd3RA9(oJ$n|{PhGMr66R?sBVMv5ORA(F9}
zF=-t`GHsgpGo*}VBOW74nYKP?DM5Z{W5bVLNiv-P@S}T>oI^57f@I{-q#Tmmo#Y-;
z_LJOG$^nw|rJP4{Hz@~6E|78|$-Si9o8&%H?n`o!l>3p~U&_TK50LUek_Sn-gyd2w
z4<;Gg%VZn2mQ6n%#*kb_a=Da;lRN@|=0g2*xvaYXr*)^N$xNro{Q6{;d@=`V()cuK
zw@;d!#@5mr7F8urXtMwXRdZlj^cG`sOq<{)K!H%rG7t+;P(zca4p+zeXEmIu@yUK>
z$8J5kDEgWDz*|SOy<m4ax!r-V(N&eL)q@^z`teDQsgoYY(u&t2hPV{*VK}1ql>O8e
zf=Tj<u^rX!c4IHcPwj<XVf9nxlLxvg4{_vy8VH;*9`MT~jcA;Pe657O@Z#WiH>tyf
z(TMm~3XNNq01L<>nz>Z400o-7RImUA8oyMq00laNRImUAx`9-%00p{)RImUAI)_xS
z00s5snA+;Q95zO_pV$q4sFTO|`CY6Zc7q>uI2kbuP@wBc1q)E18%hNWP@qFf1q)E1
zb4mpZP@veQf(0nhWu<}zC{XTF!2%R0U#VaL3RJ07umA<Rx>T?L1v<S{umA-H0I6UB
z3Je8O!2%Q*7NmlO+K~G)9LA<P@5&u<Z>WsFLD57bC$(F8ZaWL(YYEy}`%P<kFscA=
zsuhfujW`E!$rCetwghV^6GyoXi^hfMhy3Vli5wlIyIfZO34Uv(PkHN{B0XVft_Y!G
z**)@^z>xe*pxSjSm?ymkhsY~`OAw!MNW(q|c3|CcrbFG}+27xe97VQAj<(+(iAlV`
zi{n;gbmV6L$Q<=Zq$T$Af~RMi->cC5oGq+-PR}>q?~2WMWKqO9lj|5AZ|CH_DfeA;
zu|Z(|byKZS9pDaIl>SB?(70THk4CEV-C5G8^<lBxcLl0Vlg0anEM6Xnd9SdmVbMrj
zp#1l&KC6E{QV4oLh6xUkS1#xH{0>eoWt<aG9<fk3GSw-!pgul=lbATc>PI~smZp`}
zL>dX*yzF+NoXD)U_TfS?k!`Xd)uNR%;6Q_v_xe|f+=n7(H#L!qvKjarWkd56wNJId
z-aRr7uS3CLEaqo2ZHFN3e0UK4afUqvdkco(Equff>@N+sRz!wqoOe6pcod?Hz5(`E
zDs6lmhGGfMP|*b^LQ?|`I9>dRJNmtazAGc^X7n88FZ#U&>0eP<pMRzl)G=h0&iN`B
zc8qv!0)tGMhO+-}(KJx-?b5)@Ei!gh*cd$AwGp#tD|=PE{JjMXCh{vaH0!#9>R9Z(
zt0I};o}j|XnCVr=h$ORsdB|NW-%)r5^*0#xq1y1-&#4*~EmcadgnwmTL9VQvrK=;A
zLoY=|rcSO18A!J<z?nhieNSz~JDpvO98kp42p{w0G<0RX)dis<iCkD02}R>u<o@h$
zR2O`{?KRkir8wmSF<~PQizBSj3FDpop*kHtFt^j&SYj;x=daLd#o}&2Q#H_skv%2b
z(@$z{J&aYEy8+89L_^5OKixXcfe@orPK@`svw3$Y?^w?%@3PP`>m&K0uE=(_;=Waj
z9BAZQo#&)OdZ9}S8AVAdI;;%cbaEBPh{$}Kh2^0;Fch0)$T4LfOGMr*<STMJeDXMS
zY&1;#uzes_^egOLSk$|y4+b_m2($z^aX8L6HVW|!uJob7u9K@nRm&EJ$;T(nLS#2U
zH+3==j~ah2x$8Mo$Bu+s68Pb(;Wm5;orL8dN;~PoTXyHWu;>#1>{diC{Zi_;;6LUw
zF$rV_{?EjJ2kCJA3RiSb+5n)sr0=WnI_qX!$q#NA_<1$F(sluVf0$(SXq7WlY&A9*
zrnr{zR>nsd-!Yyw+~QN?D){}5(P<|+o3Vs(m3@ZYEw({6#XWY4XAk2(#zpRDq3IC!
zv)dGY#`A%0Q5#48N5wyDctjmASsVnKB9K5a+?TK;!4$u+Y<fr&0Qy9wXOzb+en}=9
zMyF5=ucnaCw^GQDJ(Xhku)`laxW&_n<T^8bOnRo!GJnj-6ib0_u|1RYPh{>$$P`~d
zlPp@Yr)QgDXZEv3rnoJee5QB&F~bz8oqp<Qitdcx=8(;axfFJP7fS2eybUOsoxwH1
zWN|1sJv&+alQE%yVjEVNQ)r3>y~kr7T+@3@x+!)rKEn7G<KG$0KIGcD5BV=*Ebl|{
zFY0q)A5+}jXESg=`#H+^Z^rb#6ly5r;=UL5?WHyLMW+^5^d<lIF}4;p6`A73A}W)Q
zir#?yQxUl)_oMi`GY)3FwBNLTrf6mPHpYF7Z!kLhlm80FYx`5253>9+<5xhpC@M}X
zP7~+gmfRE<6jO?8iYe4~#s?W+DW*LBh2?LH$^H=o$j`z7q;Fu{$eP;*P^)`o0G0O9
z0n@YH;#Zc(mXQC8ODHdESiY`=(z>7J#~5E?d=KarCrhrv3;z8|JCvGYVkxD#pmYOj
zxxSQY`2f%qAC$fg*ROzXkvs68rJcmifz(bu8c3;k8RQ&f3TqI>wqej9Xbudb)L$BU
zVP8|cKa})ihEZ!=$k@VoH!xFtJ&aOGE&DN}i<n$Cw9GA*myypa%4XOfQDybFGRjfs
za;ldi#!=;@*~{`9EWZs*7F~wN4|j`_;S@s!;~F6SWM8IHs!2=26XQV`mx!$en<y@3
zX0Y1|W=$9=)?y@T6j#CRa&}J=_kyM34U>2dcYxhC!dDZbf0x--3`Uf~mz=^j<d9PM
zmEE@C?aW(Yi>Z-KSK~b>Vx1K0g0Juj(HkrQZh6cGDdtBk_(nRI9d1ER;X-EDVn_0F
zq+r3_E+T9dvz^L~)<t%48yMMg4TrlA%mua!%qt#I?0#m?Dz=~5elQx7kARuth+@Z>
zeIUx%?K`jx@c~K>NnujE3h$R46ZJHhi);+n3F1fb0Q>aAEf?$&W+TD6iC@HX%oc%V
zh<}NFLd!wPgY^`r#D6inU9s1h9Z>8oW?w7z7iM0Y4EG+h0g4^r6fOa?BhHVQ)q$l7
zyY@Ag=MEdS377Ugm;7$HC5Sl1_9*r<yS=8^ugu<8j7XCB2bdk<42{a#We^K$qcmz0
zsfvx$sK#U+_0c4g_16!KeD-Fa{gs>aIRK2lUo{zS1(?&uaeB+Z`iMaq{)Pd<J&xtC
zT@2RFqiPW2%85<XW@@<W6IX(HaXxFNHm&J1d#;$)^bf|L88wqMZpIYGY{qVkg^U9j
z%NWNpUcfkuaX#Zx#ubcf7&kI*W4w{^HpY7yA7y-w@nyz?jPEjj#Q1l{?-~EiXgbK+
zM8<T+T*d%n5#wOSQH<v?UdT9?v5GOoSjV`Y@e0NrjJGh}$@mcCQ;aV#zRLJE;}OQs
z8BZ|&!l*mR&N#+Y#*U2L8GA97FqSipW1P%5o3WB{8RJUECdN&SS2Nzkcst{LjE^xs
z&v=0GO~&^aKW6-j@dw6}j1CuBo5YyG*o85lu^;0Q#?g%DGfro$U|h@?W~^syX57kn
z9pf&>yBHs4e46n^#@87C!uSE>F~)Bg|H)``lb!L59T+<?_F(MISjsq@@m$6!j2AJ^
z18U-R#(%iGg*DMN&JP?F7X&Vg>kYgru3y+Iw#StL?}*Dq-`UIZTa2GD{=(QZem49}
zj-L-~j$eYWvJXzU1#+z?vDz!H@}vNFdeW+=H4RE6%V#jwFs@^~j`2Rmrx{;ne3kKU
zj3*dRF}ji{9v@>iV=?3Tj8%-=7$0T)E8|JVpqIi<WUOIqV%*AjJ>%~gUts(T<Hw9A
z82`=aN~U-^Fy=CLXY9i`nDHFOa~aQPoXmJ3<1EHGjPn>5GG59UVqC#k%h<@cfpH7t
zwTw40-pcrU#(NnbXWYm565}h3uQ48Ce2?)6<426rs?S*d2B?Ynl=xare3tqs@OUa|
zPNY5w`Dd0z2hzA1J20;Hb*a<DwZ0y8UNJ9?TE!~HR>ob7kET(JdX=#`elmQ1lr|Hg
zeoDI-n3O&b*b`VR1|`me>-_Wuz;ODd&|jDRZoMY%$vy^rCi~m^Nli5!$%dVb(n2ZU
z-SL*NCiZlEsi9a5=tQwCV!R3H75f;!WbDwHG@s<;HG0M0ftry0!k+7IoYvIVYo;|7
z<dSXUb1B8Sxlh68irnXbTXSCq-oW}hfyLr+#y45trN_N%(7$>-1YF*O%IE4HPeXpD
z$6nwEJ$gW6^S=Vw?|&0G*8dma693<T+x^r-pJqJD8fQ<^^z8W=T+d~BF=H#^y^OCj
z{@j!7ObdJop92CUPk}tG$rYs5o5GmMSim@t@ezYu$Fn?x@lwXvP@nrKwx@!Vu)O*t
zI1P9rNTrciU_qWUnDXcuLS>Z!G(}>sT&$mF3?clwpa(SbhY&96b#Rj@Rt_QjwcrqN
z^AN(@hjfAKV~o$S&;2aFGvr;kel+BL;J+AChkg#ZVCegsQnY)^<6Bd-pMeK+XbrGK
zJZtyD&WX8_y>8FM-#gi;*n41x*vsr1vBLdR$S$UIA)hVIoo*2}#cajybQ@sux8J_U
zjU#ta_M|&0>=c#k^D}L)J3Y+Xn{a>8zSo@%R?Tkf(+|KcPSndd!AijHq~o+=zo0lh
zBG_FriZfBX%Irl!v3SKlne7mX@gu^?A|20kDSwIaW5Ow7Nt8_t`vg7jB{yIEv~ZfJ
z#Wp3eE(n({TA6K2zdk-3&Jf4iu^eoo!l(0=_?2+$q1fZh3Kjcnd=uPCBoqA-ZUC!S
zY;?kHVcat*c8~q8aF+OmnM{u#Y9odH_DKm3;LG*$w?E<HggxPoQC6GqL>sd|oA7M7
zQ^d{wal&h1t}bZy+rLCCa)aL{T2P*c=sVH)*~EVB+l2SRTwu&nJs*U*P?+U-j)iI0
zlzhr?`HE4vujwEIyY0vK4Sopsin1J!s4fy-R>&On6X!77;k?_ERozdVr`VI89I*L{
z9q@Fo?k_G?>|IYj*jmZNm!3Y=#bT>s|MV1B4-gM1mXtW8x<vd*v2KYYs!PS^%*g8W
z@Idi>lqJ;;6!>^Nel5<<DIz>bxbWDBSdSE6?I7V*Y$&_sFx&5%ostE&Mc5Y*xUZ{8
z$pPEJY`^xUN8qHu?-Xl6xWVEcW;?`=lp)oF#S@C%12#nLWhN~fDvm{2uiBv^2}eI*
z3#=YkJ52P!aT~JieZ)CZ3{~tHvvU<Y!ECx>KQmjTSVHR5+L0m^n|c&Whg6CsS26rS
z2(UuMdZb<qpMw<Z#cpF18^CT;6&uEGmne1)yU`y5q7=?&w|d29Fx$jzowFi!AyU|(
zn8oaNX8T=rsY~D%&-;Kaq9t_&*kHx3Ozl-WN@Qb$U*K(!8&Vr;M~k1C$$B_P&^NHD
zRvt}VUpq#O!B#STOLJf9*4nXR3~l0}l~Wy!6B8AqIvOV~Vn%f|qI#TItk^wZ=L%F4
zepC<i>7)3e5%z5D1Yr(~umiOhh>=ltuy%_0w`9&P9YlDhaF?-9XRyQZ+L<CvG0N>s
zk;iPmYasjVqu6+6LzT}t9e#k%(bCPinB68Tx67E#Rjj_lKjCwcVjJ0QxnkRytx{|^
zvnItJVz!ale&>%JP9c`<%FW@UJlv`n^^Te1e#JWZ+;ua>V~Q2{lE9u<Y_Kn_ZkBji
zu?fCxu!D+Sj5ueD_nGbIHZfa#sTj41+2Uu(#A5bYQZDdYhcVeexWU*FCKmP?;fur=
zW^#PFSomohm}@K@AIq4;Y=^TseI?j*#cocw>Mj<`6nhkIb3~0|ufuJQ*rFJX>~qD{
zihT~Zx#CX6Xq>MQ4=8pDZWZDs#c0&OM7*k4ddBLyOT<Tt^~$)sZl3r`v2htKV8Kyj
z^$uqx+~$jZimid$d{ND8zw?HSEp?S*rDFFpLzkf3I`?Mm30I2siv2C)39tjqK6BA*
zu|OPDjAn}kB6T!{+b<F_udG`ra+tL^yJhaETO|C74bR*OHca|-&dI#3u1bto;U*>A
z2^N2jjD=>W#bTafD>EOc!vQeG?#+C>ZmIZ6GVR{X=j)b<MfA`EslS~0w>mrrRP2My
zqhPbgNw*I&kJYUZUCx#4*@Um_R*K$|X*9>J60;{rx9>9lRaYm*oEKq6eS;9^6I&-v
zX1ePe#a?D>g(u5bf4QJPMS-=3=E>?(-y&YUkl0$0la*h;QJB+-Z4>!fL+V>aI<ptG
zL0Kc~uMpqQAh#E_iCGituM*eHl&m7_!uoCEX2n8TmG#@jU5c&Cs;|FZ>{0CMtd{zl
z#DUoqZkxC}YkU1IqTfX_mWQ);*WX5BbcX$dVl>0<tG_eKQauOi?~1Y<&!6k>6+<}|
zIg{Kc#zfhV_4kR@lA%w#8Xgd96+4)n0k%o8W7(a+_9!Mg<~2Mho?#|i$b(|=#gycW
zTGx)f8Xgi;<}wpS9g7<t7JC(&(6Ovxk62Y9-6nJ#+whn;!Hg_>vf&9a_!4q!ao*Zd
zgr5>4ne9hOJm2t?*eTuM^Noh5MbbR>3HDCIbE2NvejfSuiS?4XD3*PqRk_i;vQKPR
zjK+|C;wHstJliMkluYdF_-VsF5u8sc>=%bSKHu<1QO``4;0t1Xlo{a{#1&C?yx~Q0
z9Wz>+e&4WP+!}RD4<8VBMVSHiaFiWyctt!D6Yfu9f7C5K{F-<@$_%i-M%nR(*Tsi1
z;SP$wN8QrHZ;9`s%mDi}%8obuS(ufSKWXRNB8i#I-(N*~lo|MbKyH*BZ+J)K$Ao)N
z^pCowhYyP(QD%URj<Vwo?~92s;XV*EneA{Ebw1hfp_s4O)XsY2hhmRnE8+H$ct)|?
z;r5Y;UqDvxaJ~t*k436t_-m()AB*|S_G`Uz9F3odWr~%7eI`~ZHaRB=-|Sn@Y@3*u
z<HP6ub}gbfW!}FMmoSsF#aH6as9OQPyVq|q`IPq-UyGfJ(Y?h#M2}0!P2O94Bc_9m
zK`+kB?ceyVIL2-=&hN=vv=>Jh_2MCoKPop`C!gE+OO#PBKB*Ylc_@4;>h^6yOFg!3
z@uO9Gs^=m)j;UCVXK7=cVlo`gt|_-~6YA?dQI_hdY4k=Jt>=C1!r_QkG~Bwzj3`U>
z+}MZ%QOb?%?5d^H16pobe`?Ir4lN}nOShXgaTzn`N4ak`cGIRS_H*t#U=@max`=Rh
ztxB<OT@0{h#Rhlzps|N`g<?~?d;+#Zv1MJpZ1iitQ*2Y0@4+5b?Dj6F8hdJc6??dg
zv8Jcyu*jDE+TJeiHTVFsVuP}hz&0>zalX+dV@*)IQnBM*^1!ZFEUv4&u0Y$RSWed@
zu)7rN-?jIeLhT{NF6dee_LO2)*CA_qX@69#x$8M#e^TtGu4#3>wLdHNaMx_G!-~Dq
z^@25hv`-ZKu<I<a<BI*#wQ@~g?FYpY@-78CsaS4aXibr3E|(=gAa4~|qGA*BM7W=p
zrr4Z31FT4~%iz{u8>HAexb@dARBUJ7nl;7R9K{~b+XA*ovA6QJ)D6&<EA~}hc6flc
zS~0WR791d0t5~OQ+2Imxvtq^F)~qSju2yVPw=G~dDYgXR25Pq{)`V~awR;uY-tGD|
zgS0)0-PP@8uxAx}4&erCFDZ5q;Rb83EA|oGhG>6L>?gPl(LPWtzWWw@^yG8JI(N?w
z57ka6))#KWw4W6_2X4bO?J`-qv*A{zxfELsw=ykRu^rt-xLnIr?9T26SXafK>VCX-
zxR$TjYu#^KGhFMZ*inQVp$%5-1j3EbMkywG9IqXzO;F6+<F+*;wQ0=cXfsM%#cYSD
z$Qs`?O8YfLcJ2`CvSv1o(bB6WdpK);)4AFh#X?!jo6ghTsgZ6!<Zo!YK-;x~81>>=
z>!xa}R}$MVvI-Who37o(jNBHjo1r}^nX^wp^}3nbNF2cs;zRAwpqDny)E-x?@8G|*
z%+&TO_I1&gx|!PSY3$RrWH9a+wE2>02L`8yXKG6n`;HmTVo{u~!XbwdOBpjt{R#M-
z$!x7SJ|sOnOIx9sIh5GdigjjozhWiK=!xzGY*Xms0-z>l#o%0)7cnl2qAsdgZe+we
z0|>jZASuZvu8#V_-aq8_KJQ@HdszPn&?fLF?~o#CG_j9S`gw`vHyGbx{F+f(Lb8q>
zKKi@h-a-m1HRGeQCZ<8w#YL={A4Od(f^1_~O<czM(|zh<Rg8a<@$MqfXctOa5{v6N
zR0NZfXt$ee+sgXuV_Y9$`6-|-_5p2zG=}&upj{jS;-n6v^eJT-k3=eSO~l6e5&Qov
zmEt@BwDBJ}FtD3WadrUGzPofK+ny>+N}|-M)*b;;>PbnIdQy_9ERW5djQ==d&_t~M
ze=dK=7E1rWvTW-`u_Xd^(ShYoy-v5S5Sr6%OG<KxV)lP}Jdu_V+cw5<{FI7JOB3g_
zhRP88w`jM9iftC_scqZv%!+DcBeyzf;jb|=wKud1_&3lFDdrU%|K%J5)vQhFTUg)9
zdKpUkr@Gd;u5H|UBk{;q5$jW?erAe0I8K?1yL;)dMCOq!(K*hD4Y4i!F}8>B^u9nP
ze_b}Uil^C+tf|*o{ww1Sq@r`lpbfArQ<Qos@9ao1%XUH*(zBF^MwV)O&2`wi)r9mZ
z@dFM;sPhh`CVpi3Ur{}ta{OQBdS)-6dZAH~au+KXb1vF6kukGPBS+5P8b58lDNZ}E
z{rGlf>pERy@CasaH-g2sinFz`-`3kXHuJ2po!N#@*Zg<(oUM2Kw*I&5ad0V}Sue2~
z>Qg#KLMqQ#{r^4k>GeqCHrX6IKCIxr5Ucs^Qi_a?2`HJ!$nX>nYw9AKHThg(WijX(
zf>S&=X%)m1$QAgXs~3w}Tt{ie(7&S5bAva5M)+OE4;jB;{D$!tMolL_E+C#gv7Etj
zF3UX``v9M8C}p{vaV+B`#u>m3>#BfHgf9c8hc6R<@B4D&W#UBN-s>+DzXGd7T+uDz
zDv?@L0!`N<(i9h!LmtNRxp2KqOksI(kyliS6-A@r=YV_M`qdm~s<^Z0;`Q0$u_6na
zKNeN5-=xzD4d)e*qKo%ix3SL~^bY;5T<=2I^zg0F7~#A05&gEWe@I{1?}qhv={x(~
zvVI@ybG1kN?LpX=``uReCNy`gzg7Ib--GMlg?zk$&<Niuy7Yf+{Wek3pX9OqpILtc
z%OA4qCb7D|E4&T+b*}IYqPc%kcoW<6h5oz#@2~$tzoY-h>%Y;T=syNFyxRW@r2ba_
z6TtWS?}6si{=Y*0w7=f0*(j}V^k4f=3xA;}6nmQU*#0~`*UV{l*@hNhUYCaw@HYoh
z0)w0TiHhQh&4b0I#j_!=EVkAUW}iVpWipb(VxM!s!rCg7_PXZFMD~C!z=8ognyFN8
zZT^D&d?88)ychmL+>`Qk_(L&uz(dV5V9ArsRkrH}>}`&RpZ&nc2jnz=BWOQ;u-H4`
zO~~{-=@;1ZPV*G5k+Fhy_gC9!b-mVhV!)Tpzi|BVY~d!vskQt93mq+#)8h^CqEm^l
zWwr>EY^j?q29#K+>nX5vHu7a*8;k00KK##WS;F;R&8gI@IH?@gb2+qf-dnjeG_>d6
zwbXMcO*_Bjj+Vh}`A&}Ec8-Bc`(VorwmXad(y~c^tmtsddM>eh+0P#KqiKsuD5qp0
zZlECFrC(Jtc7vu>6pQeSY{RRZ%3b=2z6~2*(SKjEZo@X)?@KmscnG*{!;`@4H+-W%
zTXO$~L-0SV<q+reRq<8Hp71j$!#~6I$C7t9yvg-`mrf@S`f$we+6I<3Y&gvFC%~Q?
zspa(BSY^AaWbj66x5pdq(ubFBU;m-FsC4GWQug_ZzSvi@k=n2k{(|Ey)i##aZ!Fbz
zlnw^|zVvd$@NntgX3e0wDAm3z-HNcZA6~8n241((YYZ58GjIg3Tswat-4o7Zyx4aK
zH1zzWN~{|A>c-2&x`8`TQ<Sf<8a)jft99vc$3`muCt=&C{oma9ji4tirP`H<A;WlZ
z;13%!jF$&~*<31Uf1J{NAWZVnx;}z-K>G;V`OJlFMtH3D-N3j_uOR-UO{L<yOrw61
z792EuQy*?)leD3O#%>}U4xBt_5^&C-^l%>zI|-o-d=84rxfGh?4TJ{%s0NK5-*f%0
z*6$s(c~iL|+rV+$yN!jP^zbC(i=ihQ`Uu)}{e=Dh%4ldb=1{4ohvPM4*zD%9TEejG
z&6MA+n^QGPD_f)Z^VsKDjh+CG)zXF?Zpk%*!_w+<jiJLtc!qIz*1q}*#!WVot61*C
zd%2%*tGEo7ELzu7duG_{n}diyJzUQ9+mB_Jcxl)VoBL>Q5Bt~VD(xuZq?V~~32M|+
z`miNcn!PM}%UUC^EPYFr)~8H_H*pD6aqAtdQL7#d|2fUupx0VPa@g@2waFWd+scX?
z%6WhM2II-HGRU+$PV!im$2N@R5*{mFDML;19{6GI3)Et--*OmF%60?qEV_5g6fTV^
z8jVPI$r9$gP#qm_ApE{zoAyoFCtJ2@j`A;?H)(0*TFXQ5`RkTfjAP~A*4dov*&4+;
zA3Ko+tz)4XzUf2wc_K`hjXCAlzU!L5fNWp}nK}GaV-@C<b<N+f<`>2pobC*9`|zvq
zore2>4{^*7X-^No7Mj<G?*twLRte{bS2sSSC5?Ch8rnywK-fj=JXpc!;oTRfxE~lV
zhHD<2Q9S`n6}7qtf6L2b^WZOXtOn+YPk?!11>R=xiyweN@i+XL@8055(}S;X6ghRA
zE^b1cCE`P;2k#Coba_OX_ysspB*uBLLpvniBgTt+ffL2+2_7*;toL}tbdjFu5wpcJ
zz`3Gpl1I!JyMT+tQLhK@pDalB;Em)ZDLB3$R;7BxD)9oaUSxLgh$hhhTrWENJYu8x
z2e4H<kmkXO?F-XAV!O!5@QCZhOTe8XF3Tf!iTi-J3oF|r?i3jvJ>p*R0`NgGwv$Kf
z5o0@h#1rCe;4|Xo9FN#5#^!mj&)ln<M;s8Nx_iW{;@ln{aZn`qJ>rnKr>94}Bboyq
zaahdB_lTonLePW1W!Iy?gEQ1|g~{RzaXHH5EAeijN1PCE_wtDE#f;t_@w3>{$Ah!w
z&-V3TF}SH8>Ovb;jJnYB2cRyroxmiF*{BQcdtkb@rxbOets02B(0qeX7ux*6s0%GH
z1a+ZZ2kfnF8H&2lN{68qwCBrF3tEQ}s0Hojk*Edjr%|W{?SXSp3tF$Ss0D4pxMaL>
zLl#caUW7cA<>^|VbCdBF4(VrWk3+tQ<+<9Z@yVis<@wrAkSkeUq+K}yHKl!U9%@Rf
zJRdcs{R6m4yLJ+4N=uxKn$jMbf|}CSO+`&<71K~t+MEkfQ`)-es44B58K^03&`i{n
zb_%#lTQ&<drR|!Hn$pH!gqqS0UyPd48t0;>G~XqtDebLGlEss3!!ugxykzk#%X_u8
z^OMCsmS5B^txOg#v3x-L67nl7zpAA#Oct-Pd{7&?C|SJ8@*%CZ3U#X8zZi9@U41F)
z6npHbQ*GK()Tws$GSsH_u!Y*xW-mu=YCi&h)><z^ZE6cbs7?K2prL;qN)~pV%T}LU
zjdreY1<uxA0?yTs0_W?AHE8GhaNrXCBH(hp8d$A209WbH0PA(f3Y4Bc8n|As18&r}
z16%c5fLH1F1Gno>1FzTr3%FDN0Juy43V6Hz1Mp7Wxe}$P_XIwumjU<aGgc;xN7=R~
z^tq6qWceBB(dPAAfG_IDfCu!ktI+243xEgpi-3ppMZkCTFz~S62t2B90)C=z2OiUJ
z27aaA2|S@c0{mWo4*0YF67X03RiLo_8EDwv13GOV0^@DRfJwH008?#00@H2(24>sb
ztI^tRUSOUr9q6}p1_o_?fxT^|z<##zz!KXG;9%Q)V43Yw;7Hpl;27JL!11=*ffH@_
z0H@d<22Qs<37l=)51eaz6FA@Y4sem}1K<+2YPsz*$kn!g13$5a8eoG#HS0IN4mm~8
zc(f7aY3yi1c^U)PqBR;LfX^7(<tRfV6ZoQ01Uz7j2EJ;{0Uk6~0S_6s0N*i2p?@7V
z#;+^H`yG3(E)@5OXMs0~dw?n8(bhuT37rCV6?s<_;)|u@AQ!P_5X<K>P8Ju!b(R<j
z*Lh+s<V!^>qy0*fH(ymK!or0(>qKYZI#C4NB0^X15|g#f>-RFgV3PbX;}@<X*Pzy_
zxIwOwt(zEM0gh{R#S``fj%*#vSjAZ8p|Eoqn;3U7mM4*ZUpC=~jC*rPKFV0ug+nnm
zF|K9Y#ds^@UdDZlM;Sk4#4Cu1M`O%k%w;TNEN7g{Si#uDxR!Aj<E@N)8TT<BW&Ds)
z<Z=9rIgGiC<%|`KYZ-54+{?I+@hIbmjG`OI!<fUE%UH%(&N!E`g0YEl7vo;Wql}_E
z#goHW#yFR;iE$U>UdE%0q6hnDEMuI@*u=PtaWCUhMuCrVBYws*#<`4pdwyr4z8G@?
zB$qKZG45idy$t#Hk?HEgf4Zgtb8syYlh)U-|Ks`}*E^e2n-?{&X}+>~XY)Ur6IwdA
z1Y3r*ENeO1(r3eh4YzD~Y{Q2ezTfb#4aUad8|QD_xbeP??`%A|F>TX~O>;L@Z3=DL
zw(0v#uFam!Q#W6}`G(DZ-W<1O*p~TQF59wk%N1Lm-}2U$zi+X%7Pn4pt!xdou4>)T
z`ukQpY;a<?ArAY|i8#5N4wiv+PA1-P%EFfcJK`%loy2hbJ*5$%JJu%!_zPbBahG1q
zUswFxof{V7>-dd8J%KPSVH@yI39kTqYh$bN#=3SM@SJ4w`Ac%QS|M-(9rEKT0mwKD
z4;g3SfjA2fY-FrW-VWCdEaMbB^tUG83=K}WL*B>oODw;~GETcg{}JPBsegdazcPN1
zdJp7BeB}D1FTYL*sd<4lZ!#YB6+w^l&hYak<2Sw%XntW?OCx<8qmQv`+7P(*W?ANF
zMA{f=&PzKFIE(eMHoTfeC3BSV%(D6+>;8JYSDa1QCHrAu5o38am7y%jOKgupzt#H;
zuxr`{4S0vwehILm<3b?brGQUqzm#KBm)3@IavJfaU&bdHciX;MgOU$W*yg}bkZ%n9
z3VbMFHVN@`AP)F;fbzA+=7aoMARG8|fbtlZ-yQO6wqC&ZZT*3G+XM074G&=F{6WwZ
z=TlzBGtOnrN|ra|p99zHS+2+;KkFDnjDKML^Z69dYxz`Phgm+xa(O}RIw3|6C98fn
z^u#9YyJFW2@74o#^d~zo9q&8Smq1;>&S=-v#|R7YzMGErOV|r-UBkLO5%K`Mr=X(`
zrT|Ov_osDylOYW_0&(bAmuCS-p&#gCG~(06IU*N01~ZP1cj3DM$KkI-=;#+cf#Wd;
z>0$!X(ZzX4N5{dgKER2Xm2@!)eFsnUkftssBQ;%Ig7+wO%t=Fl^U>FIQ7OuS3y?nj
z)r(QUMMzUepBoEYjC6F&SQCIt5VtOtB34~2Lwvfh@Fywg+e8-vFB3C>A<TLj=C)ao
ztHni-Yk)d-4(9+@iVEN=q_5*m&`P+jVO)!pb=)}+UXGMC%!q`|NLk0d#HEloAZ1;&
zFm6Q3n%D%?#b%_eVeY&Paw}5S@h38Bpt%yM>0&ET!#Nau^&fX2gx6rs#XAr{9q)HG
z03U@Fx_As{+%)kxP{;koI^gq2Ul%VRWgYh$n}9DN9UaeouK>P`6m-1#xDBB`X8aU!
z>$uan2Aa<iw=O<oG_~uXaWJ~H8=!YGy0x32k7G>GZiYS{i04z<Es#Bo$=a>ZqyTl?
zb=(HI15g(}?e~z=7&Ejxph*X6B1^jqawcQ8b`LZi89QtDLEninN27N~a~Zp84?*7r
zsEKacBarhLyK9d^(*uaV7Op)GxhGH;0qsf1`HThH)6fKgn&_oH3%QW7xAr_VeSo^?
ztL=ka1k`aC^aAAmj03cnpeY7wqEvesatY%=?G<PS0d?Fd{R#3Ape}}LuR$KhSgySR
zO&L%VBeXXm4`-a9{TcEk?QP%`?XQ?KcIuB{m-=`5lfYg2`OxgvABB9o{xt9p`Xp%X
z#5XM5V*2_;>oc1BHIHeY+I&g#{mmaW=e0~}sc2c)(%iDOWk<_{EswXn&{DFYY{R4t
z(>Ki7aL0zUjX4`vZ(6(QpPRJJ9X9vcJb3e%%||wWzS+N}c+0FUk8R0n?b>?hrT9{V
zb^tg@GcXDn0;B50bNGPL)^&gCD>YE^PZN#gfqh90&D(=mWCx|xgcVO>d)<aJ!kX2%
zwLQb%j~Qp`e!|na_VIPzGPI0zUhF<3<9`bNXJc&YjWMPV{ug1cE(R~*zer%97kd)P
zzZg8hnqRY|a;TWRI$T}3v~cYF%4OA6)vKYdTv9m2y0mgxxNzLc>caU;mWYuR)s<7K
zmR3%!u3GY&0mP_K$inxo!{LgBm0>ZVYF@|+TMMe&M=K~i(h!rY7A~u(t_f963|T9x
z=2wP(Gg4)RC=ah*y0jAC&6sy)xZxGy%Hn=gLrX?2n+MB7V#Jb)s-;s_FRz?Xv3xnc
zv>`@TRV-X)g{!OPMN%KN+?uzDvLnV$uAEmBf<>I)X%$PV=2ui(Au*Qu1(nN}RIDCR
zF>g_&m|PjEf^#iW7+D!^Bjdu>vQew5QCL;hvampbjj)z2s9IPPs;Gu0^0kjqODdP5
ze8Zx=8u_@SrW%D56_IWYxC|Svt{{IP<x3V?ux-&&W@9QVkiCf&p$Zg5W#~LySbss~
z!YWi?sB%8%JgS%eDV~WHtCv_6^GR%%-7^$pDwfS(LPb~^s-93$jckVm#W(-l%GG1T
z;hM^jDweRdWJQcyBv$gqt!P12WeC>P;OurJe8dmOfYOX9_OZ)WP{Ehi%&)3kHm`Ej
zs(F>msqB8!m$c(Q`x#%gpt2g(dlp~kS)*1huafn17B8~q%jeG@T~W29a{gI-MOz~>
zex6l5+NxO=>-F?DKDuHa+7=rB*<16J%2m~oCKD--m{!SkK&hf#Bh3pcRYk}`Y4aE<
zfHqBR`$p0JANIZkKFZ?!|J~dKh-5hw4H}AwSHk8_D4-!E5QKmvfCm~k$r2(-Htr@s
zJn9CIY8CJM#DjWNtX8dBYpu2Zt5)lM^sv^W)v8si)}vnk?{}VecHVb)L&7QTulgbT
zzVpsI^UO2PJ<rS=C8MwvtrNDE)a!Wx4GSICc7n7z{q2rtHW$TLIi$o_LDFek*47Mp
z5pB47wZ%ueZ2)d{gqwq*_O>RQ?XCGuM+cg_t=gGw;jUoV-_#zk=Jm9LW&PpqnSu5|
zE7~KZJpppI78X^(_IA8R#><}-=mb+XgWFYsKh%3vp__o*cbe7{(X|88IC|F4Vi4+}
zkVN9N9%JC-hZQCgAxS-O2s)cVh%7C9EsCuAE`O&5!i<(4)YjQz%?f~FS1Sam>$Xn0
zuAO;Efe-%yv+ANiUlhs(9_kDGQGqY|s7OC5))yuEqEug$$wi@Vr_g7&Q>fc1^x5qc
z`s{WJeReyAzUb@ax}6I9qQC~Mus}ChU;|cIpc}+)GBvKk0^MMN4On4;Zn;3Wj6<2E
za-nXyP`6yDTQ1Zs7wVP^b<2gi<wD(Zp>DZQw_K!KF0xxL(r78tXu;`F0!ER>Mv>2M
zxkzK9$Y-})<g;5Y(%2}{*eKH2DAL#{(%2}{*eKH2DAL#{(%9e;RSFwL8XH9#8$}u$
zMH(B$dKATa6eYT(#FW@LEYSlj(E}{e(_O0HD%EvL^>9k{C`$DxO7$p8^(ad9C`$Dx
zN;UAM8u(HTbE%%eQayvEdIn4N43_E{EY&kus%NlN&tPehJ+9Isd*VuqY}zO-vT38V
z$ezK{BAYhK^hnDze#$gEl<BdTY5bIF{FG@*DASZsrYWIJQ$m@hgmT?Qx$dG|cTsM4
zLC#mRj0+)1T*z>6A;ZCi3<no799+n7a3RCNg%BjjSsKKJG>8jn5Es&5F~?rr(FG%~
zt_PN5ZFOf)M<7IzepCTOux&+EhU=lj+5=U=jt)O0d|O9bcc4X7pVb=ZZiIU2hBCCm
zj%#W@YcZNw2BD}lMZn6ZSj9d%sXl#0W8(~e^9r<G(-vrNv2-&nQoTj14lTy>t3th9
z-NDw7ziWA~HQOIv9<{ox<+w{^d)5R)9sX|UMQd5~$|1S6+MgLPk6Rqqj;anJzXF23
z$xmB$fxo3{In2Cf_RtdS0p`TWbv=-}(Tb&o_S>eU$S#3xYzhmlMtRd!T4ag!4AYiI
z^o(Abr*dtDmj^@L4Z*p=&ek~78v5FyZQD_$Az07)aW!oxqbe8*C@j|px<L+YolUfv
zRPCC!b`ChdSxqQOpw{u!Hs}>;%<t(oujvP{<k@2Edv>ddno8V^qfh%?quOi3HU4hc
zLW?@vRx2NZx)v4^6|`05?_3BIUF=(e0fpSw(bJ&{>ft!lb_!le(fvKM(PXHT&P-T*
zn(zV~9N65}1psW*Dj=Qp*H}ZSmxcm<YG@<C%!X5E)q?&yn_)V_z9MyZHdp!E+nc~N
z)(p53op!bA&KCR1X>lzHH03+I9UEMh);EXRy1Mf<gDdC9n&V&Tmj}8WGu(J|!cvD%
z)!5?nu!u{?>qMX9mQP&{8K1ifqLmwhbk>~iTTLj~p~@PZrSOw%=gHBI!;b=E`++=#
zd~IphcFt?-R9;=Im$fi(Oix=#d4I|oin4}<d5a?slvT9{n^)AY2&^(~E(}6aYQHvW
z$I>>Wdu1&QtPH~9h8;}j9TVOIhY-RP%r@74ph-s8u_*|mGwO}7Ik6gPt-IT-3sx-;
zfI{M*%<pV(>kK4%uxwfMNxZ>p!vVq6)~Vp_$1v9QFrr|`#_QAtZ8-YvZ9xDYERnPE
zhFEQWC<e4dNUiD#h2YdL0_mz26V>4aw9i8bfmjl<QVeA-E5V0~4pe#cip8W&Xvi+;
z0!_tgn&I;YR?AaTg_<?>c6HUv`pU-o*_DMQNc_|{MdiijrUaJb?0J<{x|Y6XC4J30
zb@S`0t%asF`;yh{OV)z6w5p)%4{AevVMPx@3M(u?0(3Ov9}(SSRZ^lu)-;E#$`1VN
zX~Dm43BXhy+hxsY3w19?+yyd}3K-S{oNfy~I>c)yLpnA7j<)t*Me4KKRt7rNRjt3<
zg7aq0>26b8P}^dG0-6zVXj*112qAjV(?m&qOiw`7hmZ=x#!#Urm<Lq|m@wewZx35x
z@u;0e6e}E?5<ZC^bC_CCgLjOl=zPijU{(O$J%TL$kmx*16niv!W$qo4$0?dL^zLSr
zXi(;sZDuLx1?zGdQZNzw>Rw~Nb}m9kw$|jdsE3#l{>ohNiZj7qVw%6iy!r+9`AdYW
zUxj{N5%v64Qiej-+%*K%wE`I-uofE;`XWq~svat$UKGYu8S=(6s9PB>uA`2z=|^3m
z54-*4DrjbbIJ@j1SjfK$ulX(f+Cm;zIzooaXiP_esYq9@?C6vXS<Iyty9Ex_F3~Nq
z$ng}!$r1@Rs7q(Xg*HsAf@{ZnxQnT1;ES46CI}*76cxdRQt-DxIQN<$i9OK{nw7ys
zn>3~`Az?AFPqm<QuDNwQRpQF|Tnbc;9trBeBveNpgIT(PhpDFBIBQ)$Q;ozumC4Xy
zv9N8k>Pd*102_(u&_=q(qeiwtv;)bwjAFyd++h>3Hb^o9(QGM$2lcCHR?xOnqi-N0
ztxeuUWr}7g##v9l>?%~Yc(equ^Dczjdaa|WCbW4FE$wCqpUoM`B%;n0c-KM6#*Ti>
zRTyI%Gk0t%To_nphvF>dc-3|;3tElM0MBu|8g_;9en3+MOn5>pZWlsGZ??(qDkoWK
zv)%Q8FZBB$k@4?*A&NTU-O;rwx19h*&@Rs=if6vzc6y?Z_?FV)ag)QB5<lTP@FkQW
zgHAO3gu*3Q4sevHXYm#&+wSL)JzIx#v|IRB2WycUz?zHYfhuKU!Cy9u7ixZ@{D4uZ
zr5a5!YTOVC3CW40P%x-@Mqd<1Q036E7?c)4ss>00s~6PVu3~6F<x;>zm6udyTd)gB
zgY;(w#14<8bK{DkZ-usy<-nc|hK62S$ARcz*>GihI|votmx39Wwj7gtMIGTNAX2DA
zl+stxCbhhZ7U&6!7T5yHj^@jqL$=6DOf*m*uq!xX2Z>lEAvg3xrilqLjtJcZxN!>8
zQ|XGY<kNj{Sm$xk@Iq?^5pG*0HicR}on4_|GnN(uEu`46)s|o_iUcQ^v5CrF8X=V?
zDrfygreV7;K-AH0uhl6Hs>gxZrz368k)u>aG|Us#xhhN4I1N$Kk(oOqn?X-lFH`K&
zNvDngD#LXp7sr$l6*ljM0i7Blnu~1%jwRRb!igSfaoq#cw<8eauDg5;CBZ@Q0T|yf
zm+f#|WfOXZp9^o7!3`zN)ygb~B|(n1?l2-`HUV3MenH}T=qmOVr-N#`umIKIAQ-Ts
z>DjK@Pmi1td))ohAhB({hNF#vap!1m;L3w)*$j11ZJX*M-W>B9EiiQ!Vv)-qHcR?a
zMXL?u1gHt?2X*$-fyX&uMFUV1<Cv9}`k7&YLIW-C2=5AAWJRHJ@TOH63REA{gLs=A
z@#!zn*64>rMQ2iiFp7tj?Gw8a3X7;6Yus4UY-ZRQ!3`xZ!YsFgK2{^SKWdU#jUiX;
z$A*Odb4-W!lW6ov2@tJ(Y-<9#l=B{6O5#b-rc{pWinSeL+}(J>2kMQ)LuVgVi66;Z
z8ZlB)-(j2xs6gKWi8}5ZvpnvG%T}9FFUCA&H?dE}4vc9~?A4e;TMi3mW1ERSOw<Rg
z@dQ1KPv&Y!5lMVyDUNH|CaJi#?Q&D!V8GNhWvr)76;sNZ@ujRwU1i9Y_1q<_<Bnsp
zj=Q9$r?dH}qNwVNHn)%}Ca@CrV_duDk?KH#ttP)iW%;O%5<YRfLxmNP@V!io9k_Ls
z#|^@CA2%BFh;P;VS1Rig;ZFKxY9O&?tf!tj6OY(#Tp?@PlM)cOnAO}Rt~z$~LUkLh
zrVE`lh45VU>>_6^O#-fZ(L!fU7a>CgyWWU<7=2TVC{sOJ5?4p2ON~lb5++hbu>*=7
zjodrh&;?U<V>Z5mp}2^|RH<u>^-ZWcaAR6{3|uojKovzlgQ?SRLmL^Gp7xDYaY=$G
zU&I4svz(iK`>p2W%mkI3dUGRv#xP-gL$S;kU&9``aN<TD+x*sl4I!ugpKDb2Un7<v
z`>Cl(dw|CY$U%*Dqj1W@_*WCy7YS{JevAQQ*u;)8N_cjt&#+@$LD*fQrZz!Q*u7F0
zr5-q4YBA4Ept{sakCscZnFeC0O%{Hf;@(9|F(CrSz*IFoi&9PB*^vUll034fB-)&V
zq}52nSYZla(Il{}ZMD4yp~9)~#*{HD%M>%(I+0dqKbM=i!BtSouDZ?}c`Q}6VJ$ef
z{ZM$EE8Cg_l5?zUsI|0s(y*5Tt>(BCL;XaB7r3IhAlTm4+-o&Eu2<5FR=K_LYnWET
zrP6@JFKruM86^&&RFbTIMqk?EA0V>RLiS0E6;?6tu!Vkm0*Lx{^&poe8gG(x6gs<p
zo#bn+YHM#7mx=SNqH1BwA8N(Rm7$Qo*9tCM1}$&32Rd83m$L&a5KWck@|l7HF@j)c
z3$tsQ113)ar6$dpFcB9(n<Ed@F0@S`I7BKde4!mEP<f!iE_=Sh7Q#!>^ksm7blO08
zey0_b$Tu>Smj_#TXJPeIk_%9Q83)}M5n^_X{xWQBht!&NfYjuyC^`zXFgE3^q@zEU
zUt2Go!R{GMuL)>4EY+HI^r~*V4g3901drMo?nF$3vB+*3V)iq2Z6T|N$=*1rnvWb2
z$gmyKkIrD!t6jyAY)B^9ZY!WN(OV?j11_eC&%m0Id7vQ#_$<FlcF{u#GyG+0!~A6i
zHR)YvWAhq)A=Oo}k+u*l4oyXJ;es>I+yW^w6JP3@43;*A<v}1SwaSl8MnO1tq$8aV
zt?cEHJD;FCQ9gl#3u9>o4mgwHN!<-<wriNPzA6}6VMwMD(Y%hP_TGlJ?)E@@u|_?b
ziGS#dQO7^V)U@<8JIFKIR|wPI;ZFoc6-X1i5lmxPbzj^TZbR;sDVx=UBz2v>Z&l5$
z=hA$88`AYnsb(7l=XyejSz2|0p6-wz;cvTOuD`Rj2Qw4@ip^<k6glUiD68od?63_`
zL(sgdhc++J?Qg-dX8aSZUj*z4iGNrX?CK4*wJvuIK)1;7AJg101OE1Y8;E;gkKgRM
zU>;dhPirezrVRj61`46%M}%FC*-mX}_per0VN>0fLac^IO==H`d2075j1#|s1xGlC
zf>yArQN?n&`vljsR7^kAupIIlVV%WFN~0WWcbF~}RbaKbU?bL<A5t$XC7=?n9nTop
zioWk?SHFX*Slw<TCe`~5ZOtpNo+$E_3I9+({3Ps*p0;+1C7m&eqzMEzW(6R{R0bvU
z9O?VmStnLyR~OPF5R$_z>E_I0FDxC$d-H-T19j|5Q<qAYht6;i^sFkROmuZYPKS{%
z1{HBE;wzz6^xfIbR8AvBY&lmOX7T*clI0MA$V=x6j*My+zFEr#)I3@?bE$wb2f+Ov
zNCU+}zHpsYD}#v2RC`RibJH>3hUjDz80l=?$jt?MlrGVAp_k?_TL>O=Z2mwUSJ)5D
zM>Q<7;;0ShV<lBVYdXVg(P{z_1$})?V}u}D4KcWAMyRaC+i9wfZ6TZi1khEc3)ly_
ztkKt_hLoD;MGZCOY+dvSgx*RD|AwF#WA+>{v(u`F6zYZ*irq?>gH|AEuGk282_Z>K
zpf@AqVuGs`j=^4|PqceM#bLmuT1ks{y<h=8RP3NJOpIcK1^%`W_FfPSVGBUf4Wo?f
z5vr8GYM$l=I<Ozcz*XBB?pcP-BMgzoKC5iz3ee)VV0+9o)mP6pEsz#!JHcyF>T^6(
zx`;`Q5~g)L3BpnWcEkR5rT++eLlBvsut;f4Swxt=){7)ayAz4cK4mwFrbbq`OMq7B
zqPhOwpwnQIdnHH&?@F?TKwj*6eyD}~2L@*F83Ic`g*afCrxx4wR7G_`bCwhY2?Fae
zn$r}s)JD)~y(+Tfvxen89Zg-3JKdO$IGY0tT6jUGk09YSxzVNbLw3BGd{|nnzybd<
zAE6BbT^X#(AmQ7JLwTXvP<PH@x531-)L0?3j0D4I0R}8o*g!La@a7?^XR35)FoAHt
z&Ae6EC1hrEK4x-RdvKL0Vb@hiG$!{5xR^|151Wb(p`4E#yPkG`2(BI_B7`@W+?aM(
z8&=jBentFAvOAm{%vx(ryT4WCFiHA3c7;)<BK^&|iOgPXREVHtZU~Y^XtvdckslW7
z)+>;}wo!8&g-sf@*w7dXVAx2!#Cm1a3(%Tyz9sAfEMxhO`h`E@Txc2XR+pH&?qGAU
zJ)FO!UZpWwI@X}3)^#K8NJf+LgfZa+PMM_QYBJ!X%AlkW+YiHLX=x!IRpFxU=DOf2
z#Z}OqDr<Hjvz2fa!gx3)lUU9tU<~Oru9#14Y}q)h42x(Z&2)#M%)8VBdn-X)p^Y+4
z5cwv_x>jRI5(iupqf!Z?QzOJI)$Gny1>{icnY1YtXvS894#$jXS5K(|djTnS)1hek
zxy&G)N|KPggy}7fjo5r)_E+ecH7pd}7MJg+HdRweq7A<q4-g8|v8T>yd)TizTX(b?
zQ+ew2!p27M81rKX0~d^&!NWyj(^k+%phBDAV!F)oSC3nCG7ZvvTRmG-rx!FfV#g!$
zL#Iw}Z*0U;C3Q%{axhK{a>xeg#R<^V=|zo=;!di|uv65abv#|+l(<r~l17NqYz~)v
zs(zQVQPS90WKCVc-(qWOH-Ag4*c$i(>-1uDzq~DstFp$%RiOVeTy``zDx<Ewx7<9a
za6Ryw2TiUA&E^5p_Z&?{?L8+=*c&mU6t_t;JIGnp)x?bmgl4z3fS9BF2&-geTPWD6
zJYmP&%=35pTM^*Uvr550!$fISSw>;)I2pl0%@|6^8F8m#Rdz~YB1NjSvjh+Ndu)d@
z)y}B?>bQHKrB!n@b;{PB1e8X>d`ZYvx#vn0L!w5pV<t-^wDxFK?h9+HEF0#+p&xZ0
zH8`RYI?4~uY%!qI<c_KH0K!JlVKalW_7X0%yM_m5mF?vwt42QudK_6eG8M`qLPmL5
zsSqT*!bF!%W^R`ggTd>u82~7aLd4eD8h_zXBZ5^6|2~R0N7;O}b|1EAnp;z$GFC!z
zu(AriC^nu6kG!otJpDLdaZy!Kby;OzMG^iKR~8oKRg~BG@`?*9uxoY(^69HfPOusq
zp<j?dpbRHkurv<n=S+i>v*(@?Q1h+E7D``1NqJs@Ha=$u+F^6q2A3{WwufziMy=t1
z1QFxg!Zv9!`e|ljQ608717+~rRo<tv*$fi&R4C-byg5|SVw=OksgvE>u8LwNI4ZfG
zO8grb!yaj;okVh0yE=GbHg9l_+}l%Z>%eT;0MK@{SL}w^Egj~$^s!1!yi*4&M}X&K
z4C%xvHSPG{N<R*#YT#I<q5I?HAblOcIX7K6L8lkbSKxFF{Eqaab}P=jL0Aw^mZOFh
z*-(okgATC@&;<W4#9>0YRs$Xe@Y{vsc0%~qfxB+}3!!Y1-NhtaH{)3+{tx15E~0jP
zXA<rOFxFsaxu}(kgLM$#M8^m=;I0`@I#J?RCAySl?Ep0whwdy_KnCz0p=d_i`IcvA
z8A?7572=TUQRi4(S&`GtFiLT@NP%k@PLP+`Ag#n}1ZNqV(cLE+P8fqH-r80DT!6eB
z_niQdtrh_99A=XOHcSvBr?^4!4G0QC$G}PF)&-;QZYLN8IA?_uTM2aHlmmN0IsRrK
z5wToMnNS6`%;3HkBbkNYZk!wC$2-_>8b>=d3X_}y0`Es%wh_QdvTh>T2lvDppRK~R
zU@xFfaSA9JZBxXMZ)I)*d>oCLflNgTZaCs0*6)y8CgH4Gk|7Db8RtV0#vuN3wn=0p
zSQ(E%&yx7D#`lp6e1z?{yD&O309mI67|q1#SUkJRIcg14p@NC@^O1Yvgp|LniQ}Zn
z#CEDd<YKCYyEz;o6+HxDhRvA@&l(rg6yWS(HoED9j-Mf+QqHOfuq~m^tu@>oh4RQh
zn(i`jTH7+<98qXYFa@_3#hiH3ujUY^<Rq8G@;|Ac{NBF;S%r5fQD>meBD4^|Np<8C
zJ$oXLDOV|Z2v57}UlhzT%w@ZJi@ZjdO>dN8EA6??ReVfkA{^;fQ+`#CaB#Va(jC0l
zx5&+VCEJw@w-2vvf8z7>ecz4N(yfNpnV2`x=)&PU3XgApBv0x`yEu8=(|4$QBFeVv
zL<~mM{@2p@PztRsh$@^N+u_7=p{>lSAZU!Oti>jc81tr>lD$e*(NGHEe?LTWF2o?s
zuv{gmXhBot<-%U4&^poGo!j6{tV3gEwsY#Vp|7Q;sC%L4#6xHSa5Uxf0a7l`@)S@B
zqO>tM7#3i#K}h8`$a--##7Pjxp$B#oEi}3lw9~~Rr&gkaKpW0&%Tuc$t3x4|4oAEz
zBW8=%MOA1ypvHmd5#Dm!l3``#Ps6FFoG>~vJ*Yhi=bv%{#<?fJI3HU!d_Cv%o;uV(
z+VI<he@3;Dj_3j9D)5iN(>8TQkB$Bn75Os7<rD<Q@YO0a@zf-82&hKs_Bf#ugNW!7
z7@U2HH3;;K)U<9~1k3Ft72=dx&W4*s2C_4@0_#N9x@S%l)24$FKf=x9<oRxJDil^4
zfO1Z7;;D+I)WjOm*g%`c&0-Uh0EH)MU5PC?IB4Q|T3CXXoLG6eAX)Nii}J@3dtda+
zG|wAruSv-nVkWVi$hWMW*heK8Ld2+*F0#bJw_zmcQH;|^8TKIcEka#w3u;@Jqh{;;
z6?vhVh~k+7d4>%|Da1Ve#degD_4HdJp-kul3^82Vup>3Y8Qc)b2Gy}@Ij*}Qt)}3N
z)XC^UJXGR^(S_Aue%ii4+;`!g@~{>45GTUlLN%5OT={TT^JHL{a8nF0-qVYcX1vXi
zONXj&dbUO~f<aGpIo=Up2_Jsha$rgnF#J0ZFuGgH5Ce=glz}XQj6hf9l<f(S>DUjP
zv;aE{M&X$6o#}y4ATw0esHleG);ex`LMPD)QmpEGc&nOe;Zm!2dqU#sc{I{Om5k_g
zV&=r{3y+4tU`Jn(2oWsYp5QpU*37sJNTP{Dfz$(Pw{}{E`z8<<8FhP;lJrdjiBoCq
z+yjzs!*S>|aUA5`^KD?wN)G}SOxgg<MRsfkMuWg1B}g}fBSmn>AS6!^m_Hh0r5JWf
zDd#LTL)=<{jbmU-V4$E6q7UFdU7)a5Y`fk_W28$_4Zv<XRRQQRxcPm?sup@e%h7|B
zQ*cs%F2g_mvK(U_P0_jx&kArCmGehz9E$#wpc{hfXnU3D!y&%2O`ko$c&B9@v^Dx$
zWG%4j6ec@}$pN@!W3=KPhaY?>n3Po*2E>rYp8%UsO<3ZQ+Kq~qm1>AwzVYF03>2qb
zQLa>Z=^z+N1EIwoZ8s7%V~VuMXoU&!kpKi>=isc!r8^SHF3@%(-O^B^0VV<db|rhT
zz!te-^TDR=Rsai*r{nXl?uK41MVr`U6cS`wuAX$Gmi!XWR2_Ua*#=C2GI-}oL=;dQ
zf~E%{*ry#SHX_$PxFTjO$EX;L+`eNBZxcY?M-Nn-1tL;VD2{-vK4Jq5=5GCtFt`E1
z+({28farD)z&>L~0NVy;v<8k&9xWSX;|yeOZA|`b9#;s(a?OBlhXa&xi2&3FniV;B
zd*iY{K%*dy)c^}y(p9#tw8(|q8`wm$CJwA9z_QxnSEiVd!P@N&uoJs+;6&xPJYhgW
z77}2UM9%*9L3IHXWh|Ez-!asUrck${ase8}HRI!4Y@-|&(!nv#P-I&c@EClI0p~P;
zf2^G~%nS>yf|#J1MEUj?rcM%#0cN}glF>10XU4p__}&2&Zn0q9Jj1SEQ1T40u>nbf
z9h-D?&BiBv+iHaPU~K{rqa-2@x^@r0WfF-2W}?A5`AP%H;dFyk?9kBmr|LwSf{X`O
zs~|DR8?!n$Y;R&o489Y?8v%EZ!~-<5asKumj#I|C2`CEGWDPVu3+4?nO3Z6|YtHp`
z@iDB(gWG!$iRMHD?bbYl970sQ#@3G_C344q&LE>eM=e~23`AFSDeXb8(TenKd`SI8
zR-D>m@Y*&Z2vPo6jYU5$Q^+!(c3-W?x5^*=05yRj8HQ|$MRELN{p+pdKr#q0850(;
z<FE8nW1W6?d}uX3-O1&gJk&El=Jf-nC)-)84XnPEFuwHwCr}=ci5ZNn5Yj%9wFXl1
zbsMMT!I=<S4`>Y{@vedNz-(s(x<dtKqAYso#v$*I2i>z?<!HGMeX2;`WC_|Zg-??A
zg!LI$4I!x0ioZ;z!(qZ8W-f$Wy>U=BhD4`G7<^=K69JsK@%nlgTi^<Bi(%Mc?Hmid
z26sCzt5RwilCXgoN8p%iLnYdRUuMxnNp$O&jKW>cjy5jIG#E5KdJQny&K87j2Ux({
z7~PtP(x!r!FebW(8#vi5Ks-_ikj1{g`7E|2pvD0*)(I$A$(RtJ)|&=03bqY4T_7k{
z(bUK%VibH!*fRi-Stv`b7ywtHOkD79WqP%;2_kr51L6XZ<^$K^Nq<`<rn#xCq5;rR
zcC+{ckj7FV;lmfeEZqyne&}p02e4bk)!P!K9t#@PIhW<RcEV+c0L&~6u4jUHM*Jo@
zK8U9H-D$OmakW*JgtlZz@j%8}ipt;`YODim{>Ek2;4G9`QES7>Hf?JiIDjLvF`2V@
zDmxB@bn*wx-))#!;M5o*ZrvHKR-UYeN<AvakYWp3x}-Job~kvO<@f~n2^*i5!Qo6+
z7loiUsrT`;5uA)o0Z1LErIEFDmLxV+)(i;N5U$cHVYtUY_V5<O{Wp&)2LNca`?+SG
z0n*?GM+iP_31p(+U>5Wff-#h(K`cab<$J3vLvD$fGr)L8cB!B~GbdX?oy^G`XqjPf
zD0A`-wE$NZg*#hdM>8>+srdojCuWa}3k+R#;g?1&7Miy@7so;({V|)9QbY`xXzwnV
z_*6NL-wI68-X~FxFqe|@s1>-PKBc^rJbM}uihUzjZoUAFwWZmmWVj6+VHqTNL&y!>
zNH$RV<=}{IQ}{F5^H6;SLQA)^o3`r;o89L)ZmXahB>5K1D0Hq!Y<GuUz`@C%;7G1S
zBm`?HcMj6dlO#O4M^^eA>}P3EX<b~#veFqLMEnW6@97wzW?z9$Cikgia@oqz0CB+7
z^m^dI?Cm}XWxd#FNufZDNaUJ|lsn!fp`6)^Og|UzEI#R+wzH`%%r3c$RK_}SolAuA
ziRjV;)A^lg>x-0#tOi6hLBx>dwi;*BI!D57pt1`@oDQ}hyPY}LUM}E{6`C!4gDo;_
z%7kgPMLzv#NnXM4DjGHlsYqr~zs>kvfx7S%jxm@mR_Rg1Mzs>BvdbkLmz2-_F@#*7
zMqm;Ua*>_Ka|&hv8oko5u^Zj10;7;Zo%xVGgdkn;Yo&L>4Ophik0n_QZ$@UU?1X{e
zf^l#zExb*UYYi3RU}(kKW3DwH8(S)^xqzt>n+zJP*(g~EDrm3{wPJ1URlvw9<gTv5
zAqM#hgG}$I^b+NGh&2x_)hl%)8Iu##c)37K;b{$-gQxSEiI{vG{!PI@9t~llhlJg1
z0<aEt%hb*3pFPuDrRqcG<D#wIViCr_^;_kJjjb_yoK=heDfiU^XN>Q(IryZQk~|5D
zmkEXm%wCmhAey3{f`i0N0V`sGd+rE~-tk78k%U1u6t99JLi9fO>uEt{wuf;)jV2JY
z-OI>E=eY~|pblC;dXEu>h~BYHMlj4Mnq7ALXhB7!iBK^l#G?gjQ7&SJ3{O_#X(nRL
zXtvdR*FD3hqOR<0nhuoh<VKn7$J=pG#`)z|5}u_X=#ixkK?4yZx<gP-Nyy!O+PLJT
zZ6bQcQ_glnaylh^JxZcd!+)f8IHXgabr|}|!)`tw{#M{$qjiL}pS2XSX!D=%Ywd|m
zk{7!tMfSEisg9!8poE(exW`i~6xyjRQE{&YwxM6Ax?(GGW&vB2b3H^Mk{4vZ7+1Mv
z|5L7|MW*SCoWdQiatw`=y0v<iDH27}VZ$|bK(#s>a54Ryf^s^LI`A6{P`?*=;Et~r
z`<?knHE#fiP|Q=Y5YmAZx;8{OGC9{|I`*$}HyTHxVX}52R!o1^SQ6f<s2OA4wnoYm
z=ZLJ)Qs#!)O3udy7uoHWZ=acC9pF|Hvh{)4;XEgWv&Zaay|b5l+k}Lf9i0#2M5?u$
zoaEf1If~9Hw9Jr50AfqIw+eGPS8qCW+YC;k6cNi3LvkcK-6Aa<3MaiWGEOu_9&!U(
zq-bTJy@o~z7+`eM0?6j?Kg_jp*}pi@Jw@efvwOA%QffY^*2$3C+^fi~3N(SaNG%58
z1kgTh@I3sb3B}#NrIu&tLQt7p$8NOQ(*AhT6?r|j$JwUGfp#497xQ$6eFm2qA%P06
zywJ%d6_UK`feNArN5R^(6<yUGD1^VQK|2}%(%0dZ5+Qr5mJ*~BluYouVS!9h(v;lK
zRD>x?T1lGz6g&^AWY13EU$-#Dra@0M&(591<2ukwP9`H!YGZ{$N;+fr#H1J{vcFw6
z3!AeRMD)|^nFOH4OyK@(;cYQMB<+dd#d<!T$hn4tc}$v|P1Fz_)m&hK+nTghMayL#
z%GecwqYjF7OBju&h|<7Q<qII(NKea-YTnpfnj>X^p2+!bki^27hbC5|V>u(h07%i#
zW(n8~jBr~4^|}U14wDl+&Ba)#U5F1_q07|hc!WU}o-n(N(t-3uY>0iQElF)2F>B3z
zmX_W%PLj~nwHPhXkP<srTB0U$6N<42Xou1^HD;C*f_M_6>uL>`c@qt8O`4&`#Xfi#
z9aRBGB0FgeWO3Olv;dny81(SylhgFc!!@Nsrz$nuy3NLJ3RUp}oo|V6DE@IC^dJ3K
z{p$vZ;!m^{HxK36s+60`!$6v6q#%&t4=sbNu|`SA1V*1k?sw~iZ9gQv>z$fJc4Esa
zyB?OoydK&FmsRAPE6>i|QMz#%!scKKA!2<ng=SYx#*`+p6W)JxrwWA0hyw9HFmZ#-
z_AubhRD<R2Os><h96om6*_ziR=p+aE7+WD$1Zt`kyFx5&(HmN_81qI8S^bWP*ZwSO
zF5{AbHSbCgikxIl`lCO}Ib)bW_b0Z6*w}oVek*NrUJ*$;7sVX^sNXD#p5Di(9_#C#
z*sC}-O+YrqoPMX+KBrNFzLXQ}iRVg46i<#xF}>5Sr}x2lp-j1MsU+Gvv0bW9?Mtl%
z3t2<Wv{{k6%oLGF#o;j(jB8EwP&jfZx*M&@;vEoD5~YJo3*QmNp%J%fT0r-wr{B|e
zjRBkS201r!(<sa7i^X=38CBxWTL1IdxJqS&ExCwl+kFa=?XmUkp{Gb>luS_rC_xyT
ztVU{JEO%gOqZz@i2FZeAF^S_vdr8YLO=-@4IL&SaOf8~S^WGSYi8hew%`^8~{i|)h
z#lR8;ORVHIt?dKt>Df*6oKXnoxwVgboc;G_MQ+k)=CQa%-~|pc*4pdOe&87)5{aWn
zn~U>i7|&pklv0Z5rF?ZCt!Yj+<X~e5(H%vn<|z>p7;r48`pi(quqADoKI#qu>hM)c
zlZoMLMSkSOaUtZXdu&>diJaC)1B->l0rgJ^wDWYV#=VpxqK+8mNnV;nN#NQ$5vI|Q
zM7`i4Vq768>jaxZa)$<cXDTo`na;_DR^&;8d!CsrrcR>B1dR{vt&lEb<r3-JsUhMi
zo1#R!UQ$;pocK8uGs=y9&Q>M($GwqE*Aa`r6M5M^AeohTF}eW5aUL{R1D4cBF!A8y
zD#vhZP%{L{Mr}(sPcKp@VqY^r2@C2|+BBHLuEN@}DC~c58d08c@rXCxoE5p!44xY+
z#QRD#n{EL}E{boMKpNiQ+Cgl{nq~*HG(}Csx8NSMr*EDcy#9%8FyN8ksPEYQq&U$^
zR@R|Iy~0XONK<cfHP1jK9V>{0h`ErF_zBHLF^DyUp%~FeLrDuKjm#)5M1Jc=r|715
zQXj0yPedmivSdEWJa6tmNK2UxYKkAs1Ma~{EO+w<Be*94lV_dF23lbzI*40TO%Fs2
z9os1Y*)6CN4M9|cCvt{+0HS`k?EnmSy7B382AnAfB;dTIz)09+Q}D?*cx=gLVN_)X
zU?n|rjlpaotT4fBB5HN(D6@h|FigxT401>uqal^@C{}Y?1jUFL)JCvN$j}4}X?xvg
zKr91*!iw`DYs6fk>I<VGdU&!hI|-^x>l@Qae2|M$j{2tu?^1pV@RVY_Gehjp&@uW(
zWGW*&F~l;|Xg+JV6?mRFJH-k*$EcM{6=v5&SqU9&bB<INZgUZFH0U(aY$0kI!NS-r
ziCM<ij>$s&Bb%W=N=Ta9bQG<fW2a8I+}cUZY8_s%#>Ri(z^-YGWZLrj)W=G6tV8WB
z_JQ`!c&$^BFgUE8pGg2K_Dc%V5vMdh62Zxo<P9+$5-l2O@#KkIsPQeJibSkL=ZV7`
z@?wAFn)q89nZT|yFq4nvL<yRN04SGk+_VBxN79qtQ+}x%K<#jBE-rP$TLE`!dx0b}
z3DZSGmSg2~odC@BVnhb{R3f+5Sm)}g>q+GI?tzLlHIBNwi$oLeBqmvjaE6>Tjt#HU
zkaoH#=7@ggKIs*F>DM?cv^Ygh=oZB&Hbke(B@~9)oYX(RJL8qstXTG_2jw`0sE~ak
zi^kPXDns+u5b2dCE;%v+N+H`NjFDKVXs(lW6}`k!-wy{;*_j0o#t21yQOJ<wDU^hh
zDZn&h4EH&{iBpQXkU8HJz$*I{4v9b$A46+snOQ9p2LtZynndY{79t6eBih#BCUS{H
zj1K~2ocb2)%jH_`W7D<aV$6JV@@}(B@fc5}|DJ`R+~4VW*oii+4xDbRTO)H>(`gaL
zYF+bOtU^B5>ypBYQ~`;3Ctf9(49~<tj3^iPt#=NCsd5A}o--16tiSRjEKE~*HgKEx
zdp~>I!`I4YQ@-mnSa{qh-keX#(2iri4n@=s^i`j}UiUPKOc^X%wse}}y;p70(nBSh
zV@;XF<no_5J)XYn+^Cnx$Y3a5e`YLKo%=snB<abDuP=S>ZMivTdr!d*$sennbHr#n
zNlnZC!OT^x@hft`?Vw1|O=rULdllADCSX!pU{Q5qr80ndC&~HLGkRS!YDMPJsF9$0
zw+cPc^JIkC)YM@c8aa*+)5&TL2gW9t0k8s`w*uYqvuJ})5otj8^mppfDF>L3tW6GJ
zfTWQX2E~L#6ot0!#8P9sdZ6OH8~;vhS1mWRc1!GASTTLcbS?yhRMA_xuhBJVlfI%e
zg~aMRzzmmh1L1nk@a8Ou#J*>gy|x;;!b1a>ac)WKWzHE7Z;?ga#F4l}`6>C1g|ygy
z-2zxof;(i||B}|mS~erHgIay#oe0zm!HGgI?(QWd>_#&!A9t<I12UG$H3AY*A$>84
zlx&Tj=`gs1K@c7hhh`y-^&g#bgFqCqF&da8TcStHy7(AWd?r#XC>ukAr*E`-9yeuS
zAQnjXFa|e=wT^*q3gBGusRL7O9_2WDO*nUbd2Y1Gf`s$6#2qu5=w8`%zN7hbuu@@5
z5vu#s{*AaCTiR-@EMS!LK_|NO2YWVmF<cY731Vx?;ND0whW3KV!_GZlMj?}BL=Vz{
zGSNjH6Va&AQ{i!@j5C%jjIgCcs8iB@2KZPO{Y;2e`$-%Sg%LkWKyG&qhp`9^s9D@`
zEX)#6(bQWCXgsd9qUr@$?nFppbTL4tq0@pGG;IsL$w9l}nb70Ru%K^2bBPfPnUDAZ
zITm<0oFX;mtv?{ytS4Io<$J4U5F`){n9R&344|*tP5lyLF*IkoG4z>OwVQVs1($;s
zdsVPToL0>TdTzA6MRS%sLE}Z6rIJv~d3BrgLWmMUqIF3Q;w<Uj7zU9%8ZmwK%7V$4
zalgv|3rUzT$(~Q1r{J`<+;dNebiXE^LLqXE8;vG$i5f8s5S?K~gDR6M$K-iAw~FD;
zFbI?}d77p&Ot<8tSxCh7-?Ez`6399I2`)XNtvS<r$1mfyu^*md$~2A1{$|J^Cw>TD
z87woeLx@#3G%2AWHV;!q6WT0CX##Wy!H7`_f@!hJFaFhIE@JbuWhQ9fi1g#U38+=D
zh~?n@2F#{xz2Ph^Kn=>r#HI7`q`x=o06mwS)P5#>8vWSmQ&WyTf5MzgKA3Tyb;rqn
zwKDELcIo1=#eX?HZM1iEQdUlem6TnA|0~ig4}PX4rDa7<GgvdLLt0TKvcU{#Cw7%2
zeNHnlF)P|xRGL{sBz?-V4jDS%ik#<$M65~!35BuVK0@j@n0C(0R)*;oH%y|E3{0_E
z_5(wbcq@h*7aRj;RyL2D52Uk9=Ylcmk$TnS2?K+Ux%_sWZs%MQ5}C_QOVQnw(7<4J
zj~s2La$Cm%V!9H&ziq+*k#pR`66?;0$yjTn7BsYNcj<i34Ujk(BC5Ff8w=3Zp619K
z?*1hkZixzZ(ITKy<a)BUv}unpQG%?rT<sMSb5+C(1+-QnPJuJ{sFi!^ZsWbh>NKa2
z)6c|Q?#pnGQj}f)qm&RIty!_unsE}t_8j-7_OC~4)UCn3er980uEB)t3F33NYStT^
zH=e8QR7ae5!$gaLHSq~HZs#(<O-eG~qZK1S3^`h{j02j?5Bd$XPR%wE=8nX!LG%X)
z)hgkn$wD)Liq`pA`2O4BVwZu2Fw(xJ>kx4$JYrJ>w>C6ld(fP*DLpxlNg%Fh@fjXt
zdP#rg@T3?=2GE}Do_oCr$ZU;v$Nc3Zrb6$UxF_cmU&iBz{WPozWxA8A#DF25bfBC*
zH=uBcVB$=~eWHk=yFC*R4rA71TXkm<#X_r%szedMe5-Gi8!!KheYInr`u2BY<$s|s
z6N)wA7@hXt=|+|)m_$S^f|+bV;g~24P9a4X+7GYCxe7tS)2*Iha&q1MiI2Q_{pF)w
zH&lZQ*~YFqYzotD`>=cDPB(`BGd9*aJpry2=#1^bi0FKXMMI*ovq7qojF?Rp*w;ES
zxnr(hEOUb>noVMmX4u9dbdx)okc=hKD6*Nh4D|UOl53Z59q;Z&R9FA%oK3}=z6@G(
zzaC>G<h=gh)`pul>iVX;dlxko&xP*6Y4shu9ufPV5ox-=|F*SCxA{|G?_`R_Lt<GN
zzn&BO9_O0zA2FP0q|s$E30gYB)0g6&MRB;|-Mqog;v_77aUI#YvcMRUL_q04lFmeP
z$VM26ozj#{9FCXSr?g0vey}%WOs7q=WGA-0Pt?#97egD_-74Z5yWSxRvoF()1<{vV
ziiP=rh!Mcb=qiedR618yv?0D@;9`y&6{5;H6z+|cwUR|ZGo_R)648U<N=kgtb+NlC
z(Rs3wjR)}3iPdhKe8!q{IB>H~&Sq(|Q#A1ur4?wd5vLV$$49)V6AvKvXmsunW_=33
zC5mC#T4bHOkNy|Q-CjX6JQs$Ed7#X;-NF(1og2dc^!2vLFWlo1WwyC2sDr#lk7}~o
zR?BUXAG+b+Q5R|>zjVVXe$>{-^R`<PkKF7Y!H&F-xo@T$R#7bd#e_EI=$LmXHub7#
z6{O97{~BzpG~V%+U}L%JKW_y#a-)+{cjSX3Vj&gX9BTj%)^MH)Zek2~TO4uWH1TCm
z9Bm73-ZOSWtas;jvuM2P6?biC(S+sdyD{pu0V$`R=oWNpPULGdvxGwMr8Oj%G--Cx
zIH!3!Q0q?LR7akT3vbd#O;lJkF5|)sFcE6gBXf3QpKJKV^v_HHQQ~oC+Q;+h_jN2R
z@&oty#j-Htcb<w(3^?b;;9la)I&!=5<#5iL8%FKKMm})Eq8I$MGi1)^)}xR&wfp9t
z>3ICR-89<h=C~>St{>FHYpy_W%b8gf;o)|SWb3|-0~NpZN!Jl9$B$U=9y%%F9<gX^
zjs5=H)#G+<WtDyL{o#T*)JMV^t|6zy=Bc=CcBVY!!*P{-GRYfS4la$|>=i#o&0!KY
z5s%31BPLywt4xx;S;-=nou|uZB9Vkgk}({^Z;i7p*=@|Z(m@mPw`kMKDf#rc=sF9p
zaUKoV#bcH&G6ka<?aAkL<0Z%><wtd6LzTg$aau*{a2<wj8&42t3r#AWNn?<H)S-CN
zgI^usqf}rti(yt~2r>CV#w4Ktjz?4Hd<A1C9Qziy{FF@eJSjWGab&+-g=%-?`WXsN
zoWB-7mrQ2pQoXWo!pFOKoVmR?4Wq^qF=J9VI0m-n#00|=rX&}ba$|-)a-IbS!I3_(
zN}_&~fCar(BWPnpj-O=j(&NV9#|oEYO`Y;z+n^$I;>WBxdrLWxlt~KZcfCdKO9+bm
z)<2gCB?v9YN?&qdtYp<Z=v+19DBU*VB+!hJt^G@RiDV3{17!s^v5g^A%Q5rBO0HfG
zByWwh(mGy;=QLjsmpXK%vl)#>CC??+H_q@Lu_AWq;CU?3in!(i=}~A<XHE(|a(4AG
zJEVVi(wUBs5NfRlbX&5LZR`nhx=E#yWt#rl>t8-Qt@EPjGRF4A0_oQ1W{!YbxJ6l9
z#@>h@fwmj^u5fBmz34$t&}1vrDO^$G=vW7j3S+XOSay4(KT;8UCQmZoLFd#O*o-WV
zrQ`VaHI;HEY1JCLPRo8x&$188-HTpws0B<$GV;)-PT+;QjFMj@htQRHx_XPO$S>0;
zvB$V1-yHnhE>==sFM!e}%2$EO#CR1rCMhgZa!dMV<R$m)NG#4hJ3Kvwxg(;(H$F3_
z7H3QM<D4(ymwf0%9(=ElE2gY*_o8P=+pUQ*4koEQl*IBQc4T5Z$BwLHyNt};%NCF9
zUH6=cB_2C6k=#1&ZRTZTd}V5F`t0@B-xiNHhC(Ik7du*hCCEU(t;Xo?Ws67lntLAI
z{za^JD|Uz0pnB7V+u{+uBr6@x7{0qL{f_aGVt1Bks?jyIKPumJ5|2AR?n?Qf-_Sl(
z<Z<^H-4>i1u6Um?UWZa=%lK%=b1}aw+Nahynd%g$kg|;_QDePyp%X$n70-B}GNrR_
zS3VPBWV57~_|>OCBL8-eCe~6jZ;6E)3n_IAt!RFx!B`5SVPvedJ(w%z)E%@soyR_l
zeL{<r_4LWad*dpEdul<Q>qnZQ72|`(WV}L;u|M2pqPC8x=$X`3YGjRj>^e>;x-51k
zjb$KXHkJ_m686!5Lit8)37-=Ny?&-Gu~--e8ZG<T-1(Sk<GI16MmepQbJB`dW1r?n
z_jEZAJK7s350PeNZuBU`(xBxNzYa)B;RkAE`;B{sOd=3%R?V?}F&NVk$HcStKa3$E
z>@hcuC9;U>qFgdKo#V8BVttT-{RZ0HhA-V7pwkmEb^dSJusk_3u?^VwGxuC3vH=s#
zrPKP!wPL-GM03s=-dxLF;z?DCri}0HgiA*g>d;36deW8$C7AYuwl-a5ZnN=dxh48K
zHufFWH;&j3zqTQ{5?V?czg(oa=sBZTn6^W`&NvP=PXEbaqK^`N15`s|eEt4gNpzx=
z_)G2#I6ZbPpSui!Zl6zXMjYae$Cc{5$k+ptold`TtZ7ubcjG6@l%*MB4xEff{y})2
z_~1*89w7}*ZK7jf^~5-rM>rNyZu($1Lal?$ZueaWrDMk;aM8r<|KL@+(GoJ!unIKJ
zBoM+PYGd2NQk@`7&%pKO9042om7&D{)MIQTj!+ZFAdYb&3U$*1O)Z^GYN&?PXJ(tu
z$(EhT-8a{bVR2+P7dofn|G#)7cjVUwo28g*kz+<Ja7LZGq>XDT{2IG>ZJvv0)?p{M
zsGZsVBv~TiuT^$p@vn~)Y<CYr?2~vM7i-U%C^gsHM8i@4QwzGq672&ykQ1vZA3A%}
zky!3f8r*4g`k=Mh=qK@!g*9N25Oi&<GD&olA(e#ta~#^Lp{FXM*gclbIiAqDuWZLZ
zTXfCI?imsRw&^nzKLau|Ty2x+K%yBT1#wn*I-1y1@$0}_b8f_PqbI84;_lT%_Zl&U
zbo{s~5l3);q(WQgZuXameWG*dr@*^1{xZMx>x}6ei!wH%FOeFqN6R-1V`-jtB{534
z6CY>5{04sXiYe!km+a;ri6+qBBe$8jk;IFPkHQf<_g~WX<@Zr#uJu<jG+yW>GAbsm
zaJ5SeI-O|%54gcig`%jo7Zq+Fxv>3dukTbhRwdfIHL%J&Fj-+0{@zhIeEZ{g5;RA=
zQS9dMzC+yeAQ9=UH4lT4v;Vae{!=$*B|5(8nB6+|#bCAB;NjbHYh?R#L}GrBJOmws
z=yRN$!2`|Rk(R{xiPd&ay4ULu693Rvos6A!h1NjY<)UjvUBv@pnQgEHS6X{Y8-s&E
zvaD7@_c2?5E7r26A{%vja7TAe%DFa8+nMVy&fGHdy(w9bXGC0L`tdqk=s|07<~r%s
zmv}oRtnwwMse_H3E9eJc%zZgdzR@3DX@Jh(veDBYARf7X#61l>&_}*iY-|F~0S~c>
z&6d&M_YgNpQ@#nyXv-$?%+R8fy-7T&K!;TbfzF>2sN@N;B{0xg(tYV5&q_CP+%A$d
zz-jDXXc)ss5@82Nh%V1eA702k3yJ8LhluKLzR_M|ULm=FqvVNw%ycj#C*6^zh(oT;
zxzCdz2a3hz?rk7@lRUkJP@L&TwOA;d4u$4x6H3`EoZRMyM)b5B8sSl6XS>h5Nkp4&
zimSyua7B(EtPlyd7;{7G+4<!;$(-rm(-yA4EMDY>SoGhfK-}LE=9)vC@JeuMFdx|H
zt8>HUUb#(#CHB_}+?W|mY-4U7Yw?5;`YV)6BB|-Eh%6o)H1U#NBqe<s@<1zEmRwXh
zkdSuq3Otjb5aqPSUNfFh6BruOAFb(6d&F`pa}z1ED6iSBGXy18IeQg+YS`GTkt5=X
zg;l<SXeBwRhw_^elP&6?l_Q$tICPE24#w_{(C3Dl%x$Lx*_x2_UGJo?|9ui;2etB6
zyJtxhX}rXVUE>mosbhbGQMid>OB?rj{=2`3(RZyI^Agn?3?~2gK@3XNcx|*bqJC~4
z$hjx|zv1J&kw3X<PHee&OvY-`8t5GDC+)c3=8b&m9-Y{R+9&yMKXSM4J7)C!8n)OU
z)ymTl|CV-#?0Dk-4Em9@UUeLr)`-|h;&+QRB)N+2Wkq8{IP>|mUnz^IlBwpjQKU!a
zRBHRM|13N4s%gj56BkQctRBKhA4>8Yx$aP_Y$n?0iDG<ie(uY1<4CNd9S2A8i^=Vn
z70v|5ZLCqVP)!e=m?1tmOPhud=NS*A8A(r=1M1*f04-Ou|4^Uk?~aVf4o2EGu?I0Z
zEncBNLk)zKwy{3{iFN?9a<s*-y?q^va;6~=PO(xFEt1o7AYJj-;LE_GTh^AdU&TV4
zAD(1{f|ftMaov){gCqfjxF-CPTUPC=RS&$;Ph=h4lOBWP1Un8v)O}(%kPUEQi3Wcy
z0OX<-?;0>LIxL;`Ni*CuDCWCn60(eZyw#cF$^ImGpxqHI@&!~eI=DfRZ8Nwf+bP-q
z##gMx$)(dK+qZRXE)mMsOfsusVsUC>Q7e-`$Im$ti_}E85lrGUDCRWKFx3pAaTdQo
zY22L-73||19IbQ9s`D5QVoa2yAsxNk?oL$ZbW2bt)<ib5HBd4c*@xjjJ-ZBy7<Qu*
z8%s=mXSoHLsJeJqbx>7;kTMTCfVdhg8~=G(<Fe{^gbwvWr-Wd+Br9|2OhM<esLVD)
z1VR;LB&r!5I&_bOBi9?c-6D=*2EJpqqv|&$@51?}?uoq$bx8W7+4wD)6@-P`py=Fd
zjuDtm-iNsBRF!nPg9<t)JC`6eTQ(RG+okFb!P<51`H&#brp<?wvh`SXxRak&5y+gi
z%!abqSrJ@Pd~qv;7;ijMsvhZ^br`#ZAY@@sFiEO#DrcRcV(`JO69U)N0r_+`Fs)UG
zY@Ha0vlpO#ufjOrlXvE0J6HoGAYrb=rZ7S}P&-<(nIP44%ok?J5r!joOSsE9LlP{~
z9K&>a2?1$bk+Ngw#c<32=7myRzUrJva`!hc5l1rif7*xJ9j9WJgQUdbo&z*cs4M|8
zn(S2$ss;)~V<XX8rs|e>=OnwHtOvOTCP=r&2p9GvR%;^bhkGUUYLga<3&Hf2=%)*U
zk0&vZ&CN;=&zh%@Ft!q{XbN?TavB5D4poPIo`lOKjG~GV(f)*6cqhUES*JS6KxWOT
zE?TCA-KHz`*i#rpz{e^0x7>IXYj?1CJOm~b#YPqIBIkC~NMg*E>c3FoBNmtX9ohNg
zkB(HY4Q#8CI+kupF#Vg$Zh{d<D+n?XyQmX`q7La)_FyZf-Tk>CO*~pE>S39qt>wEP
zCKN6*mU^9Txg59Qmb>u@T3S;Zr$<n(StpDspe0j?Hk}rfK6XL}0Gz!N;>CE6?4aFU
zW3TNEmN8Z)wT^k_eoJ!3sk?|7>4D@CR=SGrHW{dY%aEJA`u5diDcCY0`)!G>|4>{N
zyKyBfOxtKnaHTEXEv2Z1plgaELoIt-hbY?APsEni{qb(|s4MY4j6`&(D6G(pHIWC~
z3TvB2SsF7t8qOlGxp5}`x;~gd{AQ{^E%K{2A}0rya9UOwEDTo8Xz57Xi?YToCH0;b
z`T(&K%DH4Il1C>P2z{C)7kcKgGOYiYK^3GbcbgC*9qQ9ob-Z+k{F~~=wD{fIiaIw{
zOC+LCx2?}{Iul#W9Bvohp5n%yL;|)I_O_h2cPQNL?#7+jxW6UZ#La=m#Fu~}V>_BR
zx^16+N3~4M!IVsA&<+lri8|ZbX^EzB8P~?0IA<ISeoQBJONmGk;v_zH!|2{2a60DV
zml7#afLL3ckxTSU3Z!B~Z9b$r`m_}wyTA>ZSS*#0)rlijG9n{4B|A;;J4$ri4HrRT
zUB>y!@}zws_J_96wToqr!4Z6kMPOpBqTft_K7Mwb&a6ZNosl%%pNxibkdYSYUEk@z
zINd@WYL|XZ?9(h+=@upWXDCCL>%CLQYjhXmTsTd#iF`bIhdREm8_~$$+*N^0^F7H7
zo#C2cd9p@(D?M4sxmH$6uE&#=mg^apIxaOmHz|p~DEF{DDS2-zD=950In7&*f3^5G
z5C0BM&rSAt56((TN=r^bTUqH=a@M%ijEq#=j7!Deaj9A9@<~ngyC^9uD-HLDqD#y2
zWLVZ{FU!(-afBx;BSRPP0tILy$?H!}%PzrHruv&*l9`h0Ng~V{xbS2Q%}w?Ovb>Qy
zM|j5q&WtnwpM|QqNuHctPy=7{M2)r_Z%0ll?!0ZNkdx&-CNnq1+lF5$&+)cp6g*JA
zctdGj35M2#f5rG$o?=<vVs!5D7W1-PU7{4trj77;cDD$l_bBzZB`YNZwfU!f3MY|U
zUdScg4!b+{7@As8n4|&HBV$y#RK#(tS!0wp6~8$%iz1rQkX^N85G#kvqnb<d8BSdd
zM?|t|O-l@YF_V=*%zy|K01DmJ*&es1uYje+HJ(+fx*O(QX>2l>9^d(xSSv&%E2vQ1
z(&^M_dL1co2!jJ&sbC<ti{+@lNIPfX*Bc;gsMt8V7Ue*5)sJ6T<giSWgMcKF?W-Xv
z9vBk$>x5#L{xnafC~GdSWz_-DDy5M*3&ZAPwiq5@94u=-sBBsEb`-0{emr*=k4xh4
z8BWV!V|>#a|2^GYT{It%C2DDm`{1QTXqA$D7mdkwkTOI1bb8rG+8hKM8?5O(t*9HZ
zyD8RW{2#;>X_f(wd{wU-rCK?MaV;D$8Dcpfl5#eqJKQMBCEad}b_yEMUISO4g1D38
zyr!s8l1e+RJY35%?i9PhqmHx=N5nDDIt(x5f%1L$TY-O#))Cfz)>8Dg`Oo*Y_Ovqe
zI!0zS=!|*MrIxxZ!XcT(a#?~=6<V3IO$A=s6?iEXz#lSCnGBQKP4UvM$xEr3#$Zva
zmBuufUMp>d!fV>mpp+g9Km1llnqVSrHC}19)K9nk^jO180u9P|6XFk#fWr?@PV{Q*
zHlhbfyTB8kE#_r<Cqs_QQH_igu!cEL|5RE>w(F(I!s{@m18_x_bTftml9~QITd5Jn
zA`wQlqKF~rPDf!{o9X~Rlol8lK^dlBAt_}F#%PSCbs|!@%u3_V!cHrV(xu57!-#O3
zlAHlY!&zKUX+oQ_S_+}x3q9fS_NL@o^5+C<k*t)xd5b?MWa2UPrZ>{JYi=qY**BxJ
zBd6eV(e_V9E_7JrbZ9kP@CnqFm0dD~#p+!sTQ-4DOy}TdNUld}Wuf=%lB|rq_3OBh
z*Z1b@ELN`r(4+9LB@-ZckMg!;L61V`@iHejtv{%|z3Bn~6u#v>ihs}oyIKoi&P~OA
z<XnO5Ts|DDa4|L|4aMkfY`XNXuyGWz(UPeEmA7#pIhUnlspg@;lhej!@!d<3(lYpa
zA=)@*2-K-4epn#5Vm%8M2yUp>lcf7g6)cy?%_W587+fcLBUfUW-ih9^N$I&B?^ti-
zn%#2Kz00#;0<5=DZ~u6Ey`%8nIN(K9yb@#aj?EedOv`ZBd&g!FWs#fIIJ3NChvufh
zX2Bq`yrXcftRUW@8oGdyk)4|&_(zSg-V;!Q`Qr;TLn7;?65u2>!(kq=GHXWe9Fv<O
zGaRK5RXij&8KASma2O=)SehMfrErvybG=<KY|uKVN7YNtu(Dw2B&8DDmk`@FVm4&b
z(D6n#h)I(K^9Hj31542%ULS(n$n9w8E=<FCFNW@V>>a-oDZ%jqu|8f=z<42&)A_PY
z$-P5hXn7}&K)b+BlJ^9FsV-17b|(^rvmrn^UMNL1QB!C0x^~lItsOBE5+!~(gE%zu
zvdAz1Bsw^NlZ;ZpHB4RD^F<;61}DP&!;JU=J?`(%jywq3%OLG#aFR!%4jc4%M-8!(
z<u(Zz&j2N-l7b&rOcr?*MynXfnB^oh%h|c9-ZpcKnb;{ejdrHYD(-DK+J>{H%sfg#
z9Z50NOPbh~FDEF+8!$(6EzDzH24@xgHx_nsh0M*Jig&J;o9j7?d1_2~O8ThEBE-}s
zo@ZC^IsbyD?j#~W%VV=-(w`vWhT=K;QP-;0jnev!QGs@@k&BoD5mRF!))Wtr!O-+A
z^3pBp<~F&xZK#qzPbZ^8GAFx{8v^cAfcrA+c9b-^Ud^=vg;R1PF+iDkE}acrC~<WQ
zAKjKo<Vb74m5*Wx45?V>da_QQ5~zX($kz&?Q5hxq>&B?SJy%I&wyxg3Mg6^PsFHp*
zxOl-g+;TEKXvpU7p(rQ)DN$f06a`tRlBH!=<j%;oZnKFgc+JpL`O4m*z6!&1(Z&=@
zLofp-L*Y|HPKM1uC$kt=T$rWVMdwl8($DxL&wfMyx?_fUct;`}JYqW!^=Xpj!<`62
z=VnM}0W0$J?F}r~vU!$#9xMnsQ^b$q2XG(jaA=?>xKcE@kBa64Pki6SnY-b7(4>$i
z$pg*@UNPlqo@*~_muj>pemh%kH4kXXBzmxyv&C2mXuPz@_1hb_dRCpm<2+?z(^jLQ
z)Eh?%X?&^2N}<e7Nz0BrPyYKoMKG?jBQIx1UKM`dzy}+Y1lXXMXoJT}vG5-sXZICE
z*1?jtQX-ah0SlAx2lor>D+^f7ga7aP@|-u5PHg@D?yIJp{pZum9~t*t($50-=8ik+
z(CHWb`n<sIr(N;j0i#C0bJqd4WEb2z^x2|^-#co2Yu?4Xyj^hPt@jUKmp*yoODFs+
z_~=ew9eUPte<*olZpE3^Rq1cN{@s)J8a3_KNB?!vNx_RB`E=HTzh1nw<+WX|uKx4K
zEB4*bJ8Q#3f&KpVP)6zzH&OIwS7cXYSo|r;E};aS2Gb>z$|W;<T3UJ%i&K@bQ3A5B
z(lgS6@WC%FuaOpwn7(OQIm6Ra@Jk)79(gd@6wBj*ct?;U)v~;Ohf;`m`;N#Omy-r;
zX5~;nd8^gmTJ?8c)~@Npyng;aE+_VX)kY6qfnfs-kINdD47Hh+oSd4T#A^!y7<81B
zm6L;#jBzST0$rExL4TvYqZyyUs76{NJrva0eWxe!I$d35Wl7oEXxUoS=Kwu;7X|>~
z!!uw4L7y?{$#{!3q+Pp-<aAGxLMc!NBn}tsRUojET`?SRWS0!f&47AV|7A~0+TBXG
zJl<on`)(47xm^wME>S;y_Y%>$o{{*`nD<UhSLpRl1Z3k<v(sVXP4uqz_T6t614y8U
zf4vhk(vxA=0g*IjMp`3AdQ#F6Fv571bw46KMo*7PPjxHkaXFlO3?HTzhYvs$ArPCG
z<D4<nQhb)99EY47Db7%Z@C0nk=I|G|0vz-)@Sjqu#HpY*XDG?bt~5+FV&4FBS>w<(
zh^HC|%~_B>N;eMuq8g=r)W`R82n8C=u^)K*o<Ip_8AS?SXUpS2h}GU9X&?>-DYb2+
z51?aUEC9-~viqLq08jUDz!;|*_w#Dpr~)#Rhx#3m9*4xgBQoSCQ+|@<XLx!#Vv3nb
z!_yR=Ge9aCIpBvJ;88h7c7qrJy(|G5cpqu8Y9_0C)6;V@rCYB*yM!zPBI6HcTQN+Q
zm$d2h-|$R<52ekEwbb6W(R4c6PR~suD`kL}0RGPDL&pK7!h+JGVnkS(aC(4}e~v)=
zikal^IPxO78ncw$_c=Kdypj%UAqh?qoE+~O(4*yDGlWDefbl-Ee)segH=ypj6boKr
z8qJQZtekYjOua1#PvSp!HH;43tQn4;hNY+CBFnqnJ9b<STwP2U8DY)neba|}m%Cq6
z_Uig^8r2Hn3Y!#66cj0nR2dj%Aecx_C6ZI<peby7N3jGCZ~+om1VjWY0;1<hsaTXg
z%DbEq=q$Qe=PJDRO~VtpS+1r`Ay~gSE=Sp_(h4lS6R2eF#6>%8MJcA4$Sa14A?twU
zmr%k2TRe;frzZjE6iOOaeqM#dQE~lH<x*paxF)YXZ!=z&g9)>oOqjKQdM1r%P&`~m
z{0M)EoX0J2NMP(z2$3xBn(SC~7pGHDb$Qq1dDj$p`yTeLDWL&LE0RAloQd+IZ^vQ^
zb8<2v#Ujsn3!rH=8Q(Qrk)C1$yiC5!;Z(z;%gC^jL4f33r~q%|UPXG-<Y89EZ3i@-
znEia_6f^)yp&Q_&J&(7~-7P(nc)4pF#2nZjC1!ruxhfil8DFh$FkA{?eGC7I^D+^#
z-n%+8oese5Y(_f|wj>7+%2oE7gUQ{a`HN~^kk@Md0tI$ac6z$^U~lA61Be>S!&xKn
zz@;Wp?#W(r1V}W41cxX^cH}QZEI5a2+OpSlfHDZn*dh28D<5iMq|$aE7RY3ewLf*X
zl}f{efAQa_^fXet8kI~q?uMnOQ14-&xKY&i92P}H7(r!JDDDt=!NcA>1z6-|*cjeC
z2$A0pNl$^*5qVxIXz0XRkF{%lU3EiE$lnoI6%4J|e{mobZVPr!TUnf6;;|aCMnxaZ
zYzud_`+Mt9)5~{qqfc^CcTbPCM}2R&JJ69|+Y;#PZtL!y7i<Z%=Qjjb1Ukd{b5?a*
zR-wnr%dZP`^M%}SPghqk)SbI57|NYfKff+_NuVjWKG56~!n?Whnq}?dvG%N<SyD37
zS5%c(US3p~S6p0Pls98$ML}LcWld#GabcCOtf;`UGCfvmpfhh#y=C>S@>qSx3;<4k
zLm=E8-amIiPg8qa^Fe{$X+B?Jv5)^1m#d!&x%2r-eTAyPeqK^oQdC?}RKS|5oLBfa
zqok&)!dG49D=e!iEh{f8s4gojsw}UWSzTUHR9;nHFmq<HuW&|XX~~R=LSMnmQeR0$
zQFTRWRdGdOX-PqKd3i-uRY6frL2*Gz^^6%MMKzUG1?Z=;+BainQBhG<Np&?qDJU%~
zoLNy;P+nb$XXTaEGiLf`R{DHpg*AmGGt0|nq6Y#}Q!}%qqP%)$@yyDilIr5(s-lYW
zs^XI3B41f`d390IjPl~b(t_fmnU&R56*VOlrR7DXH5Fx5<uzr+WhK7ql8UmDs?y@>
z!h-UOn&Og~)iuSXGYTsUXA~3`msQTJDk?20oKaI!Rpcx8VS*|vfcTSu_!H)}HHU)X
z;Ii%*QdkfQb_bh-?fKQKyFn8mv+(~WVH-@s37CXcn=lFg<AJTo1EW3G(E31VWm|K=
z-_#yRX$bWMEch~3R&l;BztC4&SeRc>R04@L-D6c$1-p7fZLQ0@bN6oECpS82xmCds
zq@%wZOp>2l+1{S3Dur`HfiT(*wB%b>xyLFp&E@+mN&;o2&CSK7%L2agrqY(;(x#GS
zO##TXl9s}<!qN(GwZFiRNTtW3L#!?`)Wz;pJPk=>mW2FWb-~W+)y;t}cHOW%6kHWn
z`lzz!v_-7TH*-+(`0ym_@%KIOsb|*T5&YuRum1k48JB%jeZiTLbDrf3%~O_Ap@h5q
z&4Hy$+S<dx&YECoX0RLbzqn*!pgrIZ2bP9I%}WQ6(@TR*M=#a&2dJCh)zU;DcaZ-^
z>?C+5IQhKJO$=DBqn^}g#Qe`}Z=dIH>$Ez;&B0J0kl)hYt{#3f5$%jf+|qwysYeZF
z7t4ycp;yKb;)L<#tT!9~4#`cju7IJV|GOfk7?+E!dMwQ?M&1qAH)VfSBYx{}+|hhh
z_5PIizh)GOVUk&?XD#4AJ~%)<WvS4)eXD+E;;#p-GT2vx@D&pkY7vuT4iEp^Q@zDB
z0qzzJ<GD!+P!+7(Qodxy3Sg4lD2DgqTY5>=k$g0Xy*3dCcqbq4G7q;y1uL1Z5k|TG
zd}S`8wE0+?mE(T85Y%KWmpQYt!^^opPB!nvXT3Ui0<djvX7@y4oQV;K)zWSoTGu%g
z92*Z*k<^F|z~EePVUSPfHniiJ2}m*qJqJ-^n1$AX)=rLo7NZ~TF_0V$w$G6<Ud)Iy
zj|wZqb%9l+)~@+{Ik4|hv%%G4F4uB7TQ3i7DSY_|Msly5WnF?i0S{6><nz<*YBsts
zLhh1n1r!_$XUJW~k7+ck&-XFkg-hf7bS!rua&}lhWY3nN7-k1ns$O#)t#exvlTH|%
z4yn~`CO=qso8xD~1>um8bbEB(hz*9fw;mpjQgk85XtW?+%d7!|?Je!cvd+Yed+ZO$
z>h@!)A`va*W26<JiU5-1N&!_f+9?H|1E8C7tk0KXCRx&iI?M2v8=LqAiV~C;;+;Y~
zt3XK^O8lTOKX5i%(PkxZPONv}E%}I3EIb3zD4P1;e^Cr1S;KIBpcc5%^8a1@pTNLw
z7-dqD<y*7sduc=VJ$3e}pAPq=C#_qv>nkYwW0J>HFw{3BEp@-F<fL6wE#KU<%>B|l
zDV{ZDNuHE-(|uEYJ3C5t@(oG$SnE=*O^R5)@s9UWM&0w?arrx?)($=PJE?b`ec9}z
zzxRWmyuWVE=rz7IDG&M9B>!k#a*_uD`XYc64CEcsk)B<%x0-;UZ+H|i53*2ws}w}Z
zi&D}?CM~Kj80pJS!%fD>%q9Nt^0v;_?qFxZ2wxTp(?_N+4779vJ6j5N_vNr8bL8lR
zmVLo^-yVFPJaQNFyrHclkXPUB@94^1P*v&Medpl?B|aGX1!eeCco=R=;X~+KU*8?u
z1hV12p@eMc$dq~W7c4B8<eMnByLVQ#buABsa%a|8=T_I(O{wzL6z3rXP@0DTL3zPM
z-vk*^PQnq{j*)MT=Q~aeds40BHJ+V75T4AWH6D-k<lj1;cyQk*ZoToymoA*2ms~X~
z{M~zIJoD6&%U=GZzI4^|r&aHH^dmodYT4h<c=+a>uKMt#nxF3b=u4&l@8fmfWCxdh
zaO9}5Ke@g2vwt3W!KpW&HSx!vm5lsq&E(&dA6fs)l{pVT+xy+yn%|j!{$;5jT)Xoz
zfBJvJE_&8V&7a$G$Q>u%x&NMB$6eI6fBO$s59z4A^sFh<mtA=F{1aF2cGPi89zFQu
zgE|g=sQB*Brewa5{mMgA*6+Tq{7>&}xcRfHU!Qc@+KY>mi&J)ee?vp*_0R3P|5p!n
zez5w@eg1jx%wHaJ=j30HIAhqSrA@tGr7t<*?bPGvUR~!qVA6u}Woh>vapUxd&-vpk
zQ&%qDaA9t7edr%;hjxC@u*ZSVS0sU=J=d-A3;{+`edB;q<Uox{8TH{0Yxh}w{F1JP
zO;7&gmb;J3EuQtKuM`c9n~<`LZ%ky=gyPSBzp$n&^B)I(vGR*M_Pgz&k~?<tHSqmC
zQs(&%^3|@JwXXWqs^#6?T~j7cZVt8QcSNH#&B2bzT`SsHI=L$pZ0Tw44o{9wBk59+
zC8#nVReXn}Wq>PF5r*`n%=OLj&DQt6q*JHb9jsclDp3c4&_-JB_KhUG6H|uyGIf*5
z8BTHmLxNm9*4jJf{`94HhkyUnu}8jPy?OCH&p$agbL#z{E_(Lk57zy7QRs>Z7vH;P
z-`|YMe0b8xL!bJCZ@<%K{A^+J-;R8A;_^w8*0$Wx@%i1C9sQ%}x6F8I_dWM|yy3^6
zoYS{r_YGB7?{?gXB}XGPcJ0jNo=Xnf&wJ<T1)t0vcI)V=ckj995%+y_eEr;$e?9z(
znpNN1=dr7QQq#2N&f?$v%iFeeL+=v>@BMw&S)YAb|Ir&s=N!D^cmKZf^-~@=G;-*O
z=UcCv`@;|4Sa;`34^Fw}=-EF!?RQ<D+;qjCKdL`}TGuhwH@|r2_%FZ7Xx{0dgAe`D
z=&|Q?@BYnw_upJ{`LwG(8ZqkmV?WvBh1YsMI<I^9hB3eQK6%aM8=mpLZGCsb=wVMn
zjJ*pn_M8!8p3MDwZ+)@%xF6mE0}AQxF<A5UZWCcK!8cx*e%C0qAb`;l$gOW{?Syc2
z2(nUNaY0#eVR4BFvWn=fukWO70$YqAvn6tJKN5LB!F1l2!P5I)O}=;U7iylq*8j8h
zHD5H3nV$dotY?1n?mvEW>Fs+R+;jgQ9^WZ#RQC1lW3T#U<GhB`-<Y@HrL|97<6pmO
z<YhTG{9}0cr#CF_eQWPe>z}#(*yg|d>w=5#e)spYK5L)$(Ztj4_<82TDL0&T{3)|n
z=J;!F9{cNKo6dOfS0y)paY*pt=Aq};`ucV|?v)ddpMU49j>gqFKmO^b7mZx_{=HAn
ztN3g9&$H{Mj=K5c;T4acaqz24pZ@L#XSKfVJL;x+hh159{~ss(?3X*ec+iL|ubB72
z!PlOA^BY&(Fztow-p|}+_Kp9(y>9&_SqDAv!Kja{M{b+_!r@<+zj%6fUh2=PlIDNM
zx@h8t6G}QyUjC!pUCQ_VI_KIEx3AZN=_p`oX(C2Vc1Ww!zs@Xpd#@+{*72Kj&%O78
zGq2snUsmipn9QA>0(o(Ljc;Z_%={Gj3P?(+Blj&TD5)sf4-xjVilP!<UP0+He_nBO
zsV}dov}svhMN45*L30Zt=;g&O0r=bOw;p@u&M}909xcl+8Z+kJxtC?`;aki;_eh!V
zg9uy)5qN6#CJ8{$GAJ2xuhCbYS5%M(?dww_@Gvc(AOh=r5Q6$1B5?ZPL|{K{cgJw9
zl6OD6vHsjwzU%qge?;10?=1UZ*h`=O{^Vz^gR@3Fef`rr@BQYPMdkawRQ3Oo&**ul
z=)8|_dad=Vq(817S65Yi#BQ~(|7HG|559Ny2d8B}wr0ciU;OZ<#(!OW)Fa3J`hnvw
zZ~Mm{YaaaP6KAbHsOeuX4$pb9-uuEu3*Rrff9zT74m|&w%=LL=uJ~0=cg8z^{P?By
zwWST->_y3U95?2RSzmv#{L5cfFMaI*Z*S4H@2`3I&j*f8e{b}|nU^1$T6xn`7hlzP
zRr29q&Ut;;{M1_(%$j`Wzk6TWJ@>QJFZNln%cy^cQtlpl!(}b+W*;%Xx_0e8yXJlI
z)K7=hHx^&;modM-_w8`WTT9-5^_?*f?ed$nJHGp*|K!(xI`i}kt~=GYCiUl#ch`%&
z%k&rRwX3q$3SyAuYg7hW=8*IDI{o|)_iyox9g_^@Rxp-!qoZ(0RQDC+`SueLwx<zc
z3xmP#+$!j*wq<S2{_a3-Wl#6=AeX0<Rp#@R7Zns17E~0`D#Hqqx-I1Gw<%`_GOd0R
zI&|q+U&{mIE;}kWcgCeF>)WUA_CoOS-~RLM6<=RGX2f4!nbLjIu6IvfSNQHXfBw~s
zx(UyRtUs14$vpkBTXSna{$Tkn^A1|O{{G&Bj=6kR`X9cU_{x<%r#*Rdc;<;O_Wkjr
z`#&tb{?Vn?fBNx;X@A*!`Ng~5us#%C{Lh^)c;l;*3qtE&SlPJys_K(YDIfDx`0&)9
zwJuz{{wHmd|1fsw*XMQb^V-VE4KI)K9s1cbYn#6M?W2t~1q<$-H1drDeNTq=8L{_w
zep6OAZC&BCbDp@SJnfXFb&J>Ry>Dva-3PrmzxmB)@|ylxJ?+g~GOSN(uDR;z!_VBS
z{;gwgp7UYNlVwxOuex*9()BxEwf48!XD^=m;4MQMlb_WR>_|wk!+bkYGK}<izDY^-
zCF92-y%I_iTE*jbN=bp^aH`LnHpKQzMtf3HRl_iUqh(37*uHwYpzhhdesJNdmmKxo
z8w-Lzoci;Z@_b{Xl}06{4BMSY0dsdjl~w7IWm&hZIqJa0lP>=2#F1a_`)X$Wg@?Xz
zy>EfYvRdCPU-i1Gb(N<cFnC!OrS}j>yBU<Nq*#NNT99J1eGtm}9#X7)a8gXx`^Yfl
z7ql8Lzmh!Gp%v3l+^got?*tFLz3{H1-^rTXd1LLT?=<%OWA1nJUaZ<M^y}aLJ+I)p
z36CGY;F8GrBW{^CdG61yy>amsuXo*d&z+z3-c=j=bo$$sCqDM-u$|j}yZ(yYynhc}
z@ax4-<h?%UnV)yPdE@YFlh-f)%RN6hXvv2c&bZ>AAHDzH>!<EfJoTQ%mwiw_;go%^
zUz2nGYZs)C`|!28&(6H&vA0I9Kez6Y-JUr+bm6|obX>mcXE`6#ztH;lcfMIV?ul#9
zynoV9dYc!|y!PNHKL7i5hb(^i@}%mSlN&$&!>!M)DeV06`U^+C@lM;DH(k5`FCN)%
zL{{LeOaJ(<Yya)tYe=B{f`1;n$DI3~es%F%Pp!Uam!*%EjA?xN{BgBs<^5tq@ywj}
zMvUIoI^yM$!^i*blHUw@@06@F=XYd{tebZHKC`a~J^fMpV-LRDb={KlmYi_G+I73l
zPCo3@C$DSG>|S5`kG#n{Kk~OwnfK%1?NeLVe7^7}Ym3GNcF+33%On2W@^SEYHP1b}
z^WS@aopR^1U+n+N9zVG1mdr0kPC9VI8=t>=(}^|rr5`mbaMXcyx6OFB?jLuo?0qS-
zct}T1q+pNNvKn6g>os5eb=HUtEth<=U`+n;52TJi_O%NuC$&9v{@E8ky7r~Z$KN`9
z=@lPbd+VvoPa1Y~-hC@qSmQ3*@Zp%_J{fb;p7);i<k2_IDwurPpI$#^+Kblrnr1!y
zyVD-MXP19xh1NcJ-LxMk9eDINZI@s4+K3xR+*!6D<AsN&`PQVRLw>)n<@cE7jMrm5
z>D!RszB1Sr5a1<6z6#3k0(D#D<L$TS?hhorufC@J_E-Km`@DURUy(od)%#z2{ozXw
zp0HrU?_S=eZqJ?Gd-{f_=Wgis<z~N={(QrQqiZkNZN_=GUb57;*B`7EZyk64yQin`
z^l4VgB_Evr_#VG4+VlHYe)w@~&i-E>_vUHi-hQ+0x@#VsQ2*H4e^);_<f$Wn{M2nT
zQm*~{hwbOLzPR_FYU*!0^{Kz^U6ViQmQ&|1S~%>D<o&-m`kZroo!|fHP~VmR{@x20
z-|^P?i@*2TGb2CBxVye%;hojzTs_;GGizD)q<xm%c<~$0ruEIa_Vbf($euN7$eOE9
z{>P%#UwbYaw;<ybYlN@nA9w$GLd|`@&TF{($GfktELipU<*$7Ar1P)wC*3t}`0ZbQ
zdihU0zx&QX4c~m8`p~a(hid8lBS`NXHYU9jI>IjLJt8WEA-y5bEnnXyl&up|`p)t7
zt&NOIBz~`HzTUsh&5Jc7dN+)@X3o0x8|H=&`8a)Ke&9bw>JQ3w2d+n4{DX&<CeJK=
z`R{jbSoO!>^&ULWb9;XGF^6{y8~LN({o=T@@5z78d+nJWP4_HG`fXkA$OV_aeC&a*
zExGT<hg_EP>NwA-x7@e-!!w?G_q(3=Ui-z_nW>Mgo&DMe^`l>&|D*HXcysO1&qp5o
z+XWw{O+F?0@8|Bj=Xbik_~gqsR$rPw{L}Q;x_-V(-IZsp$P8V0&ovcSwB|j0aMs&R
zOAi=x$r-r^yq3Oe;pdMR%vo75ZNJdaN8aw5_RT4oBVYMdrvI!DUc6`Lck0eK@!^vF
zj=b)HcYc1t&>6=)S05Vxp6{{yRtJ_I?%6qWRMs<p7<I|Nrrx{kkUR1wzxnwor#^o0
z;<v8sx}g1*in-5y()+;8yByoJ&->S2zE5%5s$H8Nowj?&9&0`r`kVdld$Q_|zkdGi
z33t7I{f*rv_tZUn%mnXVD~C>9c;+#O)l`l8`5kxMHm~)Ot7m)@=^Y=rYP4_JTQj^z
z?)u18-x>c@)!+B~`+XnJetiGuUMh^t-D}_3do~{S_Tu+{_~%Qnd~8ba{=P}wY1!|s
z9RI-OYaX1`@YCCmo_6{*EB$wNUNiEC58OQK18?xF9~8F#<m*=se&oyvk1o6a%5mTK
zwj@o<`|+V?-}A=!zutA*W6gK2Zb*HuGJnA>7u>df^^fjYcTvx-zd!H$BYVCxx$wq}
z&UJ^MIq`vY@1OkG_!r*Ueg31Dy;u8}Pd$O)=|fL=r0tQvb-sPW#lI`q=bNmD4`2Gy
zyxp#O>EDyDIv{`1m=%wXyzZ-lH7Oq<eDOYFy*{wpw-=XC(cieRi3vWhTjLo@d(Dng
z4@oW<=7>F~Ai!&4(?bige9ot%X$|TZQwm@Www*Zi-X*Jkf9zGSU;E6NH<z#5^RVAM
z?d!YQ(Z;ZXzRMwq*3FL8Y~i}9y>5BU+{he<5!cz%8tBdshFT{hGh>CnHQ)&G4V<qv
z*{P`!wM|*$u_pcO>heDxv0;JFy6VVtUcBM{_a6J@{(ZZ4z4zLry~b{s^38;s_RKmk
z+?sTJUhT8XE`RG7U-nxcA9~JH4?cAB7nh#bweMlASACN4`xWb7e7N+ovu+)IT;q9v
zx$e%ji+{G_w~zlh`O`_a|KZv8dnT;feYcF)dXo-+@snRX^}@)?KlOM|`ddlUt<#HM
ze&+kXxVm=Vlqaru>Ee^$8~w?Vx19CC@mKa9_R#Rr|9bUDmpwXX`W}zJcXG*NJufeO
zD{KDA*PJoF?Y0$X2T%Su`_uhz9>34U*FEvKQMcrsQF;7>RlN^?@6adz|F}A30uv5R
zDE`pDKQiINzV5L618fX4zx6#zn5@40ll(P7w-pk~{x>J2Z{N0~%kH{&iN&ma3!9iU
z44Rl!5K+x$*u*3X6cPld?!EzQO<<qdKuX)O1`-HYGaGWlIqZzUgbh!+tcLvHSqR|L
zB_jh<6X4(-M#4@m&)yftp5OIW%lNm4;CAzhww_$%v;rKm1*Mg!tMBU;_b<E0EV@M~
z=Sh=8<Ja5M?k;v+&nB-N%^rD4`N%%M+T7W01%GxlKKX6Cz~aW`@W*kL{m(CNJNaYE
zEwzftc`*g8p??zf7sr2(n6g6S-J7NT4s72~pIw%gvZDHErBIu1Xi0164B^YR`}OBI
z^Q&Ik?Ri-)*y^J9t9kx6Q+vI>1#nND@~Ph=Wc7v{cQmG4y?Wk3OYr}^kfgI2s_vPY
z5*s#%OxbL1u72sAZ&Sdo(#q_0!EC?J-Mo40ZZNyGxrxjvt}pvTmoJ-o_rR=G`by6p
z8ZC40{XCm5s_$IyLS+V19otz^a$e#aw(MFSy1D4Wi%PSu?DOKb?~kl1Xv}$Er3h~B
GG5`RtmxJX1

literal 0
HcmV?d00001

diff --git a/Migrations/055 - Make UserOpenIds generic.sql b/Migrations/055 - Make UserOpenIds generic.sql
index 133191f2..4d867fa1 100644
--- a/Migrations/055 - Make UserOpenIds generic.sql	
+++ b/Migrations/055 - Make UserOpenIds generic.sql	
@@ -26,6 +26,13 @@ END
 
 GO
 
+IF dbo.fnColumnExists('UserAuthClaims', 'Display') = 0
+BEGIN
+	ALTER TABLE UserAuthClaims ADD Display NVARCHAR(150)
+END
+
+GO
+
 IF dbo.fnIndexExists('UserAuthClaims', 'ClaimIdentifierIdx') = 0
 BEGIN
 	ALTER TABLE UserAuthClaims ALTER COLUMN ClaimIdentifier NVARCHAR(449) NOT NULL

From 5160eafd74433996197fab18a9af4c1c375435a9 Mon Sep 17 00:00:00 2001
From: Tim Stone <tmslft@gmail.com>
Date: Sun, 30 Aug 2015 21:10:56 -0400
Subject: [PATCH 4/5] Prevent #tabs from being duplicated as an ID

---
 App/StackExchange.DataExplorer/Content/header.css         | 8 ++++----
 .../Views/Shared/SubHeader.cshtml                         | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/App/StackExchange.DataExplorer/Content/header.css b/App/StackExchange.DataExplorer/Content/header.css
index 537fb559..8047c7db 100644
--- a/App/StackExchange.DataExplorer/Content/header.css
+++ b/App/StackExchange.DataExplorer/Content/header.css
@@ -130,7 +130,7 @@ nav.primary .site-selector-popup .ac_results li.ac_over {
   margin-bottom: 0;
 }
 
-#tabs {
+.nav-tabs {
   float: right;
 }
 
@@ -138,7 +138,7 @@ nav.primary .site-selector-popup .ac_results li.ac_over {
   margin-left: 5px;  
 }
 
-#tabs a, .miniTabs a {
+.nav-tabs a, .miniTabs a {
   background:none repeat scroll 0 0 #fff;
   border: 1px solid #fff;
   color: #777;
@@ -152,7 +152,7 @@ nav.primary .site-selector-popup .ac_results li.ac_over {
   text-decoration: none;
 }
 
-#tabs a:hover, .miniTabs a:hover  {
+.nav-tabs a:hover, .miniTabs a:hover  {
   background: none repeat scroll 0 0 #FFFFFF;
   border-color: #CCC #CCC #FFFFFF;
   border-style: solid;
@@ -161,7 +161,7 @@ nav.primary .site-selector-popup .ac_results li.ac_over {
   margin-top: 9px;
 }
 
-#tabs a.youarehere, .miniTabs a.youarehere  {
+.nav-tabs a.youarehere, .miniTabs a.youarehere  {
   background: none repeat scroll 0 0 #FFFFFF;
   border-color: #CCC #CCC #FFFFFF;
   border-style: solid;
diff --git a/App/StackExchange.DataExplorer/Views/Shared/SubHeader.cshtml b/App/StackExchange.DataExplorer/Views/Shared/SubHeader.cshtml
index 1ab054dd..fcba7810 100644
--- a/App/StackExchange.DataExplorer/Views/Shared/SubHeader.cshtml
+++ b/App/StackExchange.DataExplorer/Views/Shared/SubHeader.cshtml
@@ -9,7 +9,7 @@
         }
         @if (Model.Items != null)
         {
-            <div id="tabs">
+            <div class="nav-tabs">
                 @foreach (SubHeaderViewData item in Model.Items)
                 {
                     <a

From 7e6cbaa9a374f5036a02cadf2a1e19def024fca9 Mon Sep 17 00:00:00 2001
From: Tim Stone <tmslft@gmail.com>
Date: Sun, 30 Aug 2015 21:20:19 -0400
Subject: [PATCH 5/5] Add list of user logins, start cleaning up profile layout

---
 .../App_Start/BundleConfig.cs                 |   6 +
 .../Content/login-providers.css               |   8 +
 .../Content/user.css                          | 104 +++++++++
 .../Controllers/AccountController.cs          |   2 +-
 .../Controllers/UserController.cs             | 104 +++++++--
 .../Models/UserAuthClaim.cs                   |  84 +++++++-
 .../StackExchange.DataExplorer.csproj         |   4 +
 .../Views/Account/LogIn.cshtml                |   3 +-
 .../Views/Shared/Master.cshtml                |   2 +-
 .../Views/User/Edit.cshtml                    | 202 +++++++++---------
 .../Views/User/Logins.cshtml                  |  30 +++
 .../Views/User/ProfileNav.cshtml              |  14 ++
 .../Views/User/Show.cshtml                    |  32 +--
 13 files changed, 444 insertions(+), 151 deletions(-)
 create mode 100644 App/StackExchange.DataExplorer/Content/login-providers.css
 create mode 100644 App/StackExchange.DataExplorer/Content/user.css
 create mode 100644 App/StackExchange.DataExplorer/Views/User/Logins.cshtml
 create mode 100644 App/StackExchange.DataExplorer/Views/User/ProfileNav.cshtml

diff --git a/App/StackExchange.DataExplorer/App_Start/BundleConfig.cs b/App/StackExchange.DataExplorer/App_Start/BundleConfig.cs
index 670fc423..5359466d 100644
--- a/App/StackExchange.DataExplorer/App_Start/BundleConfig.cs
+++ b/App/StackExchange.DataExplorer/App_Start/BundleConfig.cs
@@ -61,9 +61,15 @@ private static void RegisterBundles(BundleCollection bundles)
                 .Include("~/Content/homepage.css")
                 .Include("~/Content/topbar.css", new CssRewriteUrlTransform())
                 .Include("~/Content/header.css", new CssRewriteUrlTransform())
+                .Include("~/Content/user.css")
                 .Include("~/Content/jquery.autocomplete.css")
             );
 
+            bundles.Add(new StyleBundle("~/assets/css/login")
+                .Include("~/Content/login.css", new CssRewriteUrlTransform())
+                .Include("~/Content/login-providers.css", new CssRewriteUrlTransform())
+            );
+
             bundles.Add(new StyleBundle("~/assets/css/query")
                 .Include("~/Content/codemirror/codemirror.css")
                 .Include("~/Content/codemirror/custom.css")
diff --git a/App/StackExchange.DataExplorer/Content/login-providers.css b/App/StackExchange.DataExplorer/Content/login-providers.css
new file mode 100644
index 00000000..5ad54312
--- /dev/null
+++ b/App/StackExchange.DataExplorer/Content/login-providers.css
@@ -0,0 +1,8 @@
+.stackexchange { background-position: -356px 0; }
+.google { background-position: -426px 0; }
+.yahoo { background-position: 1px 4px; }
+.livejournal { background-position: -73px 4px; }
+.wordpress { background-position: -38px 4px; }
+.blogger { background-position: -108px 4px; }
+.verisign { background-position: -458px 4px; }
+.aol { background-position: -142px 4px; }
\ No newline at end of file
diff --git a/App/StackExchange.DataExplorer/Content/user.css b/App/StackExchange.DataExplorer/Content/user.css
new file mode 100644
index 00000000..e641d6c6
--- /dev/null
+++ b/App/StackExchange.DataExplorer/Content/user.css
@@ -0,0 +1,104 @@
+.user-profile .page > .subheader {
+  height: 40px;
+}
+
+.user-profile .page > .subheader .nav-tabs {
+  float: left;
+}
+
+.user-profile .page > .subheader .nav-tabs a,
+.user-profile .page > .subheader .nav-tabs a.youarehere {
+  border: 0px;
+  font-size: 13px;
+  line-height: 1.3em;
+  height: auto;
+  padding: 11px 7px 12px 7px;
+  margin: 0 20px 0 0;
+}
+
+.user-profile .page > .subheader .nav-tabs a:hover {
+  color: #0C57A0;
+  border-bottom: 2px solid #0C57A0;
+}
+
+.user-profile .page > .subheader .nav-tabs a.youarehere {
+  font-weight: bold;
+  color: #0C57A0;
+  border-bottom: 2px solid #0C57A0;
+}
+
+.user-profile #add-login {
+  float: right;
+  font-weight: bold;
+  margin-top: -22px;
+}
+
+.user-profile #user-logins {
+  list-style-type: none;
+  margin: 0;
+}
+
+.user-profile .user-login {
+  margin-top: 14px;
+  margin-bottom: 20px;
+  padding-left: 24px;
+}
+
+.user-profile .user-login h2 {
+  font-size: 16px;
+  margin-left: -24px;
+}
+
+.user-profile .user-login span.icon {
+  background-image: url('./img/login-icons.svg');
+  background-repeat: no-repeat;
+  display: inline-block;
+  width: 16px;
+  height: 16px;
+  margin-bottom: -2px;
+  margin-right: 8px;
+}
+
+.user-profile .user-login .claim-identifier {
+  display: block;
+  margin-top: 5px;
+  color: #CCC;
+}
+
+.sectioned-nav {
+  float: left;
+  list-style-type: none;
+  margin: 0;
+  width: 220px;
+}
+
+.sectioned-nav li {
+  padding: 10px;
+  padding-right: 0;
+}
+
+.sectioned-nav li:hover {
+  background-color: #D8E8F7;
+}
+
+.sectioned-nav li a {
+  display: block;
+  color: #777;
+  padding: 4px;
+}
+
+.sectioned-nav li:hover a, .sectioned-nav li.youarehere a {
+  text-decoration: none;
+  border-right: 3px solid #0C57A0;
+  color: #0C57A0;
+}
+
+.sectioned-nav li.youarehere a {
+  font-weight: bold;
+}
+
+.sectioned-content {
+  margin-left: 220px;
+  padding-left: 50px;
+  padding-top: 10px;
+}
\ No newline at end of file
diff --git a/App/StackExchange.DataExplorer/Controllers/AccountController.cs b/App/StackExchange.DataExplorer/Controllers/AccountController.cs
index 5aa5ade7..7cda53b0 100644
--- a/App/StackExchange.DataExplorer/Controllers/AccountController.cs
+++ b/App/StackExchange.DataExplorer/Controllers/AccountController.cs
@@ -42,7 +42,7 @@ public ActionResult Login(string returnUrl, string message = null)
                     return View("LoginActiveDirectory");
                 //case AppSettings.AuthenitcationMethod.Default:
                 default:
-                    SetHeader(CurrentUser.IsAnonymous ? "Log in with OpenID" : "Log in below to change your OpenID");
+                    SetHeader(CurrentUser.IsAnonymous ? "Log in to access your Data Explorer account" : "Add a new login method to your account");
                     return View("Login");
             }
         }
diff --git a/App/StackExchange.DataExplorer/Controllers/UserController.cs b/App/StackExchange.DataExplorer/Controllers/UserController.cs
index 83d43a69..0dd1357c 100644
--- a/App/StackExchange.DataExplorer/Controllers/UserController.cs
+++ b/App/StackExchange.DataExplorer/Controllers/UserController.cs
@@ -122,7 +122,12 @@ FROM Users /**join**/ /**where**/
         [StackRoute(@"users/edit/{id:\d+}", RoutePriority.High)]
         public ActionResult Edit(int id, User updatedUser)
         {
-            User user = Current.DB.Users.Get(id);
+            User user = CanViewPrivateInfoFor(id) ? GetUser(id) : null;
+
+            if (user == null)
+            {
+                return PageNotFound();
+            }
 
             if (updatedUser.DOB < DateTime.UtcNow.AddYears(-100) || updatedUser.DOB > DateTime.UtcNow.AddYears(-6))
             {
@@ -175,23 +180,32 @@ public ActionResult Edit(int id, User updatedUser)
         [StackRoute(@"users/edit/{id:\d+}", RoutePriority.High)]
         public ActionResult Edit(int id)
         {
-            User user = Current.DB.Users.Get(id);
+            User user = CanViewPrivateInfoFor(id) ? GetUser(id) : null;
+
             if (user == null)
             {
                 return PageNotFound();
             }
 
-            if (user.Id == CurrentUser.Id || CurrentUser.IsAdmin)
-            {
-                SetHeader(user.Login + " - Edit");
-                SelectMenuItem("Users");
+            SetProfileMetadata(user, true);
 
-                return View(user);
-            }
-            else
+            return View(user);
+        }
+
+        [HttpGet]
+        [StackRoute(@"users/logins/{id:\d+}", RoutePriority.High)]
+        public ActionResult Logins(int id)
+        {
+            User user = AppSettings.AuthMethod == AppSettings.AuthenitcationMethod.Default && CanViewPrivateInfoFor(id) ? GetUser(id) : null;
+            
+            if (user == null)
             {
-                return Redirect("/");
+                return PageNotFound();
             }
+
+            SetProfileMetadata(user, true, "logins");
+
+            return View(user);
         }
 
         [HttpPost]
@@ -202,9 +216,9 @@ public ActionResult SavePreference(int id, string preference, string value)
                 return ContentError("Invalid preference");
             }
 
-            User user = Current.DB.Users.Get(id);
+            User user = CanViewPrivateInfoFor(id) ? GetUser(id) : null;
 
-            if (user == null || (user.Id != CurrentUser.Id && !CurrentUser.IsAdmin))
+            if (user == null)
             {
                 return ContentError("Invalid action");
             }
@@ -220,7 +234,7 @@ public ActionResult SavePreference(int id, string preference, string value)
         [StackRoute(@"users/{id:INT}/{name?}")]
         public ActionResult Show(int id, string name, string order_by, int? page)
         {
-            User user = !Current.User.IsAnonymous && Current.User.Id == id ? Current.User : Current.DB.Users.Get(id);
+            User user = GetUser(id);
 
             if (user == null)
             {
@@ -235,8 +249,7 @@ public ActionResult Show(int id, string name, string order_by, int? page)
 
             DataExplorerDatabase db = Current.DB;
 
-            SetHeader(user.Login);
-            SelectMenuItem("Users");
+            SetProfileMetadata(user, false);
 
             var profileTabs = new SubHeader
             {
@@ -371,5 +384,66 @@ Votes v ON
 
             return View(user);
         }
+
+        private bool CanViewPrivateInfoFor(int id)
+        {
+            return !CurrentUser.IsAnonymous && (CurrentUser.Id == id || CurrentUser.IsAdmin);
+        }
+
+        private User GetUser(int id)
+        {
+            return CurrentUser.Id == id ? CurrentUser : Current.DB.Users.Get(id);
+        }
+
+        private void SetProfileMetadata(User user, bool isEditing, string currentEditPage = null)
+        {
+            var subheaders = new List<SubHeaderViewData>
+            {
+                new SubHeaderViewData
+                {
+                    Description = "Profile",
+                    Href = "/users/" + user.ProfilePath,
+                    Default = true
+                }
+            };
+
+            if (CanViewPrivateInfoFor(user.Id))
+            {
+                subheaders.Add(new SubHeaderViewData
+                {
+                    Name = "edit",
+                    Description = "Edit Profile & Logins",
+                    Href = "/users/edit/" + user.Id
+                });
+            }
+
+            ViewData["BodyClass"] = "user-profile";
+            SelectMenuItem("Users");
+            SetHeader(null, isEditing ? "edit" : null, subheaders.ToArray<SubHeaderViewData>());
+
+            if (isEditing)
+            {
+                ViewData["ProfileNav"] = new SubHeader
+                {
+                    Selected = currentEditPage,
+                    Items = new List<SubHeaderViewData>
+                    {
+                        new SubHeaderViewData
+                        {
+                            Name = "profile",
+                            Description = "Edit Profile",
+                            Href = "/users/edit/" + user.Id,
+                            Default = true
+                        },
+                        new SubHeaderViewData
+                        {
+                            Name = "logins",
+                            Description = "My Logins",
+                            Href = "/users/logins/" + user.Id
+                        }
+                    }
+                };
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/App/StackExchange.DataExplorer/Models/UserAuthClaim.cs b/App/StackExchange.DataExplorer/Models/UserAuthClaim.cs
index 44fa80ae..1fbf6d4e 100644
--- a/App/StackExchange.DataExplorer/Models/UserAuthClaim.cs
+++ b/App/StackExchange.DataExplorer/Models/UserAuthClaim.cs
@@ -1,12 +1,25 @@
 using System;
 using System.Collections.Generic;
-using System.Linq;
-using System.Web;
+using System.Text.RegularExpressions;
 
 namespace StackExchange.DataExplorer.Models
 {
     public class UserAuthClaim
     {
+        private static readonly Regex subdomainUsernameRegex = new Regex("https?://(?<username>[^.]+)\\..*", RegexOptions.IgnoreCase | RegexOptions.Compiled);
+        private static readonly Regex pathUsernameRegex = new Regex("https?://[^/]+/(?<username>[^/?]+)(?:/|\\?).*", RegexOptions.IgnoreCase | RegexOptions.Compiled);
+        private static readonly Dictionary<string, AuthProvider> knownProviders = new Dictionary<string, AuthProvider>
+        {
+            { "openid.stackexchange.com", new AuthProvider("Stack Exchange") },
+            { "me.yahoo.com", new AuthProvider("Yahoo") },
+            { ".livejournal.com", new AuthProvider("LiveJournal", usernameRegex: subdomainUsernameRegex) },
+            { ".wordpress.com", new AuthProvider("Wordpress", usernameRegex: subdomainUsernameRegex) },
+            { ".blogspot.com", new AuthProvider("Blogger", usernameRegex: subdomainUsernameRegex) },
+            { ".pip.verisignlabs.com", new AuthProvider("Verisign", usernameRegex: subdomainUsernameRegex) },
+            { "openid.aol.com", new AuthProvider("AOL", usernameRegex: pathUsernameRegex) },
+            { "www.google.com", new AuthProvider("Google") }
+        };
+
         public enum ClaimType
         {
             OpenID = 1,
@@ -25,11 +38,76 @@ public Identifier(String value, ClaimType type)
             }
         }
 
+        public class AuthProvider
+        {
+            public string Name { get; private set; }
+            public string IconClass { get; private set; }
+
+            private readonly Regex usernameRegex;
+
+            public AuthProvider(string name, bool hasIcon = true, Regex usernameRegex = null)
+            {
+                Name = name;
+
+                if (hasIcon) 
+                    IconClass = name.ToLower().Replace(" ", "");
+
+                this.usernameRegex = usernameRegex;
+            }
+
+            public string GetUsername(string identifier)
+            {
+                if (usernameRegex == null)
+                    return identifier;
+
+                var username = usernameRegex.Match(identifier).Groups["username"];
+
+                return username != null ? username.Value : identifier;
+            }
+        }
+
+        private string display;
+        private AuthProvider provider;
+
         public int Id { get; set; }
         public int UserId { get; set; }
         public string ClaimIdentifier { get; set; }
         public bool IsSecure { get; set; }
         public ClaimType IdentifierType { get; set; }
-        public string Display { get; set; }
+        public string Display
+        {
+            get { return display ?? Provider.GetUsername(ClaimIdentifier); }
+            set { display = value; }
+        }
+
+        public AuthProvider Provider {
+            get
+            {
+                if (provider == null)
+                {
+                    switch (IdentifierType)
+                    {
+                        case ClaimType.Google:
+                            provider = knownProviders["www.google.com"];
+                            break;
+                        // case ClaimType.OpenID
+                        default:
+                            var uri = new Uri(ClaimIdentifier);
+                            var host = uri.Host;
+                            var subdomainIndex = host.IndexOf('.');
+
+                            if (!knownProviders.ContainsKey(host) && subdomainIndex != -1 && subdomainIndex != host.LastIndexOf('.'))
+                            {
+                                host = host.Substring(subdomainIndex);
+                            }
+
+                            provider = knownProviders.ContainsKey(host) ? knownProviders[host] : new AuthProvider(uri.Host, hasIcon: false);
+                            break;
+                    }
+                }
+
+                return provider;
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/App/StackExchange.DataExplorer/StackExchange.DataExplorer.csproj b/App/StackExchange.DataExplorer/StackExchange.DataExplorer.csproj
index 4f206d21..cc60d608 100644
--- a/App/StackExchange.DataExplorer/StackExchange.DataExplorer.csproj
+++ b/App/StackExchange.DataExplorer/StackExchange.DataExplorer.csproj
@@ -288,6 +288,7 @@
     <Content Include="Content\images\help-sample-graph.png" />
     <Content Include="Content\images\so-sprites.png" />
     <Content Include="Content\Img\login-icons.svg" />
+    <Content Include="Content\login-providers.css" />
     <Content Include="Content\login.css">
       <DependentUpon>login.less</DependentUpon>
     </Content>
@@ -370,6 +371,7 @@
     <Content Include="Content\qp\qp.css" />
     <Content Include="Content\qp\qp.xslt" />
     <Content Include="Content\topbar.css" />
+    <Content Include="Content\user.css" />
     <Content Include="Scripts\codemirror\codemirror.js" />
     <Content Include="Scripts\codemirror\runmode.js" />
     <Content Include="Scripts\codemirror\sql.js" />
@@ -485,6 +487,8 @@
     <Content Include="Views\Shared\UserList.cshtml" />
     <Content Include="Views\Home\Help.cshtml" />
     <Content Include="Views\Account\LogInActiveDirectory.cshtml" />
+    <Content Include="Views\User\Logins.cshtml" />
+    <Content Include="Views\User\ProfileNav.cshtml" />
   </ItemGroup>
   <PropertyGroup>
     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">10.0</VisualStudioVersion>
diff --git a/App/StackExchange.DataExplorer/Views/Account/LogIn.cshtml b/App/StackExchange.DataExplorer/Views/Account/LogIn.cshtml
index 61dc6f37..5d05a32f 100644
--- a/App/StackExchange.DataExplorer/Views/Account/LogIn.cshtml
+++ b/App/StackExchange.DataExplorer/Views/Account/LogIn.cshtml
@@ -1,7 +1,8 @@
 @using StackExchange.DataExplorer
 @using StackExchange.DataExplorer.Helpers
+@using System.Web.Optimization;
 @{this.SetPageTitle("Log In or Register - Stack Exchange Data Explorer");}
-<link rel="stylesheet" type="text/css" href="/Content/login.min.css" />
+@Styles.Render("~/assets/css/login")
 <div class="page-description">
     @if (ViewData["Message"] != null)
     {
diff --git a/App/StackExchange.DataExplorer/Views/Shared/Master.cshtml b/App/StackExchange.DataExplorer/Views/Shared/Master.cshtml
index cb27e28a..dc63df57 100644
--- a/App/StackExchange.DataExplorer/Views/Shared/Master.cshtml
+++ b/App/StackExchange.DataExplorer/Views/Shared/Master.cshtml
@@ -32,7 +32,7 @@
         });
     </script>
 </head>
-<body>
+<body class="@ViewData["BodyClass"]">
     <div id="topbar">
         <div class="page">
             <div class="network-items">
diff --git a/App/StackExchange.DataExplorer/Views/User/Edit.cshtml b/App/StackExchange.DataExplorer/Views/User/Edit.cshtml
index 4ad348c3..64fadc29 100644
--- a/App/StackExchange.DataExplorer/Views/User/Edit.cshtml
+++ b/App/StackExchange.DataExplorer/Views/User/Edit.cshtml
@@ -1,102 +1,106 @@
 @model StackExchange.DataExplorer.Models.User
 @using StackExchange.DataExplorer
+@using StackExchange.DataExplorer.ViewModel
 @{this.SetPageTitle("User - " + Model.Login + " Edit - Stack Exchange Data Explorer");}
-<table width="720px" id="user-edit-table">
-    <tbody>
-        <tr>
-            <td style="vertical-align: top; text-align: center; padding: 20px; width: 128px;">
-                <h3>
-                    @Html.Raw(Model.Gravatar(128))
-                    <a href="http://gravatar.com">Change Picture</a>
-                </h3>
-            </td>
-            <td style="vertical-align: top;">
-                <h2>Registered User</h2>
-                <form action="/users/edit/@Model.Id" method="post">
-                    @Html.ValidationSummary(true)
-                    @Html.AntiForgeryToken()
-                    <table style="width:600px;">
-                        <tbody>
-                            <tr>
-                                <td>
-                                    <label for="Login">Display Name</label>
-                                </td>
-                                <td>
-                                    @Html.TextBoxFor(model=>model.Login,new { style="width:260px;"})
-                                    @Html.ValidationMessageFor(model=>model.Login)
-                                </td>
-                            </tr>
-                            @if (AppSettings.EnableEnforceSecureOpenId)
-                            {
-                            <tr>
-                                <td>
-                                    <label for="">OpenID</label>
-                                </td>
-                                <td>
-                                    <label>
-                                        @Html.CheckBoxFor(model => model.EnforceSecureOpenId)
-                                        Only allow HTTPS version of HTTPS OpenID identifiers
-                                    </label>
-                                </td>
-                            </tr>
-                            }
-                            <tr>
-                                <td>
-                                    @Html.LabelFor(model=>model.Email)
-                                </td>
-                                <td>
-                                    @Html.TextBoxFor(model=>model.Email,new {style = "width:260px;"})
-                                    @Html.ValidationMessageFor(model=>model.Email)
-                                </td>
-                            </tr>
-                            <tr>
-                                <td>
-                                    @Html.LabelFor(model=>model.Website)
-                                </td>
-                                <td>
-                                    @Html.TextBoxFor(model=>model.Website,new {style="width:260px"})
-                                    @Html.ValidationMessageFor(model=>model.Website)
-                                </td>
-                            </tr>
-                            <tr>
-                                <td>
-                                    @Html.LabelFor(model=>model.Location)
-                                </td>
-                                <td>
-                                    @Html.TextBoxFor(model=>model.Location,new {style="width:260px;"})
-                                    @Html.ValidationMessageFor(mode=>Model.Location)
-                                </td>
-                            </tr>
-                            <tr>
-                                <td>
-                                    <label>Birthday</label>
-                                </td>
-                                <td>
-                                    @Html.TextBoxFor(model=>model.DOB, string.Format("{0:g}", Model.DOB))
-                                    @Html.ValidationMessageFor(model=>model.DOB)
-                                    <span style="color:rgb(136, 136, 136);">YYYY/MM/DD</span>
-                                </td>
-                            </tr>
-                            <tr>
-                                <td style="vertical-align:top;">
-                                    <label>About Me</label>
-                                </td>
-                                <td>
-                                    @Html.TextAreaFor(model=>model.AboutMe, new {rows=12, cols=56})
-                                    @Html.ValidationMessageFor(model=>model.AboutMe)
-                                </td>
-                            </tr>
-                            <tr>
-                                <td></td>
-                                <td class="form-submit">
-                                    <input type="submit" value="Save Profile" />
-                                    <input type="button" onclick="location.href='/users/@Model.Id'" value="Cancel" name="cancel" id="cancel" />
-                                </td>
-                            </tr>
-                        </tbody>
-                    </table>
-                </form>
-            </td>
-        </tr>
-    </tbody>
-</table>
+@Html.Partial("ProfileNav", ViewData["ProfileNav"] as SubHeader)
+<div class="sectioned-content">
+    <h1>Edit your profile</h1>
+    <table width="650px" id="user-edit-table">
+        <tbody>
+            <tr>
+                <td style="vertical-align: top; text-align: center; padding: 20px; width: 128px;">
+                    <h3>
+                        @Html.Raw(Model.Gravatar(128))
+                        <a href="http://gravatar.com">Change Picture</a>
+                    </h3>
+                </td>
+                <td style="vertical-align: top;">
+                    <form action="/users/edit/@Model.Id" method="post">
+                        @Html.ValidationSummary(true)
+                        @Html.AntiForgeryToken()
+                        <table style="width:500px;">
+                            <tbody>
+                                <tr>
+                                    <td>
+                                        <label for="Login">Display Name</label>
+                                    </td>
+                                    <td>
+                                        @Html.TextBoxFor(model => model.Login, new { style = "width:260px;" })
+                                        @Html.ValidationMessageFor(model => model.Login)
+                                    </td>
+                                </tr>
+                                @if (AppSettings.EnableEnforceSecureOpenId)
+                                {
+                                    <tr>
+                                        <td>
+                                            <label for="">OpenID</label>
+                                        </td>
+                                        <td>
+                                            <label>
+                                                @Html.CheckBoxFor(model => model.EnforceSecureOpenId)
+                                                Only allow HTTPS version of HTTPS OpenID identifiers
+                                            </label>
+                                        </td>
+                                    </tr>
+                                }
+                                <tr>
+                                    <td>
+                                        @Html.LabelFor(model => model.Email)
+                                    </td>
+                                    <td>
+                                        @Html.TextBoxFor(model => model.Email, new { style = "width:260px;" })
+                                        @Html.ValidationMessageFor(model => model.Email)
+                                    </td>
+                                </tr>
+                                <tr>
+                                    <td>
+                                        @Html.LabelFor(model => model.Website)
+                                    </td>
+                                    <td>
+                                        @Html.TextBoxFor(model => model.Website, new { style = "width:260px" })
+                                        @Html.ValidationMessageFor(model => model.Website)
+                                    </td>
+                                </tr>
+                                <tr>
+                                    <td>
+                                        @Html.LabelFor(model => model.Location)
+                                    </td>
+                                    <td>
+                                        @Html.TextBoxFor(model => model.Location, new { style = "width:260px;" })
+                                        @Html.ValidationMessageFor(mode => Model.Location)
+                                    </td>
+                                </tr>
+                                <tr>
+                                    <td>
+                                        <label>Birthday</label>
+                                    </td>
+                                    <td>
+                                        @Html.TextBoxFor(model => model.DOB, string.Format("{0:g}", Model.DOB))
+                                        @Html.ValidationMessageFor(model => model.DOB)
+                                        <span style="color:rgb(136, 136, 136);">YYYY/MM/DD</span>
+                                    </td>
+                                </tr>
+                                <tr>
+                                    <td style="vertical-align:top;">
+                                        <label>About Me</label>
+                                    </td>
+                                    <td>
+                                        @Html.TextAreaFor(model => model.AboutMe, new { rows = 12, cols = 56 })
+                                        @Html.ValidationMessageFor(model => model.AboutMe)
+                                    </td>
+                                </tr>
+                                <tr>
+                                    <td></td>
+                                    <td class="form-submit">
+                                        <input type="submit" value="Save Profile" />
+                                        <input type="button" onclick="location.href='/users/@Model.Id'" value="Cancel" name="cancel" id="cancel" />
+                                    </td>
+                                </tr>
+                            </tbody>
+                        </table>
+                    </form>
+                </td>
+            </tr>
+        </tbody>
+    </table>
+</div>
diff --git a/App/StackExchange.DataExplorer/Views/User/Logins.cshtml b/App/StackExchange.DataExplorer/Views/User/Logins.cshtml
new file mode 100644
index 00000000..c68a6fb6
--- /dev/null
+++ b/App/StackExchange.DataExplorer/Views/User/Logins.cshtml
@@ -0,0 +1,30 @@
+
+@model User
+@using StackExchange.DataExplorer
+@using StackExchange.DataExplorer.Models
+@using StackExchange.DataExplorer.ViewModel
+@using System.Web.Optimization;
+@{
+    this.SetPageTitle("User " + Model.Login + " Logins - Stack Exchange Data Explorer");
+}
+@Styles.Render("~/assets/css/login")
+@Html.Partial("ProfileNav", ViewData["ProfileNav"] as SubHeader)
+<div class="sectioned-content">
+    <h1>My Logins</h1>
+    <a id="add-login" href="/account/login">add login</a>
+    <ul id="user-logins">
+        @foreach (var claim in Model.UserAuthClaims)
+        {
+            <li class="user-login">
+                <h2>
+                    <span class="icon @claim.Provider.IconClass"></span>@claim.Provider.Name
+                </h2>
+                <span class="friendly-identifier">@claim.Display</span>
+                @if (claim.Display != claim.ClaimIdentifier)
+                {
+                    <span class="claim-identifier">@claim.ClaimIdentifier</span>
+                }
+            </li>
+        }
+    </ul>
+</div>
\ No newline at end of file
diff --git a/App/StackExchange.DataExplorer/Views/User/ProfileNav.cshtml b/App/StackExchange.DataExplorer/Views/User/ProfileNav.cshtml
new file mode 100644
index 00000000..e967a316
--- /dev/null
+++ b/App/StackExchange.DataExplorer/Views/User/ProfileNav.cshtml
@@ -0,0 +1,14 @@
+@model StackExchange.DataExplorer.ViewModel.SubHeader
+<ul class="sectioned-nav">
+    @foreach(var item in Model.Items)
+    {
+        <li
+        @if (item.Selected)
+        {
+            <text>class="youarehere"</text>
+        }
+        >
+            <a href="@item.Href">@item.Description</a>
+        </li>
+    }
+</ul>
\ No newline at end of file
diff --git a/App/StackExchange.DataExplorer/Views/User/Show.cshtml b/App/StackExchange.DataExplorer/Views/User/Show.cshtml
index 9d232922..22751040 100644
--- a/App/StackExchange.DataExplorer/Views/User/Show.cshtml
+++ b/App/StackExchange.DataExplorer/Views/User/Show.cshtml
@@ -1,6 +1,4 @@
 @model StackExchange.DataExplorer.Models.User
-@using System.Configuration
-@using System.IdentityModel.Tokens
 @using StackExchange.DataExplorer
 @using StackExchange.DataExplorer.Helpers
 @using StackExchange.DataExplorer.ViewModel
@@ -22,18 +20,7 @@
                 </table>
             </td>
             <td style="vertical-align:top; width:350px;">
-                @if (isCurrentUser || Current.User.IsAdmin)
-                {
-                    <div style="float:right; margin-top: 19px; margin-right: 4px;">
-                        <a href="/users/edit/@Model.Id">edit</a>
-                        @if (isCurrentUser && AppSettings.AuthMethod == AppSettings.AuthenitcationMethod.Default)
-                        {
-                            <span class="lsep">|</span>
-                            <a href="/account/login/" title="overwrite your primary openid by logging in with a new openid">change openid</a>
-                        }
-                    </div>
-                }
-                <h2 style="margin-top:20px;">Registered User</h2>
+                <h2 style="margin-top:20px;">@Model.Login</h2>
                 <table class="user-details">
                     <tr>
                         <td>member for</td>
@@ -53,23 +40,6 @@
                                     <td class="overflowing"><div class="no-overflow">@Model.ADLogin</div></td>
                                 </tr>
                                 break;
-                            //case AppSettings.AuthenitcationMethod.Default:
-                            default:
-                                if (Model.UserAuthClaims.Any())
-                                {
-                                    <tr>
-                                        <td>openid</td>
-                                        <td class="overflowing"><div class="no-overflow">@Model.UserAuthClaims[0].ClaimIdentifier</div></td>
-                                    </tr>
-                                }
-                                else
-                                {
-                                    <tr>
-                                        <td>email (private)</td>
-                                        <td class="overflowing"><div class="no-overflow">@Model.Email</div></td>
-                                    </tr>
-                                }
-                                break;
                         }
                     }
                     @if (Model.Website != null && Model.Website.Length > 4)